From d037ac96d503b32fcdcb5f5efeefef10447c394e Mon Sep 17 00:00:00 2001
From: Jonathan Amsterdam <jba@google.com>
Date: Fri, 21 Mar 2025 10:21:21 -0400
Subject: devtools: add script for Cloud Armor

Add a script that displays our Cloud Armor policies and explains
how to change them.

Change-Id: I1e662bd91f886ae25288d114de120917c92ec40b
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/659896
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
kokoro-CI: kokoro <noreply+kokoro@google.com>
Reviewed-by: Robert Findley <rfindley@google.com>
---
 devtools/describe_cloud_armor.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100755 devtools/describe_cloud_armor.sh

(limited to 'devtools')

diff --git a/devtools/describe_cloud_armor.sh b/devtools/describe_cloud_armor.sh
new file mode 100755
index 00000000..fe85edb2
--- /dev/null
+++ b/devtools/describe_cloud_armor.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# Display the state of the Cloud Armor rules for the prod frontend.
+
+echo 'Cloud Armor rule for prod. Note rateLimitOptions.'
+
+gcloud compute security-policies describe prod-frontend
+
+echo
+echo 'To modify:'
+echo '- Obtain the necessary permissions.'
+echo '- Visit https://console.google.com/net-security/securitypolicies/details/prod-frontend?project=$PROJECT&hl=en&tab=rules'
+echo '- Click Edit'
-- 
cgit v1.3