Skip to content

fix(gcp-project-policies): Use correct API to get Policy v3, fix policy 2.1 query#7053

Merged
erezrokah merged 4 commits intocloudquery:mainfrom
erezrokah:fix/gcp_project_policies
Jan 24, 2023
Merged

fix(gcp-project-policies): Use correct API to get Policy v3, fix policy 2.1 query#7053
erezrokah merged 4 commits intocloudquery:mainfrom
erezrokah:fix/gcp_project_policies

Conversation

@erezrokah
Copy link
Copy Markdown
Member

@erezrokah erezrokah commented Jan 23, 2023

Summary

Reported on Discord https://discord.com/channels/872925471417962546/1065556442800734268/1065871250225909791

projectsClient.GetIamPolicy returns v1.Policy which has log_type as an enum, and as a result evaluated to an int in the destination database. Our query needs the strings, as they appear in v3.Policy (configured by the table).
To get the v3.Policy we need the protobuf API.

Additionally the check was wrong. We should verify all logging types are enabled for allServices.
This is how it looks in GCP:
image

@cq-bot cq-bot added the gcp label Jan 23, 2023
@erezrokah erezrokah added the automerge Automatically merge once required checks pass label Jan 24, 2023
@erezrokah
Copy link
Copy Markdown
Member Author

erezrokah commented Jan 24, 2023

I might do another follow to the query as I think we should get all projects, and verify each one has audit logs.
The current query won't catch projects that don't have any audit logs enabled

@erezrokah erezrokah merged commit 2f17a4d into cloudquery:main Jan 24, 2023
@cq-bot cq-bot mentioned this pull request Jan 24, 2023
Merged
kodiakhq bot pushed a commit that referenced this pull request Jan 24, 2023
@cq-bot
chore(main): Release plugins-source-gcp v7.2.1 (#7005)
8e984a8 
🤖 I have created a release *beep* *boop*
---


## [7.2.1](plugins-source-gcp-v7.2.0...plugins-source-gcp-v7.2.1) (2023-01-24)


### Bug Fixes

* **deps:** Update module github.com/cloudquery/plugin-sdk to v1.28.0 ([#7009](#7009)) ([12ac005](12ac005))
* **gcp-project-policies:** Use correct API to get Policy v3, fix policy 2.1 query ([#7053](#7053)) ([2f17a4d](2f17a4d))
* Hardcode `us-central1` instead of `global` when fetching glossaries ([#6968](#6968)) ([0d76c62](0d76c62))
* **services:** Update GCP Services ([#7057](#7057)) ([7cc65a4](7cc65a4))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@disq disq Awaiting requested review from disq

1 more reviewer

@yevgenypats yevgenypats yevgenypats approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

automerge Automatically merge once required checks pass

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@erezrokah @yevgenypats @cq-bot