gcp.service-account
Filters
iam-policy
Overrides the base implementation to process service account resources correctly.
properties:
doc:
additionalProperties: false
properties:
default:
type: object
key:
type: string
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
type:
enum:
- value
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
query:
type: string
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
- float
type: object
type:
enum:
- iam-policy
user-role:
additionalProperties: false
properties:
has:
type: boolean
role:
type: string
user:
type: string
required:
- user
- role
type: object
required:
- type
Permissions - resourcemanager.projects.getIamPolicy
metrics
Supports metrics filters on resources.
All resources that have cloud watch metrics are supported.
Docs on cloud watch metrics
Google Supported Metrics https://cloud.google.com/monitoring/api/metrics_gcp
Custom Metrics https://cloud.google.com/monitoring/api/v3/metric-model#intro-custom-metrics
- name: firewall-hit-count
resource: gcp.firewall
filters:
- type: metrics
name: firewallinsights.googleapis.com/subnet/firewall_hit_count
aligner: ALIGN_COUNT
days: 14
value: 1
op: greater-than
properties:
aligner:
enum:
- ALIGN_NONE
- ALIGN_DELTA
- ALIGN_RATE
- ALIGN_INTERPOLATE
- ALIGN_MIN
- ALIGN_MAX
- ALIGN_MEAN
- ALIGN_COUNT
- ALIGN_SUM
- REDUCE_COUNT_FALSE
- ALIGN_STDDEV
- ALIGN_COUNT_TRUE
- ALIGN_COUNT_FALSE
- ALIGN_FRACTION_TRUE
- ALIGN_PERCENTILE_99
- ALIGN_PERCENTILE_95
- ALIGN_PERCENTILE_50
- ALIGN_PERCENTILE_05
- ALIGN_PERCENT_CHANG
type: string
days:
type: number
filter:
type: string
group-by-fields:
items:
type: string
type: array
metric-key:
type: string
missing-value:
type: number
name:
type: string
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
type: string
reducer:
enum:
- REDUCE_NONE
- REDUCE_MEAN
- REDUCE_MIN
- REDUCE_MAX
- REDUCE_MEAN
- REDUCE_SUM
- REDUCE_STDDEV
- REDUCE_COUNT
- REDUCE_COUNT_TRUE
- REDUCE_COUNT_FALSE
- REDUCE_FRACTION_TRUE
- REDUCE_PERCENTILE_99
- REDUCE_PERCENTILE_95
- REDUCE_PERCENTILE_50
- REDUCE_PERCENTILE_05
type: string
type:
enum:
- metrics
value:
type: number
required:
- value
- name
- op
Permissions - monitoring.timeSeries.list
Actions
delete
Invoke an api call on each resource.
Quite a number of procedural actions are simply invoking an api call on a filtered set of resources. The exact handling is mostly boilerplate at that point following an 80/20 rule. This class is an encapsulation of the 80%.
properties:
type:
enum:
- delete
required:
- type
Permissions - iam.serviceAccounts.delete
disable
Invoke an api call on each resource.
Quite a number of procedural actions are simply invoking an api call on a filtered set of resources. The exact handling is mostly boilerplate at that point following an 80/20 rule. This class is an encapsulation of the 80%.
properties:
type:
enum:
- disable
required:
- type
Permissions - iam.serviceAccounts.disable
enable
Invoke an api call on each resource.
Quite a number of procedural actions are simply invoking an api call on a filtered set of resources. The exact handling is mostly boilerplate at that point following an 80/20 rule. This class is an encapsulation of the 80%.
properties:
type:
enum:
- enable
required:
- type
Permissions - iam.serviceAccounts.enable