gcp.spanner-database-instance

GCP resource: https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances.databases

Filters

iam-policy

Overrides the base implementation to process spanner database resources correctly.

properties:
  doc:
    additionalProperties: false
    properties:
      default:
        type: object
      key:
        type: string
      op:
        enum:
        - eq
        - equal
        - ne
        - not-equal
        - gt
        - greater-than
        - ge
        - gte
        - le
        - lte
        - lt
        - less-than
        - glob
        - regex
        - regex-case
        - in
        - ni
        - not-in
        - contains
        - difference
        - intersect
      type:
        enum:
        - value
      value:
        oneOf:
        - type: array
        - type: string
        - type: boolean
        - type: number
        - type: 'null'
      value_from:
        additionalProperties: 'False'
        properties:
          expr:
            oneOf:
            - type: integer
            - type: string
          format:
            enum:
            - csv
            - json
            - txt
            - csv2dict
          headers:
            patternProperties:
              ? ''
              : type: string
            type: object
          url:
            type: string
        required:
        - url
        type: object
      value_path:
        type: string
      value_regex:
        type: string
      value_type:
        enum:
        - age
        - integer
        - expiration
        - normalize
        - size
        - cidr
        - cidr_size
        - swap
        - resource_count
        - expr
        - unique_size
        - date
        - version
        - float
    type: object
  type:
    enum:
    - iam-policy
  user-role:
    additionalProperties: false
    properties:
      has:
        type: boolean
      role:
        type: string
      user:
        type: string
    required:
    - user
    - role
    type: object
required:
- type

Permissions - spanner.databases.getIamPolicy

metrics

Supports metrics filters on resources.

All resources that have cloud watch metrics are supported.

Docs on cloud watch metrics

- name: firewall-hit-count
  resource: gcp.firewall
  filters:
  - type: metrics
    name: firewallinsights.googleapis.com/subnet/firewall_hit_count
    aligner: ALIGN_COUNT
    days: 14
    value: 1
    op: greater-than
properties:
  aligner:
    enum:
    - ALIGN_NONE
    - ALIGN_DELTA
    - ALIGN_RATE
    - ALIGN_INTERPOLATE
    - ALIGN_MIN
    - ALIGN_MAX
    - ALIGN_MEAN
    - ALIGN_COUNT
    - ALIGN_SUM
    - REDUCE_COUNT_FALSE
    - ALIGN_STDDEV
    - ALIGN_COUNT_TRUE
    - ALIGN_COUNT_FALSE
    - ALIGN_FRACTION_TRUE
    - ALIGN_PERCENTILE_99
    - ALIGN_PERCENTILE_95
    - ALIGN_PERCENTILE_50
    - ALIGN_PERCENTILE_05
    - ALIGN_PERCENT_CHANG
    type: string
  days:
    type: number
  filter:
    type: string
  group-by-fields:
    items:
      type: string
    type: array
  metric-key:
    type: string
  missing-value:
    type: number
  name:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
    type: string
  reducer:
    enum:
    - REDUCE_NONE
    - REDUCE_MEAN
    - REDUCE_MIN
    - REDUCE_MAX
    - REDUCE_MEAN
    - REDUCE_SUM
    - REDUCE_STDDEV
    - REDUCE_COUNT
    - REDUCE_COUNT_TRUE
    - REDUCE_COUNT_FALSE
    - REDUCE_FRACTION_TRUE
    - REDUCE_PERCENTILE_99
    - REDUCE_PERCENTILE_95
    - REDUCE_PERCENTILE_50
    - REDUCE_PERCENTILE_05
    type: string
  type:
    enum:
    - metrics
  value:
    type: number
required:
- value
- name
- op

Permissions - monitoring.timeSeries.list

Actions

delete

The action is used for databases deleting.

GCP action is https://cloud.google.com/spanner/docs

/reference/rest/v1/projects.instances.databases/dropDatabase.

Example:

policies:
  - name: gcp-spanner-instance-databases-delete
    resource: gcp.spanner-database-instance
    filters:
      - type: value
        key: name
        op: contains
        value: dev
    actions:
      - type: delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - spanner.databases.drop