Product logo
DocsBlogPricing

@turbot/gcp

The gcp mod contains resource, control and policy definitions for GCP GCP service.

Version
5.23.4
Released On
Feb 29, 2024
Depends On

Resource Types

Control Types

Policy Types

Release Notes

5.23.4 (2024-02-29)

Bug fixes

  • The GCP > Turbot > Event Handlers > Pub/Sub stack control previously attempted to create a topic and its IAM member incorrectly when the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy was set to Enforce: Unique Identity, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.

5.23.3 (2024-02-01)

Bug fixes

  • The Org policy details in the Project CMDB data will now be properly and consistently sorted.

5.23.2 (2024-01-16)

Bug fixes

  • The GCP > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the GCP > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

5.23.1 (2023-11-24)

Bug fixes

  • Added support to process enable and disable real-time events for Firebase Management API via Service Usage APIs.

5.23.0 (2023-11-03)

What's new?

  • Users can now set a Unique Writer Identity for Logging Sink created via the GCP > Turbot > Event Handlers stack. To get started, set the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy.

Policy Types

  • GCP > Turbot > Event Handlers > Logging > Unique Writer Identity

5.22.0 (2023-09-20)

What's new?

  • Added support for new multi-regions NAM8, NAM9, NAM10, NAM11, NAM12, NAM13, NAM14, NAM15, NAM-EUR-ASIA1, NAM-EUR-ASIA3, IN, EUR5, EUR6, EUROPE and EMEA in the GCP > Project > Regions policy.

Policy Types

Removed

  • GCP > Project > Multi-Regions [Deprecated]

5.21.0 (2023-09-15)

What's new?

  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Bug fixes

  • Added support for new europe-west10 region in the GCP > Project > Regions policy.

5.20.1 (2023-09-07)

Bug fixes

  • A few policy values would sometimes fail to evaluate correctly if the mod was installed on TE v5.42.1. We've fixed this issue and such policy values will now be evaluated correctly.

5.20.0 (2023-08-10)

What's new?

  • README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

Bug fixes

  • The GCP > Project > CMDB control would fail to trigger automatically if either of the GCP > Private Key or GCP > Client Email policy values were updated. This is now fixed.

5.19.0 (2023-08-07)

What's new?

  • Added support for new asia-south, australia-southeast, europe-west, northamerica-northeast, southamerica-west, us-east, us-south and us-west regions in the GCP > Project > Regions policy.

Bug fixes

  • The GCP > Turbot > Event Handlers and GCP > Turbot > Event Poller controls would fail to handle all events correctly if the filter pattern for the events would exceed 20K characters. This is fixed and all events will now be processed correctly as expected.

5.18.0 (2023-03-24)

Control Types

  • GCP > Project > Service APIs
  • GCP > Project > Service APIs > Approved

Policy Types

  • GCP > Project > Service APIs
  • GCP > Project > Service APIs > Approved
  • GCP > Project > Service APIs > Approved > Services

5.17.3 (2023-02-06)

Bug fixes

  • Added support for GCP > SecretManager service APIs.

5.17.2 (2023-01-17)

Bug fixes

  • We’ve made a few improvements in the GraphQL queries for GCP > Turbot > Event Handlers to make it lighter and faster than before. You won’t notice any difference and things should continue to run smoothly as expected.
  • Added support to process enable and disable real-time events for Data Pipelines and Cloud Run APIs.

5.17.1 (2022-11-25)

Bug fixes

  • Added support to process enable and disable real-time events for BigQuery API via Service Usage APIs.

5.17.0 (2022-10-21)

What's new?

  • The real-time event handlers will now also process update events for Organization Policy.

5.16.2 (2022-07-20)

Bug fixes

  • The GCP > Project > CMDB control would sometimes hit the API throttling limit and inadvertently trigger multiple times leading the control to an error state. We've removed unnecessary service API calls and the control will now work smoothly as expected.
  • Guardrails would sometimes fail to process real-time events for enabling or disabling service APIs in a project. This is fixed and the CMDB data for such services will now be updated correctly on listening to such real-time events.

5.16.1 (2022-06-01)

Bug fixes

  • We've updated descriptions for several controls to indicate their purpose better. There are no changes otherwise and things should continue to run smoothly, as expected.

5.16.0 (2021-07-29)

What's new?

  • The GCP > Turbot > Event Handlers > Logging > Terraform Version and GCP > Turbot > Event Handlers > Pub/Sub > Terraform Version policies will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

5.15.4 (2021-03-01)

Bug fixes

  • To reduce unnecessary processing, the GCP > Project > Event Poller action will now ignore any bucket read level events, e.g., storage.buckets.get, and all object events, e.g., storage.objects.create, storage.objects.get. These events are not used for any resource updates in the GCP > Storage mod, so the event poller can safely ignore them.

5.15.3 (2021-02-16)

Bug fixes

  • Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.

5.15.2 (2020-11-30)

Bug fixes

  • Enabling/Disabling a service in GCP wouldn't update its CMDB data automatically since GCP deprecated and removed support for the APIs that we used. We've made the switch to the new Enabling and Disabling service APIs and things should now work smoothly.

5.15.1 (2020-10-14)

Bug fixes

  • Sometimes the GCP > Project > Event Poller control would run less frequently than the interval set in the GCP > Project > Event Poller > Interval policy. We've updated this control to now ensure that it will run at least every 10 minutes (which is the maximum interval allowed in the policy) to prevent it from missing events.

5.15.0 (2020-09-22)

What's new?

  • We've added a new region type, GCP > Global Region, which is a special multi-region that is only used for certain services, like Dataproc and KMS. This region type will be created in CMDB for a given project if the global value is included in the GCP > Project > Region policy (the default values includes global).

    The GCP > Project > Multi-Regions policy has been deprecated, its title has been updated to GCP > Project > Multi-Regions [Deprecated], and it will be removed in the next major version. The GCP > Multi-Region > Discovery control will now use the GCP > Project > Regions policy to determine which multi-regions to create in CMDB for a given project (the default values include all current multi-regions).

    For backward compatibility, if any projects have an existing policy setting for the GCP > Project > Multi-Regions [Deprecated] policy, then the control will use this policy setting instead to determine which multi-regions to create in CMDB to provide a changeover window.

    We recommend migrating any existing policy settings for the GCP > Project > Multi-Regions policy to the GCP > Project > Regions policy to prevent any future incompatibilities.

Resource Types

  • GCP > Global Region

Control Types

  • GCP > Global Region > Discovery

Policy Types

Renamed

  • GCP > Project > Multi-Regions to GCP > Project > Multi-Regions [Deprecated]
  • GCP > Project > Regions [Default] to GCP > Project > Regions

5.14.2 (2020-09-16)

Bug fixes

  • Projects can now be imported at the Guardrails level (previously they could only be imported in a Guardrails folder).

5.14.1 (2020-09-07)

Bug fixes

  • The real-time event handling for GCP > Notebooks service API had an incorrect reference to GCP > Notebooks > CMDB control. This issue has now been fixed.

5.14.0 (2020-09-04)

What's new?

  • Added real-time event handling for GCP > Notebook service API updates.

5.13.0 (2020-08-28)

What's new?

  • Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
  • Added real-time event handling for GCP > Dataflow service API updates.

5.12.0 (2020-08-18)

Policy Types

  • GCP > Multi-Region > Stack > Terraform Version
  • GCP > Project > Stack > Terraform Version

5.11.0 (2020-08-05)

Policy Types

  • GCP > Turbot > Event Handlers > Logging > Terraform Version
  • GCP > Turbot > Event Handlers > Pub/Sub > Terraform Version

5.10.1 (2020-07-24)

Bug fixes

  • We've cleaned up our use of some deprecated GraphQL resolvers in the event handlers policies. There's no noticeable difference, but this will help us clean up some of our resolvers.

5.10.0 (2020-07-21)

What's new?

  • Various policies have been added for defining trusted IAM resources, like users, groups, and service accounts, in preparation for upcoming trusted access controls. Upcoming mod versions for gcp-iam and gcp-storage will have controls that use these new policies as default lists of who or what should be trusted.

Policy Types

  • GCP > Project > Trusted Domains [Default]
  • GCP > Project > Trusted Groups [Default]
  • GCP > Project > Trusted Projects [Default]
  • GCP > Project > Trusted Service Accounts [Default]
  • GCP > Project > Trusted Users [Default]

5.9.0 (2020-07-17)

What's new?

  • Projects now contain information about any associated organizational policies under the orgPolicyMap and effectiveOrgPolicyMap properties.

Bug fixes

  • The GCP > Turbot > Pub/Sub > Event Handlers control would sometimes delete resources it had previously created when the GCP> Turbot> Event Handlers> Pub/Sub policy was set from Enforce: Configured to Skip. This has now been fixed and the control will not make any changes to existing resources when set to Skip.

5.8.1 (2020-06-26)

Bug fixes

  • Fixed an invalid reference in the default value calculation for the GCP > Project > Labels > Template policy.
  • Earlier the default value of GCP > Turbot > Event Poller policy was Disabled. Now the Event Poller policy checks if GCP > Turbot > Event Handlers policy is set to Enforce: Configured then it remains Disabled otherwise it defaults to Enabled.

5.8.0 (2020-06-24)

What's new?

  • Multi-Regional resources can now be easily created by configuring a custom stack as per GCP > Multi-Region > Stack > Source policy.

Control Types

  • GCP > Multi-Region > Stack

Policy Types

  • GCP > Multi-Region > Stack
  • GCP > Multi-Region > Stack > Secret Variables
  • GCP > Multi-Region > Stack > Source
  • GCP > Multi-Region > Stack > Variables
  • GCP > Project > Stack > Secret Variables
  • GCP > Project > Stack > Variables

5.7.0 (2020-06-19)

What's new?

  • In gcp-computeengine (5.2.1) we fixed a bug that caused some GCP > Compute Engine > Disks to be created in CMDB with the disk name missing in their AKAs. To automatically cleanup and delete these invalid disk CMDB entries, we have added the GCP > Project > Resource AKA Cleanup control. The GCP > Project > Resource AKA Cleanup policy is set to Enforce: Delete by default and it is recommended to leave this policy as Enforce: Delete to ensure all invalid resources are deleted.

Control Types

  • GCP > Project > Resource AKA Cleanup

Policy Types

  • GCP > Project > Resource AKA Cleanup

5.6.0 (2020-06-10)

Control Types

  • GCP > Project > Labels

Policy Types

  • GCP > Project > Labels
  • GCP > Project > Labels > Template
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp

Action Types

  • GCP > Project > Router
  • GCP > Project > Set Labels

5.5.0 (2020-06-02)

What's new?

  • GCP > Project > Project Event Handler and GCP > Project > Project Raw Event Handler action types are now set to run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.4.0 (2020-05-28)

What's new?

  • Updated various resource configurations in preparation for upcoming maintenance window features.

5.3.0 (2020-05-15)

What's new?

  • Guardrails now supports asia-northeast2, asia-northeast3, europe-west6, us-west2, us-west3, us-west4 GCP regions.

5.2.0 (2020-05-08)

What's new?

  • Added real-time event handling for GCP > Build , GCP > Memorystore, and GCP > Data Catalog service API updates.

Bug fixes

  • Service API update events for GCP > Composer and GCP > Scheduler were not being handled properly, so the CMDB entries for these services were often out of date. This has been fixed and updates are now handled accordingly.

Control Types

Removed

  • GCP > Mapping Test Stack

Policy Types

Removed

  • GCP > Region > Mapping Test Stack
  • GCP > Region > Mapping Test Stack > Source

5.1.1 (2020-04-27)

Bug fixes

  • Now the GCP > Region > Discovery control will only upsert the regions present in the GCP > Project > Regions [Default] policy.

5.1.0 (2020-04-13)

What's new?

  • API enabled status for all services is now included in CMDB entry for the project.

5.0.0 (2020-03-26)

Resource Types

  • GCP
  • GCP > Folder
  • GCP > Multi-Region
  • GCP > Organization
  • GCP > Project
  • GCP > Region
  • GCP > Zone

Control Types

  • GCP > Folder > CMDB
  • GCP > Folder > Discovery
  • GCP > Mapping Test Stack
  • GCP > Multi-Region > Discovery
  • GCP > Organization > CMDB
  • GCP > Project > CMDB
  • GCP > Project > Discovery
  • GCP > Project > Stack
  • GCP > Region > Discovery
  • GCP > Region > Stack
  • GCP > Turbot
  • GCP > Turbot > Event Handlers
  • GCP > Turbot > Event Handlers > Logging
  • GCP > Turbot > Event Handlers > Pub/Sub
  • GCP > Turbot > Event Poller
  • GCP > Zone > Discovery

Policy Types

  • GCP > Client Email
  • GCP > Data Protection
  • GCP > Data Protection > Minimum Schedule [Default]
  • GCP > Data Protection > Schedule [Default]
  • GCP > Folder > CMDB
  • GCP > Organization > CMDB
  • GCP > Private Key
  • GCP > Project > Approved Regions [Default]
  • GCP > Project > CMDB
  • GCP > Project > Labels Template [Default]
  • GCP > Project > Multi-Regions
  • GCP > Project > Regions [Default]
  • GCP > Project > Stack
  • GCP > Project > Stack > Source
  • GCP > Region > Mapping Test Stack
  • GCP > Region > Mapping Test Stack > Source
  • GCP > Region > Stack
  • GCP > Region > Stack > Source
  • GCP > Turbot
  • GCP > Turbot > Event Handlers
  • GCP > Turbot > Event Handlers > Logging
  • GCP > Turbot > Event Handlers > Logging > Sink
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter
  • GCP > Turbot > Event Handlers > Logging > Sink > Destination Topic
  • GCP > Turbot > Event Handlers > Logging > Sink > Name Prefix
  • GCP > Turbot > Event Handlers > Logging > Source
  • GCP > Turbot > Event Handlers > Pub/Sub
  • GCP > Turbot > Event Handlers > Pub/Sub > Source
  • GCP > Turbot > Event Handlers > Pub/Sub > Subscription
  • GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Labels
  • GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Name Prefix
  • GCP > Turbot > Event Handlers > Pub/Sub > Topic
  • GCP > Turbot > Event Handlers > Pub/Sub > Topic > Name Prefix
  • GCP > Turbot > Event Poller
  • GCP > Turbot > Event Poller > Filter
  • GCP > Turbot > Event Poller > Interval
  • GCP > Turbot > Event Poller > Window

Action Types

  • GCP > Project > Event Poller
  • GCP > Project > Project Event Handler
  • GCP > Project > Project Raw Event Handler
  • GCP > Project > Service API Router