@turbot/gcp-dataproc

The gcp-dataproc mod contains resource, control and policy definitions for GCP Dataproc service.

Recommended Version

Version

5.8.1

Released On

Mar 02, 2024

Depends On

@turbot/gcp ^5.15.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.0.0
@turbot/gcp-iam ^5.0.0

Resource Types

Control Types

Policy Types

Release Notes

5.8.1 (2024-03-02)

Bug fixes

Previously, Guardrails unnecessarily listened to and processed real-time lists events for various Dataproc resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

5.8.0 (2024-02-07)

What's new?

We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include createdBy details in Turbot CMDB.

5.7.1 (2023-03-27)

Bug fixes

We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.7.0 (2022-11-01)

What's new?

Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Policy Types

GCP > Dataproc > Cluster > Approved > Custom
GCP > Dataproc > Job > Approved > Custom
GCP > Dataproc > Workflow Template > Approved > Custom

5.6.0 (2021-12-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

5.5.0 (2021-03-09)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

5.4.2 (2020-12-10)

Bug fixes

We've updated the GCP > * > Set API Enabled actions to use the latest API calls when checking the state of the service in the GCP project. There's no noticeable difference, but things should run smoother now.

5.4.1 (2020-11-10)

Bug fixes

We've updated the Discovery controls for resources to now move to skipped instead of invalid if the service API is disabled in the project and the GCP > {service} > API Enabled policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.

5.4.0 (2020-09-30)

What's new?

Clusters and workflow templates created in the special global multi-region are now discovered and created in CMDB, similar to those created in the standard regions. Please note that support for the GCP > Global Region resource type is only available in gcp (5.15.0) and later.
We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.3.0 (2020-09-01)

What's new?

Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.2.0 (2020-08-13)

What's new?

We now support controlling access for jobs, clusters and workflow templates to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts.
To get started with this new control, please see the GCP > Dataproc > Job > Policy > Trusted Access, GCP > Dataproc > Cluster > Policy > Trusted Access and GCP > Dataproc > Workflow Template > Policy > Trusted Access policies and all of their sub-policies to specify which IAM resources are allowed to access your jobs, clusters and workflow templates.

Bug fixes

We’ve made improvements to our GraphQL input queries for various controls and actions. You won’t notice any differences, but things should run smoother and quicker than before.

Control Types

GCP > Dataproc > Cluster > Policy
GCP > Dataproc > Cluster > Policy > Trusted Access
GCP > Dataproc > Job > Policy
GCP > Dataproc > Job > Policy > Trusted Access
GCP > Dataproc > Workflow Template > Policy
GCP > Dataproc > Workflow Template > Policy > Trusted Access

Policy Types

GCP > Dataproc > Cluster > Policy
GCP > Dataproc > Cluster > Policy > Trusted Access
GCP > Dataproc > Cluster > Policy > Trusted Access > Domains
GCP > Dataproc > Cluster > Policy > Trusted Access > Groups
GCP > Dataproc > Cluster > Policy > Trusted Access > Service Accounts
GCP > Dataproc > Cluster > Policy > Trusted Access > Users
GCP > Dataproc > Job > Policy
GCP > Dataproc > Job > Policy > Trusted Access
GCP > Dataproc > Job > Policy > Trusted Access > Domains
GCP > Dataproc > Job > Policy > Trusted Access > Groups
GCP > Dataproc > Job > Policy > Trusted Access > Service Accounts
GCP > Dataproc > Job > Policy > Trusted Access > Users
GCP > Dataproc > Trusted Domains [Default]
GCP > Dataproc > Trusted Groups [Default]
GCP > Dataproc > Trusted Service Accounts [Default]
GCP > Dataproc > Trusted Users [Default]
GCP > Dataproc > Workflow Template > Policy
GCP > Dataproc > Workflow Template > Policy > Trusted Access
GCP > Dataproc > Workflow Template > Policy > Trusted Access > Domains
GCP > Dataproc > Workflow Template > Policy > Trusted Access > Groups
GCP > Dataproc > Workflow Template > Policy > Trusted Access > Service Accounts
GCP > Dataproc > Workflow Template > Policy > Trusted Access > Users

Action Types

GCP > Dataproc > Cluster > Set Trusted Access
GCP > Dataproc > Job > Set Trusted Access
GCP > Dataproc > Workflow Template > Set Trusted Access

5.1.5 (2020-07-24)

Bug fixes

Active controls for all resources were not calling the delete action properly, which meant inactive resources were not being deleted when the policy was set to enforce deletions. This has been fixed and inactive resources will now be cleaned up again.

5.1.4 (2020-06-03)

What's new?

All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.1.3 (2020-05-15)

Bug fixes

Several permissions did not have grant levels assigned, so when this service was enabled, the IAM permission model would be unable to calculate the full permission set across all services. The missing grant levels have been added and permission calculations are now running smoothly again.

5.1.2 (2020-05-06)

Bug fixes

While importing a GCP project, sometimes resources' Discovery controls would get stuck in an Invalid state due to incorrectly configured dependencies. This has been fixed and project imports should be smooth again.

5.1.1 (2020-04-17)

Bug fixes

Several resources that have an IAM policy had an incomplete schema, which prevented the iamPolicy attribute from being used in calculated policies. This has been fixed.

5.1.0 (2020-04-13)

What's new?

Services can now be enabled as Metadata only, restricting users to only use metadata level permissions.

Bug fixes

Many calculations for Permissions > Compiled > Service Permissions were in error due to a missing library. This is now fixed.

5.0.0 (2020-04-03)

Resource Types

GCP > Dataproc
GCP > Dataproc > Cluster
GCP > Dataproc > Job
GCP > Dataproc > Workflow Template

Control Types

GCP > Dataproc > API Enabled
GCP > Dataproc > CMDB
GCP > Dataproc > Cluster > Active
GCP > Dataproc > Cluster > Approved
GCP > Dataproc > Cluster > CMDB
GCP > Dataproc > Cluster > Discovery
GCP > Dataproc > Cluster > Labels
GCP > Dataproc > Cluster > Usage
GCP > Dataproc > Discovery
GCP > Dataproc > Job > Active
GCP > Dataproc > Job > Approved
GCP > Dataproc > Job > CMDB
GCP > Dataproc > Job > Discovery
GCP > Dataproc > Job > Labels
GCP > Dataproc > Job > Usage
GCP > Dataproc > Workflow Template > Active
GCP > Dataproc > Workflow Template > Approved
GCP > Dataproc > Workflow Template > CMDB
GCP > Dataproc > Workflow Template > Discovery
GCP > Dataproc > Workflow Template > Labels
GCP > Dataproc > Workflow Template > Usage

Policy Types

GCP > Dataproc > API Enabled
GCP > Dataproc > Approved Regions [Default]
GCP > Dataproc > CMDB
GCP > Dataproc > Cluster > Active
GCP > Dataproc > Cluster > Active > Age
GCP > Dataproc > Cluster > Active > Last Modified
GCP > Dataproc > Cluster > Approved
GCP > Dataproc > Cluster > Approved > Encryption at Rest
GCP > Dataproc > Cluster > Approved > Encryption at Rest > Customer Managed Key
GCP > Dataproc > Cluster > Approved > Regions
GCP > Dataproc > Cluster > Approved > Usage
GCP > Dataproc > Cluster > CMDB
GCP > Dataproc > Cluster > Labels
GCP > Dataproc > Cluster > Labels > Template
GCP > Dataproc > Cluster > Regions
GCP > Dataproc > Cluster > Usage
GCP > Dataproc > Cluster > Usage > Limit
GCP > Dataproc > Enabled
GCP > Dataproc > Job > Active
GCP > Dataproc > Job > Active > Age
GCP > Dataproc > Job > Active > Last Modified
GCP > Dataproc > Job > Approved
GCP > Dataproc > Job > Approved > Regions
GCP > Dataproc > Job > Approved > Usage
GCP > Dataproc > Job > CMDB
GCP > Dataproc > Job > Labels
GCP > Dataproc > Job > Labels > Template
GCP > Dataproc > Job > Regions
GCP > Dataproc > Job > Usage
GCP > Dataproc > Job > Usage > Limit
GCP > Dataproc > Labels Template [Default]
GCP > Dataproc > Permissions
GCP > Dataproc > Permissions > Levels
GCP > Dataproc > Permissions > Levels > Modifiers
GCP > Dataproc > Regions [Default]
GCP > Dataproc > Workflow Template > Active
GCP > Dataproc > Workflow Template > Active > Age
GCP > Dataproc > Workflow Template > Active > Last Modified
GCP > Dataproc > Workflow Template > Approved
GCP > Dataproc > Workflow Template > Approved > Regions
GCP > Dataproc > Workflow Template > Approved > Usage
GCP > Dataproc > Workflow Template > CMDB
GCP > Dataproc > Workflow Template > Labels
GCP > Dataproc > Workflow Template > Labels > Template
GCP > Dataproc > Workflow Template > Regions
GCP > Dataproc > Workflow Template > Usage
GCP > Dataproc > Workflow Template > Usage > Limit
GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-dataproc
GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-dataproc
GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-dataproc

Action Types

GCP > Dataproc > Cluster > Delete
GCP > Dataproc > Cluster > Router
GCP > Dataproc > Cluster > Set Labels
GCP > Dataproc > Job > Delete
GCP > Dataproc > Job > Router
GCP > Dataproc > Job > Set Labels
GCP > Dataproc > Set API Enabled
GCP > Dataproc > Workflow Template > Delete
GCP > Dataproc > Workflow Template > Router
GCP > Dataproc > Workflow Template > Set Labels