@turbot/gcp-spanner
The gcp-spanner mod contains resource, control and policy definitions for GCP Spanner service.
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Resource Types
Control Types
- GCP > Spanner > API Enabled
- GCP > Spanner > CMDB
- GCP > Spanner > Database > Active
- GCP > Spanner > Database > Approved
- GCP > Spanner > Database > CMDB
- GCP > Spanner > Database > Discovery
- GCP > Spanner > Database > Usage
- GCP > Spanner > Discovery
- GCP > Spanner > Instance > Active
- GCP > Spanner > Instance > Approved
- GCP > Spanner > Instance > CMDB
- GCP > Spanner > Instance > Discovery
- GCP > Spanner > Instance > Labels
- GCP > Spanner > Instance > Policy
- GCP > Spanner > Instance > Policy > Trusted Access
- GCP > Spanner > Instance > Usage
Policy Types
- GCP > Spanner > API Enabled
- GCP > Spanner > Approved Regions [Default]
- GCP > Spanner > CMDB
- GCP > Spanner > Database > Active
- GCP > Spanner > Database > Active > Age
- GCP > Spanner > Database > Active > Last Modified
- GCP > Spanner > Database > Approved
- GCP > Spanner > Database > Approved > Custom
- GCP > Spanner > Database > Approved > Encryption at Rest
- GCP > Spanner > Database > Approved > Encryption at Rest > Customer Managed Key
- GCP > Spanner > Database > Approved > Regions
- GCP > Spanner > Database > Approved > Usage
- GCP > Spanner > Database > CMDB
- GCP > Spanner > Database > Regions
- GCP > Spanner > Database > Usage
- GCP > Spanner > Database > Usage > Limit
- GCP > Spanner > Enabled
- GCP > Spanner > Instance > Active
- GCP > Spanner > Instance > Active > Age
- GCP > Spanner > Instance > Active > Last Modified
- GCP > Spanner > Instance > Approved
- GCP > Spanner > Instance > Approved > Custom
- GCP > Spanner > Instance > Approved > Regions
- GCP > Spanner > Instance > Approved > Usage
- GCP > Spanner > Instance > CMDB
- GCP > Spanner > Instance > Labels
- GCP > Spanner > Instance > Labels > Template
- GCP > Spanner > Instance > Policy
- GCP > Spanner > Instance > Policy > Trusted Access
- GCP > Spanner > Instance > Policy > Trusted Access > Domains
- GCP > Spanner > Instance > Policy > Trusted Access > Groups
- GCP > Spanner > Instance > Policy > Trusted Access > Projects
- GCP > Spanner > Instance > Policy > Trusted Access > Service Accounts
- GCP > Spanner > Instance > Policy > Trusted Access > Users
- GCP > Spanner > Instance > Regions
- GCP > Spanner > Instance > Usage
- GCP > Spanner > Instance > Usage > Limit
- GCP > Spanner > Labels Template [Default]
- GCP > Spanner > Permissions
- GCP > Spanner > Permissions > Levels
- GCP > Spanner > Permissions > Levels > Modifiers
- GCP > Spanner > Regions
- GCP > Spanner > Trusted Domains [Default]
- GCP > Spanner > Trusted Groups [Default]
- GCP > Spanner > Trusted Projects [Default]
- GCP > Spanner > Trusted Service Accounts [Default]
- GCP > Spanner > Trusted Users [Default]
- GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-spanner
- GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-spanner
- GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-spanner
Release Notes
5.8.0 (2024-02-06)
What's new?
- Resource's metadata will now also include
createdBy
details in Turbot CMDB. - We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.7.1 (2023-03-23)
Bug fixes
- We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.7.0 (2023-01-16)
What's new?
- Users can now create their own custom checks against resource attributes in the Approved control using the
Approved > Custom
policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.
Resource Types
- GCP > Spanner > Database
Control Types
- GCP > Spanner > Database > Active
- GCP > Spanner > Database > Approved
- GCP > Spanner > Database > CMDB
- GCP > Spanner > Database > Discovery
- GCP > Spanner > Database > Usage
Policy Types
- GCP > Spanner > Database > Active
- GCP > Spanner > Database > Active > Age
- GCP > Spanner > Database > Active > Last Modified
- GCP > Spanner > Database > Approved
- GCP > Spanner > Database > Approved > Custom
- GCP > Spanner > Database > Approved > Encryption at Rest
- GCP > Spanner > Database > Approved > Encryption at Rest > Customer Managed Key
- GCP > Spanner > Database > Approved > Regions
- GCP > Spanner > Database > Approved > Usage
- GCP > Spanner > Database > CMDB
- GCP > Spanner > Database > Regions
- GCP > Spanner > Database > Usage
- GCP > Spanner > Database > Usage > Limit
- GCP > Spanner > Instance > Approved > Custom
Action Types
- GCP > Spanner > Database > Delete
- GCP > Spanner > Database > Router
5.6.0 (2021-08-10)
What's new?
- We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
Bug fixes
- We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.
5.5.0 (2021-03-03)
What's new?
- We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
5.4.2 (2020-12-03)
Bug fixes
- We've updated the
GCP > * > Set API Enabled
actions to use the latest API calls when checking the state of the service in the GCP project. There's no noticeable difference, but things should run smoother now.
5.4.1 (2020-10-30)
Bug fixes
- We've updated the Discovery controls for resources to now move to
skipped
instead ofinvalid
if the service API is disabled in the project and theGCP > {service} > API Enabled
policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.
5.4.0 (2020-09-15)
What's new?
- We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to
Skip
, its Active control will move toinvalid
to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
5.3.0 (2020-08-28)
What's new?
- Discovery controls now have their own control category,
CMDB > Discovery
, to allow for easier filtering separately from other CMDB controls. - We've renamed the service's default regions policy from
Regions [Default]
toRegions
to be consistent with our other regions policies.
5.2.0 (2020-08-13)
What's new?
We now support controlling access for instances to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts.
To get started with this new control, please see the
GCP > Spanner > Instance > Policy > Trusted Access
policy and all of its sub-policies to specify which IAM resources are allowed to access your instances.
Control Types
- GCP > Spanner > Instance > Policy
- GCP > Spanner > Instance > Policy > Trusted Access
Policy Types
- GCP > Spanner > Instance > Policy
- GCP > Spanner > Instance > Policy > Trusted Access
- GCP > Spanner > Instance > Policy > Trusted Access > Domains
- GCP > Spanner > Instance > Policy > Trusted Access > Groups
- GCP > Spanner > Instance > Policy > Trusted Access > Projects
- GCP > Spanner > Instance > Policy > Trusted Access > Service Accounts
- GCP > Spanner > Instance > Policy > Trusted Access > Users
- GCP > Spanner > Trusted Domains [Default]
- GCP > Spanner > Trusted Groups [Default]
- GCP > Spanner > Trusted Projects [Default]
- GCP > Spanner > Trusted Service Accounts [Default]
- GCP > Spanner > Trusted Users [Default]
Action Types
- GCP > Spanner > Instance > Set Trusted Access
5.1.6 (2020-08-10)
Bug fixes
- We’ve made improvements to our GraphQL input queries for various controls and actions. You won’t notice any differences, but things should run smoother and quicker than before.
5.1.5 (2020-07-23)
Bug fixes
- Active controls for all resources were not calling the delete action properly, which meant inactive resources were not being deleted when the policy was set to enforce deletions. This has been fixed and inactive resources will now be cleaned up again.
5.1.4 (2020-06-02)
What's new?
- All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.
5.1.3 (2020-05-14)
Bug fixes
- Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.
5.1.2 (2020-05-06)
Bug fixes
- While importing a GCP project, sometimes resources' Discovery controls would get stuck in an Invalid state due to incorrectly configured dependencies. This has been fixed and project imports should be smooth again.
5.1.1 (2020-04-17)
Bug fixes
- Several resources that have an IAM policy had an incomplete schema, which prevented the
iamPolicy
attribute from being used in calculated policies. This has been fixed.
5.1.0 (2020-04-13)
What's new?
- Services can now be enabled as Metadata only, restricting users to only use metadata level permissions.
Bug fixes
- Many calculations for
Permissions > Compiled > Service Permissions
were in error due to a missing library. This is now fixed.
5.0.0 (2020-04-03)
Resource Types
- GCP > Spanner
- GCP > Spanner > Instance
Control Types
- GCP > Spanner > API Enabled
- GCP > Spanner > CMDB
- GCP > Spanner > Discovery
- GCP > Spanner > Instance > Active
- GCP > Spanner > Instance > Approved
- GCP > Spanner > Instance > CMDB
- GCP > Spanner > Instance > Discovery
- GCP > Spanner > Instance > Labels
- GCP > Spanner > Instance > Usage
Policy Types
- GCP > Spanner > API Enabled
- GCP > Spanner > Approved Regions [Default]
- GCP > Spanner > CMDB
- GCP > Spanner > Enabled
- GCP > Spanner > Instance > Active
- GCP > Spanner > Instance > Active > Age
- GCP > Spanner > Instance > Active > Last Modified
- GCP > Spanner > Instance > Approved
- GCP > Spanner > Instance > Approved > Regions
- GCP > Spanner > Instance > Approved > Usage
- GCP > Spanner > Instance > CMDB
- GCP > Spanner > Instance > Labels
- GCP > Spanner > Instance > Labels > Template
- GCP > Spanner > Instance > Regions
- GCP > Spanner > Instance > Usage
- GCP > Spanner > Instance > Usage > Limit
- GCP > Spanner > Labels Template [Default]
- GCP > Spanner > Permissions
- GCP > Spanner > Permissions > Levels
- GCP > Spanner > Permissions > Levels > Modifiers
- GCP > Spanner > Regions [Default]
- GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-spanner
- GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-spanner
- GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-spanner
Action Types
- GCP > Spanner > Instance > Delete
- GCP > Spanner > Instance > Router
- GCP > Spanner > Instance > Set Labels
- GCP > Spanner > Set API Enabled