Product logo
DocsBlogPricing

@turbot/gcp-storage

The gcp-storage mod contains resource, control and policy definitions for GCP Storage service.

Version
5.11.1
Released On
Mar 08, 2024
Depends On

Resource Types

Control Types

Policy Types

Release Notes

5.11.1 (2024-03-08)

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various storage resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

5.11.0 (2024-02-01)

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.10.0 (2023-06-28)

What's new?

  • README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

Bug fixes

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.9.0 (2023-06-06)

What's new?

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

5.8.1 (2022-11-25)

Bug fixes

  • The GCP > Storage > Bucket > CMDB control would go into an error state if Turbot had insufficient permissions to fetch policy details for a Bucket. This is fixed and the control will now work as expected.

5.8.0 (2022-02-17)

What's new?

  • Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

  • We've improved the process of deleting resources from Turbot if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Guardrails' IAM role while deleting resources from Turbot. This will allow the CMDB controls to process resource deletions from Turbot more reliably than before.

Policy Types

  • GCP > Storage > Bucket > Approved > Custom
  • GCP > Storage > Object > Approved > Custom

5.7.0 (2021-07-30)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We’ve made a few improvements in the GraphQL queries for various controls, policies, and actions. You won’t notice any difference, but things should run lighter and quicker than before.

5.6.1 (2021-03-19)

Bug fixes

  • The real-time event storage.buckets.getIamPolicy will now be filtered out to reduce unnecessary noise caused by the processing of such events in Turbot.

5.6.0 (2021-02-24)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • The real-time event handlers for buckets would incorrectly trigger the GCP > Storage > Bucket > CMDB control after receiving the storage.objects.create and storage.objects.delete events, even though these events do not affect a bucket's CMDB data. This has been fixed and now the CMDB control is only triggered when it needs to be.

5.5.2 (2021-01-20)

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.
  • We've updated the GCP > * > Set API Enabled actions to use the latest API calls when checking the state of the service in the GCP project. There's no noticeable difference, but things should run smoother now.

5.5.1 (2020-10-30)

Bug fixes

  • We've updated the Discovery controls for resources to now move to skipped instead of invalid if the service API is disabled in the project and the GCP > {service} > API Enabled policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.

5.5.0 (2020-09-15)

What's new?

  • We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.4.0 (2020-08-28)

What's new?

  • Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.

5.3.0 (2020-08-13)

What's new?

  • The Access Level settings required for GCP > Storage > Bucket can now be easily managed using GCP > Storage > Bucket > Access Control policies and controls

Bug fixes

  • Whenever uniform bucket object-level access was enabled for a storage bucket, then it's corresponding CMDB control would remain in an error state. This issue has now been fixed.

Control Types

  • GCP > Storage > Bucket > Access Control

Policy Types

  • GCP > Storage > Bucket > Access Control

Action Types

  • GCP > Storage > Bucket > Update Access Control

5.2.1 (2020-08-10)

Bug fixes

  • We’ve made improvements to our GraphQL input queries for various controls and actions. You won’t notice any differences, but things should run smoother and quicker than before.

5.2.0 (2020-07-29)

What's new?

  • We now support controlling access for buckets to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts.

    To get started with this new control, please see the GCP > Storage > Bucket > Policy > Trusted Access policy and all of its sub-policies to specify which IAM resources are allowed to access your buckets.

Control Types

  • GCP > Storage > Bucket > Policy
  • GCP > Storage > Bucket > Policy > Trusted Access

Policy Types

  • GCP > Storage > Bucket > Policy
  • GCP > Storage > Bucket > Policy > Trusted Access
  • GCP > Storage > Bucket > Policy > Trusted Access > All Authenticated
  • GCP > Storage > Bucket > Policy > Trusted Access > All Users
  • GCP > Storage > Bucket > Policy > Trusted Access > Domains
  • GCP > Storage > Bucket > Policy > Trusted Access > Groups
  • GCP > Storage > Bucket > Policy > Trusted Access > Projects
  • GCP > Storage > Bucket > Policy > Trusted Access > Service Accounts
  • GCP > Storage > Bucket > Policy > Trusted Access > Users

Action Types

  • GCP > Storage > Bucket > Set Trusted Access

5.1.8 (2020-07-24)

Bug fixes

  • Active controls for all resources were not calling the delete action properly, which meant inactive resources were not being deleted when the policy was set to enforce deletions. This has been fixed and inactive resources will now be cleaned up again.

5.1.7 (2020-07-22)

Bug fixes

  • GCP > Storage > Bucket > CMDB now stores the bucket's default object ACL information in the defaultObjectAcl property.

5.1.6 (2020-07-16)

Bug fixes

  • We have removed the hasData property from the bucket resource type, as this property was always out of date and inaccurate. In a future release, we plan to track if a bucket has any objects more accurately and make this data available again.

5.1.5 (2020-06-10)

Bug fixes

  • Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.

5.1.4 (2020-06-02)

What's new?

  • All resource Router actions now run even if Turbot is outside of its allowed change window. This allows Turbot to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.1.3 (2020-05-14)

Bug fixes

  • Although the data validation errors, which appear in various CMDB and Discovery controls, are not blockers, they look ugly in the UI and should be cleaned up. These errors have now been fixed.

5.1.2 (2020-05-06)

Bug fixes

  • While importing a GCP project, sometimes resources' Discovery controls would get stuck in an Invalid state due to incorrectly configured dependencies. This has been fixed and project imports should be smooth again.

5.1.1 (2020-05-01)

Bug fixes

  • The Object > CMDB control was not setting resource data correctly, resulting in no data being stored. This has been fixed and the control is now behaving properly.

5.1.0 (2020-04-13)

What's new?

  • Services can now be enabled as Metadata only, restricting users to only use metadata level permissions.

Bug fixes

  • Object CMDB policy's default value has been changed from "Enforce: Enabled if Storage API is enabled" to "Skip" to reduce noise and allow users to opt-in to storing object CMDB data.
  • Many calculations for Permissions > Compiled > Service Permissions were in error due to a missing library. This is now fixed.

5.0.0 (2020-04-03)

Resource Types

  • GCP > Storage
  • GCP > Storage > Bucket
  • GCP > Storage > Object

Control Types

  • GCP > Storage > API Enabled
  • GCP > Storage > Bucket > Active
  • GCP > Storage > Bucket > Approved
  • GCP > Storage > Bucket > CMDB
  • GCP > Storage > Bucket > Discovery
  • GCP > Storage > Bucket > Encryption at Rest
  • GCP > Storage > Bucket > Labels
  • GCP > Storage > Bucket > Usage
  • GCP > Storage > Bucket > Versioning
  • GCP > Storage > CMDB
  • GCP > Storage > Discovery
  • GCP > Storage > Object > Active
  • GCP > Storage > Object > Approved
  • GCP > Storage > Object > CMDB
  • GCP > Storage > Object > Discovery

Policy Types

  • GCP > Storage > API Enabled
  • GCP > Storage > Approved Regions [Default]
  • GCP > Storage > Bucket > Active
  • GCP > Storage > Bucket > Active > Age
  • GCP > Storage > Bucket > Active > Last Modified
  • GCP > Storage > Bucket > Approved
  • GCP > Storage > Bucket > Approved > Regions
  • GCP > Storage > Bucket > Approved > Usage
  • GCP > Storage > Bucket > CMDB
  • GCP > Storage > Bucket > Encryption at Rest
  • GCP > Storage > Bucket > Encryption at Rest > Customer Managed Key
  • GCP > Storage > Bucket > Labels
  • GCP > Storage > Bucket > Labels > Template
  • GCP > Storage > Bucket > Regions
  • GCP > Storage > Bucket > Usage
  • GCP > Storage > Bucket > Usage > Limit
  • GCP > Storage > Bucket > Versioning
  • GCP > Storage > CMDB
  • GCP > Storage > Enabled
  • GCP > Storage > Labels Template [Default]
  • GCP > Storage > Object > Active
  • GCP > Storage > Object > Active > Age
  • GCP > Storage > Object > Active > Last Modified
  • GCP > Storage > Object > Approved
  • GCP > Storage > Object > Approved > Regions
  • GCP > Storage > Object > Approved > Usage
  • GCP > Storage > Object > CMDB
  • GCP > Storage > Object > Regions
  • GCP > Storage > Permissions
  • GCP > Storage > Permissions > Levels
  • GCP > Storage > Permissions > Levels > Modifiers
  • GCP > Storage > Regions [Default]
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-storage
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-storage
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-storage

Action Types

  • GCP > Storage > Bucket > Delete
  • GCP > Storage > Bucket > Router
  • GCP > Storage > Bucket > Set Labels
  • GCP > Storage > Bucket > Set Versioning
  • GCP > Storage > Bucket > Update Encryption At Rest
  • GCP > Storage > Object > Delete
  • GCP > Storage > Set API Enabled