Policy types for @turbot/gcp
- GCP > Client Email
- GCP > Data Protection
- GCP > Data Protection > Minimum Schedule [Default]
- GCP > Data Protection > Schedule [Default]
- GCP > Folder > CMDB
- GCP > Multi-Region > Stack
- GCP > Multi-Region > Stack > Secret Variables
- GCP > Multi-Region > Stack > Source
- GCP > Multi-Region > Stack > Terraform Version
- GCP > Multi-Region > Stack > Variables
- GCP > Organization > CMDB
- GCP > Private Key
- GCP > Project > Approved Regions [Default]
- GCP > Project > CMDB
- GCP > Project > Labels
- GCP > Project > Labels > Template
- GCP > Project > Labels Template [Default]
- GCP > Project > Regions
- GCP > Project > Resource AKA Cleanup
- GCP > Project > Service APIs
- GCP > Project > Service APIs > Approved
- GCP > Project > Service APIs > Approved > Services
- GCP > Project > Stack
- GCP > Project > Stack > Secret Variables
- GCP > Project > Stack > Source
- GCP > Project > Stack > Terraform Version
- GCP > Project > Stack > Variables
- GCP > Project > Trusted Domains [Default]
- GCP > Project > Trusted Groups [Default]
- GCP > Project > Trusted Projects [Default]
- GCP > Project > Trusted Service Accounts [Default]
- GCP > Project > Trusted Users [Default]
- GCP > Region > Stack
- GCP > Region > Stack > Source
- GCP > Turbot
- GCP > Turbot > Event Handlers
- GCP > Turbot > Event Handlers > Logging
- GCP > Turbot > Event Handlers > Logging > Sink
- GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter
- GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp
- GCP > Turbot > Event Handlers > Logging > Sink > Destination Topic
- GCP > Turbot > Event Handlers > Logging > Sink > Name Prefix
- GCP > Turbot > Event Handlers > Logging > Source
- GCP > Turbot > Event Handlers > Logging > Terraform Version
- GCP > Turbot > Event Handlers > Logging > Unique Writer Identity
- GCP > Turbot > Event Handlers > Pub/Sub
- GCP > Turbot > Event Handlers > Pub/Sub > Source
- GCP > Turbot > Event Handlers > Pub/Sub > Subscription
- GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Labels
- GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Name Prefix
- GCP > Turbot > Event Handlers > Pub/Sub > Terraform Version
- GCP > Turbot > Event Handlers > Pub/Sub > Topic
- GCP > Turbot > Event Handlers > Pub/Sub > Topic > Name Prefix
- GCP > Turbot > Event Poller
- GCP > Turbot > Event Poller > Filter
- GCP > Turbot > Event Poller > Interval
- GCP > Turbot > Event Poller > Window
GCP > Client Email
GCP client email for obtaining credentials.
tmod:@turbot/gcp#/policy/types/clientEmail
GCP > Data Protection
GCP > Data Protection > Minimum Schedule [Default]
Provides a mechanism to set a default minimum backup and retention schedule.
This policy is referenced by Data Protection Minimum Schedule policies.
This allows easily setting consistent retention schedules across services.
tmod:@turbot/gcp#/policy/types/dataProtectionMinimumScheduleDefault
[ "Skip", "Enforce: None", "Enforce: Daily for 3 days", "Enforce: Daily for 7 days", "Enforce: Daily for 14 days", "Enforce: Daily for 30 days", "Enforce: Daily for 90 days", "Enforce: Daily with backoff to 3 months", "Enforce: Daily with backoff to 1 year", "Enforce: Daily with backoff", "Enforce: Hourly with backoff to 7 days", "Enforce: Hourly with backoff to 14 days", "Enforce: Hourly with backoff to 1 month", "Enforce: Hourly with backoff to 3 months", "Enforce: Hourly with backoff to 1 year", "Enforce: Hourly with backoff to 3 years", "Enforce: Hourly with backoff"]
{ "type": "string", "enum": [ "Skip", "Enforce: None", "Enforce: Daily for 3 days", "Enforce: Daily for 7 days", "Enforce: Daily for 14 days", "Enforce: Daily for 30 days", "Enforce: Daily for 90 days", "Enforce: Daily with backoff to 3 months", "Enforce: Daily with backoff to 1 year", "Enforce: Daily with backoff", "Enforce: Hourly with backoff to 7 days", "Enforce: Hourly with backoff to 14 days", "Enforce: Hourly with backoff to 1 month", "Enforce: Hourly with backoff to 3 months", "Enforce: Hourly with backoff to 1 year", "Enforce: Hourly with backoff to 3 years", "Enforce: Hourly with backoff" ], "default": "Skip"}
GCP > Data Protection > Schedule [Default]
Provides a mechanism to set a default backup and retention schedule.
This policy is referenced by Data Protection Schedule policies.
This allows easily setting consistent retention schedules across services.
tmod:@turbot/gcp#/policy/types/dataProtectionScheduleDefault
[ "Skip", "Enforce: None", "Enforce: Daily for 3 days", "Enforce: Daily for 7 days", "Enforce: Daily for 14 days", "Enforce: Daily for 30 days", "Enforce: Daily for 90 days", "Enforce: Daily with backoff to 3 months", "Enforce: Daily with backoff to 1 year", "Enforce: Daily with backoff", "Enforce: Hourly with backoff to 7 days", "Enforce: Hourly with backoff to 14 days", "Enforce: Hourly with backoff to 1 month", "Enforce: Hourly with backoff to 3 months", "Enforce: Hourly with backoff to 1 year", "Enforce: Hourly with backoff to 3 years", "Enforce: Hourly with backoff"]
{ "type": "string", "enum": [ "Skip", "Enforce: None", "Enforce: Daily for 3 days", "Enforce: Daily for 7 days", "Enforce: Daily for 14 days", "Enforce: Daily for 30 days", "Enforce: Daily for 90 days", "Enforce: Daily with backoff to 3 months", "Enforce: Daily with backoff to 1 year", "Enforce: Daily with backoff", "Enforce: Hourly with backoff to 7 days", "Enforce: Hourly with backoff to 14 days", "Enforce: Hourly with backoff to 1 month", "Enforce: Hourly with backoff to 3 months", "Enforce: Hourly with backoff to 1 year", "Enforce: Hourly with backoff to 3 years", "Enforce: Hourly with backoff" ], "default": "Skip"}
GCP > Folder > CMDB
Record and synchronize details for GCP Folder(s) into the CMDB.
tmod:@turbot/gcp#/policy/types/folderCmdb
[ "Skip", "Enforce: Enabled"]
{ "type": "string", "enum": [ "Skip", "Enforce: Enabled" ], "example": [ "Skip" ], "default": "Enforce: Enabled"}
GCP > Multi-Region > Stack
Configure a custom stack on GCP, per the custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/multiRegionStack
[ "Skip", "Check: Configured", "Enforce: Configured"]
{ "type": "string", "enum": [ "Skip", "Check: Configured", "Enforce: Configured" ], "default": "Skip"}
GCP > Multi-Region > Stack > Secret Variables
Terraform secret variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/multiRegionStackSecretVariables
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Multi-Region > Stack > Source
The Terraform HCL source used to configure this stack.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/multiRegionStackSource
{ "type": "string", "default": "", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Multi-Region > Stack > Terraform Version
The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/multiRegionStackTerraformVersion
"{\n terraformVersion: policy(uri:\"tmod:@turbot/turbot#/policy/types/stackTerraformVersion\")\n}\n"
"{% if $.terraformVersion %}"{{$.terraformVersion}}"{% else %}""{% endif %}"
{ "type": "string"}
GCP > Multi-Region > Stack > Variables
Terraform variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/multiRegionStackVariables
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Organization > CMDB
Record and synchronize details for GCP Organization into the CMDB.
tmod:@turbot/gcp#/policy/types/organizationCmdb
[ "Skip", "Enforce: Enabled"]
{ "type": "string", "enum": [ "Skip", "Enforce: Enabled" ], "example": [ "Skip" ], "default": "Enforce: Enabled"}
GCP > Private Key
Private key in PEM format for obtaining GCP credentials.
tmod:@turbot/gcp#/policy/types/privateKey
GCP > Project > Approved Regions [Default]
A list of GCP regions in which resources are approved for use.
The expected format is an array of regions names. You may use the '*' and
'?' wildcard characters.
This policy is the default value for all service Approved Regions
policies.
tmod:@turbot/gcp#/policy/types/approvedRegionsDefault
"{\n regions: policyValue(uri:\"tmod:@turbot/gcp#/policy/types/regionsDefault\") {\n value\n }\n}\n"
"{% if $.regions.value | length == 0 %} [] {% endif %}{% for item in $.regions.value %}- '{{ item }}'\n{% endfor %}"
GCP > Project > CMDB
Record and synchronize details for GCP project(s) into the CMDB.
tmod:@turbot/gcp#/policy/types/projectCmdb
[ "Skip", "Enforce: Enabled"]
{ "type": "string", "enum": [ "Skip", "Enforce: Enabled" ], "example": [ "Skip" ], "default": "Enforce: Enabled"}
GCP > Project > Labels
Determine the action to take when an GCP project labels are not updated based on the GCP > Project > Labels > *
policies.
The control ensure GCP project labels include labels defined in GCP > Project > Labels > Template
.
Labels not defined in Project Labels Template will not be modified or deleted. Setting a label value to undefined
will result in the label being deleted.
See Labels for more information.
tmod:@turbot/gcp#/policy/types/projectLabels
[ "Skip", "Check: Labels are correct", "Enforce: Set labels"]
{ "type": "string", "enum": [ "Skip", "Check: Labels are correct", "Enforce: Set labels" ], "example": [ "Check: Labels are correct" ], "default": "Skip"}
GCP > Project > Labels > Template
The template is used to generate the keys and values for GCP project.
Labels not defined in Project Labels Template will not be modified or deleted. Setting a label value to undefined
will result in the label being deleted.
See Labels for more information.
tmod:@turbot/gcp#/policy/types/projectLabelsTemplate
"{\n defaultLabels: resource {\n tags(resolution: RECOMMENDED)\n }\n}\n"
"{%- if $.defaultLabels.tags | length == 0 %} [] {%- elif $.defaultLabels.tags != undefined %}{{ $.defaultLabels.tags | dump | safe }}{% endif %}"
GCP > Project > Labels Template [Default]
A template used to generate the keys and values for GCP
resources. By default, all GCP service Labels Template [Default]
policies will use this value.
tmod:@turbot/gcp#/policy/types/defaultLabelsTemplate
"{\n defaultLabels: resource {\n tags(resolution: RECOMMENDED)\n }\n}\n"
"{%- if $.defaultLabels.tags | length == 0 %} [] {%- elif $.defaultLabels.tags != undefined %}{{ $.defaultLabels.tags | dump | safe }}{% endif %}"
GCP > Project > Regions
A list of GCP regions in which resources are recorded.
The expected format is an array of regions names.
This policy is the default value for all service Regions
policies.
tmod:@turbot/gcp#/policy/types/regionsDefault
{ "type": "array", "default": [ "asia-east1", "asia-east2", "asia-northeast1", "asia-northeast2", "asia-northeast3", "asia-south1", "asia-south2", "asia-southeast1", "asia-southeast2", "australia-southeast1", "australia-southeast2", "europe-central2", "europe-north1", "europe-southwest1", "europe-west1", "europe-west12", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "europe-west8", "europe-west9", "europe-west10", "me-central1", "me-west1", "northamerica-northeast1", "northamerica-northeast2", "southamerica-east1", "southamerica-west1", "us-central1", "us-east1", "us-east4", "us-east5", "us-south1", "us-west1", "us-west2", "us-west3", "us-west4", "asia", "asia1", "eu", "eur3", "eur4", "eur5", "eur6", "europe", "emea", "in", "nam3", "nam4", "nam5", "nam6", "nam7", "nam8", "nam9", "nam10", "nam11", "nam12", "nam13", "nam14", "nam15", "nam-eur-asia1", "nam-eur-asia3", "us", "global" ], "items": { "type": "string", "pattern": "^[a-z0-9-]+$" }}
GCP > Project > Resource AKA Cleanup
Delete resources with invalid AKAs.
If set to "Enforce: Deleted", this control will delete resources with AKAs
that are missing or have incorrect information. You can set this policy to
"Check: Deleted" to preview the changes.
This is required to fix a bug that resulted in disk resources with
incorrect AKAs. It is highly recommended that you set this control to
"Enforce: Deleted".
tmod:@turbot/gcp#/policy/types/resourceAkaCleanup
[ "Skip", "Check: Deleted", "Enforce: Deleted"]
{ "type": "string", "enum": [ "Skip", "Check: Deleted", "Enforce: Deleted" ], "default": "Enforce: Deleted"}
GCP > Project > Service APIs
tmod:@turbot/gcp#/policy/types/projectServiceApis
GCP > Project > Service APIs > Approved
Check whether the Enabled Service APIs on the Project are approved for usage, per GCP > Project > Service APIs > Approved > *
policies.
tmod:@turbot/gcp#/policy/types/projectServiceApisApproved
[ "Skip", "Check: Approved"]
{ "type": "string", "enum": [ "Skip", "Check: Approved" ], "example": [ "Check: Approved" ], "default": "Skip"}
GCP > Project > Service APIs > Approved > Services
List of services that are approved to be used for the Project.
tmod:@turbot/gcp#/policy/types/projectServiceApisApprovedServices
{ "type": "array", "example": [ [ "admin.googleapis.com", "billingbudgets.googleapis.com", "cloudresourcemanager.googleapis.com", "servicemanagement.googleapis.com", "serviceusage.googleapis.com" ] ], "default": []}
GCP > Project > Stack
Configure a custom stack on GCP, per the custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/projectStack
[ "Skip", "Check: Configured", "Enforce: Configured"]
{ "type": "string", "enum": [ "Skip", "Check: Configured", "Enforce: Configured" ], "default": "Skip"}
GCP > Project > Stack > Secret Variables
Terraform secret variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/projectStackSecretVariables
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Project > Stack > Source
The Terraform HCL source used to configure this stack.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/projectStackSource
{ "type": "string", "default": "", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Project > Stack > Terraform Version
The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/projectStackTerraformVersion
"{\n terraformVersion: policy(uri:\"tmod:@turbot/turbot#/policy/types/stackTerraformVersion\")\n}\n"
"{% if $.terraformVersion %}"{{$.terraformVersion}}"{% else %}""{% endif %}"
{ "type": "string"}
GCP > Project > Stack > Variables
Terraform variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/projectStackVariables
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Project > Trusted Domains [Default]
A list of domains trusted for use in IAM policy bindings and ACLs.
By default, Trusted Access guardrails will use this list to determine
which domains are allowed to be granted access in IAM policies and ACLs<br />example:<br /> - company.com<br /> - company-dev.org<br />
tmod:@turbot/gcp#/policy/types/trustedDomains
{ "type": "array", "items": { "type": "string" }, "default": [ "*" ]}
GCP > Project > Trusted Groups [Default]
A list of Google groups trusted for use in IAM policy bindings and ACLs.
By default, Trusted Access guardrails will use this list to determine
which projects are allowed to be granted access in IAM policies and ACLs<br />example:<br /> - notification@company.com<br /> - "*@company.com"<br />
tmod:@turbot/gcp#/policy/types/trustedGroups
{ "type": "array", "items": { "type": "string" }, "default": [ "*" ]}
GCP > Project > Trusted Projects [Default]
A list of trusted projects for use in IAM policy bindings and ACLs.
By default, Trusted Access guardrails will use this list to determine
which projects are allowed to be granted access in IAM policies and ACLs<br />example:<br /> - dev-aaa<br /> - dev-aab<br />
tmod:@turbot/gcp#/policy/types/trustedProjects
{ "type": "array", "items": { "type": "string" }, "default": [ "*" ]}
GCP > Project > Trusted Service Accounts [Default]
List of Service Accounts trusted for use in IAM policy bindings and ACLs.
By default, Trusted Access guardrails will use this list to determine
which service accounts are allowed to be granted access in IAM policies and ACLs<br />example:<br /> - project-owner@dev-aaa.iam.gserviceaccount.com<br /> - "*" # All service account trusted<br />
tmod:@turbot/gcp#/policy/types/trustedServiceAccounts
{ "type": "array", "items": { "type": "string" }, "default": [ "*" ]}
GCP > Project > Trusted Users [Default]
List of Users trusted for use in IAM policy bindings and ACLs.
By default, Trusted Access guardrails will use this list to determine
which users are allowed to be granted access in IAM policies and ACLs<br />example:<br /> - "*@company.com" # All users with email ending in @company.com are trusted<br /> - "test@dev-company.com"<br /> - "dummy@gmail.com"<br />
tmod:@turbot/gcp#/policy/types/trustedUsers
{ "type": "array", "items": { "type": "string" }, "default": [ "*" ]}
GCP > Region > Stack
Configure a custom stack on the GCP Region, per the Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/regionStack
[ "Skip", "Check: Configured", "Enforce: Configured"]
{ "type": "string", "enum": [ "Skip", "Check: Configured", "Enforce: Configured" ], "default": "Skip"}
GCP > Region > Stack > Source
The Terraform source used to configure this stack.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/regionStackSource
{ "type": "string", "default": "{\"resource\": {}}\n", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Turbot
GCP > Turbot > Event Handlers
tmod:@turbot/gcp#/policy/types/eventHandlers
GCP > Turbot > Event Handlers > Logging
Configure the Guardrails Event Handlers stack. This stack configures
the logging sink required for Guardrails real-time event routing.
tmod:@turbot/gcp#/policy/types/eventHandlersLogging
[ "Skip", "Check: Configured", "Check: Not configured", "Enforce: Configured", "Enforce: Not configured"]
{ "type": "string", "enum": [ "Skip", "Check: Configured", "Check: Not configured", "Enforce: Configured", "Enforce: Not configured" ], "default": "Skip"}
GCP > Turbot > Event Handlers > Logging > Sink
tmod:@turbot/gcp#/policy/types/eventHandlerLoggingSink
GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter
A GCP logs advanced filter
used to specify a subset of log entries that will be forwarded by the logging sink.
This is a read-only policy that is used internally by Guardrails
tmod:@turbot/gcp#/policy/types/eventHandlerLoggingSinkCompiledFilter
{ "type": "string"}
GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp
GCP logs advanced filter
used to specify a subset of log entries that is forwarded to the Guardrails Event Handlers
by the logging sink on behalf of GCP.
tmod:@turbot/gcp#/policy/types/gcpCustomEventPatterns
{ "type": "string", "default": "((resource.type = project OR resource.type = audited_resource) AND (protoPayload.authorizationInfo.permission=resourcemanager.projects.update OR protoPayload.authorizationInfo.permission=orgpolicy.policy.set OR protoPayload.authorizationInfo.permission=orgpolicy.policies.create OR protoPayload.authorizationInfo.permission=orgpolicy.policies.delete OR protoPayload.authorizationInfo.permission=orgpolicy.policies.update) AND severity>=INFO AND severity<ERROR)"}
GCP > Turbot > Event Handlers > Logging > Sink > Destination Topic
The destination of the logging sink. This is the PubSub topic that the logs will be sent to,
for example: "pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]".
The writer associated with the sink must have access to publish to this topic.
tmod:@turbot/gcp#/policy/types/eventHandlerLoggingSinkDestinationTopic
"{\n item: project {\n projectId\n turbot{\n id\n }\n }\n pubSubNamePrefix: policy(uri: \"#/policy/types/eventHandlerPubSubTopicNamePrefix\")\n}\n"
"'pubsub.googleapis.com/projects/{{ $.item.projectId }}/topics/{{ $.pubSubNamePrefix }}gcp_event_handler'"
{ "type": "string", "example": "pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]"}
GCP > Turbot > Event Handlers > Logging > Sink > Name Prefix
A string to be used as a prefix to the turbot generated name on the
Guardrails Event Handler Logging Sink. The name will be pre-pended
with this value.
tmod:@turbot/gcp#/policy/types/eventHandlerLoggingSinkNamePrefix
{ "type": "string", "default": "turbot_", "example": "turbot_"}
GCP > Turbot > Event Handlers > Logging > Source
The Terraform source used to configure the Event Handlers Logging stack.
This policy is read-only, as the Event Handler source is generated by Guardrails
tmod:@turbot/gcp#/policy/types/eventHandlersLoggingSource
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Turbot > Event Handlers > Logging > Terraform Version
The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/eventHandlersLoggingTerraformVersion
{ "type": "string"}
GCP > Turbot > Event Handlers > Logging > Unique Writer Identity
Choose the writer identity used for Guardrails Event Handlers logging sink in the Project.
If Enforce: Default Service Account
, the default writer identity, serviceAccount:cloud-logs@system.gserviceaccount.com
, is used. (This is the default setting.)
If Enforce: Unique Identity
, a new service account is created matching the pattern: serviceAccount:service-${projectNumber}@gcp-sa-logging.iam.gserviceaccount.com
and it will then be used for creating the logging sink.
tmod:@turbot/gcp#/policy/types/eventHandlersLoggingUniqueWriterIdentity
[ "Enforce: Default Service Account", "Enforce: Unique Identity"]
{ "type": "string", "enum": [ "Enforce: Default Service Account", "Enforce: Unique Identity" ], "default": "Enforce: Default Service Account"}
GCP > Turbot > Event Handlers > Pub/Sub
Configure the Guardrails Event Handler stack. This stack configures the pub/sub
topic and subscription resources required for Guardrails real-time event routing.
tmod:@turbot/gcp#/policy/types/eventHandlersPubSub
[ "Skip", "Check: Configured", "Check: Not configured", "Enforce: Configured", "Enforce: Not configured"]
{ "type": "string", "enum": [ "Skip", "Check: Configured", "Check: Not configured", "Enforce: Configured", "Enforce: Not configured" ], "default": "Skip"}
GCP > Turbot > Event Handlers > Pub/Sub > Source
The Terraform source used to configure this resource. This policy is
read-only, as the Event Handler source is generated by Guardrails
tmod:@turbot/gcp#/policy/types/eventHandlersPubSubSource
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }}
GCP > Turbot > Event Handlers > Pub/Sub > Subscription
tmod:@turbot/gcp#/policy/types/eventHandlerPubSubSubscription
GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Labels
A list of key:value pairs to add as GCP labels on the Guardrails
Event Handler Pub/Sub Subscription.
tmod:@turbot/gcp#/policy/types/eventHandlerPubSubSubscriptionLabels
null
"{}"
GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Name Prefix
A string to be used as a prefix to the turbot generated name on the
Guardrails Event Handler Pub/Sub Subscription. The name will be
pre-pended with this value.
tmod:@turbot/gcp#/policy/types/eventHandlerPubSubSubscriptionNamePrefix
{ "type": "string", "default": "turbot_", "example": "turbot_"}
GCP > Turbot > Event Handlers > Pub/Sub > Terraform Version
The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.
A Guardrails Stack
is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured
control.
tmod:@turbot/gcp#/policy/types/eventHandlersPubSubTerraformVersion
{ "type": "string"}
GCP > Turbot > Event Handlers > Pub/Sub > Topic
tmod:@turbot/gcp#/policy/types/eventHandlerPubSubTopic
GCP > Turbot > Event Handlers > Pub/Sub > Topic > Name Prefix
A string to be used as a prefix to the turbot generated name on the
Guardrails Event Handler Logging Sink. The name will be pre-pended
with this value.
tmod:@turbot/gcp#/policy/types/eventHandlerPubSubTopicNamePrefix
{ "type": "string", "default": "turbot_", "example": "turbot_"}
GCP > Turbot > Event Poller
Configure the GCP Event Poller. When set to Enabled
, the poller will
run at the interval specified to retrieve the latest events and forward
them to the Guardrails Router.
Note: The Event Poller and Guardrails Event Handler are different mechanisms for
sending information to Guardrails. You should enable one or the other, but not both.
tmod:@turbot/gcp#/policy/types/eventPoller
"{\n value: policy(uri: \"tmod:@turbot/gcp#/policy/types/eventHandlersPubSub\")\n}\n"
""{%- if $.value == 'Enforce: Configured' -%}Disabled{%- else -%}Enabled{%- endif -%}"\n"
{ "type": "string", "enum": [ "Enabled", "Disabled" ]}
GCP > Turbot > Event Poller > Filter
A GCP logs advanced filter
used to specify a subset of log entries that will be forwarded by the logging sink.
This is a read-only policy that is used internally by Guardrails
tmod:@turbot/gcp#/policy/types/eventPollerFilter
{ "type": "string"}
GCP > Turbot > Event Poller > Interval
The polling interval. This policy determines how often
the event poller will run.
tmod:@turbot/gcp#/policy/types/eventPollerInterval
[ "Every 1 minute", "Every 2 minutes", "Every 3 minutes", "Every 4 minutes", "Every 5 minutes", "Every 6 minutes", "Every 7 minutes", "Every 8 minutes", "Every 9 minutes", "Every 10 minutes"]
{ "type": "string", "enum": [ "Every 1 minute", "Every 2 minutes", "Every 3 minutes", "Every 4 minutes", "Every 5 minutes", "Every 6 minutes", "Every 7 minutes", "Every 8 minutes", "Every 9 minutes", "Every 10 minutes" ], "default": "Every 1 minute"}
GCP > Turbot > Event Poller > Window
The polling window, in minutes. This policies determines the oldest
events the event poller will retrieve. For example, setting the window
to '5 minutes' will cause the poller to retrieve all events from
the previous 5 minutes every time it runs.
The Window must be greater than the Interval, and it is recommended
to be at least twice the Interval. For example, if the Interval
is 'Every 5 Minutes', the Window should be at least '10 Minutes'.
tmod:@turbot/gcp#/policy/types/eventPollerWindow
[ "5 minutes", "6 minutes", "7 minutes", "8 minutes", "9 minutes", "10 minutes", "11 minutes", "12 minutes", "13 minutes", "14 minutes", "15 minutes", "16 minutes", "17 minutes", "18 minutes", "19 minutes", "20 minutes"]
{ "type": "string", "enum": [ "5 minutes", "6 minutes", "7 minutes", "8 minutes", "9 minutes", "10 minutes", "11 minutes", "12 minutes", "13 minutes", "14 minutes", "15 minutes", "16 minutes", "17 minutes", "18 minutes", "19 minutes", "20 minutes" ], "default": "5 minutes"}