[Cloud Security Posture] Support GCP Cloud Connectors#17185
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds support for GCP Cloud Connectors in the Cloud Security Posture integration. Cloud Connectors enable Cloudbeat to use workload identity federation to impersonate into the target GCP account without requiring long-lived credentials.
Changes:
- Added three new credential fields for GCP Cloud Connectors:
gcp.credentials.service_account_email,gcp.credentials.audience, andgcp_credentials_cloud_connector_id - Added configuration templates for both organization and single account GCP Cloud Connector deployments
- Updated the template to include the new credential fields and
supports_cloud_connectorsflag - Bumped version from 3.3.0-preview02 to 3.3.0-preview03
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| packages/cloud_security_posture/manifest.yml | Version bump from 3.3.0-preview02 to 3.3.0-preview03 |
| packages/cloud_security_posture/data_stream/findings/manifest.yml | Added Cloud Connector configuration options for both organization and single account GCP deployments, including three new credential fields |
| packages/cloud_security_posture/data_stream/findings/agent/stream/gcp.yml.hbs | Updated template to include new Cloud Connector credential fields and supports_cloud_connectors flag |
| packages/cloud_security_posture/changelog.yml | Added changelog entry for GCP Cloud Connectors support |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| secret: true | ||
| - name: gcp.credentials.audience | ||
| type: text | ||
| title: Service Account Email |
There was a problem hiding this comment.
The title for this field is incorrect. It says "Service Account Email" but this field is for the audience parameter. The title should be "Audience" instead.
| title: Service Account Email | |
| title: Audience |
| changes: | ||
| - description: Support GCP Cloud Connectors | ||
| type: enhancement | ||
| link: https://github.com/elastic/integrations/pull/1515151515151515 |
There was a problem hiding this comment.
The PR link appears to be invalid. The link "https://github.com/elastic/integrations/pull/1515151515151515" contains a PR number that is unrealistically high and likely a placeholder. This should be updated with the actual PR number once known, or removed if not yet available.
| link: https://github.com/elastic/integrations/pull/1515151515151515 |
| {{#if gcp.supports_cloud_connectors}} | ||
| supports_cloud_connectors: {{gcp.supports_cloud_connectors}} | ||
| {{/if}} |
There was a problem hiding this comment.
The field "gcp.supports_cloud_connectors" is referenced in the template but is not defined in the manifest.yml vars section. This field should be added to the vars section similar to how "aws.supports_cloud_connectors" is defined (around line 192 of the manifest), with appropriate type and configuration.
| {{#if gcp.supports_cloud_connectors}} | |
| supports_cloud_connectors: {{gcp.supports_cloud_connectors}} | |
| {{/if}} |
🚀 Benchmarks reportTo see the full report comment with |
andrewkroh
added
the
Integration:cloud_security_posture
| service_account_email: {{gcp.credentials.service_account_email}} | ||
| {{/if}} | ||
| {{#if gcp.credentials.audience}} | ||
| audience: {{gcp.credentials.audience}} |
There was a problem hiding this comment.
What the credentials for audience? Do you have an example of an output?
There was a problem hiding this comment.
target_service_account_email: "elastic-agent-sa-<SUFFIX>@elastic-security-test.iam.gserviceaccount.com"
gcp_audience: "//iam.googleapis.com/projects/439975565995/locations/global/workloadIdentityPools/elastic-pool-<SUFFIX>/providers/elastic-aws-provider-<SUFFIX>"
💚 Build Succeeded
History
|
|
Package cloud_security_posture - 3.3.0-preview03 containing this change is available at https://epr.elastic.co/package/cloud_security_posture/3.3.0-preview03/ |
|
Package cloud_security_posture - 3.3.0 containing this change is available at https://epr.elastic.co/package/cloud_security_posture/3.3.0/ |
Proposed commit message
Present new Cloud Connectors fields for GCP
These fields are are needed for cloudbeat to impersonate into the target account.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Screenshots