Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google_compute_firewall does not allow you to determine the On/Off status of the logs #202

Closed
lhasadreams opened this issue Nov 1, 2019 · 4 comments
Closed

google_compute_firewall does not allow you to determine the On/Off status of the logs #202

lhasadreams opened this issue Nov 1, 2019 · 4 comments

Comments

@lhasadreams
Copy link
Contributor

Detailed Description

google_compute_firewall missing the status of logs

Context

I would like to be able to check that a firewall rule has logs turned on (or not off)

Possible Implementation

The google API returns this log data, adjust google_compute_firewall do that it exposes it as well.
@slevenick
Copy link
Collaborator

Which field are you looking for? logConfig.enable on the firewall rule?

Should be easy enough to add a custom method to check that

@lhasadreams
Copy link
Contributor Author

Yes please.
This is what the GCP API returns when a firewall rule is interrogated:

{
"id": "3490606707767354763",
"creationTimestamp": "2019-11-01T04:47:48.724-07:00",
"name": "firewalllogdisabled",
"description": "",
"network": "https://www.googleapis.com/compute/v1/projects/compliance1-infraprov-9cc2/global/networks/default",
"priority": 1000,
"sourceRanges": [
"10.0.0.1"
],
"targetTags": [
"firewalllogdisabled"
],
"allowed": [
{
"IPProtocol": "all"
}
],
"direction": "INGRESS",
"logConfig": {
"enable": false
},
"disabled": false,
"selfLink": "https://www.googleapis.com/compute/v1/projects/compliance1-infraprov-9cc2/global/firewalls/firewalllogdisabled",
"kind": "compute#firewall"
}

Thanks Sam

@skpaterson
Copy link

Turns out the logConfig value is only returned by a later version of the google-api-client. Bumping the version allows e.g.

    its('log_config.enable') {should be true}

Opened inspec/train#531 to track this.

@slevenick slevenick mentioned this issue Nov 6, 2019
Open
slevenick added a commit to slevenick/inspec-gcp that referenced this issue Nov 19, 2019
@slevenick
Merge pull request inspec#202 from modular-magician/codegen-pr-2296
0e7ecd5 
Add legacy_name to inspec, add ML model
@slevenick
Copy link
Collaborator

This is now available in 1.0 google_compute_firewall via log_config.enable_logging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@slevenick @lhasadreams @skpaterson