Policy: GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-computeengine

A GCP logs advanced filter used to specify a subset of log entries that will be forwarded by the logging sink on behalf of the gcp-computeengine mod

This is a read-only policy that is used internally by Guardrails

Resource Types

This policy targets the following resource types:

GCP > Project

Primary Policy

This policy is used with the following primary policy:

GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter

Policy Specification

Schema Type	`string`
Default	(((resource.type = gce_disk AND protoPayload.authorizationInfo.permission != compute.diskTypes.get AND protoPayload.authorizationInfo.permission != compute.diskTypes.list AND protoPayload.authorizationInfo.permission != compute.disks.get AND protoPayload.authorizationInfo.permission != compute.disks.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.disks.list AND protoPayload.authorizationInfo.permission != compute.disks.useReadOnly) OR (resource.type = gce_instance AND protoPayload.authorizationInfo.permission != compute.instances.get AND protoPayload.authorizationInfo.permission != compute.instances.getGuestAttributes AND protoPayload.authorizationInfo.permission != compute.instances.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.instances.getSerialPortOutput AND protoPayload.authorizationInfo.permission != compute.instances.list AND protoPayload.authorizationInfo.permission != compute.instances.listReferrers) OR (resource.type = gce_health_check AND protoPayload.authorizationInfo.permission != compute.healthChecks.get AND protoPayload.authorizationInfo.permission != compute.healthChecks.list AND protoPayload.authorizationInfo.permission != compute.healthChecks.useReadOnly AND protoPayload.authorizationInfo.permission != compute.httpHealthChecks.list AND protoPayload.authorizationInfo.permission != compute.httpsHealthChecks.list) OR (resource.type = gce_image AND protoPayload.authorizationInfo.permission != compute.images.get AND protoPayload.authorizationInfo.permission != compute.images.getFromFamily AND protoPayload.authorizationInfo.permission != compute.images.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.images.list AND protoPayload.authorizationInfo.permission != compute.images.useReadOnly) OR (resource.type = gce_instance_template AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.get AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.list AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.useReadOnly) OR (resource.type = gce_node_template AND protoPayload.authorizationInfo.permission != compute.nodeTemplates.get AND protoPayload.authorizationInfo.permission != compute.nodeTemplates.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.nodeTemplates.list) OR (resource.type = gce_node_group AND protoPayload.authorizationInfo.permission != compute.nodeGroups.get AND protoPayload.authorizationInfo.permission != compute.nodeGroups.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.nodeGroups.list) OR (resource.type = gce_snapshot AND protoPayload.authorizationInfo.permission != compute.snapshots.get AND protoPayload.authorizationInfo.permission != compute.snapshots.list AND protoPayload.authorizationInfo.permission != compute.snapshots.useReadOnly)) AND severity>=INFO AND severity<ERROR)

Schema Type

string

Default

(((resource.type = gce_disk AND protoPayload.authorizationInfo.permission != compute.diskTypes.get AND protoPayload.authorizationInfo.permission != compute.diskTypes.list AND protoPayload.authorizationInfo.permission != compute.disks.get AND protoPayload.authorizationInfo.permission != compute.disks.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.disks.list AND protoPayload.authorizationInfo.permission != compute.disks.useReadOnly) OR (resource.type = gce_instance AND protoPayload.authorizationInfo.permission != compute.instances.get AND protoPayload.authorizationInfo.permission != compute.instances.getGuestAttributes AND protoPayload.authorizationInfo.permission != compute.instances.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.instances.getSerialPortOutput AND protoPayload.authorizationInfo.permission != compute.instances.list AND protoPayload.authorizationInfo.permission != compute.instances.listReferrers) OR  (resource.type = gce_health_check AND protoPayload.authorizationInfo.permission != compute.healthChecks.get AND protoPayload.authorizationInfo.permission != compute.healthChecks.list AND protoPayload.authorizationInfo.permission != compute.healthChecks.useReadOnly AND protoPayload.authorizationInfo.permission != compute.httpHealthChecks.list AND protoPayload.authorizationInfo.permission != compute.httpsHealthChecks.list) OR (resource.type = gce_image AND protoPayload.authorizationInfo.permission != compute.images.get AND protoPayload.authorizationInfo.permission != compute.images.getFromFamily AND protoPayload.authorizationInfo.permission != compute.images.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.images.list AND protoPayload.authorizationInfo.permission != compute.images.useReadOnly) OR (resource.type = gce_instance_template AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.get AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.list AND protoPayload.authorizationInfo.permission != compute.instanceTemplates.useReadOnly) OR (resource.type = gce_node_template AND protoPayload.authorizationInfo.permission != compute.nodeTemplates.get AND protoPayload.authorizationInfo.permission != compute.nodeTemplates.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.nodeTemplates.list) OR (resource.type = gce_node_group AND protoPayload.authorizationInfo.permission != compute.nodeGroups.get AND protoPayload.authorizationInfo.permission != compute.nodeGroups.getIamPolicy AND protoPayload.authorizationInfo.permission != compute.nodeGroups.list) OR (resource.type = gce_snapshot AND protoPayload.authorizationInfo.permission != compute.snapshots.get AND protoPayload.authorizationInfo.permission != compute.snapshots.list AND protoPayload.authorizationInfo.permission != compute.snapshots.useReadOnly)) AND severity>=INFO AND severity<ERROR)

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/configured

Policy Type URI

tmod:@turbot/gcp-computeengine#/policy/types/computeEngineEventPatterns

GraphQL

query policyType(id: "tmod:@turbot/gcp-computeengine#/policy/types/computeEngineEventPatterns") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-computeengine#/policy/types/computeEngineEventPatterns'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-computeengine#/policy/types/computeEngineEventPatterns'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-computeengine#/policy/types/computeEngineEventPatterns"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-computeengine#/policy/types/computeEngineEventPatterns"