Policy: GCP > Organization > Discovery Level
Defines the discovery level for projects in this organization.
Requires Turbot Guardrails Enterprise (TE) version 5.56.0 or higher.
Each entry specifies a resource AKA and its discovery level: - none: Resource is not discovered - completely ignored by Guardrails - account: Project-level discovery only - visible in UI but policies/controls are NOT materialized - resource: Resource-level discovery - fully managed with policies/controls materialized
The aka field must use the full GCP resource AKA format: - Organization: gcp://cloudresourcemanager.googleapis.com/organizations/{organizationId} - Folder: gcp://cloudresourcemanager.googleapis.com/folders/{folderId} - Project: gcp://cloudresourcemanager.googleapis.com/projects/{projectId}
Example: yaml - aka: "gcp://cloudresourcemanager.googleapis.com/organizations/463637344998" discoveryLevel: account - aka: "gcp://cloudresourcemanager.googleapis.com/folders/123456789012" discoveryLevel: none - aka: "gcp://cloudresourcemanager.googleapis.com/projects/my-sandbox-project" discoveryLevel: none - aka: "gcp://cloudresourcemanager.googleapis.com/projects/my-prod-project" discoveryLevel: resource
Projects not listed default to resource-level discovery (full management).
Targets
This policy targets the following resource types:
Controls
Setting this policy configures these controls:
- GCP > Folder > CMDB
- GCP > Folder > Discovery
- GCP > Organization > CMDB
- GCP > Project > CMDB
- GCP > Project > Discovery
Policy Specification
Schema Type | |
|---|---|
Default | |
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/cmdb
- tmod:@turbot/gcp#/policy/types/organizationDiscoveryLevel
- turbot graphql policy-type --id "tmod:@turbot/gcp#/policy/types/organizationDiscoveryLevel"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp#/policy/types/organizationDiscoveryLevel"
Get Policy TypeGet Policy Settings