[Cloud Asset Inventory] Support GCP Cloud Connectors#17305
Conversation
There was a problem hiding this comment.
Pull request overview
Adds GCP Cloud Connectors configuration to the cloud_asset_inventory integration package so cloudbeat can perform GCP asset discovery via Cloud Connectors with service account impersonation (aligned with cloud_security_posture work in #17185).
Changes:
- Bump package version to
1.5.0-preview02and add a changelog entry. - Add a dedicated GCP Cloud Connectors CloudShell URL variable to the package manifest.
- Add Cloud Connectors-required GCP vars (service account email, audience, connector ID) and render the new credential fields into the GCP agent stream template.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
packages/cloud_asset_inventory/manifest.yml |
Bumps version and adds hidden CloudShell URL var for provisioning Cloud Connectors SA. |
packages/cloud_asset_inventory/data_stream/asset_inventory/manifest.yml |
Adds Cloud Connectors required-vars groups for GCP and introduces new vars for Fleet policy configuration. |
packages/cloud_asset_inventory/data_stream/asset_inventory/agent/stream/gcp.yml.hbs |
Emits new GCP Cloud Connectors credential fields into the generated agent configuration. |
packages/cloud_asset_inventory/changelog.yml |
Records the enhancement in the package changelog for 1.5.0-preview02. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| credentials_file_path: {{gcp.credentials.file}} | ||
| {{/if}} | ||
| {{#if gcp.credentials.json}} | ||
| credentials_json: '{{gcp.credentials.json}}' |
There was a problem hiding this comment.
Do we need to add Elastic Cloud Connector ID field apart of gcp.yml.hbs
| value: organization-account | ||
| - name: gcp.credentials.type | ||
| value: cloud_connectors | ||
| - name: gcp.organization_id |
There was a problem hiding this comment.
Adding gcp.organzation_id field would add this text input as a required field on GCP Cloud Connector form. Do we expect users to enter in the organization id as part of UX? I created a separate pr here to remove gcp.organization_id field as required var.
amirbenun
force-pushed
the
gcp-cloud-connectors_cai
branch
from
1ff2722 to
e8429a6
Compare
💚 Build Succeeded
History
cc @amirbenun |
|
Package cloud_asset_inventory - 1.5.0-preview02 containing this change is available at https://epr.elastic.co/package/cloud_asset_inventory/1.5.0-preview02/ |
|
Package cloud_asset_inventory - 1.5.0 containing this change is available at https://epr.elastic.co/package/cloud_asset_inventory/1.5.0/ |
Summary
Adds GCP Cloud Connectors support to the Cloud Asset Inventory package, aligned with PR #17185 (Cloud Security Posture). This allows cloudbeat to use Cloud Connectors for GCP asset discovery with service account impersonation.