From 1bb8592d5b0d22d84e12f6d711c8ebb13e7a1eeb Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Thu, 17 Feb 2022 08:55:26 -0500
Subject: [PATCH 1/3] Add single quotes around the credentials_json var

This handlebar variable contains a string and is required to be
passed as a string to the Beat. It must be properly quoted because
it contains JSON which in YAML will be interpretted as an object.

In general all handlebar variables that are strings should be single-quoted.
---
 packages/gcp/changelog.yml                                   | 5 +++++
 .../gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs    | 2 +-
 packages/gcp/data_stream/dns/agent/stream/gcp-pubsub.yml.hbs | 2 +-
 .../gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs | 2 +-
 .../gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs  | 2 +-
 packages/gcp/manifest.yml                                    | 2 +-
 6 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml
index 5232e6047ad..7b51c177e48 100644
--- a/packages/gcp/changelog.yml
+++ b/packages/gcp/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.1"
+  changes:
+    - description: Fix quoting of the credentials_json value in policy templates.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2712
 - version: "1.4.0"
   changes:
     - description: Add gcp.dns integration
diff --git a/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs
index 578ef33758e..d582de0a805 100644
--- a/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs
+++ b/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs
@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}
diff --git a/packages/gcp/data_stream/dns/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/dns/agent/stream/gcp-pubsub.yml.hbs
index 578ef33758e..d582de0a805 100644
--- a/packages/gcp/data_stream/dns/agent/stream/gcp-pubsub.yml.hbs
+++ b/packages/gcp/data_stream/dns/agent/stream/gcp-pubsub.yml.hbs
@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}
diff --git a/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs
index 578ef33758e..d582de0a805 100644
--- a/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs
+++ b/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs
@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}
diff --git a/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs
index 578ef33758e..d582de0a805 100644
--- a/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs
+++ b/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs
@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}
diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml
index 3bfaeb8299e..d161bbcedef 100644
--- a/packages/gcp/manifest.yml
+++ b/packages/gcp/manifest.yml
@@ -1,6 +1,6 @@
 name: gcp
 title: Google Cloud Platform
-version: 1.4.0
+version: 1.4.1
 release: ga
 description: Collect logs from Google Cloud Platform with Elastic Agent.
 type: integration

From 4d86714030ac979fef9cdc20ca28e2ea841329ee Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Thu, 17 Feb 2022 12:05:36 -0500
Subject: [PATCH 2/3] Require 7.17

---
 packages/gcp/manifest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml
index d161bbcedef..a494b0a58ad 100644
--- a/packages/gcp/manifest.yml
+++ b/packages/gcp/manifest.yml
@@ -17,7 +17,7 @@ categories:
   - network
   - security
 conditions:
-  kibana.version: ^7.15.0 || ^8.0.0
+  kibana.version: ^7.17.0 || ^8.0.0
 screenshots:
   - src: /img/filebeat-gcp-audit.png
     title: filebeat gcp audit

From 3d22d1aeb1b5231d17fd65e8669e75e84636c5bd Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Thu, 17 Feb 2022 14:20:49 -0500
Subject: [PATCH 3/3] Test a variety of JSON string formats

---
 .../audit/_dev/test/system/test-pubsub-config.yml  | 14 +++++++++++++-
 .../dns/_dev/test/system/test-pubsub-config.yml    | 14 +++++++++++++-
 .../_dev/test/system/test-pubsub-config.yml        |  4 +++-
 .../_dev/test/system/test-pubsub-config.yml        |  3 ++-
 packages/gcp/manifest.yml                          |  2 +-
 5 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml
index 2c765770641..af58f65a919 100644
--- a/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml
+++ b/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml
@@ -2,7 +2,19 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: |-
+    {
+        "type": "service_account",
+        "project_id": "foo",
+        "private_key_id": "x",
+        "private_key": "",
+        "client_email": "foo@bar.com",
+        "client_id": "0",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://foo.bar/path"
+    }
   project_id: audit
 data_stream:
   vars:
diff --git a/packages/gcp/data_stream/dns/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/dns/_dev/test/system/test-pubsub-config.yml
index 2c765770641..27f25e9b90a 100644
--- a/packages/gcp/data_stream/dns/_dev/test/system/test-pubsub-config.yml
+++ b/packages/gcp/data_stream/dns/_dev/test/system/test-pubsub-config.yml
@@ -2,7 +2,19 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: |
+    {
+        "type": "service_account",
+        "project_id": "foo",
+        "private_key_id": "x",
+        "private_key": "",
+        "client_email": "foo@bar.com",
+        "client_id": "0",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://foo.bar/path"
+    }
   project_id: audit
 data_stream:
   vars:
diff --git a/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml
index 43d3543d698..5978986e01c 100644
--- a/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml
+++ b/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml
@@ -2,7 +2,9 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: >
+    {"foo": "bar"}
+
   project_id: firewall
 data_stream:
   vars:
diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml
index 1128cfe38cf..5dc8e1f0fa4 100644
--- a/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml
+++ b/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml
@@ -2,7 +2,8 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: >-
+    {"type":"service_account","project_id":"foo","private_key_id":"x","private_key":"","client_email":"foo@bar.com","client_id":"0","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"https://foo.bar/path"}
   project_id: vpcflow
 data_stream:
   vars:
diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml
index a494b0a58ad..058fbd056b7 100644
--- a/packages/gcp/manifest.yml
+++ b/packages/gcp/manifest.yml
@@ -17,7 +17,7 @@ categories:
   - network
   - security
 conditions:
-  kibana.version: ^7.17.0 || ^8.0.0
+  kibana.version: ^7.16.3 || ^8.0.0
 screenshots:
   - src: /img/filebeat-gcp-audit.png
     title: filebeat gcp audit