Skip to content

Commit 6c86bc0

Browse files
tas50tas50
committed
⭐ GCP: Add Cloud Armor, SSL, Cloud NAT, CAS, Audit Config, and Org Policy resources
Add security-focused resources to the GCP provider covering WAF/DDoS protection, TLS configuration, NAT auditing, private PKI, audit logging, and org policy enforcement. New resources: Cloud Armor: - gcp.project.computeService.securityPolicy: id, name, description, type, labels, adaptiveProtectionConfig, advancedOptionsConfig, ddosProtectionConfig, recaptchaOptionsConfig, regionUrl, selfLink, createdAt, rules() - gcp.project.computeService.securityPolicy.rule: id, action, description, priority, preview, match, networkMatch, rateLimitOptions, redirectOptions, headerAction, preconfiguredWafConfig SSL Policies: - gcp.project.computeService.sslPolicy: id, name, description, profile, minTlsVersion, customFeatures, enabledFeatures, regionUrl, selfLink, warnings, createdAt SSL Certificates: - gcp.project.computeService.sslCertificate: id, name, description, type, subjectAlternativeNames, managed, regionUrl, selfLink, expireTime, createdAt Cloud NAT: - gcp.project.computeService.router.nat: id, name, natIpAllocateOption, sourceSubnetworkIpRangesToNat, enableDynamicPortAllocation, enableEndpointIndependentMapping, minPortsPerVm, maxPortsPerVm, natIps, subnetworks, rules, logConfig, endpointTypes, autoNetworkTier, icmpIdleTimeoutSec, tcpEstablishedIdleTimeoutSec, tcpTransitoryIdleTimeoutSec, tcpTimeWaitTimeoutSec, udpIdleTimeoutSec - router.natServices field added (router.nats []dict preserved as deprecated) Certificate Authority Service: - gcp.project.certificateAuthorityService: projectId, caPools() - gcp.project.certificateAuthorityService.caPool: projectId, resourcePath, name, location, tier, issuancePolicy, publishingOptions, labels, certificateAuthorities(), certificates() - gcp.project.certificateAuthorityService.certificateAuthority: projectId, resourcePath, name, location, caPool, type, state, keySpec, config, lifetime, pemCaCertificates, subordinateConfig, labels, gcsBucket, accessUrls, createdAt, updatedAt, deletedAt, expireTime - gcp.project.certificateAuthorityService.certificate: projectId, resourcePath, name, location, caPool, issuerCertificateAuthority, lifetime, subjectDescription, certDescription, pemCertificate, pemCertificateChain, revocationDetails, labels, createdAt, updatedAt Audit Logging Configuration: - gcp.resourcemanager.auditConfig: id, service, auditLogConfigs - gcp.resourcemanager.auditConfig.logConfig: id, logType, exemptedMembers - Exposed on both gcp.organization and gcp.project Organization Policies: - gcp.orgPolicy: id, name, constraintName, spec, dryRunSpec, etag, updatedAt - Exposed on both gcp.organization and gcp.project Signed-off-by: Tim Smith <tsmith84@gmail.com>
1 parent 2a19947 commit 6c86bc0

File tree

12 files changed

+12008
-8270
lines changed

12 files changed

+12008
-8270
lines changed

.github/actions/spelling/expect.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ databricks
3838
datapath
3939
DATAUSER
4040
datetime
41-
Ddos
41+
ddos
4242
deliverychannel
4343
dfw
4444
dlp
@@ -138,6 +138,7 @@ psc
138138
pushconfig
139139
querypack
140140
ratebasedstatement
141+
recaptcha
141142
regexmatchstatement
142143
regexpatternsetreferencestatement
143144
resourcegroup
@@ -176,7 +177,6 @@ timestream
176177
toplevel
177178
tpu
178179
serviceconnection
179-
Vnet
180180
udid
181181
Uocm
182182
usb

providers/gcp/go.mod

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,12 @@ require (
1818
cloud.google.com/go/logging v1.13.1
1919
cloud.google.com/go/longrunning v0.8.0
2020
cloud.google.com/go/monitoring v1.24.3
21+
cloud.google.com/go/orgpolicy v1.15.1
2122
cloud.google.com/go/pubsub v1.50.1
2223
cloud.google.com/go/recommender v1.13.6
2324
cloud.google.com/go/redis v1.18.3
2425
cloud.google.com/go/run v1.15.0
26+
cloud.google.com/go/security v1.19.2
2527
cloud.google.com/go/serviceusage v1.9.7
2628
cloud.google.com/go/spanner v1.87.0
2729
github.com/aws/smithy-go v1.24.0
@@ -285,7 +287,7 @@ require (
285287
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
286288
google.golang.org/genproto/googleapis/api v0.0.0-20260122232226-8e98ce8d340d // indirect
287289
google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect
288-
google.golang.org/grpc v1.79.1 // indirect
290+
google.golang.org/grpc v1.79.1
289291
gopkg.in/warnings.v0 v0.1.2 // indirect
290292
gopkg.in/yaml.v3 v3.0.1 // indirect
291293
howett.net/plist v1.0.1 // indirect

providers/gcp/go.sum

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,8 @@ cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7
7676
cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk=
7777
cloud.google.com/go/monitoring v1.24.3 h1:dde+gMNc0UhPZD1Azu6at2e79bfdztVDS5lvhOdsgaE=
7878
cloud.google.com/go/monitoring v1.24.3/go.mod h1:nYP6W0tm3N9H/bOw8am7t62YTzZY+zUeQ+Bi6+2eonI=
79+
cloud.google.com/go/orgpolicy v1.15.1 h1:0hq12wxNwcfUMojr5j3EjWECSInIuyYDhkAWXTomRhc=
80+
cloud.google.com/go/orgpolicy v1.15.1/go.mod h1:bpvi9YIyU7wCW9WiXL/ZKT7pd2Ovegyr2xENIeRX5q0=
7981
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
8082
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
8183
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -92,6 +94,8 @@ cloud.google.com/go/run v1.15.0 h1:4cwyNv9SUQEsQOf5/DfPKyMWYSA52p38/o119BgMhO4=
9294
cloud.google.com/go/run v1.15.0/go.mod h1:rgFHMdAopLl++57vzeqA+a1o2x0/ILZnEacRD6nC0EA=
9395
cloud.google.com/go/secretmanager v1.16.0 h1:19QT7ZsLJ8FSP1k+4esQvuCD7npMJml6hYzilxVyT+k=
9496
cloud.google.com/go/secretmanager v1.16.0/go.mod h1://C/e4I8D26SDTz1f3TQcddhcmiC3rMEl0S1Cakvs3Q=
97+
cloud.google.com/go/security v1.19.2 h1:cF3FkCRRbRC1oXuaGZFl3qU2sdu2gP3iOAHKzL5y04Y=
98+
cloud.google.com/go/security v1.19.2/go.mod h1:KXmf64mnOsLVKe8mk/bZpU1Rsvxqc0Ej0A6tgCeN93w=
9599
cloud.google.com/go/serviceusage v1.9.7 h1:vrBBeI2ESmri4BLGPz1YH2o37loIQ3DDTloYiDOe2lY=
96100
cloud.google.com/go/serviceusage v1.9.7/go.mod h1:JpBpv+4Zbe7+RiC9ydc6xgBUOntIL9tA85d2xKgV83g=
97101
cloud.google.com/go/spanner v1.87.0 h1:M9RGcj/4gJk6yY1lRLOz1Ze+5ufoWhbIiurzXLOOfcw=
@@ -569,8 +573,6 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
569573
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
570574
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
571575
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
572-
github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4=
573-
github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
574576
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
575577
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
576578
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=

0 commit comments

Comments
 (0)