Fix GCP deployment manager formatting #2530
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
orouz
commented
Sep 15, 2024
| @@ -35,7 +35,7 @@ fi | |||
|
|
|||
| result="$(gcloud deployment-manager deployments create --automatic-rollback-on-error "${DEPLOYMENT_NAME}" --project "${PROJECT_NAME}" \ | |||
| --template service_account.py \ | |||
| --properties scope:"${SCOPE}",parentId:"${PARENT_ID}",serviceAccountName:"${SERVICE_ACCOUNT_NAME}")" | |||
| --properties "scope:'${SCOPE}',parentId:'${PARENT_ID}',serviceAccountName:'${SERVICE_ACCOUNT_NAME}'")" | |||
There was a problem hiding this comment.
this format is required to ensure the values passed are treated as strings
see https://cloud.google.com/sdk/gcloud/reference/deployment-manager/deployments/create
in this specific case, ORG_ID is actually a number, but we need it as a string
|
This pull request does not have a backport label. Could you fix it @orouz? 🙏
|
orouz
commented
Sep 22, 2024
orouz
force-pushed
the
gcp_dm_fix
branch
2 times, most recently
from
08a2cb8 to
feea7c8
Compare
|
for some reason there is a bit of flakiness in service account deployments which i can't exactly pin |
oren-zohar
approved these changes
Sep 30, 2024
mergify bot
pushed a commit
that referenced
this pull request
Sep 30, 2024
(cherry picked from commit 676dde6)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of your changes
there were 2 issues preventing GCP CSPM on agentless from successfully deploying a service account for organizations. the first was a slightly off copy-paste command in kibana which ended up not passing
ORG_IDto the deployment script, so the deployment assumed it's for a project. the second issue, after providingORG_ID, the deployment script complained about it being a number and not a string (as per its schema). this is what this PR fixes.after fixing both of these, i've deployed GCP CSPM on agentless and got findings for an organization account:
Screenshot/Data
Related Issues