Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ancestry path does not work at resource (bucket, bigquery, vm, etc) level #304

Open
xingao267 opened this issue Mar 18, 2020 · 2 comments
Open

Ancestry path does not work at resource (bucket, bigquery, vm, etc) level #304

xingao267 opened this issue Mar 18, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@xingao267
Copy link
Member

match block works with ancestry path, which most granularly at project level.
For resource level matching, it is handle via parameters and within the template logic, which depends on whether the template supports that or not.

This implies some limitation, and an example is what's supported by the current legacy bigquery rule cannot be achieved in policy library. The closet thing I can find in the policy library is gcp_iam_allowed_bindings_v1.yaml, but you can't specify the dataset id in that constraint.
@gkowalski-google
Copy link
Contributor

@hshin-g Are you aware of this limitation? Sounds like this is something we should add into the existing BigQuery templates to have feature parity with the Python scanners.

@morgante
Copy link
Contributor

To be clear, this is an enhancement and not a bug. At present, match is only meant to apply to the project level.

@morgante morgante added the enhancement New feature or request label Mar 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@morgante @gkowalski-google @xingao267