Closed xingao267 closed 4 years ago
I have no problem with this, but I don't see any reason why it would fix that issue. FCV processes data from the CAI dump, so if something isn't present, it's missing from the data being fed to FCV as FCV doesn't pull data from GCP.
I'm not familiar with the code base and still trying to figure out how these things work together. From my understand, this update might change the library used in https://github.com/forseti-security/config-validator/blob/master/api/validator.proto#L46? and therefore change what fields get pulled out from CAI dump?
Do you have any other suggestions of how to fix https://github.com/forseti-security/policy-library/issues/367?
Agreed, I don't think just updating the API versions will do the trick. The asset proto here will have to be updated as well.
The audit_config is present in the CAI dump, but not in input.asset.iam_policy
used by the policy library.
In that case, I think you'll need to get IAM team to update this published proto: https://github.com/forseti-security/config-validator/blob/master/api/validator.proto#L46
Isn't that proto part of https://godoc.org/google.golang.org/api ?
@xingao267 No, I don't believe so. I think the protos are published separately (outside a particular client library).
do you know how is the version of that proto specified?
let's move discussion back to the issue page so it's not fragmented
@morgante @briantkennedy ptal, might fix https://github.com/forseti-security/policy-library/issues/367