Closed xingao267 closed 4 years ago
briantkennedy
commented
4 years ago I have no problem with this, but I don't see any reason why it would fix that issue. FCV processes data from the CAI dump, so if something isn't present, it's missing from the data being fed to FCV as FCV doesn't pull data from GCP.
xingao267
commented
4 years ago I'm not familiar with the code base and still trying to figure out how these things work together. From my understand, this update might change the library used in https://github.com/forseti-security/config-validator/blob/master/api/validator.proto#L46? and therefore change what fields get pulled out from CAI dump?
Do you have any other suggestions of how to fix https://github.com/forseti-security/policy-library/issues/367?
morgante
commented
4 years ago Agreed, I don't think just updating the API versions will do the trick. The asset proto here will have to be updated as well.
xingao267
commented
4 years ago The audit_config is present in the CAI dump, but not in input.asset.iam_policy used by the policy library.
morgante
commented
4 years ago In that case, I think you'll need to get IAM team to update this published proto: https://github.com/forseti-security/config-validator/blob/master/api/validator.proto#L46
xingao267
commented
4 years ago Isn't that proto part of https://godoc.org/google.golang.org/api ?
xingao267
commented
4 years ago morgante
commented
4 years ago @xingao267 No, I don't believe so. I think the protos are published separately (outside a particular client library).
xingao267
commented
4 years ago do you know how is the version of that proto specified?
briantkennedy
commented
4 years ago let's move discussion back to the issue page so it's not fragmented
@morgante @briantkennedy ptal, might fix https://github.com/forseti-security/policy-library/issues/367