Open shrikant0013 opened 7 years ago
The GCS watcher should use the @record_exception
decorator on the slurp_items()
method:
https://github.com/Netflix/security_monkey/blob/develop/security_monkey/decorators.py#L79
Similarly done in the IAM Role Watcher: https://github.com/Netflix/security_monkey/blob/develop/security_monkey/watchers/iam/iam_role.py#L50
@supertom - Do you need me to take this?
@monkeysecurity I apologize, I must have missed this. If you wouldn't mind, I'd appreciate it.
Watcher currently errors out if certain GCP GCS buckets do not have GET/Read permissions Ideally, the account that is scanning various GCP project resources should have relevant permissions, but in certain cases these might be removed, changed, etc
Should we continue watcher for remaining GCS buckets in same projects and other projects?. Some kind of reporting/alerting can be put in place for failure cases