search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.29k stars 1.72k forks source link

Please add support for SCC findings exports to BQ via `gcloud scc bqexports` #18848

Open graham-m-dunn opened 1 month ago

graham-m-dunn commented 1 month ago

Community Note

Description

Currently, the recommended method to export findings from SCC to BQ is gcloud scc bqexports - however this isn't supported in the GCP provider yet. The other method (SCC -> PubSub -> BQ) is much more toilsome (you need a cloud function to parse and insert the finding, or do post-processing from the data field in the BQ table).

New or Affected Resource(s)

Potential Terraform Configuration

resource "google_scc_bqexport" "scc_project_123456789_all_active_findings" {
  name = "test-bq-export-2"
  dataset = "projects/123456789/datasets/testing_scc_findings_2"
  description = "This is a test BigQuery export"
  filter = "state=\"ACTIVE\" AND NOT mute=\"MUTED\""
}

References

e.g. create

❯ gcloud scc bqexports create test-bq-export-2 --project=123456789 --dataset=projects/123456789/datasets/testing_scc_findings_2 --description="This is a test BigQuery export" --filter="state=\"ACTIVE\" AND NOT mute=\"MUTED\""
Created.
dataset: projects/123456789/datasets/testing_scc_findings_2
description: This is a test BigQuery export
filter: state="ACTIVE" AND NOT mute="MUTED"
mostRecentEditor: grahamdunn@google.com
name: projects/123456789/bigQueryExports/test-bq-export-2
principal: service-org-123456789@gcp-sa-scc-notification.iam.gserviceaccount.com
updateTime: '2024-07-25T15:53:46.493183Z'

b/356159589

SarahFrench commented 1 month ago

From triage: This resource would map to this entity in the API, which is possible to manage via CRUD despite representing a single, imperative action. This new resource represents the "One-time exports for existing findings, assets, and security marks" as described in the docs