kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

comment alerting policy to prevent e2e errors (#3777)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2026-03-02 09:32:13 +01:00
committed by GitHub
parent 1e8603192c
commit e45e8089ff
2 changed files with 25 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
fast/stages/0-org-setup/datasets/classic/observability/iac-0/impersonation.yaml
View File

@@ -38,26 +38,27 @@ logging_metrics:
- key: email_id
value_type: STRING
alerts:
sa-impersonation-alert:
display_name: Service Account Impersonation Alert
combiner: OR
conditions:
- display_name: Impersonation Detected
condition_threshold:
filter: |
metric.type="logging.googleapis.com/user/sa-impersonation" AND
resource.type="global"
comparison: COMPARISON_GT
threshold_value: 0
duration: 60s
trigger:
count: 1
aggregations:
- alignment_period: 60s
per_series_aligner: ALIGN_COUNT
cross_series_reducer: REDUCE_SUM
group_by_fields: ["metric.label.email_id"]
notification_channels:
- email-security
enabled: true
# TODO: this is commented to prevent lag in metric creation from breaking apply
# alerts:
# sa-impersonation-alert:
# display_name: Service Account Impersonation Alert
# combiner: OR
# conditions:
# - display_name: Impersonation Detected
# condition_threshold:
# filter: |
# metric.type="logging.googleapis.com/user/sa-impersonation" AND
# resource.type="global"
# comparison: COMPARISON_GT
# threshold_value: 0
# duration: 60s
# trigger:
# count: 1
# aggregations:
# - alignment_period: 60s
# per_series_aligner: ALIGN_COUNT
# cross_series_reducer: REDUCE_SUM
# group_by_fields: ["metric.label.email_id"]
# notification_channels:
# - email-security
# enabled: true

42
tests/fast/stages/s0_org_setup/simple.yaml
View File

@@ -1284,45 +1284,6 @@ values:
project: ft0-prod-iac-core-0
timeouts: null
value_extractor: null
module.factory.module.projects["iac-0"].google_monitoring_alert_policy.alerts["sa-impersonation-alert"]:
alert_strategy: []
combiner: OR
conditions:
- condition_absent: []
condition_matched_log: []
condition_monitoring_query_language: []
condition_prometheus_query_language: []
condition_sql: []
condition_threshold:
- aggregations:
- alignment_period: 60s
cross_series_reducer: REDUCE_SUM
group_by_fields:
- metric.label.email_id
per_series_aligner: ALIGN_COUNT
comparison: COMPARISON_GT
denominator_aggregations: []
denominator_filter: null
duration: 60s
evaluation_missing_data: null
filter: 'metric.type="logging.googleapis.com/user/sa-impersonation" AND
resource.type="global"
'
forecast_options: []
threshold_value: 0
trigger:
- count: 1
percent: null
display_name: Impersonation Detected
display_name: Service Account Impersonation Alert
documentation: []
enabled: true
project: ft0-prod-iac-core-0
severity: null
timeouts: null
user_labels: null
module.factory.module.projects["iac-0"].google_monitoring_notification_channel.channels["email-security"]:
description: null
display_name: Security Team Email
@@ -3019,7 +2980,6 @@ counts:
google_logging_organization_sink: 3
google_logging_project_bucket_config: 3
google_logging_project_settings: 2
google_monitoring_alert_policy: 1
google_monitoring_notification_channel: 1
google_org_policy_custom_constraint: 1
google_org_policy_policy: 37
@@ -3047,5 +3007,5 @@ counts:
google_tags_tag_value_iam_binding: 4
local_file: 9
modules: 50
resources: 328
resources: 327
terraform_data: 4