Google Kubernetes Engine

Integration version: 5.0

Use Cases

Manage Kubernetes clusters in Google Kubernetes Engine (GKE).

Product Permission

Create a Service Account:

  1. Open your Google Cloud Project portal, on the left pane click IAM & Admin > Roles.
  2. Click Create Role to create a custom role that will have permissions needed for the integration.
  3. On the opened page provide role Title, Description, ID, Role Launch Stage to General Availability.
  4. Add the following permissions to the created role:

    • container.clusters.list
    • container.clusters.update
    • container.clusters.get
    • container.operations.list
    • container.operations.get
  5. Click Create to create a new custom role.

  6. Next go to the Google documentation and follow the procedure in the Creating a Service Account section. After you create a service account, a Service Account Private Key file is downloaded.

  7. Grant the role you previously created to the Service Account so Service Account will have needed permissions for the integration.

  8. Configure Google Kubernetes Engine integration with the JSON contents of the file you downloaded in step 1.

Configure Google Kubernetes Engine integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
Account Type String service_account No Type of the Google Cloud account. Located at the "type" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Project ID String N/A No Project ID of the Google Cloud account. Located at the "project_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Private Key ID Password N/A No Private Key ID of the Google Cloud account. Located at the "private_key_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Private Key Password N/A No Private Key of the Google Cloud account. Located at the "private_key" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Client Email String N/A No Client Email of the Google Cloud account. Located at the "client_email" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Client ID String N/A No Client ID of the Google Cloud account. Located at the "client_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Auth URI String

https://accounts.google.com/o/oauth2/auth

No Auth URI of the Google Cloud account. Located at the "auth_uri" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Token URI String

https://oauth2.googleapis.com/token

NoToken URI of the Google Cloud account. Located at the "token_uri" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Auth Provider X509 URL String

https://www.googleapis.com/oauth2/v1/certs

No Auth Provider X509 URL of the Google Cloud account. Located at the "auth_provider_x509_cert_url" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Client X509 URL String N/A No Client X509 URL of the Google Cloud account. Located at the "client_x509_cert_url" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Service Account Json File Content String N/A No Optional: Instead of specifying Private Key ID, Private Key and other parameters, specify here the full JSON content of the service account file. Other connection parameters are ignored if this parameter is provided.
Verify SSL Checkbox Checked No If enabled, the integration verifies that the SSL certificate for the connection to the Google Cloud service is valid.

Actions

Ping

Description

Test connectivity to the Google Kubernetes Engine service with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.

Parameters

N/A

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • if successful: "Successfully connected to the Google Kubernetes Engine service with the provided connection parameters!"

The action should fail and stop a playbook execution:if critical error, like wrong credentials or lost connectivity: "Failed to connect to the Google Kubernetes Engine service! Error is {0}".format(exception.stacktrace)

General

List Clusters

Description

List Google Kubernetes Engine clusters based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities. Additionally, filtering logic is working based on the cluster name field.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Filter Logic DDL

Not Specified

DDL

Not Specified

Equal

Contains

No

Specify what filter logic should be applied. Filtering logic is working based on the cluster name field.

Filter Value String N/A No

Specify what value should be used in the filter. If "Equal" is selected, action will try to find the exact match among results and if "Contains" is selected, action will try to find results that contain that substring. If nothing is provided in this parameter, the filter will not be applied. Filtering logic is working based on the cluster name field.

Max Records To Return Integer 50 No Specify how many records to return.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
           "name": "cluster-test",
           "description": "Requested by xxxxxxx xxxxxx in #xxxxxxx",
           "nodeConfig": {
               "machineType": "e2-micro",
               "diskSizeGb": 15,
               "oauthScopes": [
                   "https://www.googleapis.com/auth/devstorage.read_only",
                   "https://www.googleapis.com/auth/logging.write",
                   "https://www.googleapis.com/auth/monitoring",
                   "https://www.googleapis.com/auth/servicecontrol",
                   "https://www.googleapis.com/auth/service.management.readonly",
                   "https://www.googleapis.com/auth/trace.append"
               ],
               "metadata": {
                   "disable-legacy-endpoints": "true"
               },
               "imageType": "COS",
               "tags": [
                   "pod-net-tag"
               ],
               "serviceAccount": "default",
               "diskType": "pd-standard",
               "shieldedInstanceConfig": {
                   "enableIntegrityMonitoring": true
               }
           },
           "masterAuth": {
               "clusterCaCertificate":
               ...
Case Wall
Result type Value/Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • if data is available(is_success = true): "Successfully found clusters for the provided criteria in Google Kubernetes Engine".
  • If data is not available (is_success=false): "No clusters were found for the provided criteria in Google Kubernetes Engine".

The action should fail and stop a playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If invalid value is provided for Max Records to Return: "Invalid value was provided for "Max Records to Return": <provided value>. Positive number should be provided".
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Clusters". Reason: {0}''.format(error.Stacktrace)
General

Case Wall Table

Name: Found Clusters

Columns:

ID

Name

Description

Cluster Network

Cluster Ipv4 CIDR

Labels

Cluster Endpoint

Status

Location

Zone

Initial Cluster Version

Current Master Version

Current Node Version

Create Time

General

Set Cluster Addons

Description

Create an operation to set addons for the Google Kubernetes Engine cluster. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name String N/A Yes Specify Google Kubernetes Engine cluster name.
HTTP Load Balancing DDL

Not Changed

Possible values: Not Changed Disabled Enabled

No Specify the value for the HTTP Load Balancing addon configuration.
Horizontal Pod Autoscaling DDL

Not Changed

Possible values: Not Changed Disabled Enabled

No Specify the value for the Horizontal Pod Autoscaling addon configuration.
Network Policy Config DDL

Not Changed

Possible values: Not Changed Disabled Enabled

No Specify the value for the Network Policy Config addon configuration.
Cloud Run Config DDL

Not Changed

Possible Values: Not Changed Disabled Enabled, Load Balancer Type Unspecified Enabled, Load Balancer Type External Enabled, Load Balancer Type Internal

No Specify the value for the Cloud Run Config addon configuration.
DNS Cache Config DDL

Not Changed

Possible values: Not Changed Disabled Enabled

No Specify the value for the DNS Cache Config addon configuration.
Config Connector Config DDL

Not Changed

Possible values: Not Changed Disabled Enabled

No Specify the value for the Config Connector Config addon.
Compute Engine Persistent Disk Csi Driver Config DDL

Not Changed

Possible values: Not Changed Disabled Enabled

No Specify the value for the Compute Engine Persistent Disk Csi Driver Config addon.
Wait for cluster configuration change operation to finish Checkbox Checked No If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
   "name": "operation-xxx-xxx",
   "zone": "europe-central2-a",
   "operationType": "UPDATE_CLUSTER",
   "status": "RUNNING",
   "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629027283051-04a0e72c",
   "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test",
   "startTime": "2021-08-15T11:34:43.051036236Z"
}
Case Wall
Result type Value/Description Type
Output message*

Action should not fail and not stop playbook execution:

  • Default messages:

    • if successful and cluster config update operation is created: "Successfully created cluster configuration change operation"
    • If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".

  • If Wait for async action results is checked:

    • If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
    • If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
    • If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Cluster Addons". Reason: {0}''.format(error.Stacktrace)
General

Set Cluster Labels

Description

Create an operation to set labels for the Google Kubernetes Engine cluster. Action is async. Action appends new labels to any existing cluster labels. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name String N/A Yes Specify Google Kubernetes Engine cluster name.
Cluster Labels JSON

{

"key1":"value1",

"key2":"value2"

}

Yes Specify a JSON object that contains labels to add to the cluster. Please consider default value for the format reference. Action appends new labels to any existing cluster labels.
Wait for cluster configuration change operation to finish Checkbox Unchecked No If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "UPDATE_CLUSTER",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629028435904-12520fb6",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test",
    "startTime": "2021-08-15T11:53:55.904254615Z"
}
Case Wall
Result type Value/Description Type
Output message*

Action should not fail and not stop playbook execution:

  • Default messages:

    • if successful and cluster config update operation is created: "Successfully created cluster configuration change operation"
    • If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".

  • If Wait for async action results is checked:

    • If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
    • If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
    • If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
  • If not valid format for labels is provided: "Invalid value was provided for the cluster labels: <cluster labels>"
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Cluster Labels". Reason: {0}''.format(error.Stacktrace)
General

List Node Pools

Description

List node pools for the Google Kubernetes Engine cluster based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities. Additionally, filtering logic is working based on the node pool name field.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name String N/A Yes Specify Google Kubernetes Engine cluster name.
Filter Logic DDL

Equal

DDL

Equal

Contains

No

Specify what filter logic should be applied. Filtering logic is working based on the node pool name field.

Filter Value String N/A No

Specify what value should be used in the filter. If "Equal" is selected, action will try to find the exact match among results and if "Contains" is selected, action will try to find results that contain that substring. If nothing is provided in this parameter, the filter will not be applied. Filtering logic is working based on the node pool name field.

Max Records To Return Integer 50 No Specify how many records to return. Default: 50.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "nodePools": [
        {
            "name": "default-pool",
            "config": {
                "machineType": "e2-micro",
                "diskSizeGb": 15,
                "oauthScopes": [
                    "https://www.googleapis.com/auth/devstorage.read_only",
                    "https://www.googleapis.com/auth/logging.write",
                    "https://www.googleapis.com/auth/monitoring",
                    "https://www.googleapis.com/auth/servicecontrol",
                    "https://www.googleapis.com/auth/service.management.readonly",
                    "https://www.googleapis.com/auth/trace.append"
                ],
                "metadata": {
                    "disable-legacy-endpoints": "true"
                },
                "imageType": "COS",
                "tags": [
                    "pod-net-tag"
                ],
                "serviceAccount": "default",
                "diskType": "pd-standard",
                "shieldedInstanceConfig": {
                    "enableIntegrityMonitoring": true
                }
            },
            "initialNodeCount": 3,
            "autoscaling": {},
            "management": {
                "autoUpgrade": true,
                "autoRepair": true
            },
            "maxPodsConstraint": {
                "maxPodsPerNode": "8"
            },
            "podIpv4CidrSize": 28,
            "locations": [
                "europe-central2-a"
            ],
            "networkConfig": {
                "podRange": "gke-cluster-test-pods-684222ee",
                "podIpv4CidrBlock": "10.4.0.0/14"
            },
            "selfLink": "https://container.googleapis.com/v1/projects/silver-shift-275007/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
            "version": "1.18.20-gke.900",
            "instanceGroupUrls": [
                "https://www.googleapis.com/compute/v1/projects/silver-shift-275007/zones/europe-central2-a/instanceGroupManagers/gke-cluster-test-default-pool-66b31b29-grp"
            ],
            "status": "RUNNING",
            "upgradeSettings": {
                "maxSurge": 1
            }
        }
    ]
}

Case Wall
Result type Value/Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • if data is available(is_success = true): "Successfully found node pools for cluster <cluster name> for the provided criteria in Google Kubernetes Engine".
  • If data is not available (is_success=false): "No node pools were found for cluster <cluster name> for the provided criteria in Google Kubernetes Engine".

The action should fail and stop a playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
  • If invalid value is provided for Max Records to Return: "Invalid value was provided for "Max Records to Return": <provided value>. Positive number should be provided".
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Node Pools". Reason: {0}''.format(error.Stacktrace)
General

Case Wall Table

Name: Found Node Pools

Columns:

Name

Status

Version

Machine Type

Tags

Service Account

Initial Node Count

Autoscaling

Max Pods Constraint

Locations

General

Set Node Autoscaling

Description

Create an operation to set node pool auto scaling configuration for the Google Kubernetes Engine cluster. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name String N/A Yes Specify Google Kubernetes Engine cluster name.
Node Pool Name String N/A Yes Specify node pool name for the Google Kubernetes Engine cluster.
Autoscaling Mode DDL Not Changed No Specify auto scaling mode status for the node pool.
Minimum Node Count Integer N/A No Specify minimum node count for the node pool configuration.
Maximum Node Count Integer N/A No Specify maximum node count for the node pool configuration.
Wait for cluster configuration change operation to finish Checkbox Unchecked No If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "UPDATE_CLUSTER",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629103333499-ed15afb5",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T08:42:13.499334137Z"
}
Case Wall
Result type Value/Description Type
Output message*

Action should not fail and not stop playbook execution:

  • Default messages:

    • if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation"
    • If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
  • If Wait for async action results is checked:

    • If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
    • If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
    • If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
  • If provided node pool name is not found: "Provided node pool name <node pool name> was not found."
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Autoscaling". Reason: {0}''.format(error.Stacktrace)
General

Set Node Pool Management

Description

Create an operation to set node pool management configuration for the Google Kubernetes Engine cluster. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name String N/A Yes Specify Google Kubernetes Engine cluster name.
Node Pool Name String N/A Yes Specify node pool name for the Google Kubernetes Engine cluster.
Auto Upgrade DDL Not Changed No Specify the status of auto upgrade management feature.
Auto Repair DDL Not Changed No Specify the status of auto repair management feature.
Wait for cluster configuration change operation to finish Checkbox Unchecked No If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "SET_NODE_POOL_MANAGEMENT",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629104643489-80b8b53e",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T09:04:03.489967146Z"
}
Case Wall
Result type Value/Description Type
Output message*

Action should not fail and not stop playbook execution:

  • Default messages:

    • if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation"
    • If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
  • If Wait for async action results is checked:

    • If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
    • If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
    • If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
  • If provided node pool name is not found: "Provided node pool name <node pool name> was not found."
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Pool Management". Reason: {0}''.format(error.Stacktrace)
General

Set Node Count

Description

Create an operation to set node count for the Google Kubernetes Engine cluster node pool. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Cluster Location String N/A Yes Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name String N/A Yes Specify Google Kubernetes Engine cluster name.
Node Pool Name String N/A Yes Specify node pool name for the Google Kubernetes Engine cluster.
Node Count Integer N/A Yes Specify node count for the Google Kubernetes Engine cluster node pool.
Wait for cluster configuration change operation to finish Checkbox Unchecked No If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "SET_NODE_POOL_SIZE",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629105607386-98b3ee73",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T09:20:07.386678466Z"
}
Case Wall
Result type Value/Description Type
Output message*

Action should not fail and not stop playbook execution:

  • Default messages:

    • if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation"
    • If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
  • If Wait for async action results is checked:

    • If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
    • If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
    • If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
  • If provided node pool name is not found: "Provided node pool name <node pool name> was not found."
  • If not valid node count is provided: "Invalid value was provided for the node count: <node count>. Value should be a positive number."
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Count". Reason: {0}''.format(error.Stacktrace)
General

List Operations

Description

List Google Kubernetes Engine operations for a location based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities. Additionally, filtering logic is working based on the operation name field.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Location String N/A Yes Specify Compute Engine location for which to fetch the operations for. Example: europe-central2-a
Filter Logic DDL

Equal

DDL

Equal

Contains

No Specify what filter logic should be applied.
Filter Value String N/A No Specify what value should be used in the filter. If "Equal" is selected, action will try to find the exact match among results and if "Contains" is selected, action will try to find results that contain that substring. If nothing is provided in this parameter, the filter will not be applied.
Max Records To Return Integer 50 No Specify how many records to return. Default: 50.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "operations": [
        {
            "name": "operation-xxx-xxx",
            "zone": "europe-central2-a",
            "operationType": "UPGRADE_MASTER",
            "status": "DONE",
            "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1628253231614-cf1485c0",
            "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test",
            "startTime": "2021-08-06T12:33:51.614562051Z",
            "endTime": "2021-08-06T12:38:55.038159801Z"
        },
        {
Case Wall
Result type Value/Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • if data is available(is_success = true): "Successfully found operations for the provided criteria in Google Kubernetes Engine".
  • If data is not available (is_success=false): "No operations were found for the provided criteria in Google Kubernetes Engine".

The action should fail and stop a playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Operations". Reason: {0}''.format(error.Stacktrace)
General

Case Wall Table

Name: Found Operations

Columns:

Name

Zone

Operation Type

Status

Start Time

End Time

Target Link

Self Link

General

Get Operation Status

Description

Get the Google Kubernetes Engine operation status. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Location String N/A Yes Specify Compute Engine location for which to fetch the operation statuses for. Example: europe-central2-a
Operation Name String N/A Yes Specify Compute Engine operation to fetch.
Wait for the operation to finish Checkbox Unchecked No If enabled, action will wait for the results of the operation.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options
is_success is_success=False
is_success is_success=True
JSON Result
{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "SET_NODE_POOL_SIZE",
    "status": "DONE",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629105607386-98b3ee73",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T09:20:07.386678466Z",
    "endTime": "2021-08-16T09:20:52.537044511Z"
}
Case Wall
Result type Value/Description Type
Output message*

Action should not fail and not stop playbook execution:

  • Default messages:

    • if successful and got operation status: "Successfully fetched operation details"
    • If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".

  • If Wait for async action results is checked:

    • If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
    • If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
    • If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

  • If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
  • If provided operation name is not found: "Provided operation name <operation name> was not found."
  • if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Get Operation". Reason: {0}''.format(error.Stacktrace)
General