This is a Cloud Function which is used to send alerts from Google Cloud Logging to Slack.
Some GCP infrastructure is required for this to work.
- A PubSub Topic:
Log messages will be put on this topic and trigger the Cloud Function. - Google Cloud Logging Log Sink:
- This should be configured to route the log message to the PubSub topic.
- It should have an appropriate inclusion and exclusion filter.
- PubSub IAM policy:
Grantingroles/pubsub.publisher
for the Log Sink. - Google Cloud Function:
Running this code.
In addition to this, you will need an Incoming Slack WebHook URL.
CLOUD LOGGING -> LOG SINK -> PUBSUB TOPIC -> CLOUD FUNCTION -> SLACK WEBHOOK
gcloud logging sinks describe --format='value(writerIdentity)' <SINK_NAME>
gcloud pubsub topics add-iam-policy-binding <TOPIC_ID> --member=<WRITER_IDENTITY> --role=roles/pubsub.publisher
Entry Point: send_slack_alert
Environment Variable | Value |
---|---|
SLACK_URL |
Slack Web Hook URL. |
GCP_PROJECT_NAME |
The exact name of the GCP project. This is used to generate links to the GCP dashboard. |
This repository uses poetry. After cloning, install the dependencies by running:
poetry install
A Makefile
is included with some useful tasks to help with development.
Running make help
will list all available commands.
The GitHub Actions, a CI/CD platform, runs the linter, typechecker and tests (using workflows), whenever a GitHub PR is raised.
To minimise chances of failures when the GitHub Actions are ran, it's worth running make test
before you push and commit to GitHub.
Note, make test
also runs the typechecker and linter.
Linting errors can usually be fixed quickly with make format
.
- Navigate to the log entry in GCP Console and copy the entry to the clipboard
- Create a test in the
test_main.py
file using the copied log entry - Run tests using
make format test
- the test you just created should fail! - Navigate to the
lib/filters
dir and create a new.py
file - Add new functionality to the newly created file (see
osconfig_agent_filter.py
for an example) - Navigate to the
tests/lib/filters
dir and create a newtest_XX.py
file - Create unit tests that test the actual filter functionality (again, check
test_osconfig_agent_filter.py
for an example). You will need to change the fixture!- NB Event logs can be difficult to replicate in a sandbox, so it is important that the unit tests are present and accurately written before it is deployed to an environment.
- In
send_alerts.py
, import the function you just created and add it to the filter array[]
in thelog_entry_skipped
function
def log_entry_skipped(log_entry: ProcessedLogEntry):
filters = [
osconfig_agent_filter,
auditlog_filter,
agent_connect_filter,
... etc]
- Run
make format test
- if the checks pass, push and commit! - Deploy the Cloud Function in a sandbox and ensure it works as expected.
- NB Logs coming from sandboxes are filtered by default. If you want to reproduce error logs within a sandbox, make sure to remove
sandbox_filter
insend_alerts/log_entry_skipped
before deploying the Cloud Function.
- NB Logs coming from sandboxes are filtered by default. If you want to reproduce error logs within a sandbox, make sure to remove