i am trying to write GCP storage bucket policy of Cloud custodian but not getting idea how to filter out the versioning on all avilable buckets
policies:
- name: check-all-bucket-versioning
description: |
Check all bucket versionig enabled
resource: gcp.bucket
filters:
- type: value
key: versioning
value: true
actions:
any help would be really helpful..!
thanks
Your example policy is very close. It is failing because the value for versioning is an object rather than a string. When versioning is enabled for a bucket, the versioning value will be {"enabled": True}. We can filter for that by using versioning.enabled as the key:
policies:
- name: check-all-bucket-versioning
resource: gcp.bucket
filters:
- type: value
key: versioning.enabled
value: true