Google Kubernetes Engine

Integration version: 3.0

Use Cases

Manage Kubernetes clusters in Google Kubernetes Engine (GKE).

Product Permission

Create a Service Account:

Open your Google Cloud Project portal, on the left pane click IAM & Admin > Roles.
Click Create Role to create a custom role that will have permissions needed for the integration.
On the opened page provide role Title, Description, ID, Role Launch Stage to General Availability.
Add the following permissions to the created role:
- container.clusters.list
- container.clusters.update
- container.clusters.get
- container.operations.list
- container.operations.get
Click Create to create a new custom role.
Next go to the Google documentation and follow the procedure in the Creating a Service Account section. After you create a service account, a Service Account Private Key file is downloaded.
Grant the role you previously created to the Service Account so Service Account will have needed permissions for the integration.
Configure Google Kubernetes Engine integration with the JSON contents of the file you downloaded in step 1.

Configure Google Kubernetes Engine integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Account Type	String	service_account	No	Type of the Google Cloud account. Located at the "type" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Project ID	String	N/A	No	Project ID of the Google Cloud account. Located at the "project_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Private Key ID	Password	N/A	No	Private Key ID of the Google Cloud account. Located at the "private_key_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Private Key	Password	N/A	No	Private Key of the Google Cloud account. Located at the "private_key" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Client Email	String	N/A	No	Client Email of the Google Cloud account. Located at the "client_email" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Client ID	String	N/A	No	Client ID of the Google Cloud account. Located at the "client_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Auth URI	String	https://accounts.google.com/o/oauth2/auth	No	Auth URI of the Google Cloud account. Located at the "auth_uri" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Token URI	String	https://oauth2.googleapis.com/token	No	Token URI of the Google Cloud account. Located at the "token_uri" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Auth Provider X509 URL	String	https://www.googleapis.com/oauth2/v1/certs	No	Auth Provider X509 URL of the Google Cloud account. Located at the "auth_provider_x509_cert_url" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Client X509 URL	String	N/A	No	Client X509 URL of the Google Cloud account. Located at the "client_x509_cert_url" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter.
Service Account Json File Content	String	N/A	No	Optional: Instead of specifying Private Key ID, Private Key and other parameters, specify here the full JSON content of the service account file. Other connection parameters are ignored if this parameter is provided.
Verify SSL	Checkbox	Checked	No	If enabled, the integration verifies that the SSL certificate for the connection to the Google Cloud service is valid.

Actions

Ping

Description

Test connectivity to the Google Kubernetes Engine service with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.

Parameters

N/A

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: if successful: "Successfully connected to the Google Kubernetes Engine service with the provided connection parameters!" The action should fail and stop a playbook execution:if critical error, like wrong credentials or lost connectivity: "Failed to connect to the Google Kubernetes Engine service! Error is {0}".format(exception.stacktrace)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

if successful: "Successfully connected to the Google Kubernetes Engine service with the provided connection parameters!"

The action should fail and stop a playbook execution:if critical error, like wrong credentials or lost connectivity: "Failed to connect to the Google Kubernetes Engine service! Error is {0}".format(exception.stacktrace)

General

List Clusters

Description

List Google Kubernetes Engine clusters based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities. Additionally, filtering logic is working based on the cluster name field.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Filter Logic	DDL	Not Specified DDL Not Specified Equal Contains	No	Specify what filter logic should be applied. Filtering logic is working based on the cluster name field.
Filter Value	String	N/A	No	Specify what value should be used in the filter. If "Equal" is selected, action will try to find the exact match among results and if "Contains" is selected, action will try to find results that contain that substring. If nothing is provided in this parameter, the filter will not be applied. Filtering logic is working based on the cluster name field.
Max Records To Return	Integer	50	No	Specify how many records to return.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
           "name": "cluster-test",
           "description": "Requested by xxxxxxx xxxxxx in #xxxxxxx",
           "nodeConfig": {
               "machineType": "e2-micro",
               "diskSizeGb": 15,
               "oauthScopes": [
                   "https://www.googleapis.com/auth/devstorage.read_only",
                   "https://www.googleapis.com/auth/logging.write",
                   "https://www.googleapis.com/auth/monitoring",
                   "https://www.googleapis.com/auth/servicecontrol",
                   "https://www.googleapis.com/auth/service.management.readonly",
                   "https://www.googleapis.com/auth/trace.append"
               ],
               "metadata": {
                   "disable-legacy-endpoints": "true"
               },
               "imageType": "COS",
               "tags": [
                   "pod-net-tag"
               ],
               "serviceAccount": "default",
               "diskType": "pd-standard",
               "shieldedInstanceConfig": {
                   "enableIntegrityMonitoring": true
               }
           },
           "masterAuth": {
               "clusterCaCertificate":
               ...

Case Wall

Result type	Value/Description	Type
Output message*	The action should not fail nor stop a playbook execution: if data is available(is_success = true): "Successfully found clusters for the provided criteria in Google Kubernetes Engine". If data is not available (is_success=false): "No clusters were found for the provided criteria in Google Kubernetes Engine". The action should fail and stop a playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If invalid value is provided for Max Records to Return: "Invalid value was provided for "Max Records to Return": <provided value>. Positive number should be provided". if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Clusters". Reason: {0}''.format(error.Stacktrace)	General
Case Wall Table	Name: Found Clusters Columns: ID Name Description Cluster Network Cluster Ipv4 CIDR Labels Cluster Endpoint Status Location Zone Initial Cluster Version Current Master Version Current Node Version Create Time	General

Result type

Value/Description

Type

Output message*

The action should not fail nor stop a playbook execution:

if data is available(is_success = true): "Successfully found clusters for the provided criteria in Google Kubernetes Engine".
If data is not available (is_success=false): "No clusters were found for the provided criteria in Google Kubernetes Engine".

The action should fail and stop a playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If invalid value is provided for Max Records to Return: "Invalid value was provided for "Max Records to Return": <provided value>. Positive number should be provided".
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Clusters". Reason: {0}''.format(error.Stacktrace)

General

Case Wall Table

Name: Found Clusters

Columns:

Name

Description

Cluster Network

Cluster Ipv4 CIDR

Labels

Cluster Endpoint

Status

Location

Zone

Initial Cluster Version

Current Master Version

Current Node Version

Create Time

General

Set Cluster Addons

Description

Create an operation to set addons for the Google Kubernetes Engine cluster. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name	String	N/A	Yes	Specify Google Kubernetes Engine cluster name.
HTTP Load Balancing	DDL	Not Changed Possible values: Not Changed Disabled Enabled	No	Specify the value for the HTTP Load Balancing addon configuration.
Horizontal Pod Autoscaling	DDL	Not Changed Possible values: Not Changed Disabled Enabled	No	Specify the value for the Horizontal Pod Autoscaling addon configuration.
Network Policy Config	DDL	Not Changed Possible values: Not Changed Disabled Enabled	No	Specify the value for the Network Policy Config addon configuration.
Cloud Run Config	DDL	Not Changed Possible Values: Not Changed Disabled Enabled, Load Balancer Type Unspecified Enabled, Load Balancer Type External Enabled, Load Balancer Type Internal	No	Specify the value for the Cloud Run Config addon configuration.
DNS Cache Config	DDL	Not Changed Possible values: Not Changed Disabled Enabled	No	Specify the value for the DNS Cache Config addon configuration.
Config Connector Config	DDL	Not Changed Possible values: Not Changed Disabled Enabled	No	Specify the value for the Config Connector Config addon.
Compute Engine Persistent Disk Csi Driver Config	DDL	Not Changed Possible values: Not Changed Disabled Enabled	No	Specify the value for the Compute Engine Persistent Disk Csi Driver Config addon.
Wait for cluster configuration change operation to finish	Checkbox	Checked	No	If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
   "name": "operation-xxx-xxx",
   "zone": "europe-central2-a",
   "operationType": "UPDATE_CLUSTER",
   "status": "RUNNING",
   "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629027283051-04a0e72c",
   "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test",
   "startTime": "2021-08-15T11:34:43.051036236Z"
}

Case Wall

Result type	Value/Description	Type
Output message*	Action should not fail and not stop playbook execution: Default messages: if successful and cluster config update operation is created: "Successfully created cluster configuration change operation" If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>". If Wait for async action results is checked: If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>" If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished" If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>" Action should fail and stop playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided cluster name is not found: "Provided cluster name <cluster name> was not found." if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Cluster Addons". Reason: {0}''.format(error.Stacktrace)	General

Result type

Value/Description

Type

Output message*

Action should not fail and not stop playbook execution:

Default messages:
- if successful and cluster config update operation is created: "Successfully created cluster configuration change operation"
- If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
If Wait for async action results is checked:
- If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
- If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
- If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Cluster Addons". Reason: {0}''.format(error.Stacktrace)

General

Set Cluster Labels

Description

Create an operation to set labels for the Google Kubernetes Engine cluster. Action is async. Action appends new labels to any existing cluster labels. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name	String	N/A	Yes	Specify Google Kubernetes Engine cluster name.
Cluster Labels	JSON	{ "key1":"value1", "key2":"value2" }	Yes	Specify a JSON object that contains labels to add to the cluster. Please consider default value for the format reference. Action appends new labels to any existing cluster labels.
Wait for cluster configuration change operation to finish	Checkbox	Unchecked	No	If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "UPDATE_CLUSTER",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629028435904-12520fb6",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test",
    "startTime": "2021-08-15T11:53:55.904254615Z"
}

Case Wall

Result type	Value/Description	Type
Output message*	Action should not fail and not stop playbook execution: Default messages: if successful and cluster config update operation is created: "Successfully created cluster configuration change operation" If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>". If Wait for async action results is checked: If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>" If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished" If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>" Action should fail and stop playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided cluster name is not found: "Provided cluster name <cluster name> was not found." If not valid format for labels is provided: "Invalid value was provided for the cluster labels: <cluster labels>" if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Cluster Labels". Reason: {0}''.format(error.Stacktrace)	General

Result type

Value/Description

Type

Output message*

Action should not fail and not stop playbook execution:

Default messages:
- if successful and cluster config update operation is created: "Successfully created cluster configuration change operation"
- If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
If Wait for async action results is checked:
- If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
- If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
- If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
If not valid format for labels is provided: "Invalid value was provided for the cluster labels: <cluster labels>"
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Cluster Labels". Reason: {0}''.format(error.Stacktrace)

General

List Node Pools

Description

List node pools for the Google Kubernetes Engine cluster based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities. Additionally, filtering logic is working based on the node pool name field.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name	String	N/A	Yes	Specify Google Kubernetes Engine cluster name.
Filter Logic	DDL	Equal DDL Equal Contains	No	Specify what filter logic should be applied. Filtering logic is working based on the node pool name field.
Filter Value	String	N/A	No	Specify what value should be used in the filter. If "Equal" is selected, action will try to find the exact match among results and if "Contains" is selected, action will try to find results that contain that substring. If nothing is provided in this parameter, the filter will not be applied. Filtering logic is working based on the node pool name field.
Max Records To Return	Integer	50	No	Specify how many records to return. Default: 50.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "nodePools": [
        {
            "name": "default-pool",
            "config": {
                "machineType": "e2-micro",
                "diskSizeGb": 15,
                "oauthScopes": [
                    "https://www.googleapis.com/auth/devstorage.read_only",
                    "https://www.googleapis.com/auth/logging.write",
                    "https://www.googleapis.com/auth/monitoring",
                    "https://www.googleapis.com/auth/servicecontrol",
                    "https://www.googleapis.com/auth/service.management.readonly",
                    "https://www.googleapis.com/auth/trace.append"
                ],
                "metadata": {
                    "disable-legacy-endpoints": "true"
                },
                "imageType": "COS",
                "tags": [
                    "pod-net-tag"
                ],
                "serviceAccount": "default",
                "diskType": "pd-standard",
                "shieldedInstanceConfig": {
                    "enableIntegrityMonitoring": true
                }
            },
            "initialNodeCount": 3,
            "autoscaling": {},
            "management": {
                "autoUpgrade": true,
                "autoRepair": true
            },
            "maxPodsConstraint": {
                "maxPodsPerNode": "8"
            },
            "podIpv4CidrSize": 28,
            "locations": [
                "europe-central2-a"
            ],
            "networkConfig": {
                "podRange": "gke-cluster-test-pods-684222ee",
                "podIpv4CidrBlock": "10.4.0.0/14"
            },
            "selfLink": "https://container.googleapis.com/v1/projects/silver-shift-275007/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
            "version": "1.18.20-gke.900",
            "instanceGroupUrls": [
                "https://www.googleapis.com/compute/v1/projects/silver-shift-275007/zones/europe-central2-a/instanceGroupManagers/gke-cluster-test-default-pool-66b31b29-grp"
            ],
            "status": "RUNNING",
            "upgradeSettings": {
                "maxSurge": 1
            }
        }
    ]
}

Case Wall

Result type	Value/Description	Type
Output message*	The action should not fail nor stop a playbook execution: if data is available(is_success = true): "Successfully found node pools for cluster <cluster name> for the provided criteria in Google Kubernetes Engine". If data is not available (is_success=false): "No node pools were found for cluster <cluster name> for the provided criteria in Google Kubernetes Engine". The action should fail and stop a playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided cluster name is not found: "Provided cluster name <cluster name> was not found." If invalid value is provided for Max Records to Return: "Invalid value was provided for "Max Records to Return": <provided value>. Positive number should be provided". if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Node Pools". Reason: {0}''.format(error.Stacktrace)	General
Case Wall Table	Name: Found Node Pools Columns: Name Status Version Machine Type Tags Service Account Initial Node Count Autoscaling Max Pods Constraint Locations	General

Result type

Value/Description

Type

Output message*

The action should not fail nor stop a playbook execution:

if data is available(is_success = true): "Successfully found node pools for cluster <cluster name> for the provided criteria in Google Kubernetes Engine".
If data is not available (is_success=false): "No node pools were found for cluster <cluster name> for the provided criteria in Google Kubernetes Engine".

The action should fail and stop a playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
If invalid value is provided for Max Records to Return: "Invalid value was provided for "Max Records to Return": <provided value>. Positive number should be provided".
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Node Pools". Reason: {0}''.format(error.Stacktrace)

General

Case Wall Table

Name: Found Node Pools

Columns:

Name

Status

Version

Machine Type

Set Node Autoscaling

Description

Create an operation to set node pool auto scaling configuration for the Google Kubernetes Engine cluster. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name	String	N/A	Yes	Specify Google Kubernetes Engine cluster name.
Node Pool Name	String	N/A	Yes	Specify node pool name for the Google Kubernetes Engine cluster.
Autoscaling Mode	DDL	Not Changed	No	Specify auto scaling mode status for the node pool.
Minimum Node Count	Integer	N/A	No	Specify minimum node count for the node pool configuration.
Maximum Node Count	Integer	N/A	No	Specify maximum node count for the node pool configuration.
Wait for cluster configuration change operation to finish	Checkbox	Unchecked	No	If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "UPDATE_CLUSTER",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629103333499-ed15afb5",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T08:42:13.499334137Z"
}

Case Wall

Result type	Value/Description	Type
Output message*	Action should not fail and not stop playbook execution: Default messages: if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation" If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>". If Wait for async action results is checked: If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>" If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished" If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>" Action should fail and stop playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided cluster name is not found: "Provided cluster name <cluster name> was not found." If provided node pool name is not found: "Provided node pool name <node pool name> was not found." if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Autoscaling". Reason: {0}''.format(error.Stacktrace)	General

Result type

Value/Description

Type

Output message*

Action should not fail and not stop playbook execution:

Default messages:
- if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation"
- If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
If Wait for async action results is checked:
- If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
- If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
- If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
If provided node pool name is not found: "Provided node pool name <node pool name> was not found."
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Autoscaling". Reason: {0}''.format(error.Stacktrace)

General

Set Node Pool Management

Description

Create an operation to set node pool management configuration for the Google Kubernetes Engine cluster. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name	String	N/A	Yes	Specify Google Kubernetes Engine cluster name.
Node Pool Name	String	N/A	Yes	Specify node pool name for the Google Kubernetes Engine cluster.
Auto Upgrade	DDL	Not Changed	No	Specify the status of auto upgrade management feature.
Auto Repair	DDL	Not Changed	No	Specify the status of auto repair management feature.
Wait for cluster configuration change operation to finish	Checkbox	Unchecked	No	If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "SET_NODE_POOL_MANAGEMENT",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629104643489-80b8b53e",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T09:04:03.489967146Z"
}

Case Wall

Result type	Value/Description	Type
Output message*	Action should not fail and not stop playbook execution: Default messages: if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation" If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>". If Wait for async action results is checked: If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>" If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished" If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>" Action should fail and stop playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided cluster name is not found: "Provided cluster name <cluster name> was not found." If provided node pool name is not found: "Provided node pool name <node pool name> was not found." if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Pool Management". Reason: {0}''.format(error.Stacktrace)	General

Result type

Value/Description

Type

Output message*

Action should not fail and not stop playbook execution:

Default messages:
- if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation"
- If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
If Wait for async action results is checked:
- If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
- If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
- If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
If provided node pool name is not found: "Provided node pool name <node pool name> was not found."
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Pool Management". Reason: {0}''.format(error.Stacktrace)

General

Set Node Count

Description

Create an operation to set node count for the Google Kubernetes Engine cluster node pool. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Additionally, if the target cluster is already going under configuration change, new configuration changes will not be accepted until current configuration changes finish.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Cluster Location	String	N/A	Yes	Specify Compute Engine location in which to search for clusters in. Example: europe-central2-a
Cluster Name	String	N/A	Yes	Specify Google Kubernetes Engine cluster name.
Node Pool Name	String	N/A	Yes	Specify node pool name for the Google Kubernetes Engine cluster.
Node Count	Integer	N/A	Yes	Specify node count for the Google Kubernetes Engine cluster node pool.
Wait for cluster configuration change operation to finish	Checkbox	Unchecked	No	If enabled, action will wait for the results of the cluster configuration change operation.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "SET_NODE_POOL_SIZE",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629105607386-98b3ee73",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T09:20:07.386678466Z"
}

Case Wall

Result type	Value/Description	Type
Output message*	Action should not fail and not stop playbook execution: Default messages: if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation" If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>". If Wait for async action results is checked: If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>" If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished" If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>" Action should fail and stop playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided cluster name is not found: "Provided cluster name <cluster name> was not found." If provided node pool name is not found: "Provided node pool name <node pool name> was not found." If not valid node count is provided: "Invalid value was provided for the node count: <node count>. Value should be a positive number." if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Count". Reason: {0}''.format(error.Stacktrace)	General

Result type

Value/Description

Type

Output message*

Action should not fail and not stop playbook execution:

Default messages:
- if successful and cluster config update operation is created: "Successfully created cluster node pool configuration change operation"
- If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
If Wait for async action results is checked:
- If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
- If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
- If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided cluster name is not found: "Provided cluster name <cluster name> was not found."
If provided node pool name is not found: "Provided node pool name <node pool name> was not found."
If not valid node count is provided: "Invalid value was provided for the node count: <node count>. Value should be a positive number."
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Set Node Count". Reason: {0}''.format(error.Stacktrace)

General

List Operations

Description

List Google Kubernetes Engine operations for a location based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities. Additionally, filtering logic is working based on the operation name field.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Location	String	N/A	Yes	Specify Compute Engine location for which to fetch the operations for. Example: europe-central2-a
Filter Logic	DDL	Equal DDL Equal Contains	No	Specify what filter logic should be applied.
Filter Value	String	N/A	No	Specify what value should be used in the filter. If "Equal" is selected, action will try to find the exact match among results and if "Contains" is selected, action will try to find results that contain that substring. If nothing is provided in this parameter, the filter will not be applied.
Max Records To Return	Integer	50	No	Specify how many records to return. Default: 50.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "operations": [
        {
            "name": "operation-xxx-xxx",
            "zone": "europe-central2-a",
            "operationType": "UPGRADE_MASTER",
            "status": "DONE",
            "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1628253231614-cf1485c0",
            "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test",
            "startTime": "2021-08-06T12:33:51.614562051Z",
            "endTime": "2021-08-06T12:38:55.038159801Z"
        },
        {

Case Wall

Result type	Value/Description	Type
Output message*	The action should not fail nor stop a playbook execution: if data is available(is_success = true): "Successfully found operations for the provided criteria in Google Kubernetes Engine". If data is not available (is_success=false): "No operations were found for the provided criteria in Google Kubernetes Engine". The action should fail and stop a playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Operations". Reason: {0}''.format(error.Stacktrace)	General
Case Wall Table	Name: Found Operations Columns: Name Zone Operation Type Status Start Time End Time Target Link Self Link	General

Result type

Value/Description

Type

Output message*

The action should not fail nor stop a playbook execution:

if data is available(is_success = true): "Successfully found operations for the provided criteria in Google Kubernetes Engine".
If data is not available (is_success=false): "No operations were found for the provided criteria in Google Kubernetes Engine".

The action should fail and stop a playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Operations". Reason: {0}''.format(error.Stacktrace)

General

Case Wall Table

Name: Found Operations

Columns:

Name

Zone

Operation Type

Status

Start Time

End Time

Target Link

Self Link

General

Get Operation Status

Description

Get the Google Kubernetes Engine operation status. Action is async. Note that action is not working on Google Security Operations SOAR entities.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Location	String	N/A	Yes	Specify Compute Engine location for which to fetch the operation statuses for. Example: europe-central2-a
Operation Name	String	N/A	Yes	Specify Compute Engine operation to fetch.
Wait for the operation to finish	Checkbox	Unchecked	No	If enabled, action will wait for the results of the operation.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options
is_success	is_success=False
is_success	is_success=True

JSON Result

{
    "name": "operation-xxx-xxx",
    "zone": "europe-central2-a",
    "operationType": "SET_NODE_POOL_SIZE",
    "status": "DONE",
    "selfLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/operations/operation-1629105607386-98b3ee73",
    "targetLink": "https://container.googleapis.com/v1/projects/881112408707/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool",
    "startTime": "2021-08-16T09:20:07.386678466Z",
    "endTime": "2021-08-16T09:20:52.537044511Z"
}

Case Wall

Result type	Value/Description	Type
Output message*	Action should not fail and not stop playbook execution: Default messages: if successful and got operation status: "Successfully fetched operation details" If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>". If Wait for async action results is checked: If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>" If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished" If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>" Action should fail and stop playbook execution: If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist." If provided operation name is not found: "Provided operation name <operation name> was not found." if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Get Operation". Reason: {0}''.format(error.Stacktrace)	General

Result type

Value/Description

Type

Output message*

Action should not fail and not stop playbook execution:

Default messages:
- if successful and got operation status: "Successfully fetched operation details"
- If got an error from the API for (not critical): "Failed to execute the action because API returned error, please see action logs + <log snippet>".
If Wait for async action results is checked:
- If operation is still in progress: "Operation <operation_name> is still in progress, current status: <status>"
- If operation finished successfully (status - DONE): "Operation <operation_name> successfully finished"
- If operation failed to complete (status not equal DONE or Running): "Operation <operation_name> failed to complete with the following status: <status>"

Action should fail and stop playbook execution:

If not valid (not existing, not valid value) location is provided: "Provided cluster location <cluster location> does not exist."
If provided operation name is not found: "Provided operation name <operation name> was not found."
if fatal error, like wrong credentials, no connection to server, other: "Error executing action "Get Operation". Reason: {0}''.format(error.Stacktrace)

General