Second-Party Triggers with Stackdriver

Many Google Cloud Platform events are logged in Stackdriver Audit Logs. You can filter these logs and forward them to Pub/Sub topics using sinks. These Pub/Sub topics can then send notifications that trigger Cloud Functions. This allows you to create custom events from any Google Cloud Platform service that produces audit logs.

Configuration

To run the sample below, you'll need a Pub/Sub topic and a Stackdriver logging sink. The sample uses them to forward Stackdriver Audit Logs to a Cloud Function.

Event structure

Like all Pub/Sub-triggered functions, functions triggered by Stackdriver log entries receive a PubsubMessage object whose data parameter is a base64-encoded string. For Stackdriver log events, decoding this value returns the relevant log entry as a JSON string.

Sample code

You can use a Pub/Sub-triggered function like the one below to detect and respond to exported Stackdriver logs:

Node.js

functions/log/index.js 
exports.processLogEntry = data => {
  // Node 6: data.data === Node 8+: data
  const dataBuffer = Buffer.from(data.data.data || data.data, 'base64');

  const logEntry = JSON.parse(dataBuffer.toString('ascii')).protoPayload;
  console.log(`Method: ${logEntry.methodName}`);
  console.log(`Resource: ${logEntry.resourceName}`);
  console.log(`Initiator: ${logEntry.authenticationInfo.principalEmail}`);
};

Python

functions/log/main.py 
import base64
import json

def process_log_entry(data, context):
    data_buffer = base64.b64decode(data['data'])
    log_entry = json.loads(data_buffer)['protoPayload']

    print(f"Method: {log_entry['methodName']}")
    print(f"Resource: {log_entry['resourceName']}")
    print(f"Initiator: {log_entry['authenticationInfo']['principalEmail']}")

Go

functions/log/process_log_entry.go 
// Package log contains examples for handling Cloud Functions logs.
package log

import (
	"context"
	"log"
)

// PubSubMessage is the payload of a Pub/Sub event.
type PubSubMessage struct {
	Data []byte `json:"data"`
}

// ProcessLogEntry processes a Pub/Sub message from Stackdriver.
func ProcessLogEntry(ctx context.Context, m PubSubMessage) error {
	log.Printf("Log entry data: %s", string(m.Data))
	return nil
}

Deploying a function

Use the command below to deploy your function:

Node.js 8 

gcloud functions deploy processLogEntry --runtime nodejs8 --trigger-topic YOUR_PUBSUB_TOPIC

Node.js 10 (Beta) 

gcloud functions deploy processLogEntry --runtime nodejs10 --trigger-topic YOUR_PUBSUB_TOPIC

Node.js 6 (Deprecated) 

gcloud functions deploy processLogEntry --runtime nodejs6 --trigger-topic YOUR_PUBSUB_TOPIC

Python 

gcloud functions deploy process_log_entry --runtime python37 --trigger-topic YOUR_PUBSUB_TOPIC

Go 

gcloud functions deploy ProcessLogEntry --runtime go111 --trigger-topic YOUR_PUBSUB_TOPIC

Triggering a function

When a Stackdriver log entry that matches one of your filters is created, you should see corresponding log entries for your function:

Method: METHOD
Resource: projects/YOUR_GCLOUD_PROJECT/...
Initiator: YOUR_EMAIL_ADDRESS
Hai trovato utile questa pagina? Facci sapere cosa ne pensi:

Invia feedback per...

Questa pagina
Feedback sulla documentazione
Cloud Functions Documentation
Feedback sul prodotto