I'm trying to filter the event log based on regex but I'm unable to figure it out yet.
Scenario 1): I want to match the full line starting with Account Name but I don't want to match the line if it has - (hyphen) only that. But it should match -test-user.
I tried (Account Name:.*(!-).*) but it isn't working.
Content:
Account Name: -
Account Name: testing
Scenario 2): I want to try matching the second Account name line with or without hyphen in the Account For Which Logon Failed section and not from Subject section.
I tried (Account Name:.*){2} but it isn't working.
Content:
Account Name: -
Account Name: testing
Scenario 3): Combine both Scenario, Match the second Account name line but only it has no - (hyphen). If the second Account name has only hyphen then don't match anything but it should match -test-user.
I'm trying to learn here that's why I want to figure out all three scenario. Eventually I'll use only the last one.
Here is the full content:
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: testing
See if this answers your question
/Account Name:\s*[^-][a-z]+$/gm
You can find the working example here
if you want to match all the special characters excluding - then you can use
/Account Name:\s*[a-zA-Z0-9~##$^&*()_+=[\]{}|\\,.?:<>'"\/;`%]+.*$/gm
You can include any special character in the list that you want inside []
updated example
Related
I would like to know is there any way to get group ids either using CLI or Cloud console? Using this id, I need to collect the members list using Cloud API. I was going through google documentation but I couldn't find it.
For example if I use:
gcloud identity groups memberships list --group-email=abc#xyz.com
It gives the group id. Then I am using this doc to get the list of members.
If using Google's SDK tool gcloud is ok with you then you can do it as follows:
Group's ID is it's actual email address - you can see it below:
wb#cloudshell:~ $ gcloud identity groups describe esa111#google.com
createTime: '2021-10-12T09:13:16.737141Z'
description: test group
displayName: esa111
groupKey:
id: esa111#google.com
labels:
cloudidentity.googleapis.com/groups.discussion_forum: ''
name: groups/00rj4333f0glbwez
parent: customers/Cx2hsdde9nw
updateTime: '2021-10-12T09:13:16.737141Z'
To get a members list:
wb#cloudshell:~ $ gcloud identity groups memberships list --group-email=esa111#google.com
---
name: groups/00rj4333f0glbwez/memberships/129543432329845052
preferredMemberKey:
id: esa222#google.com
roles:
- name: MEMBER
---
name: groups/00rj4333f0glbwez/memberships/11674834e3327905886
preferredMemberKey:
id: esa111#google.com
roles:
- name: OWNER
- name: MEMBER
And to have just group's members ID's listed use grep and you'll get:
wb#cloudshell:~ $ gcloud identity groups memberships list --group-email=esa111#google.com | grep id:
id: esa222#google.com
id: esa111#google.com
Here's some docs on the gcloud identity groups describe and list commands.
I want to create a rule in the Istio authorization:
- to:
- operation:
methods: [ "POST" ]
paths: [ "/data/api/v1/departments/*/users/*/position" ]
when:
- key: request.auth.claims[resource_access][roles]
values: [ "edit" ]
so I want to use path variables here (in places with '*'). What should I put instead of '*' to make it working?
It doesn't work in the current setup.
I get 'RBAC denied', I have a role 'edit' and path to that role is okay. It works fine for endpoints without '*' signs
Posting this answer as a community wiki as similar question has been already answered here:
Stackoverflow.com: Answer: Istio authorization - Pattern matching in Istio 'paths' field
Part of the question:
- operation:
methods: ["PUT"]
paths: ["/my-service/docs/*/activate/*"]
Answer:
According to istio documentation:
Rule
Rule matches requests from a list of sources that perform a list of
operations subject to a list of conditions. A match occurs when at
least one source, operation and condition matches the request. An
empty rule is always matched.
Any string field in the rule supports Exact, Prefix, Suffix and
Presence match:
Exact match: “abc” will match on value “abc”.
Prefix match: “abc*” will match on value “abc” and “abcd”.
Suffix match: “*abc” will match on value “abc” and “xabc”.
Presence match: “*” will match when value is not empty.
So Authorization Policy does support wildcard, but I think the issue is with the */activate/* path, because paths can use wildcards only at the start, end or whole string, double wildcard just doesn't work.
There are related open github issues about that:
https://github.com/istio/istio/issues/16585
https://github.com/istio/istio/issues/25021
I'm trying to !Ref from one parameter to another in CloudFormation. I tried several things but it just doesn't seem to work.
UserID:
Description: "Enter the user ID provided by your organization"
Type: String
AllowedPattern : ".+"
Date:
Description: "Enter the Date in YYYYMMDD format"
Type: String
AllowedPattern : ".+"
AccountName:
I would like to contruct AccountName using UserID and Date entered by the user. Can someone please help?
Suppose user enters abcd01 and 20201124 --> I want the account name to be automatically abcd01-20201124
Instead of another Parameter, use Sub wherever you need that combined value:
!Sub ${UserID}-${Date}
Consider the following config for ansible's gcp_compute inventory plugin:
plugin: gcp_compute
projects:
- myproj
scopes:
- https://www.googleapis.com/auth/compute
filters:
- ''
groups:
connect: '"connect" in list"'
gcp: 'True'
auth_kind: serviceaccount
service_account_file: ~/.gsutil/key.json
This works for me, and will put all hosts in the gcp group as expected. So far so good.
However, I'd like to group my machines based on certain substrings appearing in their names. How can I do this?
Or, more broadly, how can I find a description of the various variables available to the jinja expressions in the groups dictionary?
The variables available are the keys available inside each of the items in the response, as listed here: https://cloud.google.com/compute/docs/reference/rest/v1/instances/list
So, for my example:
plugin: gcp_compute
projects:
- myproj
scopes:
- https://www.googleapis.com/auth/compute
filters:
- ''
groups:
connect: "'connect' in name"
gcp: 'True'
auth_kind: serviceaccount
service_account_file: ~/.gsutil/key.json
For complete your accurate answer, for choose the machines based on certain substrings appearing in their names in the parameter 'filter' you can add a, for example, expression like this:
filters:
- 'name = gke*'
This value list only the instances that their name start by gke.
I tried to create a new Google Cloud project from the command line with:
$ gcloud projects create PROJECT_ID --folder=FOLDER_ID
But I got the error:
ERROR: (gcloud.projects.create)
INVALID_ARGUMENT: field [parent] has issue [Parent id must be numeric.]
- '#type': type.googleapis.com/google.rpc.BadRequest
fieldViolations:
- description: Parent id must be numeric.
field: parent
- '#type': type.googleapis.com/google.rpc.Help
links:
- url: https://cloud.google.com/resource-manager/reference/rest/v1/projects
Looking at gcloud project create --help, it says:
--folder=FOLDER_ID
ID for the folder to use as a parent
How do I get the folder ID?
Unlike the PROJECT_ID (which must must start with a lowercase letter and can have lowercase ASCII letters, digits or hyphens), a FOLDER_ID is not the name of the folder -- instead, it's a number (hence the "Parent id must be numeric") error.
You can find the ID of your folder by searching for it by name in the Google Cloud console, it'll be in a box with a "Folder ID" label.