fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Support ability to query GCP metadata in Fleet

Open ddribeiro opened this issue 1 year ago • 1 comments

Problem

As a Fleet user, I'd like to build queries that can return information about GCP instance metadata like I'm able to do with my Azure and E2 instances today.

There is an open issue at osquery to add support for a gcp_instance_metadata table, but there has not been any activity on it in over a year.

Potential solutions

  1. Add gcp_instance_metadata table to Fleet data tables so GCP instance metadata can be queried the same as Azure and E2 instances can be today.
  2. The Github issue suggests metadata for a GCP instance can be collected with a curl command which means it could potentially be scripted. This solution is not ideal as data could not be obtained in the same way as Azure or EC2. Additionally, the curl osquery table cannot be used as a workaround since GCP requires Metadata-Flavor: Google as a header and the curl table does not support headers.

ddribeiro avatar Jun 18 '24 18:06 ddribeiro

Hey @ddribeiro thanks for tracking this one.

The plan is to weigh it at the next feature fest on 2024-06-20.

noahtalerman avatar Jun 19 '24 14:06 noahtalerman

Hi, I'm the one who opened that upstream issue, and we are also FleetDM customers, so consider it a +1 from us too.

mwarkentin avatar Mar 17 '25 14:03 mwarkentin