How do I create a cloud function trigger to respond to a integrity failure

0 votes
Oct 23, 2019 in GCP by anonymous
• 19,620 points

1 answer to this question.

0 votes

Create a Cloud Functions trigger that reads the data in the Cloud Pub/Sub topic and that stops any Shielded VM instance that fails integrity validation.

  1. The following code defines the Cloud Functions trigger. Copy it into a file named

    import base64
    import json
    import googleapiclient.discovery
    def shutdown_vm(data, context):
        """A Cloud Function that shuts down a VM on failed integrity check."""
        log_entry = json.loads(base64.b64decode(data['data']).decode('utf-8'))
        payload = log_entry.get('jsonPayload', {})
        entry_type = payload.get('@type')
        if entry_type != '':
          raise TypeError("Unexpected log entry type: %s" % entry_type)
        report_event = (payload.get('earlyBootReportEvent')
            or payload.get('lateBootReportEvent'))
        if report_event is None:
          # We received a different event type, ignore.
        policy_passed = report_event['policyEvaluationPassed']
        if not policy_passed:
          print('Integrity evaluation failed: %s' % report_event)
          print('Shutting down the VM')
          instance_id = log_entry['resource']['labels']['instance_id']
          project_id = log_entry['resource']['labels']['project_id']
          zone = log_entry['resource']['labels']['zone']
          # Shut down the instance.
          compute =
              'compute', 'v1', cache_discovery=False)
          # Get the instance name from instance id.
          list_result = compute.instances().list(
                  filter='id eq %s' % instance_id).execute()
          if len(list_result['items']) != 1:
            raise KeyError('unexpected number of items: %d'
                % len(list_result['items']))
          instance_name = list_result['items'][0]['name']
          result = compute.instances().stop(project=project_id,
          print('Instance %s in project %s has been scheduled for shut down.'
              % (instance_name, project_id))
  2. In the same location as, create a file named requirements.txt and copy in the following dependencies:

  3. Open a terminal window and navigate to the directory containing and requirements.txt.

  4. Run the gcloud beta functions deploy command to deploy the trigger:

    gcloud beta functions deploy shutdown_vm --project YOUR_PROJECT_ID \
        --runtime python37 --trigger-resource integrity-monitoring \
        --trigger-event google.pubsub.topic.publish

    replacing YOUR_PROJECT_ID with the ID of your project.

Hope this helped!!

To know more about Google Cloud, It is recommended to go for Google Cloud Certification training today.

Thank you!

answered Oct 23, 2019 by Sirajul
• 59,090 points

Related Questions In GCP

+1 vote
1 answer

How do I deploy a cloud function from my local machine?

You can do this using the gcloud command-line tool, ...READ MORE

answered Oct 23, 2019 in GCP by Sirajul
• 59,090 points
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Creating a SQL Server instance using Google Compute engine.

Google Compute Engine provides public images preconfigured with ...READ MORE

answered Sep 23, 2019 in GCP by Sirajul
• 59,090 points
0 votes
1 answer
0 votes
1 answer

How do i install gcloud compute?

The gcloud compute command-line tool enables you to easily ...READ MORE

answered Sep 23, 2019 in GCP by Sirajul
• 59,090 points
0 votes
1 answer

How do I create a Google Cloud Platform (GCP) account?

In order to access the services provided ...READ MORE

answered Sep 20, 2019 in GCP by Sirajul
• 59,090 points
0 votes
1 answer

How do I create a VPCN (Virtual private cloud network) on Google Cloud?

You can connect various GCP resources to each ...READ MORE

answered Sep 23, 2019 in GCP by Sirajul
• 59,090 points