gcp: remove never-successful violation field renames

efd6 · efd6 · commit 7ab7e6cef863 · 2025-05-05T07:12:00.000+09:30
The rename refers to fields that do not exist in the type, and appears to have been incorrectly added to the block handling PolicyViolationInfo. The alternative would have been to add the following, but we already document the current behaviour, so leaving this as is as unfortunate. - foreach: field: gcp.audit.policy_violation_info.violations ignore_missing: true ignore_failure: true processor: rename: field: _ingest._value.errorMessage target_field: _ingest._value.error_message if: ctx.gcp?.audit?.policy_violation_info?.violations instanceof List - foreach: field: gcp.audit.policy_violation_info.violations ignore_missing: true ignore_failure: true processor: rename: field: _ingest._value.checkedValue target_field: _ingest._value.checked_value if: ctx.gcp?.audit?.policy_violation_info?.violations instanceof List - foreach: field: gcp.audit.policy_violation_info.violations ignore_missing: true ignore_failure: true processor: rename: field: _ingest._value.policyType target_field: _ingest._value.policy_type if: ctx.gcp?.audit?.policy_violation_info?.violations instanceof List [1]https://cloud.google.com/logging/docs/reference/audit/auditlog/rest/Shared.Types/AuditLog#ViolationInfo
diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.41.2"
+  changes:
+    - description: Remove redundant audit violation field renames.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/
 - version: "2.41.1"
   changes:
     - description: Preserve original value of resource name.
diff --git a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -413,15 +413,6 @@ processors:
       field: gcp.audit.policy_violation_info.violations
       copy_from: json.protoPayload.policyViolationInfo.orgPolicyViolationInfo.violationInfo
       ignore_failure: true
-  - foreach:
-      field: gcp.audit.policy_violation_info.violations
-      ignore_missing: true
-      ignore_failure: true
-      processor:
-        rename:
-          field: _ingest._value.resourceAttributes
-          target_field: _ingest._value.resource_attributes
-      if: ctx.gcp?.audit?.policy_violation_info instanceof List
   - rename:
       field: json.protoPayload.policyViolationInfo.orgPolicyViolationInfo.payload
       target_field: gcp.audit.policy_violation_info.payload
diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml
@@ -1,6 +1,6 @@
 name: gcp
 title: Google Cloud Platform
-version: "2.41.1"
+version: "2.41.2"
 description: Collect logs and metrics from Google Cloud Platform with Elastic Agent.
 type: integration
 icons:
