PubSub Subscriptions Should Have Set Expiration For Messages

More Info:

Ensure that PubSub Subscriptions have set expiration

Risk Level

Low

Address

Operational Excellence, Cost Optimization

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the issue of PubSub subscriptions not having set expiration for messages in GCP using GCP CLI, you can follow the below steps:

Open the Cloud Shell in your GCP console.
Run the following command to list all the subscriptions in your project:
```
gcloud pubsub subscriptions list
```
Choose the subscription for which you want to set the expiration time for messages.
Run the following command to set the expiration time for messages in the chosen subscription:
```
gcloud pubsub subscriptions update <subscription-name> --expiration-period=<duration>
```
Replace <subscription-name> with the name of the chosen subscription and <duration> with the duration for which you want to set the expiration time for messages. The duration should be in the format of n[d|h|m|s] where n is the number of days, hours, minutes or seconds. For example, to set the expiration time for messages in a subscription named my-subscription to 7 days, run the following command:
```
gcloud pubsub subscriptions update my-subscription --expiration-period=7d
```
Verify that the expiration time for messages has been set for the chosen subscription by running the following command:
```
gcloud pubsub subscriptions describe <subscription-name>
```
Replace <subscription-name> with the name of the chosen subscription. The output should display the expiration time for messages in the subscription.

By following these steps, you can remediate the issue of PubSub subscriptions not having set expiration for messages in GCP using GCP CLI.

Using Python

To remediate the issue of PubSub subscriptions not having set expiration for messages in GCP using Python, you can follow the below steps:

First, you need to identify the subscription(s) that do not have set expiration for messages. You can use the following command to list all subscriptions in a project:
```
gcloud pubsub subscriptions list --format="value(name)"
```
This will give you a list of all subscriptions in your project.

Once you have identified the subscription(s) that need to be remediated, you can use the Google Cloud Pub/Sub client library for Python to set the message expiration time for each subscription. Here is a sample Python script that sets the message expiration time for a subscription:

from google.cloud import pubsub_v1
import datetime

# Set the expiration time for messages to 7 days from now
expiration_time = datetime.timedelta(days=7)

# Set the subscription name
subscription_name = 'projects/<PROJECT_ID>/subscriptions/<SUBSCRIPTION_NAME>'

# Create a Pub/Sub subscriber client
subscriber = pubsub_v1.SubscriberClient()

# Set the subscription message retention duration
subscription_path = subscriber.subscription_path(
    '<PROJECT_ID>', '<SUBSCRIPTION_NAME>')
subscription = subscriber.modify_push_config(
    subscription_path,
    push_config=pubsub_v1.types.PushConfig(
        expiration_policy=expiration_time))

# Print the updated subscription information
print('Subscription {} updated with expiration time: {}'.format(
    subscription_name, expiration_time))

Replace <PROJECT_ID> and <SUBSCRIPTION_NAME> with your project ID and subscription name respectively.

Run the Python script to set the message expiration time for the subscription(s) that need to be remediated.
```
python set_subscription_expiration.py
```
This will update the subscription(s) with the message expiration time and print the updated subscription information.

By following these steps, you can remediate the issue of PubSub subscriptions not having set expiration for messages in GCP using Python.

Additional Reading:

https://cloud.google.com/pubsub/docs/subscriber

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

PubSub Subscriptions Should Have Set Expiration For Messages

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: