Add single quotes around the credentials_json var (elastic#2712)

This handlebar variable contains a string and is required to be
passed as a string to the Beat. It must be properly quoted because
it contains JSON which in YAML will be interpretted as an object.

In general all handlebar variables that are strings should be single-quoted.

To test Fleet's handling of JSON string I used a variety of formats including
some that contain newlines, end in news, without newlines, and an invalid
credential format (but valid json). One issue is that single quotes are not
properly escaped Fleet when evaluating the handlebar template leading to
invalid YAML, but this use case should not involve any single-quotes.

packages/gcp/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.1"
+  changes:
+    - description: Fix quoting of the credentials_json value in policy templates.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2712
 - version: "1.4.0"
   changes:
     - description: Add gcp.dns integration

packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml

@@ -2,7 +2,19 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: |-
+    {
+        "type": "service_account",
+        "project_id": "foo",
+        "private_key_id": "x",
+        "private_key": "",
+        "client_email": "[email protected]",
+        "client_id": "0",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://foo.bar/path"
+    }
   project_id: audit
 data_stream:
   vars:

packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs

@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}

packages/gcp/data_stream/dns/_dev/test/system/test-pubsub-config.yml

@@ -2,7 +2,19 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: |
+    {
+        "type": "service_account",
+        "project_id": "foo",
+        "private_key_id": "x",
+        "private_key": "",
+        "client_email": "[email protected]",
+        "client_id": "0",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://foo.bar/path"
+    }
   project_id: audit
 data_stream:
   vars:

packages/gcp/data_stream/dns/agent/stream/gcp-pubsub.yml.hbs

@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}

packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml

@@ -2,7 +2,9 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: >
+    {"foo": "bar"}
+
   project_id: firewall
 data_stream:
   vars:

packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs

@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}

packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml

@@ -2,7 +2,8 @@ service: gcppubsub-emulator
 input: gcp-pubsub
 vars:
   alternative_host: "{{Hostname}}:{{Port}}"
-  credentials_json: '{\"fake\":\"creds\"}'
+  credentials_json: >-
+    {"type":"service_account","project_id":"foo","private_key_id":"x","private_key":"","client_email":"[email protected]","client_id":"0","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"https://foo.bar/path"}
   project_id: vpcflow
 data_stream:
   vars:

packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs

@@ -5,7 +5,7 @@ subscription.name: {{subscription_name}}
 credentials_file: {{credentials_file}}
 {{/if}}
 {{#if credentials_json}}
-credentials_json: {{credentials_json}}
+credentials_json: '{{credentials_json}}'
 {{/if}}
 {{#if alternative_host}}
 alternative_host: {{alternative_host}}

packages/gcp/manifest.yml

@@ -1,6 +1,6 @@
 name: gcp
 title: Google Cloud Platform
-version: 1.4.0
+version: 1.4.1
 release: ga
 description: Collect logs from Google Cloud Platform with Elastic Agent.
 type: integration
@@ -17,7 +17,7 @@ categories:
   - network
   - security
 conditions:
-  kibana.version: ^7.15.0 || ^8.0.0
+  kibana.version: ^7.16.3 || ^8.0.0
 screenshots:
   - src: /img/filebeat-gcp-audit.png
     title: filebeat gcp audit