CDV 26.1 includes a pre-flight check option to validate cloud permissions before CDV runs a Discovery or Visibility job. With the pre-flight check, CDV validates the permissions of the configured service keys before running the discovery, allowing users to monitor and verify whether the provided keys have the sufficient permissions to perform discovery across cloud services. The CDV pre-flight check is supported for all cloud providers (AWS, Azure, and GCP) and allows users to re-check the configuration after modification to ensure the correct permissions are in place before running and/or scheduling a Discovery or Visibility job.
Permissions
The permissions required for CDV to run discovery depend on the cloud environment. For a detailed list of required permissions, refer to the following sections:
Running the pre-flight check
The pre-flight check option is available when creating a discovery. Once you have selected Create and run pre-flight check, if the pre-flight check is successful, CDV will proceed and run the discovery job. If the pre-flight check is not successful, the discovery job will be stopped and marked with a Status indicating issues with the pre-flight check.
| Status | Description |
|---|---|
| Pre-flight: in progress | The pre-flight check of the discovery is currently in progress. |
| Pre-flight: completed | All required permissions for the discovery are available. |
| Pre-flight: completed with issues | The discovery is missing one or more required permissions. |
| Pre-flight: interrupted | The pre-flight check of the discovery was interrupted. In the event of a CDV, BAM, or other system failure, the job status is set to Pre-flight: interrupted after the system restarts. |
| Pre-flight: failed | An unexpected error occurred during permission verification of the discovery. |
Viewing pre-flight check results
When a pre-flight check completes with a status of Pre-flight:
completed or Pre-flight: completed with issues,
you can view detailed information about the present and/or missing permissions
in the user interface, and optionally download a JSON summary of the pre-flight
check results.
To view the pre-flight check results:
- In the Discovery or Visibility tab , select the checkbox for the schedule or visibility manager.
- Select .Tip: You can also select the row actions button (⋮) for individual discovery or visibility jobs to view pre-flight check results.
The pre-flight check result window will open with a detailed summary of missing permissions.
| Status | Description |
|---|---|
| Ready | Permission is granted. |
| Missing | Permission is missing. |
| Undetermined (missing dependent permissions) | The permission cannot be verified because it depends on another permission that is missing or not yet validated. |
| Undetermined (no resources exist yet) | The permission cannot be verified because it requires existing resources for validation, and those resources do not yet exist. |
Downloading pre-flight check results
To download pre-flight check results as JSON, select Download results in the pre-flight check results window.
Running the pre-flight check again
To run a pre-flight check again on a discovery with a status of
Pre-flight: completed with issues:
- Select the checkbox for the discovery
- Select .
- In the Start discovery warning window, select Run
pre-flight check first to run the pre-flight check again
before discovery. Note: To run the discovery without the pre-flight check, select Start anyway.
You can also run a preflight check after updating a discovery.