implement platform override logic for gcp

Signed-off-by: Ivan Milchev <[email protected]>

motor/discovery/gcp/resolver_project.go

@@ -79,7 +79,7 @@ func (r *GcpProjectResolver) Resolve(ctx context.Context, tc *providers.Config,
 		resolved = append(resolved, resolvedRoot)
 	}
 
-	if tc.IncludesOneOfDiscoveryTarget(common.DiscoveryAll, common.DiscoveryAuto, DiscoveryComputeImages) {
+	if tc.IncludesOneOfDiscoveryTarget(common.DiscoveryAll, DiscoveryComputeImages) {
 		assetList, err := GatherMQLObjects(tc, project)
 		if err != nil {
 			return nil, err

motor/providers/google/provider.go

@@ -81,11 +81,17 @@ func New(pCfg *providers.Config) (*Provider, error) {
 		requireServiceAccount = true
 	}
 
+	var override string
+	if pCfg.Options != nil {
+		override = pCfg.Options["platform-override"]
+	}
+
 	t := &Provider{
-		resourceType: resourceType,
-		id:           id,
-		opts:         pCfg.Options,
-		cred:         cred,
+		resourceType:     resourceType,
+		id:               id,
+		opts:             pCfg.Options,
+		cred:             cred,
+		platformOverride: override,
 	}
 
 	serviceAccount, err := loadCredentialsFromEnv("GOOGLEWORKSPACE_CREDENTIALS", "GOOGLEWORKSPACE_CLOUD_KEYFILE_JSON", "GOOGLE_CREDENTIALS")
@@ -130,6 +136,7 @@ type Provider struct {
 	// serviceAccountSubject subject is used to impersonate a subject
 	serviceAccountSubject string
 	cred                  *vault.Credential
+	platformOverride      string
 }
 
 func (p *Provider) FS() afero.Fs {
@@ -166,6 +173,15 @@ func (p *Provider) PlatformIdDetectors() []providers.PlatformIdDetector {
 }
 
 func (p *Provider) PlatformInfo() (*platform.Platform, error) {
+	if p.platformOverride != "" {
+		return &platform.Platform{
+			Name:    p.platformOverride,
+			Title:   getTitleForPlatformName(p.platformOverride),
+			Kind:    providers.Kind_KIND_GCP_OBJECT,
+			Runtime: providers.RUNTIME_GCP,
+		}, nil
+	}
+
 	name := "gcp"
 	title := "Google Cloud Platform"
 
@@ -182,6 +198,14 @@ func (p *Provider) PlatformInfo() (*platform.Platform, error) {
 	}, nil
 }
 
+func getTitleForPlatformName(name string) string {
+	switch name {
+	case "gcp-compute-image":
+		return "GCP Compute Image"
+	}
+	return "Google Cloud Platform"
+}
+
 func loadCredentialsFromEnv(envs ...string) ([]byte, error) {
 	for i := range envs {
 		val := os.Getenv(envs[i])

motor/providers/resolver/connect.go

@@ -48,6 +48,11 @@ func OpenAssetConnection(ctx context.Context, assetInfo *asset.Asset, credential
 	if assetInfo.Platform != nil {
 		pCfg.Kind = assetInfo.Platform.Kind
 		pCfg.Runtime = assetInfo.Platform.Runtime
+		if pCfg.Options == nil {
+			pCfg.Options = map[string]string{}
+		}
+		// set platform name override to ensure we get the correct platform at policy execution time
+		pCfg.Options["platform-override"] = assetInfo.Platform.Name
 	}
 
 	// parse reference id and restore options
@@ -90,6 +95,11 @@ func OpenAssetConnections(ctx context.Context, assetInfo *asset.Asset, credentia
 		if assetInfo.Platform != nil {
 			pCfg.Kind = assetInfo.Platform.Kind
 			pCfg.Runtime = assetInfo.Platform.Runtime
+			if pCfg.Options == nil {
+				pCfg.Options = map[string]string{}
+			}
+			// set platform name override to ensure we get the correct platform at policy execution time
+			pCfg.Options["platform-override"] = assetInfo.Platform.Name
 		}
 
 		// parse reference id and restore options

resources/packs/gcp/common.go

@@ -39,8 +39,8 @@ func getAssetIdentifier(runtime *resources.Runtime) *assetIdentifier {
 			// "//platformid.api.mondoo.app/runtime/gcp/{o.service}/v1/projects/{project}/regions/{region}/{objectType}/{name}"
 			segments := strings.Split(id, "/")
 			name = segments[len(segments)-1]
-			region = segments[8]
-			project = segments[6]
+			region = segments[10]
+			project = segments[8]
 			break
 		}
 	}