✨ Add reference to compute network from GCP DNS policy (#799)

```typescript ./cnquery run gcp -c "gcp.project.dns.policies{networks}" → discover related assets for 1 asset(s) → resolved assets resolved-assets=1 gcp.project.dns.policies: [ 0: { networks: [ 0: gcp.project.computeService.network name="default" ] } ] ``` Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Jan 18, 2023 · 0e6c47b · 0e6c47b
1 parent f59423b
commit 0e6c47b
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 3 deletions.
diff --git a/resources/packs/gcp/dns.go b/resources/packs/gcp/dns.go
@@ -3,6 +3,7 @@ package gcp
 import (
 	"context"
 	"strconv"
+	"strings"
 
 	"go.mondoo.com/cnquery/resources"
 
@@ -172,13 +173,20 @@ func (g *mqlGcpProjectDnsService) GetPolicies() ([]interface{}, error) {
 		for i := range page.Policies {
 			policy := page.Policies[i]
 
+			networkNames := make([]interface{}, 0, len(policy.Networks))
+			for _, network := range policy.Networks {
+				segments := strings.Split(network.NetworkUrl, "/")
+				networkNames = append(networkNames, segments[len(segments)-1])
+			}
+
 			mqlDnsPolicy, err := g.MotorRuntime.CreateResource("gcp.project.dnsService.policy",
 				"projectId", projectId,
 				"id", strconv.FormatInt(int64(policy.Id), 10),
 				"name", policy.Name,
 				"description", policy.Description,
 				"enableInboundForwarding", policy.EnableInboundForwarding,
 				"enableLogging", policy.EnableLogging,
+				"networkNames", networkNames,
 			)
 			if err != nil {
 				return err
@@ -193,6 +201,43 @@ func (g *mqlGcpProjectDnsService) GetPolicies() ([]interface{}, error) {
 	return res, nil
 }
 
+func (g *mqlGcpProjectDnsServicePolicy) GetNetworks() ([]interface{}, error) {
+	projectId, err := g.ProjectId()
+	if err != nil {
+		return nil, err
+	}
+
+	networkNames, err := g.NetworkNames()
+	if err != nil {
+		return nil, err
+	}
+
+	obj, err := g.MotorRuntime.CreateResource("gcp.project.computeService", "projectId", projectId)
+	if err != nil {
+		return nil, err
+	}
+	gcpCompute := obj.(GcpProjectComputeService)
+	networks, err := gcpCompute.Networks()
+	if err != nil {
+		return nil, err
+	}
+
+	res := make([]interface{}, 0, len(networkNames))
+	for _, network := range networks {
+		networkName, err := network.(GcpProjectComputeServiceNetwork).Name()
+		if err != nil {
+			return nil, err
+		}
+		for _, name := range networkNames {
+			if name == networkName {
+				res = append(res, network)
+				break
+			}
+		}
+	}
+	return res, nil
+}
+
 func (g *mqlGcpProjectDnsServiceRecordset) id() (string, error) {
 	projectId, err := g.ProjectId()
 	if err != nil {

diff --git a/resources/packs/gcp/gcp.lr b/resources/packs/gcp/gcp.lr
@@ -1204,7 +1204,7 @@ private gcp.project.dnsService.recordset @defaults("name") {
 }
 
 // Cloud DNS rules applied to one or more Virtual Private Cloud resources
-private gcp.project.dnsService.policy {
+private gcp.project.dnsService.policy @defaults("name") {
   // Project ID
   projectId string
   // Managed Zone ID
@@ -1217,6 +1217,10 @@ private gcp.project.dnsService.policy {
   enableInboundForwarding bool
   // Indicates if logging is enabled
   enableLogging bool
+  // List of network names specifying networks to which this policy is applied
+  networkNames []string
+  // List of networks to which this policy is applied
+  networks() []gcp.project.computeService.network
 }
 
 // GCP GKE

diff --git a/resources/packs/gcp/gcp.lr.go b/resources/packs/gcp/gcp.lr.go
diff --git a/resources/packs/gcp/info/gcp.lr.json b/resources/packs/gcp/info/gcp.lr.json
diff --git a/resources/packs/k8s/k8s.lr.go b/resources/packs/k8s/k8s.lr.go