add missing properties to gcp cryptokeys

Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Jan 16, 2023 · 434c706 · 434c706
1 parent bfe56ca
commit 434c706
Show file tree

Hide file tree

Showing 4 changed files with 293 additions and 1 deletion.
diff --git a/resources/packs/gcp/gcp.lr b/resources/packs/gcp/gcp.lr
@@ -1418,6 +1418,22 @@ private gcp.project.kmsService.keyring.cryptokey @defaults("name purpose"){
   primary gcp.project.kmsService.keyring.cryptokey.version
   // Crypto key purpose
   purpose string
+  // Creation timestamp
+  created time
+  // Time at which KMS will create a new version of this key and mark it as primary
+  nextRotation time
+  // Rotation period
+  rotationPeriod time
+  // Template describing the settings for new crypto key versions
+  versionTemplate dict
+  // User-defined labels
+  labels map[string]string
+  // Whether this key may contain imported versions only
+  importOnly bool
+  // Period of time that versions of this key spend in DESTROY_SCHEDULED state before being destroyed
+  destroyScheduledDuration time
+  // Resource name of the backend environment where the key material for all crypto key versions reside
+  cryptoKeyBackend string
   // List of cryptokey versions
   versions() []gcp.project.kmsService.keyring.cryptokey.version
 }

diff --git a/resources/packs/gcp/gcp.lr.go b/resources/packs/gcp/gcp.lr.go
diff --git a/resources/packs/gcp/info/gcp.lr.json b/resources/packs/gcp/info/gcp.lr.json
diff --git a/resources/packs/gcp/kms.go b/resources/packs/gcp/kms.go
@@ -4,10 +4,12 @@ import (
 	"context"
 	"fmt"
 	"sync"
+	"time"
 
 	kms "cloud.google.com/go/kms/apiv1"
 	"cloud.google.com/go/kms/apiv1/kmspb"
 	"github.com/rs/zerolog/log"
+	"go.mondoo.com/cnquery/llx"
 	"go.mondoo.com/cnquery/resources"
 	"go.mondoo.com/cnquery/resources/packs/core"
 	"google.golang.org/api/iterator"
@@ -227,6 +229,10 @@ func (g *mqlGcpProjectKmsServiceKeyring) GetCryptokeys() ([]interface{}, error)
 		Parent: keyring,
 	})
 
+	type mqlVersionTemplate struct {
+		ProtectionLevel string `json:"protectionLevel"`
+		Algorithm       string `json:"algorithm"`
+	}
 	for {
 		k, err := it.Next()
 		if err == iterator.Done {
@@ -241,11 +247,41 @@ func (g *mqlGcpProjectKmsServiceKeyring) GetCryptokeys() ([]interface{}, error)
 			return nil, err
 		}
 
+		var versionTemplate map[string]interface{}
+		if k.VersionTemplate != nil {
+			versionTemplate, err = core.JsonToDict(mqlVersionTemplate{
+				ProtectionLevel: k.VersionTemplate.ProtectionLevel.String(),
+				Algorithm:       k.VersionTemplate.Algorithm.String(),
+			})
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		var mqlRotationPeriod *time.Time
+		rotationPeriod := k.GetRotationPeriod()
+		if rotationPeriod != nil {
+			mqlRotationPeriod = core.MqlTime(llx.DurationToTime(rotationPeriod.Seconds))
+		}
+
+		var mqlDestroyScheduledDuration *time.Time
+		if k.DestroyScheduledDuration != nil {
+			mqlDestroyScheduledDuration = core.MqlTime(llx.DurationToTime(k.DestroyScheduledDuration.Seconds))
+		}
+
 		mqlKey, err := g.MotorRuntime.CreateResource("gcp.project.kmsService.keyring.cryptokey",
 			"resourcePath", k.Name,
 			"name", parseResourceName(k.Name),
 			"primary", mqlPrimary,
 			"purpose", k.Purpose.String(),
+			"created", core.MqlTime(k.CreateTime.AsTime()),
+			"nextRotation", core.MqlTime(k.NextRotationTime.AsTime()),
+			"rotationPeriod", mqlRotationPeriod,
+			"versionTemplate", versionTemplate,
+			"labels", core.StrMapToInterface(k.Labels),
+			"importOnly", k.ImportOnly,
+			"destroyScheduledDuration", mqlDestroyScheduledDuration,
+			"cryptoKeyBackend", k.CryptoKeyBackend,
 		)
 
 		keys = append(keys, mqlKey)