⭐️ Backport GCP org and folder scanning to v7 #958
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
imilchev
commented
Feb 22, 2023
•
imilchev
commented
- 🧹 Мake GCP scanning consistent with other scan commands #954
- ⭐️ GCP organization and folder scanning #892
- 🐛 Fix GCP folder scanning #960
Allow scanning of GCP organizations:
- [x] discover GCP org asset
`./cnquery scan gcp --organization-id 459343096258 --discover
organization `
```coffee
→ loaded configuration from /Users/ivanmilchev/.config/mondoo/mondoo.yml
using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ synchronize assets
GCP organization lunalectric.com
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
```
- [x] discover projects in org and their assets
`./cnquery scan gcp --organization-id 459343096258 --discover projects`
```coffee
→ loaded configuration from /Users/ivanmilchev/.config/mondoo/mondoo.yml
using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=7
→ synchronize assets
GCP project lunaelectric-project
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP project project-2-377116
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP project project-1-377115
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP project luna-gcs-prod-98604
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP project luna-gcs-edge-98604
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP project luna-common
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP project tidy-drive-373802
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
0/7 scanned 7/7 errored
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
100%
```
- [x] use MQL to resolve projects for an organization
- [x] make sure `gcp.project` MQL resource resolve to the currently
scanned GCP Project asset
- [x] discover GCP folder asset
`./cnquery scan gcp --organization-id 459343096258 --discover folders`
```coffee
→ loaded configuration from /Users/ivanmilchev/.config/mondoo/mondoo.yml
using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=4
→ synchronize assets
GCP folder Department-Y
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP folder folder1
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP folder subfolder-1
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
GCP folder Product-1
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
X
0/4 scanned 4/4 errored
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
100%
```
- [x] add MQL resources to easily retrieve flattened list of GCP
projects
Projects directly under the organization:
```coffee
cnquery> gcp.organization.projects
gcp.organization.projects.list: [
0: gcp.project name="lunaelectric-project"
1: gcp.project name="luna-gcs-prod-98604"
2: gcp.project name="luna-common"
3: gcp.project name="luna-gcs-edge-98604"
]
```
All projects under the organization (recursively):
```coffee
gcp.organization.projects.all
gcp.organization.projects.all: [
0: gcp.project name="lunaelectric-project"
1: gcp.project name="project--2-377116"
2: gcp.project name="project-1-377115"
3: gcp.project name="luna-gcs-prod-98604"
4: gcp.project name="luna-gcs-edge-98604"
5: gcp.project name="luna-common"
6: gcp.project name="My First Project"
]
```
- [x] add MQL resources to easily retrieve flattened list of GCP folders
Folders directly under the organization:
```coffee
cnquery> gcp.organization.folders
gcp.organization.folders.list: [
0: gcp.folder name="folder1"
]
```
All folders under the organization (recursively):
```coffee
cnquery> cnquery> gcp.organization.folders.all
gcp.organization.folders.all: [
0: gcp.folder name="Department-Y"
1: gcp.folder name="folder1"
2: gcp.folder name="subfolder-1"
3: gcp.folder name="Product-1"
]
```
---------
Signed-off-by: Ivan Milchev <[email protected]>
This PR sets up new commands for scanning GCP: ```bash cnquery scan gcp org 342423 # <-- scan GCP organization; `org` and `organization` both work cnquery scan gcp project mondoo-dev # <-- scan GCP project cnquery scan gcp folder 3421423 # <-- scan GCP folder ``` The current commands still work but they show a deprecation warning message. _Note that folder scanning doesn't work yet because it is still not merged into `main`. This should start working once #892 is merged._ Signed-off-by: Ivan Milchev <[email protected]>
Since the CLI and the folder scan were in 2 separate PRs, there were some minor issues that had to be fixed before that started working Signed-off-by: Ivan Milchev <[email protected]>
preslavgerchev
approved these changes
Feb 22, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.