From c92692ef5fad1a31519e351c4e99ac740ccbbbe9 Mon Sep 17 00:00:00 2001 From: priyankaswain Date: Tue, 11 May 2021 14:41:04 +0530 Subject: [PATCH 1/7] Add table gcp_organization_policy. closes #186 --- gcp/plugin.go | 1 + gcp/table_gcp_organization_policy.go | 140 +++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 gcp/table_gcp_organization_policy.go diff --git a/gcp/plugin.go b/gcp/plugin.go index 1ac5ae23..027309c4 100644 --- a/gcp/plugin.go +++ b/gcp/plugin.go @@ -67,6 +67,7 @@ func Plugin(ctx context.Context) *plugin.Plugin { "gcp_monitoring_alert_policy": tableGcpMonitoringAlert(ctx), "gcp_monitoring_group": tableGcpMonitoringGroup(ctx), "gcp_monitoring_notification_channel": tableGcpMonitoringNotificationChannel(ctx), + "gcp_organization_policy": tableGcpOrganizationPolicy(ctx), "gcp_project_service": tableGcpProjectService(ctx), "gcp_pubsub_snapshot": tableGcpPubSubSnapshot(ctx), "gcp_pubsub_subscription": tableGcpPubSubSubscription(ctx), diff --git a/gcp/table_gcp_organization_policy.go b/gcp/table_gcp_organization_policy.go new file mode 100644 index 00000000..677cabf8 --- /dev/null +++ b/gcp/table_gcp_organization_policy.go @@ -0,0 +1,140 @@ +package gcp + +import ( + "context" + "strings" + + "github.com/turbot/steampipe-plugin-sdk/grpc/proto" + "github.com/turbot/steampipe-plugin-sdk/plugin" + "github.com/turbot/steampipe-plugin-sdk/plugin/transform" + + "google.golang.org/api/cloudresourcemanager/v1" +) + +//// TABLE DEFINITION + +func tableGcpOrganizationPolicy(ctx context.Context) *plugin.Table { + return &plugin.Table{ + Name: "gcp_organization_policy", + Description: "GCP Organization Policy", + List: &plugin.ListConfig{ + Hydrate: listGcpOrganizationPolicies, + }, + Columns: []*plugin.Column{ + { + Name: "constraint", + Description: "The name of the Constraint the Policy is configuring, for example, constraints/serviceuser.services.", + Type: proto.ColumnType_STRING, + }, + { + Name: "etag", + Description: "An opaque tag indicating the current version of the Policy, used for concurrency control.", + Type: proto.ColumnType_STRING, + }, + { + Name: "updateTime", + Description: "The time stamp the Policy was previously updated.", + Type: proto.ColumnType_TIMESTAMP, + }, + { + Name: "version", + Description: "Version of the Policy. Default version is 0.", + Type: proto.ColumnType_INT, + }, + { + Name: "listPolicy", + Description: "List of values either allowed or disallowed.", + Type: proto.ColumnType_JSON, + }, + { + Name: "booleanPolicy", + Description: "For boolean Constraints, whether to enforce the Constraint or not.", + Type: proto.ColumnType_JSON, + }, + { + Name: "restoreDefault", + Description: "Restores the default behavior of the constraint; independent of Constraint type.", + Type: proto.ColumnType_JSON, + }, + + // standard steampipe columns + { + Name: "title", + Description: ColumnDescriptionTitle, + Type: proto.ColumnType_STRING, + Hydrate: listGcpOrganizationPolicies, + }, + { + Name: "akas", + Description: ColumnDescriptionAkas, + Type: proto.ColumnType_JSON, + Hydrate: getOrganizationPolicyTurbotData, + }, + + // standard gcp columns + { + Name: "location", + Description: ColumnDescriptionLocation, + Type: proto.ColumnType_STRING, + Transform: transform.FromConstant("global"), + }, + { + Name: "project", + Description: ColumnDescriptionProject, + Type: proto.ColumnType_STRING, + Hydrate: getProject, + Transform: transform.FromValue(), + }, + }, + } +} + +//// FETCH FUNCTIONS + +func listGcpOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { + // Create Service Connection + service, err := CloudResourceManagerService(ctx, d) + if err != nil { + return nil, err + } + + // Get project details + projectData, err := activeProject(ctx, d) + if err != nil { + return nil, err + } + project := projectData.Project + plugin.Logger(ctx).Trace("listGcpOrganizationPolicies", "GCP_PROJECT: ", project) + + rb := &cloudresourcemanager.ListOrgPoliciesRequest{} + resp, err := service.Projects.ListOrgPolicies(project, rb).Context(ctx).Do() + if err != nil { + return nil, err + } + d.StreamListItem(ctx, resp) + + return nil, nil +} + +func getOrganizationPolicyTurbotData(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { + // Get project details + projectData, err := activeProject(ctx, d) + if err != nil { + return nil, err + } + project := projectData.Project + + // Get the resource title + title := strings.ToUpper(project) + " Org Policy" + + // Build resource aka + akas := []string{"gcp://cloudresourcemanager.googleapis.com/projects/" + project + "/OrgPolicy"} + + // Mapping all turbot defined properties + turbotData := map[string]interface{}{ + "Akas": akas, + "Title": title, + } + + return turbotData, nil +} From 3748e392fb921e0c26ad5f3c704dafd3214a6235 Mon Sep 17 00:00:00 2001 From: priyankaswain Date: Fri, 14 May 2021 19:47:20 +0530 Subject: [PATCH 2/7] Added table, integration test & doc. --- .../gcp_projects_organization_policy.md | 38 ++++++++ .../dependencies.txt | 0 .../test-get-expected.json | 7 ++ .../test-get-query.sql | 3 + .../test-list-expected.json | 8 ++ .../test-list-query.sql | 3 + .../test-notfound-expected.json | 1 + .../test-notfound-query.sql | 3 + .../test-turbot-expected.json | 6 ++ .../test-turbot-query.sql | 3 + .../variables.json | 1 + .../variables.tf | 68 ++++++++++++++ gcp/plugin.go | 2 +- ...table_gcp_projects_organization_policy.go} | 89 ++++++++++++++----- 14 files changed, 208 insertions(+), 24 deletions(-) create mode 100644 docs/tables/gcp_projects_organization_policy.md create mode 100644 gcp-test/tests/gcp_projects_organization_policy/dependencies.txt create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-get-expected.json create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-list-expected.json create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-notfound-expected.json create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-turbot-expected.json create mode 100644 gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql create mode 100644 gcp-test/tests/gcp_projects_organization_policy/variables.json create mode 100644 gcp-test/tests/gcp_projects_organization_policy/variables.tf rename gcp/{table_gcp_organization_policy.go => table_gcp_projects_organization_policy.go} (58%) diff --git a/docs/tables/gcp_projects_organization_policy.md b/docs/tables/gcp_projects_organization_policy.md new file mode 100644 index 00000000..66c1a3c5 --- /dev/null +++ b/docs/tables/gcp_projects_organization_policy.md @@ -0,0 +1,38 @@ +# Table: gcp_projects_organization_policy + +The Organization Policy Service gives you centralized and programmatic control over your organization's cloud resources. + +## Examples + +### Basic info + +```sql +select + * +from + gcp_projects_organization_policy; +``` + + +### Check policy's previously updated time by server + +```sql +select + id, + version, + update_time +from + gcp_projects_organization_policy, +``` + + +### Check the policy values given to constraint. + +```sql +select + id, + version, + list_policy ->> 'allValues' as policy_value +from + gcp_projects_organization_policy; +``` \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/dependencies.txt b/gcp-test/tests/gcp_projects_organization_policy/dependencies.txt new file mode 100644 index 00000000..e69de29b diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-get-expected.json b/gcp-test/tests/gcp_projects_organization_policy/test-get-expected.json new file mode 100644 index 00000000..2cec8996 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-get-expected.json @@ -0,0 +1,7 @@ +[ + { + "akas": ["{{ output.project_aka.value }}"], + "project": "{{ output.project_id.value }}", + "title": "{{ output.resource_title.value }}" + } +] diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql b/gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql new file mode 100644 index 00000000..6e9a76cf --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql @@ -0,0 +1,3 @@ +select title, akas, project +from gcp.gcp_projects_organization_policy +where id = '{{ output.resource_id.value }}'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-list-expected.json b/gcp-test/tests/gcp_projects_organization_policy/test-list-expected.json new file mode 100644 index 00000000..b6cea30b --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-list-expected.json @@ -0,0 +1,8 @@ +[ + { + "akas": ["{{ output.project_aka.value }}"], + "location": "global", + "project": "{{ output.project_id.value }}", + "title": "{{ output.resource_title.value }}" + } +] diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql b/gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql new file mode 100644 index 00000000..6fcdf271 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql @@ -0,0 +1,3 @@ +select project, location, title, akas +from gcp.gcp_projects_organization_policy +where title = '{{ output.resource_title.value }}'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-notfound-expected.json b/gcp-test/tests/gcp_projects_organization_policy/test-notfound-expected.json new file mode 100644 index 00000000..19765bd5 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-notfound-expected.json @@ -0,0 +1 @@ +null diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql b/gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql new file mode 100644 index 00000000..da021eb2 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql @@ -0,0 +1,3 @@ +select id, project, title, akas +from gcp.gcp_projects_organization_policy +where title = '{{ output.resource_title.value }}:asdf'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-turbot-expected.json b/gcp-test/tests/gcp_projects_organization_policy/test-turbot-expected.json new file mode 100644 index 00000000..bcca724c --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-turbot-expected.json @@ -0,0 +1,6 @@ +[ + { + "akas": ["{{ output.project_aka.value }}"], + "title": "{{ output.resource_title.value }}" + } +] diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql b/gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql new file mode 100644 index 00000000..17d85a46 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql @@ -0,0 +1,3 @@ +select title, akas +from gcp.gcp_projects_organization_policy +where title = '{{ output.resource_title.value }}'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/variables.json b/gcp-test/tests/gcp_projects_organization_policy/variables.json new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/variables.json @@ -0,0 +1 @@ +{} diff --git a/gcp-test/tests/gcp_projects_organization_policy/variables.tf b/gcp-test/tests/gcp_projects_organization_policy/variables.tf new file mode 100644 index 00000000..53bf7c32 --- /dev/null +++ b/gcp-test/tests/gcp_projects_organization_policy/variables.tf @@ -0,0 +1,68 @@ + +variable "resource_name" { + type = string + default = "turbot-test-20200125-create-update" + description = "Name of the resource used throughout the test." +} + +variable "gcp_project" { + type = string + default = "pikachu-aaa" + description = "GCP project used for the test." +} + +variable "gcp_region" { + type = string + default = "us-east1" + description = "GCP region used for the test." +} + +variable "gcp_zone" { + type = string + default = "us-east1-b" +} + +provider "google" { + project = var.gcp_project + region = var.gcp_region + zone = var.gcp_zone +} + +data "google_client_config" "current" {} + +data "null_data_source" "resource" { + inputs = { + scope = "gcp://cloudresourcemanager.googleapis.com/projects/${data.google_client_config.current.project}" + } +} + +resource "google_project_organization_policy" "named_test_resource" { + project = var.gcp_project + constraint = "serviceuser.services" + + list_policy { + allow { + all = true + } + } +} + +output "project_aka" { + value = "gcp://cloudresourcemanager.googleapis.com/projects/${var.gcp_project}" +} + +output "resource_name" { + value = var.resource_name +} + +output "resource_title" { + value = google_project_organization_policy.named_test_resource.constraint +} + +output "resource_id" { + value = split(":", google_project_organization_policy.named_test_resource.id)[1] +} + +output "project_id" { + value = var.gcp_project +} diff --git a/gcp/plugin.go b/gcp/plugin.go index 027309c4..e9693028 100644 --- a/gcp/plugin.go +++ b/gcp/plugin.go @@ -67,7 +67,7 @@ func Plugin(ctx context.Context) *plugin.Plugin { "gcp_monitoring_alert_policy": tableGcpMonitoringAlert(ctx), "gcp_monitoring_group": tableGcpMonitoringGroup(ctx), "gcp_monitoring_notification_channel": tableGcpMonitoringNotificationChannel(ctx), - "gcp_organization_policy": tableGcpOrganizationPolicy(ctx), + "gcp_projects_organization_policy": tableGcpProjectsOrganizationPolicy(ctx), "gcp_project_service": tableGcpProjectService(ctx), "gcp_pubsub_snapshot": tableGcpPubSubSnapshot(ctx), "gcp_pubsub_subscription": tableGcpPubSubSubscription(ctx), diff --git a/gcp/table_gcp_organization_policy.go b/gcp/table_gcp_projects_organization_policy.go similarity index 58% rename from gcp/table_gcp_organization_policy.go rename to gcp/table_gcp_projects_organization_policy.go index 677cabf8..34a855c1 100644 --- a/gcp/table_gcp_organization_policy.go +++ b/gcp/table_gcp_projects_organization_policy.go @@ -13,26 +13,26 @@ import ( //// TABLE DEFINITION -func tableGcpOrganizationPolicy(ctx context.Context) *plugin.Table { +func tableGcpProjectsOrganizationPolicy(ctx context.Context) *plugin.Table { return &plugin.Table{ - Name: "gcp_organization_policy", - Description: "GCP Organization Policy", + Name: "gcp_projects_organization_policy", + Description: "GCP Projects Organization Policy", + Get: &plugin.GetConfig{ + KeyColumns: plugin.SingleColumn("id"), + Hydrate: getGcpProjectsOrganizationPolicy, + }, List: &plugin.ListConfig{ - Hydrate: listGcpOrganizationPolicies, + Hydrate: listGcpProjectsOrganizationPolicies, }, Columns: []*plugin.Column{ { - Name: "constraint", - Description: "The name of the Constraint the Policy is configuring, for example, constraints/serviceuser.services.", + Name: "id", + Description: "The name of the Constraint the Policy is configuring.", Type: proto.ColumnType_STRING, + Transform: transform.FromField("Constraint").Transform(lastPathElement), }, { - Name: "etag", - Description: "An opaque tag indicating the current version of the Policy, used for concurrency control.", - Type: proto.ColumnType_STRING, - }, - { - Name: "updateTime", + Name: "update_time", Description: "The time stamp the Policy was previously updated.", Type: proto.ColumnType_TIMESTAMP, }, @@ -42,17 +42,22 @@ func tableGcpOrganizationPolicy(ctx context.Context) *plugin.Table { Type: proto.ColumnType_INT, }, { - Name: "listPolicy", + Name: "etag", + Description: "An opaque tag indicating the current version of the Policy, used for concurrency control.", + Type: proto.ColumnType_STRING, + }, + { + Name: "list_policy", Description: "List of values either allowed or disallowed.", Type: proto.ColumnType_JSON, }, { - Name: "booleanPolicy", + Name: "boolean_policy", Description: "For boolean Constraints, whether to enforce the Constraint or not.", Type: proto.ColumnType_JSON, }, { - Name: "restoreDefault", + Name: "restore_default", Description: "Restores the default behavior of the constraint; independent of Constraint type.", Type: proto.ColumnType_JSON, }, @@ -62,7 +67,7 @@ func tableGcpOrganizationPolicy(ctx context.Context) *plugin.Table { Name: "title", Description: ColumnDescriptionTitle, Type: proto.ColumnType_STRING, - Hydrate: listGcpOrganizationPolicies, + Transform: transform.FromField("Constraint"), }, { Name: "akas", @@ -91,7 +96,7 @@ func tableGcpOrganizationPolicy(ctx context.Context) *plugin.Table { //// FETCH FUNCTIONS -func listGcpOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func listGcpProjectsOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { // Create Service Connection service, err := CloudResourceManagerService(ctx, d) if err != nil { @@ -104,16 +109,54 @@ func listGcpOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *pl return nil, err } project := projectData.Project - plugin.Logger(ctx).Trace("listGcpOrganizationPolicies", "GCP_PROJECT: ", project) + plugin.Logger(ctx).Trace("listGcpProjectsOrganizationPolicies", "GCP_PROJECT: ", project) + + rb := &cloudresourcemanager.ListOrgPoliciesRequest{ + // TODO: Add desired fields of the request body. + } + + resp := service.Projects.ListOrgPolicies("projects/"+project, rb) + if err := resp.Pages(ctx, func(page *cloudresourcemanager.ListOrgPoliciesResponse) error { + for _, orgPolicy := range page.Policies { + d.StreamListItem(ctx, orgPolicy) + } + return nil + }); err != nil { + return nil, err + } + + return nil, err +} + +//// HYDRATE FUNCTIONS + +func getGcpProjectsOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { + plugin.Logger(ctx).Trace("getGcpProjectsOrganizationPolicy") - rb := &cloudresourcemanager.ListOrgPoliciesRequest{} - resp, err := service.Projects.ListOrgPolicies(project, rb).Context(ctx).Do() + // Create Service Connection + service, err := CloudResourceManagerService(ctx, d) if err != nil { return nil, err } - d.StreamListItem(ctx, resp) - return nil, nil + // Get project details + projectData, err := activeProject(ctx, d) + if err != nil { + return nil, err + } + + project := projectData.Project + id := d.KeyColumnQuals["id"].GetStringValue() + rb := &cloudresourcemanager.GetOrgPolicyRequest{ + Constraint: "constraints/" + id, + } + + req, err := service.Projects.GetOrgPolicy("projects/"+project, rb).Do() + if err != nil { + plugin.Logger(ctx).Debug("getGcpProjectsOrganizationPolicy__", "ERROR", err) + return nil, err + } + return req, nil } func getOrganizationPolicyTurbotData(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { @@ -128,7 +171,7 @@ func getOrganizationPolicyTurbotData(ctx context.Context, d *plugin.QueryData, h title := strings.ToUpper(project) + " Org Policy" // Build resource aka - akas := []string{"gcp://cloudresourcemanager.googleapis.com/projects/" + project + "/OrgPolicy"} + akas := []string{"gcp://cloudresourcemanager.googleapis.com/projects/" + project} // Mapping all turbot defined properties turbotData := map[string]interface{}{ From 23ee47bb276c39e29da0dc0dca6a3d88ad214f80 Mon Sep 17 00:00:00 2001 From: priyankaswain Date: Fri, 14 May 2021 19:54:08 +0530 Subject: [PATCH 3/7] Modified one query. --- docs/tables/gcp_projects_organization_policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tables/gcp_projects_organization_policy.md b/docs/tables/gcp_projects_organization_policy.md index 66c1a3c5..c60324ab 100644 --- a/docs/tables/gcp_projects_organization_policy.md +++ b/docs/tables/gcp_projects_organization_policy.md @@ -22,7 +22,7 @@ select version, update_time from - gcp_projects_organization_policy, + gcp_projects_organization_policy; ``` From aca6719bd19a6cc6196b7195db7128003e1e6342 Mon Sep 17 00:00:00 2001 From: priyankaswain Date: Fri, 28 May 2021 10:50:46 +0530 Subject: [PATCH 4/7] Made changes as per the comments. --- ....md => gcp_project_organization_policy.md} | 14 ++++----- .../dependencies.txt | 0 .../test-get-expected.json | 0 .../test-get-query.sql | 2 +- .../test-list-expected.json | 0 .../test-list-query.sql | 2 +- .../test-notfound-expected.json | 0 .../test-notfound-query.sql | 2 +- .../test-turbot-expected.json | 0 .../test-turbot-query.sql | 2 +- .../variables.json | 0 .../variables.tf | 0 gcp/plugin.go | 2 +- ... table_gcp_project_organization_policy.go} | 30 +++++++++---------- 14 files changed, 25 insertions(+), 29 deletions(-) rename docs/tables/{gcp_projects_organization_policy.md => gcp_project_organization_policy.md} (64%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/dependencies.txt (100%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-get-expected.json (100%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-get-query.sql (63%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-list-expected.json (100%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-list-query.sql (67%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-notfound-expected.json (100%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-notfound-query.sql (67%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-turbot-expected.json (100%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/test-turbot-query.sql (62%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/variables.json (100%) rename gcp-test/tests/{gcp_projects_organization_policy => gcp_project_organization_policy}/variables.tf (100%) rename gcp/{table_gcp_projects_organization_policy.go => table_gcp_project_organization_policy.go} (80%) diff --git a/docs/tables/gcp_projects_organization_policy.md b/docs/tables/gcp_project_organization_policy.md similarity index 64% rename from docs/tables/gcp_projects_organization_policy.md rename to docs/tables/gcp_project_organization_policy.md index c60324ab..78db5e19 100644 --- a/docs/tables/gcp_projects_organization_policy.md +++ b/docs/tables/gcp_project_organization_policy.md @@ -1,4 +1,4 @@ -# Table: gcp_projects_organization_policy +# Table: gcp_project_organization_policy The Organization Policy Service gives you centralized and programmatic control over your organization's cloud resources. @@ -10,10 +10,9 @@ The Organization Policy Service gives you centralized and programmatic control o select * from - gcp_projects_organization_policy; + gcp_project_organization_policy; ``` - ### Check policy's previously updated time by server ```sql @@ -22,11 +21,10 @@ select version, update_time from - gcp_projects_organization_policy; + gcp_project_organization_policy; ``` - -### Check the policy values given to constraint. +### Check the policy values given to constraint ```sql select @@ -34,5 +32,5 @@ select version, list_policy ->> 'allValues' as policy_value from - gcp_projects_organization_policy; -``` \ No newline at end of file + gcp_project_organization_policy; +``` diff --git a/gcp-test/tests/gcp_projects_organization_policy/dependencies.txt b/gcp-test/tests/gcp_project_organization_policy/dependencies.txt similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/dependencies.txt rename to gcp-test/tests/gcp_project_organization_policy/dependencies.txt diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-get-expected.json b/gcp-test/tests/gcp_project_organization_policy/test-get-expected.json similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/test-get-expected.json rename to gcp-test/tests/gcp_project_organization_policy/test-get-expected.json diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql b/gcp-test/tests/gcp_project_organization_policy/test-get-query.sql similarity index 63% rename from gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql rename to gcp-test/tests/gcp_project_organization_policy/test-get-query.sql index 6e9a76cf..0a1698fb 100644 --- a/gcp-test/tests/gcp_projects_organization_policy/test-get-query.sql +++ b/gcp-test/tests/gcp_project_organization_policy/test-get-query.sql @@ -1,3 +1,3 @@ select title, akas, project -from gcp.gcp_projects_organization_policy +from gcp.gcp_project_organization_policy where id = '{{ output.resource_id.value }}'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-list-expected.json b/gcp-test/tests/gcp_project_organization_policy/test-list-expected.json similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/test-list-expected.json rename to gcp-test/tests/gcp_project_organization_policy/test-list-expected.json diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql b/gcp-test/tests/gcp_project_organization_policy/test-list-query.sql similarity index 67% rename from gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql rename to gcp-test/tests/gcp_project_organization_policy/test-list-query.sql index 6fcdf271..5353d97f 100644 --- a/gcp-test/tests/gcp_projects_organization_policy/test-list-query.sql +++ b/gcp-test/tests/gcp_project_organization_policy/test-list-query.sql @@ -1,3 +1,3 @@ select project, location, title, akas -from gcp.gcp_projects_organization_policy +from gcp.gcp_project_organization_policy where title = '{{ output.resource_title.value }}'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-notfound-expected.json b/gcp-test/tests/gcp_project_organization_policy/test-notfound-expected.json similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/test-notfound-expected.json rename to gcp-test/tests/gcp_project_organization_policy/test-notfound-expected.json diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql b/gcp-test/tests/gcp_project_organization_policy/test-notfound-query.sql similarity index 67% rename from gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql rename to gcp-test/tests/gcp_project_organization_policy/test-notfound-query.sql index da021eb2..1707f8e7 100644 --- a/gcp-test/tests/gcp_projects_organization_policy/test-notfound-query.sql +++ b/gcp-test/tests/gcp_project_organization_policy/test-notfound-query.sql @@ -1,3 +1,3 @@ select id, project, title, akas -from gcp.gcp_projects_organization_policy +from gcp.gcp_project_organization_policy where title = '{{ output.resource_title.value }}:asdf'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-turbot-expected.json b/gcp-test/tests/gcp_project_organization_policy/test-turbot-expected.json similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/test-turbot-expected.json rename to gcp-test/tests/gcp_project_organization_policy/test-turbot-expected.json diff --git a/gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql b/gcp-test/tests/gcp_project_organization_policy/test-turbot-query.sql similarity index 62% rename from gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql rename to gcp-test/tests/gcp_project_organization_policy/test-turbot-query.sql index 17d85a46..01bdf9a4 100644 --- a/gcp-test/tests/gcp_projects_organization_policy/test-turbot-query.sql +++ b/gcp-test/tests/gcp_project_organization_policy/test-turbot-query.sql @@ -1,3 +1,3 @@ select title, akas -from gcp.gcp_projects_organization_policy +from gcp.gcp_project_organization_policy where title = '{{ output.resource_title.value }}'; \ No newline at end of file diff --git a/gcp-test/tests/gcp_projects_organization_policy/variables.json b/gcp-test/tests/gcp_project_organization_policy/variables.json similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/variables.json rename to gcp-test/tests/gcp_project_organization_policy/variables.json diff --git a/gcp-test/tests/gcp_projects_organization_policy/variables.tf b/gcp-test/tests/gcp_project_organization_policy/variables.tf similarity index 100% rename from gcp-test/tests/gcp_projects_organization_policy/variables.tf rename to gcp-test/tests/gcp_project_organization_policy/variables.tf diff --git a/gcp/plugin.go b/gcp/plugin.go index e9693028..5875ea02 100644 --- a/gcp/plugin.go +++ b/gcp/plugin.go @@ -67,7 +67,7 @@ func Plugin(ctx context.Context) *plugin.Plugin { "gcp_monitoring_alert_policy": tableGcpMonitoringAlert(ctx), "gcp_monitoring_group": tableGcpMonitoringGroup(ctx), "gcp_monitoring_notification_channel": tableGcpMonitoringNotificationChannel(ctx), - "gcp_projects_organization_policy": tableGcpProjectsOrganizationPolicy(ctx), + "gcp_project_organization_policy": tableGcpProjectsOrganizationPolicy(ctx), "gcp_project_service": tableGcpProjectService(ctx), "gcp_pubsub_snapshot": tableGcpPubSubSnapshot(ctx), "gcp_pubsub_subscription": tableGcpPubSubSubscription(ctx), diff --git a/gcp/table_gcp_projects_organization_policy.go b/gcp/table_gcp_project_organization_policy.go similarity index 80% rename from gcp/table_gcp_projects_organization_policy.go rename to gcp/table_gcp_project_organization_policy.go index 34a855c1..5bfa935b 100644 --- a/gcp/table_gcp_projects_organization_policy.go +++ b/gcp/table_gcp_project_organization_policy.go @@ -15,14 +15,14 @@ import ( func tableGcpProjectsOrganizationPolicy(ctx context.Context) *plugin.Table { return &plugin.Table{ - Name: "gcp_projects_organization_policy", - Description: "GCP Projects Organization Policy", + Name: "gcp_project_organization_policy", + Description: "GCP Project Organization Policy", Get: &plugin.GetConfig{ KeyColumns: plugin.SingleColumn("id"), - Hydrate: getGcpProjectsOrganizationPolicy, + Hydrate: getGcpProjectOrganizationPolicy, }, List: &plugin.ListConfig{ - Hydrate: listGcpProjectsOrganizationPolicies, + Hydrate: listGcpProjectOrganizationPolicies, }, Columns: []*plugin.Column{ { @@ -62,12 +62,12 @@ func tableGcpProjectsOrganizationPolicy(ctx context.Context) *plugin.Table { Type: proto.ColumnType_JSON, }, - // standard steampipe columns + // Steampipe standard columns { Name: "title", Description: ColumnDescriptionTitle, Type: proto.ColumnType_STRING, - Transform: transform.FromField("Constraint"), + Transform: transform.FromField("Constraint").Transform(lastPathElement), }, { Name: "akas", @@ -94,9 +94,9 @@ func tableGcpProjectsOrganizationPolicy(ctx context.Context) *plugin.Table { } } -//// FETCH FUNCTIONS +//// LIST FUNCTION -func listGcpProjectsOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func listGcpProjectOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { // Create Service Connection service, err := CloudResourceManagerService(ctx, d) if err != nil { @@ -109,11 +109,9 @@ func listGcpProjectsOrganizationPolicies(ctx context.Context, d *plugin.QueryDat return nil, err } project := projectData.Project - plugin.Logger(ctx).Trace("listGcpProjectsOrganizationPolicies", "GCP_PROJECT: ", project) + plugin.Logger(ctx).Trace("listGcpProjectOrganizationPolicies", "GCP_PROJECT: ", project) - rb := &cloudresourcemanager.ListOrgPoliciesRequest{ - // TODO: Add desired fields of the request body. - } + rb := &cloudresourcemanager.ListOrgPoliciesRequest{} resp := service.Projects.ListOrgPolicies("projects/"+project, rb) if err := resp.Pages(ctx, func(page *cloudresourcemanager.ListOrgPoliciesResponse) error { @@ -130,8 +128,8 @@ func listGcpProjectsOrganizationPolicies(ctx context.Context, d *plugin.QueryDat //// HYDRATE FUNCTIONS -func getGcpProjectsOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { - plugin.Logger(ctx).Trace("getGcpProjectsOrganizationPolicy") +func getGcpProjectOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { + plugin.Logger(ctx).Trace("getGcpProjectOrganizationPolicy") // Create Service Connection service, err := CloudResourceManagerService(ctx, d) @@ -151,9 +149,9 @@ func getGcpProjectsOrganizationPolicy(ctx context.Context, d *plugin.QueryData, Constraint: "constraints/" + id, } - req, err := service.Projects.GetOrgPolicy("projects/"+project, rb).Do() + req, err := service.Projects.GetOrgPolicy("projects/" + project, rb).Do() if err != nil { - plugin.Logger(ctx).Debug("getGcpProjectsOrganizationPolicy__", "ERROR", err) + plugin.Logger(ctx).Debug("getGcpProjectOrganizationPolicy", "ERROR", err) return nil, err } return req, nil From 37021c2f0e153b382580110413e01a90aed97adf Mon Sep 17 00:00:00 2001 From: priyankaswain Date: Thu, 3 Jun 2021 15:25:54 +0530 Subject: [PATCH 5/7] Updated with the chnanges in table , doc and tf file --- docs/tables/gcp_project_organization_policy.md | 4 +++- .../gcp_project_organization_policy/variables.tf | 2 +- gcp/plugin.go | 2 +- gcp/table_gcp_project_organization_policy.go | 13 +++---------- 4 files changed, 8 insertions(+), 13 deletions(-) diff --git a/docs/tables/gcp_project_organization_policy.md b/docs/tables/gcp_project_organization_policy.md index 78db5e19..b4b8fa22 100644 --- a/docs/tables/gcp_project_organization_policy.md +++ b/docs/tables/gcp_project_organization_policy.md @@ -8,7 +8,9 @@ The Organization Policy Service gives you centralized and programmatic control o ```sql select - * + id, + version, + update_time from gcp_project_organization_policy; ``` diff --git a/gcp-test/tests/gcp_project_organization_policy/variables.tf b/gcp-test/tests/gcp_project_organization_policy/variables.tf index 53bf7c32..e4ad6417 100644 --- a/gcp-test/tests/gcp_project_organization_policy/variables.tf +++ b/gcp-test/tests/gcp_project_organization_policy/variables.tf @@ -7,7 +7,7 @@ variable "resource_name" { variable "gcp_project" { type = string - default = "pikachu-aaa" + default = "niteowl-aaa" description = "GCP project used for the test." } diff --git a/gcp/plugin.go b/gcp/plugin.go index 4a36178c..736fe2f6 100644 --- a/gcp/plugin.go +++ b/gcp/plugin.go @@ -72,7 +72,7 @@ func Plugin(ctx context.Context) *plugin.Plugin { "gcp_monitoring_alert_policy": tableGcpMonitoringAlert(ctx), "gcp_monitoring_group": tableGcpMonitoringGroup(ctx), "gcp_monitoring_notification_channel": tableGcpMonitoringNotificationChannel(ctx), - "gcp_project_organization_policy": tableGcpProjectsOrganizationPolicy(ctx), + "gcp_project_organization_policy": tableGcpProjectOrganizationPolicy(ctx), "gcp_project": tableGcpProject(ctx), "gcp_project_service": tableGcpProjectService(ctx), "gcp_pubsub_snapshot": tableGcpPubSubSnapshot(ctx), diff --git a/gcp/table_gcp_project_organization_policy.go b/gcp/table_gcp_project_organization_policy.go index 5bfa935b..f045aba9 100644 --- a/gcp/table_gcp_project_organization_policy.go +++ b/gcp/table_gcp_project_organization_policy.go @@ -2,7 +2,6 @@ package gcp import ( "context" - "strings" "github.com/turbot/steampipe-plugin-sdk/grpc/proto" "github.com/turbot/steampipe-plugin-sdk/plugin" @@ -13,7 +12,7 @@ import ( //// TABLE DEFINITION -func tableGcpProjectsOrganizationPolicy(ctx context.Context) *plugin.Table { +func tableGcpProjectOrganizationPolicy(ctx context.Context) *plugin.Table { return &plugin.Table{ Name: "gcp_project_organization_policy", Description: "GCP Project Organization Policy", @@ -109,8 +108,6 @@ func listGcpProjectOrganizationPolicies(ctx context.Context, d *plugin.QueryData return nil, err } project := projectData.Project - plugin.Logger(ctx).Trace("listGcpProjectOrganizationPolicies", "GCP_PROJECT: ", project) - rb := &cloudresourcemanager.ListOrgPoliciesRequest{} resp := service.Projects.ListOrgPolicies("projects/"+project, rb) @@ -149,7 +146,7 @@ func getGcpProjectOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h Constraint: "constraints/" + id, } - req, err := service.Projects.GetOrgPolicy("projects/" + project, rb).Do() + req, err := service.Projects.GetOrgPolicy("projects/"+project, rb).Do() if err != nil { plugin.Logger(ctx).Debug("getGcpProjectOrganizationPolicy", "ERROR", err) return nil, err @@ -165,16 +162,12 @@ func getOrganizationPolicyTurbotData(ctx context.Context, d *plugin.QueryData, h } project := projectData.Project - // Get the resource title - title := strings.ToUpper(project) + " Org Policy" - // Build resource aka akas := []string{"gcp://cloudresourcemanager.googleapis.com/projects/" + project} // Mapping all turbot defined properties turbotData := map[string]interface{}{ - "Akas": akas, - "Title": title, + "Akas": akas, } return turbotData, nil From 051c565baafc5612aebf08040ee774083eebc06a Mon Sep 17 00:00:00 2001 From: Subhajit Kumar Mondal Date: Thu, 10 Jun 2021 20:52:06 +0530 Subject: [PATCH 6/7] Renamed functions --- gcp/table_gcp_project_organization_policy.go | 28 +++++++++----------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/gcp/table_gcp_project_organization_policy.go b/gcp/table_gcp_project_organization_policy.go index f045aba9..bcc01b4e 100644 --- a/gcp/table_gcp_project_organization_policy.go +++ b/gcp/table_gcp_project_organization_policy.go @@ -18,10 +18,10 @@ func tableGcpProjectOrganizationPolicy(ctx context.Context) *plugin.Table { Description: "GCP Project Organization Policy", Get: &plugin.GetConfig{ KeyColumns: plugin.SingleColumn("id"), - Hydrate: getGcpProjectOrganizationPolicy, + Hydrate: getProjectOrganizationPolicy, }, List: &plugin.ListConfig{ - Hydrate: listGcpProjectOrganizationPolicies, + Hydrate: listProjectOrganizationPolicies, }, Columns: []*plugin.Column{ { @@ -72,10 +72,11 @@ func tableGcpProjectOrganizationPolicy(ctx context.Context) *plugin.Table { Name: "akas", Description: ColumnDescriptionAkas, Type: proto.ColumnType_JSON, - Hydrate: getOrganizationPolicyTurbotData, + Hydrate: getOrganizationPolicyAkas, + Transform: transform.FromValue(), }, - // standard gcp columns + // GCP standard columns { Name: "location", Description: ColumnDescriptionLocation, @@ -95,7 +96,7 @@ func tableGcpProjectOrganizationPolicy(ctx context.Context) *plugin.Table { //// LIST FUNCTION -func listGcpProjectOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func listProjectOrganizationPolicies(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { // Create Service Connection service, err := CloudResourceManagerService(ctx, d) if err != nil { @@ -125,8 +126,8 @@ func listGcpProjectOrganizationPolicies(ctx context.Context, d *plugin.QueryData //// HYDRATE FUNCTIONS -func getGcpProjectOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { - plugin.Logger(ctx).Trace("getGcpProjectOrganizationPolicy") +func getProjectOrganizationPolicy(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { + plugin.Logger(ctx).Trace("getProjectOrganizationPolicy") // Create Service Connection service, err := CloudResourceManagerService(ctx, d) @@ -139,8 +140,8 @@ func getGcpProjectOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h if err != nil { return nil, err } - project := projectData.Project + id := d.KeyColumnQuals["id"].GetStringValue() rb := &cloudresourcemanager.GetOrgPolicyRequest{ Constraint: "constraints/" + id, @@ -148,13 +149,13 @@ func getGcpProjectOrganizationPolicy(ctx context.Context, d *plugin.QueryData, h req, err := service.Projects.GetOrgPolicy("projects/"+project, rb).Do() if err != nil { - plugin.Logger(ctx).Debug("getGcpProjectOrganizationPolicy", "ERROR", err) + plugin.Logger(ctx).Debug("getProjectOrganizationPolicy", "ERROR", err) return nil, err } return req, nil } -func getOrganizationPolicyTurbotData(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { +func getOrganizationPolicyAkas(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { // Get project details projectData, err := activeProject(ctx, d) if err != nil { @@ -165,10 +166,5 @@ func getOrganizationPolicyTurbotData(ctx context.Context, d *plugin.QueryData, h // Build resource aka akas := []string{"gcp://cloudresourcemanager.googleapis.com/projects/" + project} - // Mapping all turbot defined properties - turbotData := map[string]interface{}{ - "Akas": akas, - } - - return turbotData, nil + return akas, nil } From 7a21bad091a5cdcc7c8cf0c5602693d903266852 Mon Sep 17 00:00:00 2001 From: cbruno10 Date: Mon, 21 Jun 2021 17:14:04 -0400 Subject: [PATCH 7/7] Update gcp_project_organization_policy.md --- docs/tables/gcp_project_organization_policy.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/docs/tables/gcp_project_organization_policy.md b/docs/tables/gcp_project_organization_policy.md index b4b8fa22..6d7815bc 100644 --- a/docs/tables/gcp_project_organization_policy.md +++ b/docs/tables/gcp_project_organization_policy.md @@ -15,18 +15,7 @@ from gcp_project_organization_policy; ``` -### Check policy's previously updated time by server - -```sql -select - id, - version, - update_time -from - gcp_project_organization_policy; -``` - -### Check the policy values given to constraint +### Get organization policy constraints for each policy ```sql select