Additional mapping changes for firewalls

Author: austinkelleher

package.json

@@ -27,12 +27,12 @@
     "create-env-file": "yarn ts-node ./scripts/createEnvFile $1"
   },
   "peerDependencies": {
-    "@jupiterone/integration-sdk-core": "^3.5.0"
+    "@jupiterone/integration-sdk-core": "^3.5.1"
   },
   "devDependencies": {
-    "@jupiterone/integration-sdk-core": "^3.5.0",
-    "@jupiterone/integration-sdk-dev-tools": "^3.5.0",
-    "@jupiterone/integration-sdk-testing": "^3.5.0",
+    "@jupiterone/integration-sdk-core": "^3.5.1",
+    "@jupiterone/integration-sdk-dev-tools": "^3.5.1",
+    "@jupiterone/integration-sdk-testing": "^3.5.1",
     "dotenv": "^8.2.0",
     "ts-node": "^8.10.2"
   },

src/steps/compute/__snapshots__/converters.test.ts.snap

@@ -341,6 +341,10 @@ Object {
   "labelFingerprint": "42WmSpB8rSM=",
   "machineType": "n1-standard-1",
   "name": "testvm",
+  "privateIpAddress": Array [
+    "10.128.0.2",
+  ],
+  "publicIpAddress": Array [],
   "startRestricted": false,
   "status": "RUNNING",
   "zone": "us-central1-a",
@@ -467,6 +471,10 @@ Object {
   "labelFingerprint": "42WmSpB8rSM=",
   "machineType": "n1-standard-1",
   "name": "testvm",
+  "privateIpAddress": Array [
+    "10.128.0.2",
+  ],
+  "publicIpAddress": Array [],
   "startRestricted": false,
   "status": "SUSPENDED",
   "zone": "us-central1-a",
@@ -490,6 +498,7 @@ Object {
 
 exports[`#createComputeNetworkEntity should convert to entity 1`] = `
 Object {
+  "CIDR": null,
   "_class": Array [
     "Network",
   ],
@@ -576,7 +585,7 @@ Object {
 exports[`#createFirewallRuleMappedRelationship should convert to mapped relationship 1`] = `
 Object {
   "_class": "ALLOWS",
-  "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-allow-https:0.0.0.0/0:443",
+  "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-allow-https:tcp:0.0.0.0/0:443",
   "_mapping": Object {
     "relationshipDirection": "REVERSE",
     "skipTargetCreation": true,

src/steps/compute/__snapshots__/index.test.ts.snap

@@ -88,6 +88,7 @@ exports[`#fetchComputeFirewalls should collect data 1`] = `
 Object {
   "collectedEntities": Array [
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -175,6 +176,7 @@ Object {
       "webLink": "https://console.cloud.google.com/networking/networks/details/default?project=j1-gc-integration-dev",
     },
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -215,6 +217,7 @@ Object {
       "webLink": "https://console.cloud.google.com/networking/networks/details/public-compute-app-vpc?project=j1-gc-integration-dev",
     },
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -3090,7 +3093,7 @@ Object {
     },
     Object {
       "_class": "ALLOWS",
-      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-icmp:0.0.0.0/0:*",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-icmp:icmp:0.0.0.0/0:*",
       "_mapping": Object {
         "relationshipDirection": "REVERSE",
         "skipTargetCreation": true,
@@ -3138,6 +3141,90 @@ Object {
       "_type": "google_compute_network_has_firewall",
       "displayName": "HAS",
     },
+    Object {
+      "_class": "ALLOWS",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-internal:tcp:10.128.0.0/9:*",
+      "_mapping": Object {
+        "relationshipDirection": "REVERSE",
+        "skipTargetCreation": true,
+        "sourceEntityKey": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-internal",
+        "targetEntity": Object {
+          "CIDR": "10.128.0.0/9",
+          "_class": "Network",
+          "netmask": "9",
+        },
+        "targetFilterKeys": Array [
+          Array [
+            "_class",
+            "CIDR",
+          ],
+        ],
+      },
+      "_type": "google_cloud_firewall_rule",
+      "displayName": "ALLOWS",
+      "fromPort": 0,
+      "ipProtocol": "tcp",
+      "ipRange": "10.128.0.0/9",
+      "portRange": "*",
+      "protocol": "tcp",
+      "toPort": 65535,
+    },
+    Object {
+      "_class": "ALLOWS",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-internal:udp:10.128.0.0/9:*",
+      "_mapping": Object {
+        "relationshipDirection": "REVERSE",
+        "skipTargetCreation": true,
+        "sourceEntityKey": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-internal",
+        "targetEntity": Object {
+          "CIDR": "10.128.0.0/9",
+          "_class": "Network",
+          "netmask": "9",
+        },
+        "targetFilterKeys": Array [
+          Array [
+            "_class",
+            "CIDR",
+          ],
+        ],
+      },
+      "_type": "google_cloud_firewall_rule",
+      "displayName": "ALLOWS",
+      "fromPort": 0,
+      "ipProtocol": "udp",
+      "ipRange": "10.128.0.0/9",
+      "portRange": "*",
+      "protocol": "udp",
+      "toPort": 65535,
+    },
+    Object {
+      "_class": "ALLOWS",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-internal:icmp:10.128.0.0/9:*",
+      "_mapping": Object {
+        "relationshipDirection": "REVERSE",
+        "skipTargetCreation": true,
+        "sourceEntityKey": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-internal",
+        "targetEntity": Object {
+          "CIDR": "10.128.0.0/9",
+          "_class": "Network",
+          "netmask": "9",
+        },
+        "targetFilterKeys": Array [
+          Array [
+            "_class",
+            "CIDR",
+          ],
+        ],
+      },
+      "_type": "google_cloud_firewall_rule",
+      "displayName": "ALLOWS",
+      "fromPort": 0,
+      "ipProtocol": "icmp",
+      "ipRange": "10.128.0.0/9",
+      "portRange": "*",
+      "protocol": "icmp",
+      "toPort": 65535,
+    },
     Object {
       "_class": "PROTECTS",
       "_fromEntityKey": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-rdp",
@@ -3156,7 +3243,7 @@ Object {
     },
     Object {
       "_class": "ALLOWS",
-      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-rdp:0.0.0.0/0:3389",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-rdp:tcp:0.0.0.0/0:3389",
       "_mapping": Object {
         "relationshipDirection": "REVERSE",
         "skipTargetCreation": true,
@@ -3206,7 +3293,7 @@ Object {
     },
     Object {
       "_class": "ALLOWS",
-      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-ssh:0.0.0.0/0:22",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/default-allow-ssh:tcp:0.0.0.0/0:22",
       "_mapping": Object {
         "relationshipDirection": "REVERSE",
         "skipTargetCreation": true,
@@ -3256,7 +3343,7 @@ Object {
     },
     Object {
       "_class": "ALLOWS",
-      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-allow-http:0.0.0.0/0:80",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-allow-http:tcp:0.0.0.0/0:80",
       "_mapping": Object {
         "relationshipDirection": "REVERSE",
         "skipTargetCreation": true,
@@ -3306,7 +3393,7 @@ Object {
     },
     Object {
       "_class": "ALLOWS",
-      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-allow-https:0.0.0.0/0:443",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-allow-https:tcp:0.0.0.0/0:443",
       "_mapping": Object {
         "relationshipDirection": "REVERSE",
         "skipTargetCreation": true,
@@ -3356,7 +3443,7 @@ Object {
     },
     Object {
       "_class": "DENIES",
-      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-deny-ssh:0.0.0.0/0:22",
+      "_key": "https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/firewalls/public-compute-app-fw-deny-ssh:tcp:0.0.0.0/0:22",
       "_mapping": Object {
         "relationshipDirection": "REVERSE",
         "skipTargetCreation": true,
@@ -3399,7 +3486,7 @@ Object {
     "google_cloud_firewall_rule",
   ],
   "numCollectedEntities": 59,
-  "numCollectedRelationships": 69,
+  "numCollectedRelationships": 72,
 }
 `;
 
@@ -4036,6 +4123,10 @@ Object {
       "labelFingerprint": "42WmSpB8rSM=",
       "machineType": "n1-standard-1",
       "name": "testvm",
+      "privateIpAddress": Array [
+        "10.128.0.2",
+      ],
+      "publicIpAddress": Array [],
       "startRestricted": false,
       "status": "RUNNING",
       "zone": "us-central1-a",
@@ -4181,6 +4272,7 @@ exports[`#fetchComputeNetworks should collect data 1`] = `
 Object {
   "collectedEntities": Array [
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -4268,6 +4360,7 @@ Object {
       "webLink": "https://console.cloud.google.com/networking/networks/details/default?project=j1-gc-integration-dev",
     },
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -4308,6 +4401,7 @@ Object {
       "webLink": "https://console.cloud.google.com/networking/networks/details/public-compute-app-vpc?project=j1-gc-integration-dev",
     },
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -4408,6 +4502,7 @@ exports[`#fetchComputeSubnetworks should collect data 1`] = `
 Object {
   "collectedEntities": Array [
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -4495,6 +4590,7 @@ Object {
       "webLink": "https://console.cloud.google.com/networking/networks/details/default?project=j1-gc-integration-dev",
     },
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],
@@ -4535,6 +4631,7 @@ Object {
       "webLink": "https://console.cloud.google.com/networking/networks/details/public-compute-app-vpc?project=j1-gc-integration-dev",
     },
     Object {
+      "CIDR": null,
       "_class": Array [
         "Network",
       ],

src/steps/compute/converters.test.ts

@@ -6,6 +6,7 @@ import {
   createComputeNetworkEntity,
   createComputeSubnetEntity,
   createFirewallRuleMappedRelationship,
+  getIpAddressesForComputeInstance,
 } from './converters';
 import {
   getMockComputeDisk,
@@ -123,3 +124,38 @@ describe('#createComputeNetworkEntity', () => {
     ).toMatchSnapshot();
   });
 });
+
+describe('#getIpAddressesForComputeInstance', () => {
+  test('should get IP addresses given a compute instance with network interfaces and accessConfigs', () => {
+    expect(
+      getIpAddressesForComputeInstance(
+        getMockComputeInstance({
+          networkInterfaces: [
+            {
+              network:
+                'https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/global/networks/public-compute-app-vpc',
+              subnetwork:
+                'https://www.googleapis.com/compute/v1/projects/j1-gc-integration-dev/regions/us-central1/subnetworks/public-compute-app-public-subnet-1',
+              networkIP: '10.10.1.2',
+              name: 'nic0',
+              accessConfigs: [
+                {
+                  type: 'ONE_TO_ONE_NAT',
+                  name: 'external-nat',
+                  natIP: '34.71.33.132',
+                  networkTier: 'PREMIUM',
+                  kind: 'compute#accessConfig',
+                },
+              ],
+              fingerprint: 'ElJkype-dKI=',
+              kind: 'compute#networkInterface',
+            },
+          ],
+        }),
+      ),
+    ).toEqual({
+      publicIpAddresses: ['34.71.33.132'],
+      privateIpAddresses: ['10.10.1.2'],
+    });
+  });
+});