INT-5289 step: build-cloud-build-uses-source-repo-relationships

docs/jupiterone.md

@@ -432,6 +432,7 @@ The following relationships are created:
 | `google_cloud_audit_config`                                      | **ALLOWS**            | `google_user`                                                     |
 | `google_cloud_bitbucket_server_config`                           | **HAS**               | `google_cloud_bitbucket_server_repo`                              |
 | `google_cloud_build_trigger`                                     | **TRIGGERS**          | `google_cloud_build`                                              |
+| `google_cloud_build`                                             | **USES**              | `google_cloud_source_repository`                                  |
 | `google_cloud_build`                                             | **USES**              | `google_storage_bucket`                                           |
 | `internet`                                                       | **ALLOWS**            | `google_compute_firewall`                                         |
 | `google_cloud_folder`                                            | **HAS**               | `google_cloud_folder`                                             |

src/getStepStartStates.ts

@@ -439,6 +439,10 @@ function getDefaultStepStartStates(params: {
     [CloudSourceRepositoriesStepsSpec.FETCH_REPOSITORIES.id]: {
       disabled: false,
     },
+    [CloudBuildStepsSpec.BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS
+      .id]: {
+      disabled: false,
+    },
   };
 
   logger.info(
@@ -839,6 +843,11 @@ async function getStepStartStatesUsingServiceEnablements(params: {
     ),
     [CloudSourceRepositoriesStepsSpec.FETCH_REPOSITORIES.id]:
       createStepStartState(ServiceUsageName.CLOUD_SOURCE_REPOSITORIES),
+    [CloudBuildStepsSpec.BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS
+      .id]: createStepStartState(
+      ServiceUsageName.CLOUD_BUILD,
+      ServiceUsageName.CLOUD_SOURCE_REPOSITORIES,
+    ),
   };
 
   logger.info(

src/index.test.ts

@@ -666,6 +666,10 @@ describe('#getStepStartStates success', () => {
         [CloudSourceRepositoriesStepsSpec.FETCH_REPOSITORIES.id]: {
           disabled: false,
         },
+        [CloudBuildStepsSpec
+          .BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS.id]: {
+          disabled: false,
+        },
       };
 
       expect(stepStartStates).toEqual(expectedStepStartStates);

src/steps/cloud-build/constants.ts

@@ -1,4 +1,8 @@
 import { RelationshipClass } from '@jupiterone/integration-sdk-core';
+import {
+  CloudSourceRepositoriesEntitiesSpec,
+  CloudSourceRepositoriesStepsSpec,
+} from '../cloud-source-repositories/constants';
 import {
   CLOUD_STORAGE_BUCKET_ENTITY_TYPE,
   STEP_CLOUD_STORAGE_BUCKETS,
@@ -56,6 +60,12 @@ export const CloudBuildRelationshipsSpec = {
     sourceType: CloudBuildEntitiesSpec.BUILD._type,
     targetType: CLOUD_STORAGE_BUCKET_ENTITY_TYPE,
   },
+  BUILD_USES_SOURCE_REPOSITORY: {
+    _type: 'google_cloud_build_uses_source_repository',
+    _class: RelationshipClass.USES,
+    sourceType: CloudBuildEntitiesSpec.BUILD._type,
+    targetType: CloudSourceRepositoriesEntitiesSpec.REPOSITORY._type,
+  },
 };
 
 export const CloudBuildStepsSpec = {
@@ -110,6 +120,16 @@ export const CloudBuildStepsSpec = {
     relationships: [CloudBuildRelationshipsSpec.BUILD_USES_STORAGE_BUCKET],
     dependsOn: ['fetch-cloud-builds', STEP_CLOUD_STORAGE_BUCKETS],
   },
+  BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS: {
+    id: 'build-cloud-build-uses-source-repo-relationships',
+    name: 'Build Cloud Build -> Source Repository Relationships',
+    entities: [],
+    relationships: [CloudBuildRelationshipsSpec.BUILD_USES_SOURCE_REPOSITORY],
+    dependsOn: [
+      'fetch-cloud-builds',
+      CloudSourceRepositoriesStepsSpec.FETCH_REPOSITORIES.id,
+    ],
+  },
 };
 
 // https://cloud.google.com/build/docs/locations

src/steps/cloud-build/index.ts

@@ -1,6 +1,7 @@
 import { IntegrationStep } from '@jupiterone/integration-sdk-core';
 import { IntegrationConfig } from '../../types';
 import { buildCloudBuildTriggerTriggersBuildRelationshipsStep } from './steps/build-cloud-build-trigger-triggers-build-relationships';
+import { buildCloudBuildUsesSourceRepositoryRelationshipsStep } from './steps/build-cloud-build-uses-source-repo-relationships';
 import { buildCloudBuildUsesStorageBucketRelationshipsStep } from './steps/build-cloud-build-uses-storage-bucket-relationships';
 import { fetchCloudBuildBitbucketServerConfigStep } from './steps/fetch-cloud-build-bb-configs';
 import { fetchCloudBuildBitbucketRepositoriesStep } from './steps/fetch-cloud-build-bb-repos';
@@ -19,4 +20,5 @@ export const cloudBuildSteps: IntegrationStep<IntegrationConfig>[] = [
 
   buildCloudBuildTriggerTriggersBuildRelationshipsStep,
   buildCloudBuildUsesStorageBucketRelationshipsStep,
+  buildCloudBuildUsesSourceRepositoryRelationshipsStep,
 ];

src/steps/cloud-build/steps/build-cloud-build-uses-source-repo-relationships.test.ts

@@ -0,0 +1,47 @@
+import {
+  executeStepWithDependencies,
+  Recording,
+  StepTestConfig,
+} from '@jupiterone/integration-sdk-testing';
+import { invocationConfig } from '../../..';
+import { integrationConfig } from '../../../../test/config';
+import {
+  getMatchRequestsBy,
+  setupGoogleCloudRecording,
+} from '../../../../test/recording';
+import { CloudBuildStepsSpec } from '../constants';
+
+describe(`cloud-build#${CloudBuildStepsSpec.BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS.id}`, () => {
+  let recording: Recording;
+  afterEach(async () => {
+    if (recording) await recording.stop();
+  });
+
+  jest.setTimeout(45000);
+
+  test(
+    CloudBuildStepsSpec.BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS
+      .id,
+    async () => {
+      recording = setupGoogleCloudRecording({
+        name: CloudBuildStepsSpec
+          .BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS.id,
+        directory: __dirname,
+        options: {
+          matchRequestsBy: getMatchRequestsBy(integrationConfig),
+        },
+      });
+
+      const stepTestConfig: StepTestConfig = {
+        stepId:
+          CloudBuildStepsSpec
+            .BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS.id,
+        instanceConfig: integrationConfig,
+        invocationConfig: invocationConfig as any,
+      };
+
+      const result = await executeStepWithDependencies(stepTestConfig);
+      expect(result).toMatchStepMetadata(stepTestConfig);
+    },
+  );
+});

src/steps/cloud-build/steps/build-cloud-build-uses-source-repo-relationships.ts

@@ -0,0 +1,40 @@
+import {
+  createDirectRelationship,
+  getRawData,
+  IntegrationStep,
+  RelationshipClass,
+} from '@jupiterone/integration-sdk-core';
+import { cloudbuild_v1 } from 'googleapis';
+import { IntegrationConfig, IntegrationStepContext } from '../../../types';
+import { CloudBuildEntitiesSpec, CloudBuildStepsSpec } from '../constants';
+
+export const buildCloudBuildUsesSourceRepositoryRelationshipsStep: IntegrationStep<IntegrationConfig> =
+  {
+    ...CloudBuildStepsSpec.BUILD_CLOUD_BUILD_USES_SOURCE_REPOSITORY_RELATIONSHIPS,
+    executionHandler: async function (context: IntegrationStepContext) {
+      const { jobState } = context;
+
+      await jobState.iterateEntities(
+        { _type: CloudBuildEntitiesSpec.BUILD._type },
+        async (buildEntity) => {
+          const rawBuild = getRawData<cloudbuild_v1.Schema$Build>(buildEntity);
+
+          if (rawBuild?.source?.repoSource) {
+            const sourceEntity = await jobState.findEntity(
+              `projects/${rawBuild.source.repoSource.projectId}/repos/${rawBuild.source.repoSource.repoName}`,
+            );
+
+            if (sourceEntity) {
+              await jobState.addRelationship(
+                createDirectRelationship({
+                  _class: RelationshipClass.USES,
+                  from: buildEntity,
+                  to: sourceEntity,
+                }),
+              );
+            }
+          }
+        },
+      );
+    },
+  };