diff --git a/docs/jupiterone.md b/docs/jupiterone.md index bf04f9b9..bd500f4f 100644 --- a/docs/jupiterone.md +++ b/docs/jupiterone.md @@ -89,6 +89,7 @@ all of the supported data into JupiterOne: | [spanner](https://console.developers.google.com/apis/library/spanner.googleapis.com) | spanner.googleapis.com | | [storage](https://console.developers.google.com/apis/library/storage.googleapis.com) | storage.googleapis.com | | [websecurityscanner](https://console.developers.google.com/apis/library/websecurityscanner.googleapis.com) | websecurityscanner.googleapis.com | + Google Cloud service APIs can be enabled using one of the following methods: @@ -113,7 +114,7 @@ integration supports: **NOTE**: You can only enable 20 services at a time. - + ``` gcloud services enable \ accesscontextmanager.googleapis.com \ @@ -149,7 +150,8 @@ gcloud services enable \ spanner.googleapis.com \ storage.googleapis.com \ websecurityscanner.googleapis.com - ``` +``` + #### Creating Google Cloud project service account @@ -446,16 +448,16 @@ The following relationships are created: | ---------------------------------------------------------------- | --------------------- | ----------------------------------------------------------------- | | `google_access_context_manager_access_policy` | **HAS** | `google_access_context_manager_access_level` | | `google_access_context_manager_access_policy` | **HAS** | `google_access_context_manager_service_perimeter` | -| `google_access_context_manager_service_perimeter_api_operation` | **HAS** | `google_access_context_manager_service_perimeter_method_selector` | -| `google_access_context_manager_service_perimeter_egress_policy` | **HAS** | `google_access_context_manager_service_perimeter_api_operation` | | `google_access_context_manager_service_perimeter` | **HAS** | `google_access_context_manager_service_perimeter_egress_policy` | | `google_access_context_manager_service_perimeter` | **HAS** | `google_access_context_manager_service_perimeter_ingress_policy` | -| `google_access_context_manager_service_perimeter_ingress_policy` | **HAS** | `google_access_context_manager_service_perimeter_api_operation` | | `google_access_context_manager_service_perimeter` | **LIMITS** | `google_cloud_api_service` | | `google_access_context_manager_service_perimeter` | **PROTECTS** | `google_cloud_project` | -| `google_api_gateway_api_config` | **USES** | `google_iam_service_account` | -| `google_api_gateway_api` | **HAS** | `google_api_gateway_gateway` | +| `google_access_context_manager_service_perimeter_api_operation` | **HAS** | `google_access_context_manager_service_perimeter_method_selector` | +| `google_access_context_manager_service_perimeter_egress_policy` | **HAS** | `google_access_context_manager_service_perimeter_api_operation` | +| `google_access_context_manager_service_perimeter_ingress_policy` | **HAS** | `google_access_context_manager_service_perimeter_api_operation` | | `google_api_gateway_api` | **USES** | `google_api_gateway_api_config` | +| `google_api_gateway_api` | **HAS** | `google_api_gateway_gateway` | +| `google_api_gateway_api_config` | **USES** | `google_iam_service_account` | | `google_app_engine_application` | **HAS** | `google_app_engine_service` | | `google_app_engine_application` | **USES** | `google_storage_bucket` | | `google_app_engine_service` | **HAS** | `google_app_engine_version` | @@ -470,26 +472,27 @@ The following relationships are created: | `google_bigtable_instance` | **HAS** | `google_bigtable_table` | | `google_bigtable_table` | **HAS** | `google_bigtable_backup` | | `google_billing_account` | **HAS** | `google_billing_budget` | +| `google_cloud_api_service` | **USES** | `google_cloud_audit_config` | | `google_cloud_api_service` | **HAS** | `google_iam_role` | | `google_cloud_api_service` | **HAS** | `resource` | -| `google_cloud_api_service` | **USES** | `google_cloud_audit_config` | | `google_cloud_audit_config` | **ALLOWS** | `google_domain` | | `google_cloud_audit_config` | **ALLOWS** | `google_group` | | `google_cloud_audit_config` | **ALLOWS** | `google_iam_service_account` | | `google_cloud_audit_config` | **ALLOWS** | `google_user` | | `google_cloud_bitbucket_server_config` | **HAS** | `google_cloud_bitbucket_server_repo` | -| `google_cloud_build_trigger` | **TRIGGERS** | `google_cloud_build` | | `google_cloud_build` | **USES** | `google_cloud_source_repository` | | `google_cloud_build` | **USES** | `google_storage_bucket` | -| `internet` | **ALLOWS** | `google_compute_firewall` | +| `google_cloud_build_trigger` | **TRIGGERS** | `google_cloud_build` | | `google_cloud_folder` | **HAS** | `google_cloud_folder` | -| `google_cloud_function` | **USES** | `google_iam_service_account` | +| `google_cloud_folder` | **HAS** | `google_cloud_project` | | `google_cloud_function` | **USES** | `google_cloud_source_repository` | +| `google_cloud_function` | **USES** | `google_iam_service_account` | | `google_cloud_function` | **USES** | `google_storage_bucket` | | `google_cloud_organization` | **HAS** | `google_cloud_folder` | -| `google_cloud_project` | **HAS** | `google_cloud_api_service` | +| `google_cloud_organization` | **HAS** | `google_cloud_project` | | `google_cloud_project` | **HAS** | `google_billing_budget` | | `google_cloud_project` | **HAS** | `google_binary_authorization_policy` | +| `google_cloud_project` | **HAS** | `google_cloud_api_service` | | `google_cloud_run_service` | **MANAGES** | `google_cloud_run_configuration` | | `google_cloud_run_service` | **MANAGES** | `google_cloud_run_route` | | `google_cloud_scan_config` | **PERFORMED** | `google_cloud_scan_run` | @@ -497,16 +500,16 @@ The following relationships are created: | `google_compute_backend_service` | **HAS** | `google_compute_health_check` | | `google_compute_backend_service` | **HAS** | `google_compute_instance_group` | | `google_compute_backend_service` | **HAS** | `google_compute_target_ssl_proxy` | -| `google_compute_disk` | **CREATED** | `google_compute_snapshot` | | `google_compute_disk` | **USES** | `google_compute_image` | +| `google_compute_disk` | **CREATED** | `google_compute_snapshot` | | `google_compute_disk` | **USES** | `google_kms_crypto_key` | | `google_compute_firewall` | **PROTECTS** | `google_compute_network` | +| `google_compute_forwarding_rule` | **USES** | `google_compute_address` | | `google_compute_forwarding_rule` | **CONNECTS** | `google_compute_backend_service` | | `google_compute_forwarding_rule` | **CONNECTS** | `google_compute_network` | | `google_compute_forwarding_rule` | **CONNECTS** | `google_compute_subnetwork` | | `google_compute_forwarding_rule` | **CONNECTS** | `google_compute_target_http_proxy` | | `google_compute_forwarding_rule` | **CONNECTS** | `google_compute_target_https_proxy` | -| `google_compute_forwarding_rule` | **USES** | `google_compute_address` | | `google_compute_global_forwarding_rule` | **CONNECTS** | `google_compute_backend_service` | | `google_compute_global_forwarding_rule` | **CONNECTS** | `google_compute_network` | | `google_compute_global_forwarding_rule` | **CONNECTS** | `google_compute_subnetwork` | @@ -514,17 +517,17 @@ The following relationships are created: | `google_compute_global_forwarding_rule` | **CONNECTS** | `google_compute_target_https_proxy` | | `google_compute_image` | **USES** | `google_compute_image` | | `google_compute_image` | **USES** | `google_kms_crypto_key` | -| `google_compute_instance_group` | **HAS** | `google_compute_instance` | -| `google_compute_instance_group` | **HAS** | `google_compute_instance_group_named_port` | -| `google_compute_instance` | **TRUSTS** | `google_iam_service_account` | | `google_compute_instance` | **USES** | `google_compute_address` | | `google_compute_instance` | **USES** | `google_compute_disk` | -| `google_compute_network` | **CONNECTS** | `google_compute_network` | -| `google_compute_network` | **CONTAINS** | `google_compute_subnetwork` | +| `google_compute_instance` | **TRUSTS** | `google_iam_service_account` | +| `google_compute_instance_group` | **HAS** | `google_compute_instance` | +| `google_compute_instance_group` | **HAS** | `google_compute_instance_group_named_port` | | `google_compute_network` | **HAS** | `google_compute_address` | -| `google_compute_network` | **HAS** | `google_dns_policy` | | `google_compute_network` | **HAS** | `google_compute_firewall` | | `google_compute_network` | **HAS** | `google_compute_global_address` | +| `google_compute_network` | **CONNECTS** | `google_compute_network` | +| `google_compute_network` | **CONTAINS** | `google_compute_subnetwork` | +| `google_compute_network` | **HAS** | `google_dns_policy` | | `google_compute_project` | **HAS** | `google_compute_instance` | | `google_compute_snapshot` | **CREATED** | `google_compute_image` | | `google_compute_subnetwork` | **HAS** | `google_compute_address` | @@ -541,24 +544,22 @@ The following relationships are created: | `google_dataproc_cluster` | **USES** | `google_compute_image` | | `google_dataproc_cluster` | **USES** | `google_kms_crypto_key` | | `google_dataproc_cluster` | **USES** | `google_storage_bucket` | -| `google_cloud_folder` | **HAS** | `google_cloud_project` | -| `google_iam_binding` | **ALLOWS** | `resource` | +| `google_iam_binding` | **ASSIGNED** | `everyone` | | `google_iam_binding` | **ASSIGNED** | `google_cloud_authenticated_users` | | `google_iam_binding` | **ASSIGNED** | `google_domain` | -| `google_iam_binding` | **ASSIGNED** | `everyone` | | `google_iam_binding` | **ASSIGNED** | `google_group` | | `google_iam_binding` | **ASSIGNED** | `google_iam_role` | +| `google_iam_binding` | **USES** | `google_iam_role` | | `google_iam_binding` | **ASSIGNED** | `google_iam_service_account` | | `google_iam_binding` | **ASSIGNED** | `google_user` | -| `google_iam_binding` | **USES** | `google_iam_role` | +| `google_iam_binding` | **ALLOWS** | `resource` | | `google_iam_service_account` | **CREATED** | `google_app_engine_version` | | `google_iam_service_account` | **HAS** | `google_iam_service_account_key` | | `google_kms_key_ring` | **HAS** | `google_kms_crypto_key` | | `google_logging_metric` | **HAS** | `google_monitoring_alert_policy` | | `google_logging_project_sink` | **USES** | `google_storage_bucket` | -| `google_memcache_instance` | **HAS** | `google_memcache_instance_node` | | `google_memcache_instance` | **USES** | `google_compute_network` | -| `google_cloud_organization` | **HAS** | `google_cloud_project` | +| `google_memcache_instance` | **HAS** | `google_memcache_instance_node` | | `google_privateca_certificate_authority` | **CREATED** | `google_privateca_certificate` | | `google_privateca_certificate_authority` | **USES** | `google_storage_bucket` | | `google_privateca_pool` | **HAS** | `google_privateca_certificate_authority` | @@ -573,6 +574,7 @@ The following relationships are created: | `google_sql_postgres_instance` | **USES** | `google_kms_crypto_key` | | `google_sql_sql_server_instance` | **USES** | `google_kms_crypto_key` | | `google_user` | **CREATED** | `google_app_engine_version` | +| `internet` | **ALLOWS** | `google_compute_firewall` | ### Mapped Relationships @@ -712,4 +714,5 @@ permissions can be used to provision only the required ones: | `spanner.instances.list` | | `storage.buckets.getIamPolicy` | | `storage.buckets.list` | + diff --git a/src/ingestSources.ts b/src/ingestSources.ts new file mode 100644 index 00000000..1e2ce3cc --- /dev/null +++ b/src/ingestSources.ts @@ -0,0 +1,69 @@ +import { IntegrationIngestionConfigFieldMap } from '@jupiterone/integration-sdk-core'; +import { AccessContextManagerIngestionConfig } from './steps/access-context-manager/constants'; +import { ApiGatewayIngestionConfig } from './steps/api-gateway/constants'; +import { AppEngineIngestionConfig } from './steps/app-engine/constants'; +import { BigQueryIngestionConfig } from './steps/big-query'; +import { BigTableIngestionConfig } from './steps/big-table/constants'; +import { BillingBudgetsIngestionConfig } from './steps/billing-budgets/constants'; +import { BinaryAuthorizationIngestionConfig } from './steps/binary-authorization/constants'; +import { CloudAssetIngestionConfig } from './steps/cloud-asset/constants'; +import { CloudBillingIngestionConfig } from './steps/cloud-billing/constants'; +import { CloudBuildIngestionConfig } from './steps/cloud-build/constants'; +import { CloudRunIngestionConfig } from './steps/cloud-run/constants'; +import { CloudSourceRepositoriesIngestionConfig } from './steps/cloud-source-repositories/constants'; +import { ComputeIngestionConfig } from './steps/compute'; +import { ContainersIngestionConfig } from './steps/containers'; +import { DataprocIngestionConfig } from './steps/dataproc/constants'; +import { DnsIngestionConfig } from './steps/dns/constants'; +import { FunctionsIngestionConfig } from './steps/functions'; +import { IamIngestionConfig } from './steps/iam'; +import { KmsIngestionConfig } from './steps/kms'; +import { LoggingIngestionConfig } from './steps/logging/constants'; +import { MemcacheIngestionConfig } from './steps/memcache/constants'; +import { MonitoringIngestionConfig } from './steps/monitoring/constants'; +import { PrivatecaIngestionConfig } from './steps/privateca/constants'; +import { PubSubIngestionConfig } from './steps/pub-sub/constants'; +import { RedisIngestionConfig } from './steps/redis/constants'; +import { ResourceManagerIngestionConfig } from './steps/resource-manager'; +import { SecretManagerIngestionConfig } from './steps/secret-manager/constants'; +import { ServiceUsageIngestionConfig } from './steps/service-usage/constants'; +import { SpannerIngestionConfig } from './steps/spanner/constants'; +import { SQLAdminIngestionConfig } from './steps/sql-admin'; +import { StorageIngestionConfig } from './steps/storage/constants'; +import { WebSecurityScannerIngestionConfig } from './steps/web-security-scanner/constants'; + +export const ingestionConfig: IntegrationIngestionConfigFieldMap = { + ...AccessContextManagerIngestionConfig, + ...ApiGatewayIngestionConfig, + ...ApiGatewayIngestionConfig, + ...AppEngineIngestionConfig, + ...BigQueryIngestionConfig, + ...BigTableIngestionConfig, + ...BillingBudgetsIngestionConfig, + ...BinaryAuthorizationIngestionConfig, + ...CloudAssetIngestionConfig, + ...CloudBillingIngestionConfig, + ...CloudBuildIngestionConfig, + ...CloudRunIngestionConfig, + ...CloudSourceRepositoriesIngestionConfig, + ...ComputeIngestionConfig, + ...ContainersIngestionConfig, + ...DataprocIngestionConfig, + ...DnsIngestionConfig, + ...FunctionsIngestionConfig, + ...IamIngestionConfig, + ...KmsIngestionConfig, + ...LoggingIngestionConfig, + ...MemcacheIngestionConfig, + ...MonitoringIngestionConfig, + ...PrivatecaIngestionConfig, + ...PubSubIngestionConfig, + ...RedisIngestionConfig, + ...ResourceManagerIngestionConfig, + ...SecretManagerIngestionConfig, + ...ServiceUsageIngestionConfig, + ...SpannerIngestionConfig, + ...SQLAdminIngestionConfig, + ...StorageIngestionConfig, + ...WebSecurityScannerIngestionConfig, +}; diff --git a/src/steps/access-context-manager/constants.ts b/src/steps/access-context-manager/constants.ts index 9d75e442..070339f4 100644 --- a/src/steps/access-context-manager/constants.ts +++ b/src/steps/access-context-manager/constants.ts @@ -57,3 +57,27 @@ export const RELATIONSHIP_TYPE_SERVICE_PERIMETER_HAS_INGRESS_POLICY = 'google_access_context_manager_service_perimeter_has_ingress_policy'; export const RELATIONSHIP_TYPE_INGRESS_POLICY_HAS_API_OPERATION = 'google_access_context_manager_service_perimeter_ingress_policy_has_api_operation'; + +export const IngestionSources = { + ACCESS_CONTEXT_MANAGER_ACCESS_POLICIES: 'acm-access-policies', + ACCESS_CONTEXT_MANAGER_ACCESS_LEVELS: 'acm-access-levels', + ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETERS: 'acm-service-perimeters', +}; + +export const AccessContextManagerIngestionConfig = { + [IngestionSources.ACCESS_CONTEXT_MANAGER_ACCESS_POLICIES]: { + title: 'Google Cloud Access Context Manager Access Policies', + description: 'Defines secure access boundaries in GCP.', + defaultsToDisabled: false, + }, + [IngestionSources.ACCESS_CONTEXT_MANAGER_ACCESS_LEVELS]: { + title: 'Google Cloud Access Context Manager Access Levels', + description: 'Manages access via hierarchical levels in GCP.', + defaultsToDisabled: false, + }, + [IngestionSources.ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETERS]: { + title: 'Google Cloud Access Context Manager Service Perimeters', + description: 'Secures resources within network boundaries.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/access-context-manager/index.ts b/src/steps/access-context-manager/index.ts index ed76f9ee..a590f19e 100644 --- a/src/steps/access-context-manager/index.ts +++ b/src/steps/access-context-manager/index.ts @@ -38,6 +38,7 @@ import { RELATIONSHIP_TYPE_SERVICE_PERIMETER_HAS_INGRESS_POLICY, RELATIONSHIP_TYPE_INGRESS_POLICY_HAS_API_OPERATION, ENTITY_CLASS_ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETER_INGRESS_POLICY, + IngestionSources, } from './constants'; import { PROJECT_ENTITY_TYPE, @@ -391,6 +392,7 @@ export async function fetchServicePerimeters( export const accessPoliciesSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_ACCESS_CONTEXT_MANAGER_ACCESS_POLICIES, + ingestionSourceId: IngestionSources.ACCESS_CONTEXT_MANAGER_ACCESS_POLICIES, name: 'Access Context Manager Access Policies', entities: [ { @@ -407,6 +409,7 @@ export const accessPoliciesSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_ACCESS_CONTEXT_MANAGER_ACCESS_LEVELS, + ingestionSourceId: IngestionSources.ACCESS_CONTEXT_MANAGER_ACCESS_LEVELS, name: 'Access Context Manager Access Levels', entities: [ { @@ -430,6 +433,8 @@ export const accessPoliciesSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETERS, + ingestionSourceId: + IngestionSources.ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETERS, name: 'Access Context Manager Service Perimeters', entities: [ { diff --git a/src/steps/api-gateway/constants.ts b/src/steps/api-gateway/constants.ts index ba3df7ae..2ed6920c 100644 --- a/src/steps/api-gateway/constants.ts +++ b/src/steps/api-gateway/constants.ts @@ -18,3 +18,27 @@ export const RELATIONSHIP_TYPE_API_GATEWAY_API_HAS_GATEWAY = 'google_api_gateway_api_has_gateway'; export const RELATIONSHIP_TYPE_API_GATEWAY_API_CONFIG_USES_SERVICE_ACCOUNT = 'google_api_gateway_api_config_uses_iam_service_account'; + +export const IngestionSources = { + API_GATEWAY_APIS: 'api-gateway-apis', + API_GATEWAY_API_CONFIGS: 'api-gateway-api-configs', + API_GATEWAY_GATEWAYS: 'api-gateway-gateways', +}; + +export const ApiGatewayIngestionConfig = { + [IngestionSources.API_GATEWAY_APIS]: { + title: 'Google Cloud API Gateway APIs', + description: 'Endpoint management for API gateways.', + defaultsToDisabled: false, + }, + [IngestionSources.API_GATEWAY_API_CONFIGS]: { + title: 'Google Cloud API Gateway API Configurations', + description: 'Config settings for API interfaces.', + defaultsToDisabled: false, + }, + [IngestionSources.API_GATEWAY_GATEWAYS]: { + title: 'Google Cloud API Gateway Gateways', + description: 'Networking gateways for API management.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/api-gateway/index.ts b/src/steps/api-gateway/index.ts index 6dcf8776..9fc03dce 100644 --- a/src/steps/api-gateway/index.ts +++ b/src/steps/api-gateway/index.ts @@ -22,6 +22,7 @@ import { RELATIONSHIP_TYPE_API_GATEWAY_API_USES_CONFIG, RELATIONSHIP_TYPE_API_GATEWAY_API_HAS_GATEWAY, RELATIONSHIP_TYPE_API_GATEWAY_API_CONFIG_USES_SERVICE_ACCOUNT, + IngestionSources, } from './constants'; import { createApiGatewayApiConfigEntity, @@ -188,6 +189,7 @@ export async function fetchApiGatewayGateways( export const apiGatewaySteps: GoogleCloudIntegrationStep[] = [ { id: STEP_API_GATEWAY_APIS, + ingestionSourceId: IngestionSources.API_GATEWAY_APIS, name: 'Api Gateway APIs', entities: [ { @@ -203,6 +205,7 @@ export const apiGatewaySteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_API_GATEWAY_API_CONFIGS, + ingestionSourceId: IngestionSources.API_GATEWAY_API_CONFIGS, name: 'Api Gateway Api Configs', entities: [ { @@ -235,6 +238,7 @@ export const apiGatewaySteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_API_GATEWAY_GATEWAYS, + ingestionSourceId: IngestionSources.API_GATEWAY_GATEWAYS, name: 'Api Gateway Gateways', entities: [ { diff --git a/src/steps/app-engine/constants.ts b/src/steps/app-engine/constants.ts index dd1695ce..6c36ea6d 100644 --- a/src/steps/app-engine/constants.ts +++ b/src/steps/app-engine/constants.ts @@ -35,3 +35,33 @@ export const RELATIONSHIP_TYPE_GOOGLE_USER_CREATED_VERSION = export const RELATIONSHIP_TYPE_SERVICE_ACCOUNT_CREATED_VERSION = 'google_iam_service_account_created_app_engine_version'; + +export const IngestionSources = { + APP_ENGINE_APPLICATION: 'app-engine-application', + APP_ENGINE_SERVICES: 'app-engine-services', + APP_ENGINE_VERSIONS: 'app-engine-versions', + APP_ENGINE_INSTANCES: 'app-engine-instances', +}; + +export const AppEngineIngestionConfig = { + [IngestionSources.APP_ENGINE_APPLICATION]: { + title: 'Google Cloud App Engine Application', + description: 'Platform for building scalable web apps.', + defaultsToDisabled: false, + }, + [IngestionSources.APP_ENGINE_SERVICES]: { + title: 'Google Cloud App Engine Services', + description: 'Modular components of App Engine apps.', + defaultsToDisabled: false, + }, + [IngestionSources.APP_ENGINE_VERSIONS]: { + title: 'Google Cloud App Engine Versions', + description: 'Versioning for App Engine application components.', + defaultsToDisabled: false, + }, + [IngestionSources.APP_ENGINE_INSTANCES]: { + title: 'Google Cloud App Engine Instances', + description: 'Running instances of App Engine services.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/app-engine/index.ts b/src/steps/app-engine/index.ts index 507bfe0d..6e649521 100644 --- a/src/steps/app-engine/index.ts +++ b/src/steps/app-engine/index.ts @@ -34,6 +34,7 @@ import { RELATIONSHIP_TYPE_GOOGLE_USER_CREATED_VERSION, RELATIONSHIP_TYPE_SERVICE_ACCOUNT_CREATED_VERSION, STEP_CREATE_APP_ENGINE_BUCKET_RELATIONSHIPS, + IngestionSources, } from './constants'; import { createAppEngineApplicationEntity, @@ -382,6 +383,7 @@ export async function fetchAppEngineVersionInstances( export const appEngineSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_APP_ENGINE_APPLICATION, + ingestionSourceId: IngestionSources.APP_ENGINE_APPLICATION, name: 'AppEngine Application', entities: [ { @@ -416,6 +418,7 @@ export const appEngineSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_APP_ENGINE_SERVICES, + ingestionSourceId: IngestionSources.APP_ENGINE_SERVICES, name: 'AppEngine Services', entities: [ { @@ -439,6 +442,7 @@ export const appEngineSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_APP_ENGINE_VERSIONS, + ingestionSourceId: IngestionSources.APP_ENGINE_VERSIONS, name: 'AppEngine Versions', entities: [ { @@ -473,6 +477,7 @@ export const appEngineSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_APP_ENGINE_INSTANCES, + ingestionSourceId: IngestionSources.APP_ENGINE_INSTANCES, name: 'AppEngine Instances', entities: [ { diff --git a/src/steps/big-query/constants.ts b/src/steps/big-query/constants.ts index a1f67fee..1f80074f 100644 --- a/src/steps/big-query/constants.ts +++ b/src/steps/big-query/constants.ts @@ -19,3 +19,27 @@ export const RELATIONSHIP_TYPE_DATASET_HAS_TABLE = 'google_bigquery_dataset_has_table'; export const RELATIONSHIP_TYPE_DATASET_HAS_MODEL = 'google_bigquery_dataset_has_model'; + +export const IngestionSources = { + BIG_QUERY_DATASETS: 'big-query-datasets', + BIG_QUERY_MODELS: 'big-query-models', + BIG_QUERY_TABLES: 'big-query-tables', +}; + +export const BigQueryIngestionConfig = { + [IngestionSources.BIG_QUERY_DATASETS]: { + title: 'Google Cloud BigQuery Datasets', + description: 'Organized collections of BigQuery data.', + defaultsToDisabled: true, + }, + [IngestionSources.BIG_QUERY_MODELS]: { + title: 'Google Cloud BigQuery Models', + description: 'Machine learning models in BigQuery.', + defaultsToDisabled: true, + }, + [IngestionSources.BIG_QUERY_TABLES]: { + title: 'Google Cloud BigQuery Tables', + description: 'Structured data tables in BigQuery.', + defaultsToDisabled: true, + }, +}; diff --git a/src/steps/big-query/index.ts b/src/steps/big-query/index.ts index b7120b64..f1024d48 100644 --- a/src/steps/big-query/index.ts +++ b/src/steps/big-query/index.ts @@ -30,6 +30,7 @@ import { BIG_QUERY_MODEL_ENTITY_CLASS, RELATIONSHIP_TYPE_DATASET_HAS_MODEL, STEP_BUILD_BIG_QUERY_DATASET_KMS_RELATIONSHIPS, + IngestionSources, } from './constants'; import { createBigQueryDatasetEntity, @@ -257,6 +258,7 @@ export function handleDatasetError( export const bigQuerySteps: GoogleCloudIntegrationStep[] = [ { id: STEP_BIG_QUERY_DATASETS, + ingestionSourceId: IngestionSources.BIG_QUERY_DATASETS, name: 'Big Query Datasets', entities: [ { @@ -288,6 +290,7 @@ export const bigQuerySteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_BIG_QUERY_MODELS, + ingestionSourceId: IngestionSources.BIG_QUERY_MODELS, name: 'Big Query Models', entities: [ { @@ -315,6 +318,7 @@ export const bigQuerySteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_BIG_QUERY_TABLES, + ingestionSourceId: IngestionSources.BIG_QUERY_TABLES, name: 'Big Query Tables', entities: [ { diff --git a/src/steps/big-table/constants.ts b/src/steps/big-table/constants.ts index 70ca00f9..b0206e18 100644 --- a/src/steps/big-table/constants.ts +++ b/src/steps/big-table/constants.ts @@ -36,3 +36,39 @@ export const RELATIONSHIP_TYPE_TABLE_HAS_BACKUP = export const RELATIONSHIP_TYPE_CLUSTER_USES_KMS_KEY = 'google_bigtable_cluster_uses_kms_key'; + +export const IngestionSources = { + BIG_TABLE_INSTANCES: 'big-table-instances', + BIG_TABLE_APP_PROFILES: 'big-table-app-profiles', + BIG_TABLE_CLUSTERS: 'big-table-clusters', + BIG_TABLE_BACKUPS: 'big-table-backups', + BIG_TABLE_TABLES: 'big-table-tables', +}; + +export const BigTableIngestionConfig = { + [IngestionSources.BIG_TABLE_INSTANCES]: { + title: 'Google Cloud BigTable Instances', + description: 'Managed NoSQL database instances.', + defaultsToDisabled: true, + }, + [IngestionSources.BIG_TABLE_APP_PROFILES]: { + title: 'Google Cloud BigTable App Profiles', + description: 'App profiles for BigTable configuration.', + defaultsToDisabled: true, + }, + [IngestionSources.BIG_TABLE_CLUSTERS]: { + title: 'Google Cloud BigTable Clusters', + description: 'Cluster management in BigTable.', + defaultsToDisabled: true, + }, + [IngestionSources.BIG_TABLE_BACKUPS]: { + title: 'Google Cloud BigTable Backups', + description: 'Backup solutions for BigTable data.', + defaultsToDisabled: true, + }, + [IngestionSources.BIG_TABLE_TABLES]: { + title: 'Google Cloud BigTable Tables', + description: 'Data tables within BigTable.', + defaultsToDisabled: true, + }, +}; diff --git a/src/steps/big-table/index.ts b/src/steps/big-table/index.ts index 39a625a5..228aba91 100644 --- a/src/steps/big-table/index.ts +++ b/src/steps/big-table/index.ts @@ -31,6 +31,7 @@ import { STEP_BIG_TABLE_CLUSTERS, STEP_BIG_TABLE_INSTANCES, STEP_BIG_TABLE_TABLES, + IngestionSources, } from './constants'; import { createAppProfileEntity, @@ -224,6 +225,7 @@ export async function fetchTables( export const bigTableSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_BIG_TABLE_INSTANCES, + ingestionSourceId: IngestionSources.BIG_TABLE_INSTANCES, name: 'Bigtable Instances', entities: [ { @@ -240,6 +242,7 @@ export const bigTableSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_BIG_TABLE_APP_PROFILES, + ingestionSourceId: IngestionSources.BIG_TABLE_APP_PROFILES, name: 'Bigtable AppProfiles', entities: [ { @@ -263,6 +266,7 @@ export const bigTableSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_BIG_TABLE_CLUSTERS, + ingestionSourceId: IngestionSources.BIG_TABLE_CLUSTERS, name: 'Bigtable Clusters', entities: [ { @@ -292,6 +296,7 @@ export const bigTableSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_BIG_TABLE_BACKUPS, + ingestionSourceId: IngestionSources.BIG_TABLE_BACKUPS, name: 'Bigtable Backups', entities: [ { @@ -326,6 +331,7 @@ export const bigTableSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_BIG_TABLE_TABLES, + ingestionSourceId: IngestionSources.BIG_TABLE_TABLES, name: 'Bigtable Tables', entities: [ { diff --git a/src/steps/billing-budgets/constants.ts b/src/steps/billing-budgets/constants.ts index c1ad9c2d..74df1e5a 100644 --- a/src/steps/billing-budgets/constants.ts +++ b/src/steps/billing-budgets/constants.ts @@ -11,3 +11,15 @@ export const RELATIONSHIP_TYPE_PROJECT_HAS_BUDGET = 'google_cloud_project_has_billing_budget'; export const RELATIONSHIP_TYPE_BILLING_ACCOUNT_HAS_BUDGET = 'google_billing_account_has_budget'; + +export const IngestionSources = { + BILLING_BUDGETS: 'billing-budgets', +}; + +export const BillingBudgetsIngestionConfig = { + [IngestionSources.BILLING_BUDGETS]: { + title: 'Google Cloud Billing Budgets', + description: 'Budget management for cloud resources.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/billing-budgets/index.ts b/src/steps/billing-budgets/index.ts index 1e8e0d9e..b2612d21 100644 --- a/src/steps/billing-budgets/index.ts +++ b/src/steps/billing-budgets/index.ts @@ -24,6 +24,7 @@ import { STEP_BUILD_ACCOUNT_BUDGET, STEP_BUILD_ADDITIONAL_PROJECT_BUDGET, STEP_BUILD_PROJECT_BUDGET, + IngestionSources, } from './constants'; import { createBillingBudgetEntity } from './converters'; import { getProjectEntity } from '../../utils/project'; @@ -206,6 +207,7 @@ export async function buildAdditionalProjectBudgetRelationships( export const billingBudgetsSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_BILLING_BUDGETS, + ingestionSourceId: IngestionSources.BILLING_BUDGETS, name: 'Billing Budgets', entities: [ { diff --git a/src/steps/binary-authorization/constants.ts b/src/steps/binary-authorization/constants.ts index fc7ea7e7..a303d2c5 100644 --- a/src/steps/binary-authorization/constants.ts +++ b/src/steps/binary-authorization/constants.ts @@ -7,3 +7,15 @@ export const STEP_BINARY_AUTHORIZATION_POLICY = export const RELATIONSHIP_TYPE_PROJECT_HAS_BINARY_AUTHORIZATION_POLICY = 'google_cloud_project_has_binary_authorization_policy'; + +export const IngestionSources = { + BINARY_AUTHORIZATION_POLICY: 'binary-authorization-policy', +}; + +export const BinaryAuthorizationIngestionConfig = { + [IngestionSources.BINARY_AUTHORIZATION_POLICY]: { + title: 'Google Cloud Binary Authorization Policy', + description: 'Controls for deploying trusted containers.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/binary-authorization/index.ts b/src/steps/binary-authorization/index.ts index 2c70c29d..1d56d184 100644 --- a/src/steps/binary-authorization/index.ts +++ b/src/steps/binary-authorization/index.ts @@ -17,6 +17,7 @@ import { BINARY_AUTHORIZATION_POLICY_ENTITY_TYPE, STEP_BINARY_AUTHORIZATION_POLICY, RELATIONSHIP_TYPE_PROJECT_HAS_BINARY_AUTHORIZATION_POLICY, + IngestionSources, } from './constants'; import { createBinaryAuthorizationPolicyEntity } from './converters'; import { publishMissingPermissionEvent } from '../../utils/events'; @@ -77,6 +78,7 @@ export async function fetchBinaryAuthorizationPolicy( export const binaryAuthorizationSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_BINARY_AUTHORIZATION_POLICY, + ingestionSourceId: IngestionSources.BINARY_AUTHORIZATION_POLICY, name: 'Binary Authorization Policy', entities: [ { diff --git a/src/steps/cloud-asset/constants.ts b/src/steps/cloud-asset/constants.ts index 91f7218e..9cb8273e 100644 --- a/src/steps/cloud-asset/constants.ts +++ b/src/steps/cloud-asset/constants.ts @@ -85,3 +85,21 @@ export const API_SERVICE_HAS_ANY_RESOURCE_RELATIONSHIP = { sourceType: ServiceUsageEntities.API_SERVICE._type, targetType: ANY_RESOURCE, }; + +export const IngestionSources = { + CLOUD_ASSET_IAM_BINDINGS: 'cloud-asset-iam-bindings', + CLOUD_ASSET_IAM_BASIC_ROLES: 'cloud-asset-basic-roles', +}; + +export const CloudAssetIngestionConfig = { + [IngestionSources.CLOUD_ASSET_IAM_BINDINGS]: { + title: 'Google Cloud Asset IAM Bindings', + description: 'IAM bindings for cloud assets.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_ASSET_IAM_BASIC_ROLES]: { + title: 'Google Cloud Asset Basic Roles', + description: 'Basic IAM roles for cloud assets.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/cloud-asset/index.ts b/src/steps/cloud-asset/index.ts index d91d8a2e..07e53799 100644 --- a/src/steps/cloud-asset/index.ts +++ b/src/steps/cloud-asset/index.ts @@ -39,6 +39,7 @@ import { STEP_CREATE_BINDING_ROLE_RELATIONSHIPS, STEP_IAM_BINDINGS, bindingEntities, + IngestionSources, } from './constants'; import { BindingEntity, @@ -586,9 +587,8 @@ export async function createPrincipalRelationships( { _type: bindingEntities.BINDINGS._type }, async (bindingEntity: BindingEntity) => { const condition = - getRawData( - bindingEntity, - )?.condition; + getRawData(bindingEntity) + ?.condition; for (const member of bindingEntity?.members ?? []) { if (isConvienenceMember(member)) { @@ -796,6 +796,7 @@ export async function createApiServiceToAnyResourceRelationships( export const cloudAssetSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_IAM_BINDINGS, + ingestionSourceId: IngestionSources.CLOUD_ASSET_IAM_BINDINGS, name: 'IAM Bindings', entities: [bindingEntities.BINDINGS], relationships: [], @@ -807,6 +808,7 @@ export const cloudAssetSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_CREATE_BASIC_ROLES, + ingestionSourceId: IngestionSources.CLOUD_ASSET_IAM_BASIC_ROLES, name: 'Identity and Access Management (IAM) Basic Roles', entities: [ { diff --git a/src/steps/cloud-billing/constants.ts b/src/steps/cloud-billing/constants.ts index b8168f1f..274f75b1 100644 --- a/src/steps/cloud-billing/constants.ts +++ b/src/steps/cloud-billing/constants.ts @@ -2,3 +2,15 @@ export const STEP_BILLING_ACCOUNTS = 'fetch-billing-accounts'; export const ENTITY_CLASS_BILLING_ACCOUNT = 'Account'; export const ENTITY_TYPE_BILLING_ACCOUNT = 'google_billing_account'; + +export const IngestionSources = { + CLOUD_BILLING_ACCOUNTS: 'billing-accounts', +}; + +export const CloudBillingIngestionConfig = { + [IngestionSources.CLOUD_BILLING_ACCOUNTS]: { + title: 'Google Cloud Billing Accounts', + description: 'Management of billing and payments.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/cloud-billing/index.ts b/src/steps/cloud-billing/index.ts index 3827d296..92dd0cb5 100644 --- a/src/steps/cloud-billing/index.ts +++ b/src/steps/cloud-billing/index.ts @@ -7,6 +7,7 @@ import { STEP_BILLING_ACCOUNTS, ENTITY_TYPE_BILLING_ACCOUNT, ENTITY_CLASS_BILLING_ACCOUNT, + IngestionSources, } from './constants'; import { createBillingAccountEntity } from './converters'; @@ -28,6 +29,7 @@ export async function fetchBillingAccounts( export const cloudBillingSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_BILLING_ACCOUNTS, + ingestionSourceId: IngestionSources.CLOUD_BILLING_ACCOUNTS, name: 'Billing Accounts', entities: [ { diff --git a/src/steps/cloud-build/constants.ts b/src/steps/cloud-build/constants.ts index b275d47d..75e44bd7 100644 --- a/src/steps/cloud-build/constants.ts +++ b/src/steps/cloud-build/constants.ts @@ -132,3 +132,45 @@ export const CloudBuildLocations = [ 'us-west3', 'us-west4', ]; + +export const IngestionSources = { + CLOUD_BUILD_BUILDS: 'cloud-build-builds', + CLOUD_BUILD_TRIGGERS: 'cloud-build-triggers', + CLOUD_BUILD_WORKER_POOLS: 'cloud-build-worker-pools', + CLOUD_BUILD_GITHUB_ENTERPRISE_CONFIG: 'cloud-build-github-enterprise-config', + CLOUD_BUILD_BITBUCKET_SERVER_CONFIG: 'cloud-build-bitbucket-server-config', + CLOUD_BUILD_BITBUCKET_REPOS: 'cloud-build-bitbucket-repos', +}; + +export const CloudBuildIngestionConfig = { + [IngestionSources.CLOUD_BUILD_BUILDS]: { + title: 'Google Cloud Build Builds', + description: 'Continuous integration build records.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_BUILD_TRIGGERS]: { + title: 'Google Cloud Build Triggers', + description: 'Triggers for automated builds.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_BUILD_WORKER_POOLS]: { + title: 'Google Cloud Build Worker Pools', + description: 'Worker pool for parallel build tasks.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_BUILD_GITHUB_ENTERPRISE_CONFIG]: { + title: 'Cloud Build GitHub Enterprise Config', + description: 'Integration settings for GitHub Enterprise.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_BUILD_BITBUCKET_SERVER_CONFIG]: { + title: 'Cloud Build Bitbucket Server Config', + description: 'Configuration for Bitbucket Server integration.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_BUILD_BITBUCKET_REPOS]: { + title: 'Cloud Build Bitbucket Repositories', + description: 'Build management for Bitbucket repositories.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/cloud-build/steps/fetch-cloud-build-bb-configs.ts b/src/steps/cloud-build/steps/fetch-cloud-build-bb-configs.ts index 5fdb554b..149866fa 100644 --- a/src/steps/cloud-build/steps/fetch-cloud-build-bb-configs.ts +++ b/src/steps/cloud-build/steps/fetch-cloud-build-bb-configs.ts @@ -3,12 +3,17 @@ import { IntegrationStepContext, } from '../../../types'; import { CloudBuildClient } from '../client'; -import { CloudBuildEntitiesSpec, CloudBuildStepsSpec } from '../constants'; +import { + CloudBuildEntitiesSpec, + CloudBuildStepsSpec, + IngestionSources, +} from '../constants'; import { createGoogleCloudBuildBitbucketServerConfigEntity } from '../converters'; export const fetchCloudBuildBitbucketServerConfigStep: GoogleCloudIntegrationStep = { ...CloudBuildStepsSpec.FETCH_BUILD_BITBUCKET_SERVER_CONFIG, + ingestionSourceId: IngestionSources.CLOUD_BUILD_BITBUCKET_SERVER_CONFIG, entities: [CloudBuildEntitiesSpec.BUILD_BITBUCKET_SERVER_CONFIG], relationships: [], executionHandler: async function ( diff --git a/src/steps/cloud-build/steps/fetch-cloud-build-bb-repos.ts b/src/steps/cloud-build/steps/fetch-cloud-build-bb-repos.ts index 543b304f..5fd6e91b 100644 --- a/src/steps/cloud-build/steps/fetch-cloud-build-bb-repos.ts +++ b/src/steps/cloud-build/steps/fetch-cloud-build-bb-repos.ts @@ -16,10 +16,12 @@ import { createGoogleCloudBuildBitbucketRepoEntity } from '../converters'; import { getRawData } from '@jupiterone/integration-sdk-core'; import { cloudbuild_v1 } from 'googleapis'; +import { IngestionSources } from '../constants'; export const fetchCloudBuildBitbucketRepositoriesStep: GoogleCloudIntegrationStep = { ...CloudBuildStepsSpec.FETCH_BUILD_BITBUCKET_REPOS, + ingestionSourceId: IngestionSources.CLOUD_BUILD_BITBUCKET_REPOS, entities: [CloudBuildEntitiesSpec.BUILD_BITBUCKET_REPO], dependsOn: [CloudBuildStepsSpec.FETCH_BUILD_BITBUCKET_SERVER_CONFIG.id], relationships: [CloudBuildRelationshipsSpec.BITBUCKET_SERVER_HAS_REPO], diff --git a/src/steps/cloud-build/steps/fetch-cloud-build-ghe-configs.ts b/src/steps/cloud-build/steps/fetch-cloud-build-ghe-configs.ts index 74700545..57aa3ac8 100644 --- a/src/steps/cloud-build/steps/fetch-cloud-build-ghe-configs.ts +++ b/src/steps/cloud-build/steps/fetch-cloud-build-ghe-configs.ts @@ -1,3 +1,4 @@ +import { IngestionSources } from '../constants'; import { GoogleCloudIntegrationStep, IntegrationStepContext, @@ -9,6 +10,7 @@ import { createGoogleCloudBuildGithubEnterpriseConfigEntity } from '../converter export const fetchCloudBuildGithubEnterpriseConfigStep: GoogleCloudIntegrationStep = { ...CloudBuildStepsSpec.FETCH_BUILD_GITHUB_ENTERPRISE_CONFIG, + ingestionSourceId: IngestionSources.CLOUD_BUILD_GITHUB_ENTERPRISE_CONFIG, entities: [CloudBuildEntitiesSpec.BUILD_GITHUB_ENTERPRISE_CONFIG], relationships: [], executionHandler: async function ( diff --git a/src/steps/cloud-build/steps/fetch-cloud-build-triggers.ts b/src/steps/cloud-build/steps/fetch-cloud-build-triggers.ts index 5d9eb8c8..25b1c61a 100644 --- a/src/steps/cloud-build/steps/fetch-cloud-build-triggers.ts +++ b/src/steps/cloud-build/steps/fetch-cloud-build-triggers.ts @@ -1,3 +1,4 @@ +import { IngestionSources } from '../constants'; import { GoogleCloudIntegrationStep, IntegrationStepContext, @@ -8,6 +9,7 @@ import { createGoogleCloudBuildTriggerEntity } from '../converters'; export const fetchCloudBuildTriggerStep: GoogleCloudIntegrationStep = { ...CloudBuildStepsSpec.FETCH_BUILD_TRIGGERS, + ingestionSourceId: IngestionSources.CLOUD_BUILD_TRIGGERS, entities: [CloudBuildEntitiesSpec.BUILD_TRIGGER], relationships: [], executionHandler: async function ( diff --git a/src/steps/cloud-build/steps/fetch-cloud-build-worker-pools.ts b/src/steps/cloud-build/steps/fetch-cloud-build-worker-pools.ts index b298a027..669af7f0 100644 --- a/src/steps/cloud-build/steps/fetch-cloud-build-worker-pools.ts +++ b/src/steps/cloud-build/steps/fetch-cloud-build-worker-pools.ts @@ -1,3 +1,4 @@ +import { IngestionSources } from '../constants'; import { GoogleCloudIntegrationStep, IntegrationStepContext, @@ -8,6 +9,7 @@ import { createGoogleCloudBuildWorkerPoolEntity } from '../converters'; export const fetchCloudBuildWorkerPoolsStep: GoogleCloudIntegrationStep = { ...CloudBuildStepsSpec.FETCH_BUILD_WORKER_POOLS, + ingestionSourceId: IngestionSources.CLOUD_BUILD_WORKER_POOLS, entities: [CloudBuildEntitiesSpec.BUILD_WORKER_POOL], relationships: [], executionHandler: async function ( diff --git a/src/steps/cloud-build/steps/fetch-cloud-builds.ts b/src/steps/cloud-build/steps/fetch-cloud-builds.ts index 7f075642..b86eab47 100644 --- a/src/steps/cloud-build/steps/fetch-cloud-builds.ts +++ b/src/steps/cloud-build/steps/fetch-cloud-builds.ts @@ -1,3 +1,4 @@ +import { IngestionSources } from '../constants'; import { GoogleCloudIntegrationStep, IntegrationStepContext, @@ -8,6 +9,7 @@ import { createGoogleCloudBuildEntity } from '../converters'; export const fetchCloudBuildStep: GoogleCloudIntegrationStep = { ...CloudBuildStepsSpec.FETCH_BUILDS, + ingestionSourceId: IngestionSources.CLOUD_BUILD_BUILDS, entities: [CloudBuildEntitiesSpec.BUILD], relationships: [], executionHandler: async function ( diff --git a/src/steps/cloud-run/constants.ts b/src/steps/cloud-run/constants.ts index fa7646d7..8e9fc848 100644 --- a/src/steps/cloud-run/constants.ts +++ b/src/steps/cloud-run/constants.ts @@ -17,3 +17,27 @@ export const RELATIONSHIP_TYPE_CLOUD_RUN_SERVICE_MANAGES_ROUTE = export const RELATIONSHIP_TYPE_CLOUD_RUN_SERVICE_MANAGES_CONFIGURATION = 'google_cloud_run_service_manages_configuration'; + +export const IngestionSources = { + CLOUD_RUN_SERVICES: 'cloud-run-services', + CLOUD_RUN_ROUTES: 'cloud-run-routes', + CLOUD_RUN_CONFIGURATIONS: 'cloud-run-configurations', +}; + +export const CloudRunIngestionConfig = { + [IngestionSources.CLOUD_RUN_SERVICES]: { + title: 'Google Cloud Run Services', + description: 'Serverless app deployment services.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_RUN_ROUTES]: { + title: 'Google Cloud Run Routes', + description: 'URL paths to Cloud Run services.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_RUN_CONFIGURATIONS]: { + title: 'Google Cloud Run Configurations', + description: 'Manage configurations of Cloud Run services.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/cloud-run/index.ts b/src/steps/cloud-run/index.ts index 935524e2..4347bc87 100644 --- a/src/steps/cloud-run/index.ts +++ b/src/steps/cloud-run/index.ts @@ -23,6 +23,7 @@ import { ENTITY_CLASS_CLOUD_RUN_CONFIGURATION, RELATIONSHIP_TYPE_CLOUD_RUN_SERVICE_MANAGES_ROUTE, RELATIONSHIP_TYPE_CLOUD_RUN_SERVICE_MANAGES_CONFIGURATION, + IngestionSources, } from './constants'; import { createCloudRunConfigurationEntity, @@ -152,6 +153,7 @@ export async function fetchCloudRunConfigurations( export const cloudRunSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_CLOUD_RUN_SERVICES, + ingestionSourceId: IngestionSources.CLOUD_RUN_SERVICES, name: 'Cloud Run Services', entities: [ { @@ -167,6 +169,7 @@ export const cloudRunSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_CLOUD_RUN_ROUTES, + ingestionSourceId: IngestionSources.CLOUD_RUN_ROUTES, name: 'Cloud Run Routes', entities: [ { @@ -189,6 +192,7 @@ export const cloudRunSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_CLOUD_RUN_CONFIGURATIONS, + ingestionSourceId: IngestionSources.CLOUD_RUN_CONFIGURATIONS, name: 'Cloud Run Configurations', entities: [ { diff --git a/src/steps/cloud-source-repositories/constants.ts b/src/steps/cloud-source-repositories/constants.ts index b8496791..5da39054 100644 --- a/src/steps/cloud-source-repositories/constants.ts +++ b/src/steps/cloud-source-repositories/constants.ts @@ -12,3 +12,15 @@ export const CloudSourceRepositoriesStepsSpec = { name: 'Fetch Cloud Source Repositories', }, }; + +export const IngestionSources = { + CLOUD_SOURCE_REPOSITORIES: 'cloud-source-repositories', +}; + +export const CloudSourceRepositoriesIngestionConfig = { + [IngestionSources.CLOUD_SOURCE_REPOSITORIES]: { + title: 'Google Cloud Source Repositories', + description: 'Fully managed source code repositories.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/cloud-source-repositories/steps/fetch-cloud-source-repositories.ts b/src/steps/cloud-source-repositories/steps/fetch-cloud-source-repositories.ts index 91cdee25..2ab53160 100644 --- a/src/steps/cloud-source-repositories/steps/fetch-cloud-source-repositories.ts +++ b/src/steps/cloud-source-repositories/steps/fetch-cloud-source-repositories.ts @@ -6,11 +6,13 @@ import { CloudSourceRepositoriesClient } from '../client'; import { CloudSourceRepositoriesEntitiesSpec, CloudSourceRepositoriesStepsSpec, + IngestionSources, } from '../constants'; import { createRepositoryEntity } from '../converters'; export const fetchCloudSourceRepositoriesStep: GoogleCloudIntegrationStep = { ...CloudSourceRepositoriesStepsSpec.FETCH_REPOSITORIES, + ingestionSourceId: IngestionSources.CLOUD_SOURCE_REPOSITORIES, entities: [CloudSourceRepositoriesEntitiesSpec.REPOSITORY], relationships: [], executionHandler: async function ( diff --git a/src/steps/compute/constants.ts b/src/steps/compute/constants.ts index e3ce1751..fed08bd6 100644 --- a/src/steps/compute/constants.ts +++ b/src/steps/compute/constants.ts @@ -228,3 +228,177 @@ export const RELATIONSHIP_TYPE_TARGET_SSL_PROXY_HAS_SSL_POLICY = // Mapped relationships export const MAPPED_RELATIONSHIP_FIREWALL_RULE_TYPE = 'google_cloud_firewall_rule'; + +export const IngestionSources = { + COMPUTE_NETWORKS: 'compute-networks', + COMPUTE_ADDRESSES: 'compute-addresses', + COMPUTE_GLOBAL_ADDRESSES: 'compute-global-addresses', + COMPUTE_FORWARDING_RULES: 'compute-forwarding-rules', + COMPUTE_GLOBAL_FORWARDING_RULES: 'compute-global-forwarding-rules', + COMPUTE_FIREWALLS: 'compute-firewalls', + COMPUTE_SUBNETWORKS: 'compute-subnetworks', + COMPUTE_DISKS: 'compute-disks', + COMPUTE_REGION_DISKS: 'compute-region-disks', + COMPUTE_SNAPSHOTS: 'compute-snapshots', + COMPUTE_IMAGES: 'compute-images', + COMPUTE_INSTANCES: 'compute-instances', + COMPUTE_PROJECT: 'compute-project', + COMPUTE_HEALTH_CHECKS: 'compute-health-checks', + COMPUTE_REGION_HEALTH_CHECKS: 'compute-region-health-checks', + COMPUTE_REGION_INSTANCE_GROUPS: 'compute-region-instance-groups', + COMPUTE_INSTANCE_GROUPS: 'compute-instance-groups', + COMPUTE_LOADBALANCERS: 'compute-loadbalancers', + COMPUTE_REGION_LOADBALANCERS: 'compute-region-loadbalancers', + COMPUTE_BACKEND_SERVICES: 'compute-backend-services', + COMPUTE_REGION_BACKEND_SERVICES: 'compute-region-backend-services', + COMPUTE_BACKEND_BUCKETS: 'compute-backend-buckets', + COMPUTE_TARGET_SSL_PROXIES: 'compute-target-ssl-proxies', + COMPUTE_TARGET_HTTPS_PROXIES: 'compute-target-https-proxies', + COMPUTE_REGION_TARGET_HTTPS_PROXIES: 'compute-region-target-https-proxies', + COMPUTE_TARGET_HTTP_PROXIES: 'compute-target-http-proxies', + COMPUTE_REGION_TARGET_HTTP_PROXIES: 'compute-region-target-http-proxies', + COMPUTE_SSL_POLICIES: 'compute-ssl-policies', +}; + +export const ComputeIngestionConfig = { + [IngestionSources.COMPUTE_NETWORKS]: { + title: 'Google Compute Engine Networks', + description: 'Virtual networks for GCP resources.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_ADDRESSES]: { + title: 'Google Compute Engine Addresses', + description: 'Static IP addresses for compute instances.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_GLOBAL_ADDRESSES]: { + title: 'Google Compute Global Addresses', + description: 'Global static IP addresses.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_FORWARDING_RULES]: { + title: 'Google Compute Forwarding Rules', + description: 'Rules for routing network traffic.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_GLOBAL_FORWARDING_RULES]: { + title: 'Google Compute Global Forwarding Rules', + description: 'Global traffic routing rules.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_FIREWALLS]: { + title: 'Google Compute Firewalls', + description: 'Firewall rules for network security.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_SUBNETWORKS]: { + title: 'Google Compute Subnetworks', + description: 'Subsections of Compute Engine networks.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_DISKS]: { + title: 'Google Compute Engine Disks', + description: 'Persistent disks for VM instances.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_DISKS]: { + title: 'Google Compute Region Disks', + description: 'Regional persistent disks.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_SNAPSHOTS]: { + title: 'Google Compute Engine Snapshots', + description: 'Snapshots for backing up disks.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_IMAGES]: { + title: 'Google Compute Engine Images', + description: 'Custom OS images for VMs.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_INSTANCES]: { + title: 'Google Compute Engine Instances', + description: 'Virtual machine instances in GCP.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_PROJECT]: { + title: 'Google Compute Engine Project', + description: 'Project-wide compute settings.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_HEALTH_CHECKS]: { + title: 'Google Compute Health Checks', + description: 'Monitoring for compute instance health.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_HEALTH_CHECKS]: { + title: 'Google Compute Regional Health Checks', + description: 'Regional health monitoring checks.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_INSTANCE_GROUPS]: { + title: 'Google Compute Instance Groups', + description: 'VM instance groups.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_INSTANCE_GROUPS]: { + title: 'Google Compute Region Instance Groups', + description: 'Regional VM instance groups.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_LOADBALANCERS]: { + title: 'Google Compute Load Balancers', + description: 'Distribute network or application traffic.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_LOADBALANCERS]: { + title: 'Google Compute Regional Load Balancers', + description: 'Regional load balancing solutions.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_BACKEND_SERVICES]: { + title: 'Google Compute Backend Services', + description: 'Backend services for load balancing.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_BACKEND_SERVICES]: { + title: 'Google Compute Regional Backend Services', + description: 'Regional backend services for traffic mgmt.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_BACKEND_BUCKETS]: { + title: 'Google Compute Backend Buckets', + description: 'Buckets as backends for load balancing.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_TARGET_SSL_PROXIES]: { + title: 'Google Compute Target SSL Proxies', + description: 'SSL proxies for secure network traffic.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_TARGET_HTTPS_PROXIES]: { + title: 'Google Compute Target HTTPS Proxies', + description: 'HTTPS proxy layers for secure traffic.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_TARGET_HTTPS_PROXIES]: { + title: 'Google Compute Regional Target HTTPS Proxies', + description: 'Regional HTTPS proxies for traffic mgmt.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_TARGET_HTTP_PROXIES]: { + title: 'Google Compute Target HTTP Proxies', + description: 'HTTP proxies for network traffic mgmt.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_REGION_TARGET_HTTP_PROXIES]: { + title: 'Google Compute Regional Target HTTP Proxies', + description: 'Regional HTTP proxies for load balancing.', + defaultsToDisabled: false, + }, + [IngestionSources.COMPUTE_SSL_POLICIES]: { + title: 'Google Compute SSL Policies', + description: 'SSL policies for secure network connections.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/compute/index.ts b/src/steps/compute/index.ts index 6f8e03a8..59d4146f 100644 --- a/src/steps/compute/index.ts +++ b/src/steps/compute/index.ts @@ -170,6 +170,7 @@ import { STEP_COMPUTE_DISK_KMS_RELATIONSHIPS, STEP_CREATE_COMPUTE_BACKEND_BUCKET_BUCKET_RELATIONSHIPS, STEP_COMPUTE_IMAGE_KMS_RELATIONSHIPS, + IngestionSources, } from './constants'; import { compute_v1, osconfig_v1 } from 'googleapis'; import { INTERNET, RelationshipClass } from '@jupiterone/data-model'; @@ -1923,6 +1924,7 @@ export async function fetchComputeSslPolicies( export const computeSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_COMPUTE_NETWORKS, + ingestionSourceId: IngestionSources.COMPUTE_NETWORKS, name: 'Compute Networks', entities: [ { @@ -1953,6 +1955,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_ADDRESSES, + ingestionSourceId: IngestionSources.COMPUTE_ADDRESSES, name: 'Compute Addresses', entities: [ { @@ -1999,6 +2002,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_GLOBAL_ADDRESSES, + ingestionSourceId: IngestionSources.COMPUTE_GLOBAL_ADDRESSES, name: 'Compute Global Addresses', entities: [ { @@ -2028,6 +2032,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_FORWARDING_RULES, + ingestionSourceId: IngestionSources.COMPUTE_FORWARDING_RULES, name: 'Compute Forwarding Rules', entities: [ { @@ -2084,6 +2089,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_GLOBAL_FORWARDING_RULES, + ingestionSourceId: IngestionSources.COMPUTE_GLOBAL_FORWARDING_RULES, name: 'Compute Global Forwarding Rules', entities: [ { @@ -2142,6 +2148,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_FIREWALLS, + ingestionSourceId: IngestionSources.COMPUTE_FIREWALLS, name: 'Compute Firewalls', entities: [ { @@ -2177,6 +2184,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_SUBNETWORKS, + ingestionSourceId: IngestionSources.COMPUTE_SUBNETWORKS, name: 'Compute Subnetworks', entities: [ { @@ -2201,6 +2209,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_DISKS, + ingestionSourceId: IngestionSources.COMPUTE_DISKS, name: 'Compute Disks', entities: [ { @@ -2254,6 +2263,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_DISKS, + ingestionSourceId: IngestionSources.COMPUTE_REGION_DISKS, name: 'Compute Region Disks', entities: [ { @@ -2270,6 +2280,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_SNAPSHOTS, + ingestionSourceId: IngestionSources.COMPUTE_SNAPSHOTS, name: 'Compute Snapshots', entities: [ { @@ -2301,6 +2312,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_IMAGES, + ingestionSourceId: IngestionSources.COMPUTE_IMAGES, name: 'Compute Images', entities: [ { @@ -2354,6 +2366,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_INSTANCES, + ingestionSourceId: IngestionSources.COMPUTE_INSTANCES, name: 'Compute Instances', entities: [ { @@ -2410,6 +2423,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_PROJECT, + ingestionSourceId: IngestionSources.COMPUTE_PROJECT, name: 'Compute Project', entities: [ { @@ -2433,6 +2447,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_HEALTH_CHECKS, + ingestionSourceId: IngestionSources.COMPUTE_HEALTH_CHECKS, name: 'Compute Health Checks', entities: [ { @@ -2449,6 +2464,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_HEALTH_CHECKS, + ingestionSourceId: IngestionSources.COMPUTE_REGION_HEALTH_CHECKS, name: 'Compute Region Health Checks', entities: [ { @@ -2465,6 +2481,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_INSTANCE_GROUPS, + ingestionSourceId: IngestionSources.COMPUTE_REGION_INSTANCE_GROUPS, name: 'Compute Region Instance Groups', entities: [ { @@ -2493,6 +2510,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_INSTANCE_GROUPS, + ingestionSourceId: IngestionSources.COMPUTE_INSTANCE_GROUPS, name: 'Compute Instance Groups', entities: [ { @@ -2521,6 +2539,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_LOADBALANCERS, + ingestionSourceId: IngestionSources.COMPUTE_LOADBALANCERS, name: 'Compute Load Balancers', entities: [ { @@ -2550,6 +2569,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_LOADBALANCERS, + ingestionSourceId: IngestionSources.COMPUTE_REGION_LOADBALANCERS, name: 'Compute Region Load Balancers', entities: [ { @@ -2573,6 +2593,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_BACKEND_SERVICES, + ingestionSourceId: IngestionSources.COMPUTE_BACKEND_SERVICES, name: 'Compute Backend Services', entities: [ { @@ -2602,6 +2623,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_BACKEND_SERVICES, + ingestionSourceId: IngestionSources.COMPUTE_REGION_BACKEND_SERVICES, name: 'Compute Region Backend Services', entities: [ { @@ -2634,6 +2656,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_BACKEND_BUCKETS, + ingestionSourceId: IngestionSources.COMPUTE_BACKEND_BUCKETS, name: 'Compute Backend Buckets', entities: [ { @@ -2668,6 +2691,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_TARGET_SSL_PROXIES, + ingestionSourceId: IngestionSources.COMPUTE_TARGET_SSL_PROXIES, name: 'Compute Target SSL Proxies', entities: [ { @@ -2691,6 +2715,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_TARGET_HTTPS_PROXIES, + ingestionSourceId: IngestionSources.COMPUTE_TARGET_HTTPS_PROXIES, name: 'Compute Target HTTPS Proxies', entities: [ { @@ -2714,6 +2739,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_TARGET_HTTPS_PROXIES, + ingestionSourceId: IngestionSources.COMPUTE_REGION_TARGET_HTTPS_PROXIES, name: 'Compute Region Target HTTPS Proxies', entities: [ { @@ -2737,6 +2763,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_TARGET_HTTP_PROXIES, + ingestionSourceId: IngestionSources.COMPUTE_TARGET_HTTP_PROXIES, name: 'Compute Target HTTP Proxies', entities: [ { @@ -2760,6 +2787,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_REGION_TARGET_HTTP_PROXIES, + ingestionSourceId: IngestionSources.COMPUTE_REGION_TARGET_HTTP_PROXIES, name: 'Compute Region Target HTTP Proxies', entities: [ { @@ -2783,6 +2811,7 @@ export const computeSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_COMPUTE_SSL_POLICIES, + ingestionSourceId: IngestionSources.COMPUTE_SSL_POLICIES, name: 'Compute SSL Policies', entities: [ { diff --git a/src/steps/containers/constants.ts b/src/steps/containers/constants.ts index f607c2f6..0fa3d91c 100644 --- a/src/steps/containers/constants.ts +++ b/src/steps/containers/constants.ts @@ -11,3 +11,15 @@ export const RELATIONSHIP_TYPE_CONTAINER_CLUSTER_HAS_NODE_POOL = export const RELATIONSHIP_TYPE_CONTAINER_NODE_POOL_HAS_INSTANCE_GROUP = 'google_container_node_pool_has_compute_instance_group'; + +export const IngestionSources = { + CONTAINER_CLUSTERS: 'container-clusters', +}; + +export const ContainersIngestionConfig = { + [IngestionSources.CONTAINER_CLUSTERS]: { + title: 'Google Kubernetes Engine Clusters', + description: 'Container clusters for app deployment.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/containers/index.ts b/src/steps/containers/index.ts index 69395651..f8fb3a09 100644 --- a/src/steps/containers/index.ts +++ b/src/steps/containers/index.ts @@ -19,6 +19,7 @@ import { RELATIONSHIP_TYPE_CONTAINER_CLUSTER_HAS_NODE_POOL, CONTAINER_NODE_POOL_ENTITY_CLASS, RELATIONSHIP_TYPE_CONTAINER_NODE_POOL_HAS_INSTANCE_GROUP, + IngestionSources, } from './constants'; import { createContainerClusterEntity, @@ -102,6 +103,7 @@ export async function fetchContainerClusters( export const containerSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_CONTAINER_CLUSTERS, + ingestionSourceId: IngestionSources.CONTAINER_CLUSTERS, name: 'Container Clusters', entities: [ { diff --git a/src/steps/dataproc/constants.ts b/src/steps/dataproc/constants.ts index c894ddd4..d351ea56 100644 --- a/src/steps/dataproc/constants.ts +++ b/src/steps/dataproc/constants.ts @@ -16,3 +16,15 @@ export const RELATIONSHIP_TYPE_DATAPROC_CLUSTER_USES_STORAGE_BUCKET = 'google_dataproc_cluster_uses_storage_bucket'; export const RELATIONSHIP_TYPE_DATAPROC_CLUSTER_USES_COMPUTE_IMAGE = 'google_dataproc_cluster_uses_compute_image'; + +export const IngestionSources = { + DATAPROC_CLUSTERS: 'dataproc-clusters', +}; + +export const DataprocIngestionConfig = { + [IngestionSources.DATAPROC_CLUSTERS]: { + title: 'Google Dataproc Clusters', + description: 'Managed Hadoop and Spark clusters.', + defaultsToDisabled: true, + }, +}; diff --git a/src/steps/dataproc/index.ts b/src/steps/dataproc/index.ts index 385b6fb2..5ece12f4 100644 --- a/src/steps/dataproc/index.ts +++ b/src/steps/dataproc/index.ts @@ -26,6 +26,7 @@ import { STEP_CREATE_CLUSTER_IMAGE_RELATIONSHIPS, STEP_DATAPROC_CLUSTERS, STEP_DATAPROC_CLUSTER_KMS_RELATIONSHIPS, + IngestionSources, } from './constants'; import { createDataprocClusterEntity } from './converters'; @@ -189,6 +190,7 @@ export async function createClusterStorageRelationships( export const dataprocSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_DATAPROC_CLUSTERS, + ingestionSourceId: IngestionSources.DATAPROC_CLUSTERS, name: 'Dataproc Clusters', entities: [ { diff --git a/src/steps/dns/constants.ts b/src/steps/dns/constants.ts index 2c01fb35..5cbafceb 100644 --- a/src/steps/dns/constants.ts +++ b/src/steps/dns/constants.ts @@ -9,3 +9,21 @@ export const DNS_POLICY_ENTITY_TYPE = 'google_dns_policy'; export const RELATIONSHIP_TYPE_COMPUTE_NETWORK_HAS_DNS_POLICY = 'google_compute_network_has_dns_policy'; + +export const IngestionSources = { + DNS_MANAGED_ZONES: 'dns-managed-zones', + DNS_POLICIES: 'dns-policies', +}; + +export const DnsIngestionConfig = { + [IngestionSources.DNS_MANAGED_ZONES]: { + title: 'Google DNS Managed Zones', + description: 'Managed domains for DNS services.', + defaultsToDisabled: false, + }, + [IngestionSources.DNS_POLICIES]: { + title: 'Google DNS Policies', + description: 'Policies for managing DNS traffic.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/dns/index.ts b/src/steps/dns/index.ts index dfceaacf..8901f107 100644 --- a/src/steps/dns/index.ts +++ b/src/steps/dns/index.ts @@ -16,6 +16,7 @@ import { RELATIONSHIP_TYPE_COMPUTE_NETWORK_HAS_DNS_POLICY, STEP_DNS_MANAGED_ZONES, STEP_DNS_POLICIES, + IngestionSources, } from './constants'; import { createDNSManagedZoneEntity, @@ -78,6 +79,7 @@ export async function fetchDNSPolicies( export const dnsManagedZonesSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_DNS_MANAGED_ZONES, + ingestionSourceId: IngestionSources.DNS_MANAGED_ZONES, name: 'DNS Managed Zones', entities: [ { @@ -94,6 +96,7 @@ export const dnsManagedZonesSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_DNS_POLICIES, + ingestionSourceId: IngestionSources.DNS_POLICIES, name: 'DNS Policies', entities: [ { diff --git a/src/steps/functions/constants.ts b/src/steps/functions/constants.ts index c30aea17..bf58cf29 100644 --- a/src/steps/functions/constants.ts +++ b/src/steps/functions/constants.ts @@ -61,3 +61,15 @@ export const FunctionsRelationshipsSpec = { targetType: StorageEntitiesSpec.STORAGE_BUCKET._type, }, }; + +export const IngestionSources = { + FUNCTIONS: 'functions', +}; + +export const FunctionsIngestionConfig = { + [IngestionSources.FUNCTIONS]: { + title: 'Google Cloud Functions', + description: 'Event-driven serverless functions.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/functions/index.ts b/src/steps/functions/index.ts index bbca1378..fcd936a1 100644 --- a/src/steps/functions/index.ts +++ b/src/steps/functions/index.ts @@ -14,6 +14,7 @@ import { FunctionEntitiesSpec, FunctionsRelationshipsSpec, FunctionStepsSpec, + IngestionSources, } from './constants'; import { CloudSourceRepositoriesStepsSpec } from '../cloud-source-repositories/constants'; import { cloudfunctions_v1 } from 'googleapis'; @@ -153,6 +154,7 @@ export async function buildCloudFunctionStorageBucketRelationships( export const functionsSteps: GoogleCloudIntegrationStep[] = [ { id: FunctionStepsSpec.FETCH_CLOUD_FUNCTIONS.id, + ingestionSourceId: IngestionSources.FUNCTIONS, name: FunctionStepsSpec.FETCH_CLOUD_FUNCTIONS.name, dependsOn: [], entities: [FunctionEntitiesSpec.CLOUD_FUNCTION], diff --git a/src/steps/iam/constants.ts b/src/steps/iam/constants.ts index 6b8a6725..8e9d3fba 100644 --- a/src/steps/iam/constants.ts +++ b/src/steps/iam/constants.ts @@ -25,3 +25,27 @@ export const EVERYONE_TYPE = 'everyone'; export const API_SERVICE_HAS_IAM_ROLE_RELATIONSHIP_TYPE = 'google_cloud_api_service_has_iam_role'; + +export const IngestionSources = { + IAM_CUSTOM_ROLES: 'iam-custom-roles', + IAM_MANAGED_ROLES: 'iam-managed-roles', + IAM_SERVICE_ACCOUNTS: 'iam-service-accounts', +}; + +export const IamIngestionConfig = { + [IngestionSources.IAM_CUSTOM_ROLES]: { + title: 'Google IAM Custom Roles', + description: 'Customizable access roles in GCP.', + defaultsToDisabled: false, + }, + [IngestionSources.IAM_MANAGED_ROLES]: { + title: 'Google IAM Managed Roles', + description: 'Google managed access roles in GCP.', + defaultsToDisabled: false, + }, + [IngestionSources.IAM_SERVICE_ACCOUNTS]: { + title: 'Google IAM Service Accounts', + description: 'Accounts for service authentication.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/iam/index.ts b/src/steps/iam/index.ts index 815efed1..56f502a5 100644 --- a/src/steps/iam/index.ts +++ b/src/steps/iam/index.ts @@ -27,6 +27,7 @@ import { STEP_IAM_MANAGED_ROLES, API_SERVICE_HAS_IAM_ROLE_RELATIONSHIP_TYPE, STEP_IAM_CUSTOM_ROLE_SERVICE_API_RELATIONSHIPS, + IngestionSources, } from './constants'; import { RelationshipClass } from '@jupiterone/data-model'; import { iam_v1 } from 'googleapis'; @@ -233,6 +234,7 @@ export async function fetchIamServiceAccounts( export const iamSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_IAM_CUSTOM_ROLES, + ingestionSourceId: IngestionSources.IAM_CUSTOM_ROLES, name: 'Identity and Access Management (IAM) Custom Roles', entities: [ { @@ -264,6 +266,7 @@ export const iamSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_IAM_MANAGED_ROLES, + ingestionSourceId: IngestionSources.IAM_MANAGED_ROLES, name: 'Identity and Access Management (IAM) Managed Roles', entities: [], relationships: [], @@ -273,6 +276,7 @@ export const iamSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_IAM_SERVICE_ACCOUNTS, + ingestionSourceId: IngestionSources.IAM_SERVICE_ACCOUNTS, name: 'Identity and Access Management (IAM) Service Accounts', entities: [ { diff --git a/src/steps/kms/constants.ts b/src/steps/kms/constants.ts index c8e440fb..4795b99b 100644 --- a/src/steps/kms/constants.ts +++ b/src/steps/kms/constants.ts @@ -67,3 +67,21 @@ export const KMS_SERVICE_LOCATIONS: string[] = [ 'us-west3', 'us-west4', ]; + +export const IngestionSources = { + CLOUD_KMS_KEY_RINGS: 'cloud-kms-key-rings', + CLOUD_KMS_KEYS: 'cloud-kms-keys', +}; + +export const KmsIngestionConfig = { + [IngestionSources.CLOUD_KMS_KEY_RINGS]: { + title: 'Google Cloud KMS Key Rings', + description: 'Groups for organizing cryptographic keys.', + defaultsToDisabled: false, + }, + [IngestionSources.CLOUD_KMS_KEYS]: { + title: 'Google Cloud KMS Keys', + description: 'Cryptographic keys for data protection.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/kms/index.ts b/src/steps/kms/index.ts index 375d048f..e54cbc8c 100644 --- a/src/steps/kms/index.ts +++ b/src/steps/kms/index.ts @@ -15,6 +15,7 @@ import { RELATIONSHIP_TYPE_KMS_KEY_RING_HAS_KMS_KEY, STEP_CLOUD_KMS_KEYS, STEP_CLOUD_KMS_KEY_RINGS, + IngestionSources, } from './constants'; import { createKmsKeyRingEntity, createKmsCryptoKeyEntity } from './converters'; @@ -98,6 +99,7 @@ export async function fetchKmsCryptoKeys( export const kmsSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_CLOUD_KMS_KEY_RINGS, + ingestionSourceId: IngestionSources.CLOUD_KMS_KEY_RINGS, name: 'KMS Key Rings', entities: [ { @@ -113,6 +115,7 @@ export const kmsSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_CLOUD_KMS_KEYS, + ingestionSourceId: IngestionSources.CLOUD_KMS_KEYS, name: 'KMS Crypto Keys', entities: [ { diff --git a/src/steps/logging/constants.ts b/src/steps/logging/constants.ts index 814d4645..5bec21cf 100644 --- a/src/steps/logging/constants.ts +++ b/src/steps/logging/constants.ts @@ -14,3 +14,21 @@ export const RELATIONSHIP_TYPE_PROJECT_SINK_USES_STORAGE_BUCKET = export const RELATIONSHIP_TYPE_METRIC_HAS_ALERT_POLICY = 'google_logging_metric_has_monitoring_alert_policy'; + +export const IngestionSources = { + LOGGING_PROJECT_SINKS: 'logging-project-sinks', + LOGGING_METRICS: 'logging-metrics', +}; + +export const LoggingIngestionConfig = { + [IngestionSources.LOGGING_PROJECT_SINKS]: { + title: 'Google Logging Project Sinks', + description: 'Destinations for log entries export.', + defaultsToDisabled: true, + }, + [IngestionSources.LOGGING_METRICS]: { + title: 'Google Logging Metrics', + description: 'Custom metrics from log data.', + defaultsToDisabled: true, + }, +}; diff --git a/src/steps/logging/index.ts b/src/steps/logging/index.ts index 83b7ec68..a8d1744c 100644 --- a/src/steps/logging/index.ts +++ b/src/steps/logging/index.ts @@ -18,6 +18,7 @@ import { RELATIONSHIP_TYPE_PROJECT_SINK_USES_STORAGE_BUCKET, RELATIONSHIP_TYPE_METRIC_HAS_ALERT_POLICY, STEP_CREATE_LOGGING_PROJECT_SINK_BUCKET_RELATIONSHIPS, + IngestionSources, } from './constants'; import { createLoggingProjectSinkEntity, @@ -125,8 +126,8 @@ export async function fetchMetrics( if (alertPolicyEntity) { // Check if alertPolicy exists for this particular metric if ( - (alertPolicyEntity.conditionFilters as string[]).find((condition) => - condition?.includes(metricEntity.name as string), + (alertPolicyEntity.conditionFilters as string[]).find( + (condition) => condition?.includes(metricEntity.name as string), ) ) { await jobState.addRelationship( @@ -146,6 +147,7 @@ export async function fetchMetrics( export const loggingSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_LOGGING_PROJECT_SINKS, + ingestionSourceId: IngestionSources.LOGGING_PROJECT_SINKS, name: 'Logging Project Sinks', entities: [ { @@ -180,6 +182,7 @@ export const loggingSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_LOGGING_METRICS, + ingestionSourceId: IngestionSources.LOGGING_METRICS, name: 'Logging Metrics', entities: [ { diff --git a/src/steps/memcache/constants.ts b/src/steps/memcache/constants.ts index 731c33d4..596fa20a 100644 --- a/src/steps/memcache/constants.ts +++ b/src/steps/memcache/constants.ts @@ -21,3 +21,15 @@ export const RELATIONSHIP_TYPE_MEMCACHE_INSTANCE_USES_NETWORK = 'google_memcache_instance_uses_compute_network'; export const RELATIONSHIP_TYPE_MEMCACHE_INSTANCE_HAS_NODE = 'google_memcache_instance_has_node'; + +export const IngestionSources = { + MEMCACHE_INSTANCES: 'memcache-instances', +}; + +export const MemcacheIngestionConfig = { + [IngestionSources.MEMCACHE_INSTANCES]: { + title: 'Google Memcache Instances', + description: 'In-memory data cache in GCP.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/memcache/index.ts b/src/steps/memcache/index.ts index 3e3982a0..14741178 100644 --- a/src/steps/memcache/index.ts +++ b/src/steps/memcache/index.ts @@ -19,6 +19,7 @@ import { RELATIONSHIP_TYPE_MEMCACHE_INSTANCE_USES_NETWORK, RELATIONSHIP_TYPE_MEMCACHE_INSTANCE_HAS_NODE, STEP_CREATE_MEMCACHE_INSTANCE_NETWORK_RELATIONSHIPS, + IngestionSources, } from './constants'; import { createMemcacheInstanceEntity, @@ -110,6 +111,7 @@ export async function buildMemcacheInstancesUsesNetworkRelationships( export const memcacheSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_MEMCACHE_INSTANCES, + ingestionSourceId: IngestionSources.MEMCACHE_INSTANCES, name: 'Memcache Instances', entities: [ { diff --git a/src/steps/monitoring/constants.ts b/src/steps/monitoring/constants.ts index b1f2a4cf..f57d95a0 100644 --- a/src/steps/monitoring/constants.ts +++ b/src/steps/monitoring/constants.ts @@ -2,3 +2,15 @@ export const STEP_MONITORING_ALERT_POLICIES = 'fetch-monitoring-alert-policies'; export const MONITORING_ALERT_POLICY_CLASS = 'Policy'; export const MONITORING_ALERT_POLICY_TYPE = 'google_monitoring_alert_policy'; + +export const IngestionSources = { + MONITORING_ALERT_POLICIES: 'monitoring-alert-policies', +}; + +export const MonitoringIngestionConfig = { + [IngestionSources.MONITORING_ALERT_POLICIES]: { + title: 'Google Monitoring Alert Policies', + description: 'Alert policies for GCP resources.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/monitoring/index.ts b/src/steps/monitoring/index.ts index 3d8d7928..f3d19dcc 100644 --- a/src/steps/monitoring/index.ts +++ b/src/steps/monitoring/index.ts @@ -8,6 +8,7 @@ import { MONITORING_ALERT_POLICY_CLASS, MONITORING_ALERT_POLICY_TYPE, STEP_MONITORING_ALERT_POLICIES, + IngestionSources, } from './constants'; import { createAlertPolicyEntity } from './converters'; @@ -44,6 +45,7 @@ export async function fetchAlertPolicies( export const monitoringSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_MONITORING_ALERT_POLICIES, + ingestionSourceId: IngestionSources.MONITORING_ALERT_POLICIES, name: 'Monitoring Alert Policies', entities: [ { diff --git a/src/steps/privateca/constants.ts b/src/steps/privateca/constants.ts index 4ca8ea9c..6a0e583e 100644 --- a/src/steps/privateca/constants.ts +++ b/src/steps/privateca/constants.ts @@ -58,3 +58,27 @@ export const PrivatecaRelationships = { targetType: PrivatecaEntities.PRIVATE_CA_CERTIFICATE._type, }, }; + +export const IngestionSources = { + PRIVATE_CA_POOLS: 'private-ca-pools', + PRIVATE_CA_CERTIFICATES: 'private-ca-certificates', + PRIVATE_CA_CERTIFICATE_AUTHORITIES: 'private-ca-certificate-authorities', +}; + +export const PrivatecaIngestionConfig = { + [IngestionSources.PRIVATE_CA_POOLS]: { + title: 'Google Private CA Pools', + description: 'Certificate pools for private CAs.', + defaultsToDisabled: false, + }, + [IngestionSources.PRIVATE_CA_CERTIFICATES]: { + title: 'Google Private CA Certificates', + description: 'Certificates from private CAs.', + defaultsToDisabled: false, + }, + [IngestionSources.PRIVATE_CA_CERTIFICATE_AUTHORITIES]: { + title: 'Google Private CA Authorities', + description: 'Certificate authorities in private CAs.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/privateca/steps/fetchAuthorityCertificates.ts b/src/steps/privateca/steps/fetchAuthorityCertificates.ts index 31ebec19..755f6056 100644 --- a/src/steps/privateca/steps/fetchAuthorityCertificates.ts +++ b/src/steps/privateca/steps/fetchAuthorityCertificates.ts @@ -12,6 +12,7 @@ import { PrivatecaEntities, PrivatecaRelationships, PrivatecaSteps, + IngestionSources, } from '../constants'; import { createCertificateEntity } from '../converters'; import { privateca_v1 } from 'googleapis'; @@ -115,6 +116,7 @@ async function buildCertificateAuthorityBucketRelationships( export const fetchAuthorityCertificatesStepMap: GoogleCloudIntegrationStep = { id: PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATES.id, + ingestionSourceId: IngestionSources.PRIVATE_CA_CERTIFICATES, name: PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATES.name, entities: [PrivatecaEntities.PRIVATE_CA_CERTIFICATE], relationships: [ diff --git a/src/steps/privateca/steps/fetchCaPools.ts b/src/steps/privateca/steps/fetchCaPools.ts index 729bc84a..a06247b5 100644 --- a/src/steps/privateca/steps/fetchCaPools.ts +++ b/src/steps/privateca/steps/fetchCaPools.ts @@ -3,7 +3,11 @@ import { IntegrationStepContext, } from '../../../types'; import { PrivateCaClient } from '../client'; -import { PrivatecaEntities, PrivatecaSteps } from '../constants'; +import { + PrivatecaEntities, + PrivatecaSteps, + IngestionSources, +} from '../constants'; import { createCaPoolEntity } from '../converters'; export async function fetchCaPools( @@ -24,6 +28,7 @@ export async function fetchCaPools( export const fetchCaPoolsStepMap: GoogleCloudIntegrationStep = { id: PrivatecaSteps.STEP_PRIVATE_CA_POOLS.id, + ingestionSourceId: IngestionSources.PRIVATE_CA_POOLS, name: PrivatecaSteps.STEP_PRIVATE_CA_POOLS.name, entities: [PrivatecaEntities.PRIVATE_CA_POOL], relationships: [], diff --git a/src/steps/privateca/steps/fetchCertificateAuthorities.ts b/src/steps/privateca/steps/fetchCertificateAuthorities.ts index f546761a..a5f3b3b3 100644 --- a/src/steps/privateca/steps/fetchCertificateAuthorities.ts +++ b/src/steps/privateca/steps/fetchCertificateAuthorities.ts @@ -8,6 +8,7 @@ import { PrivatecaEntities, PrivatecaRelationships, PrivatecaSteps, + IngestionSources, } from '../constants'; import { createCertificateAuthorityEntity } from '../converters'; import { isMemberPublic } from '../../../utils/iam'; @@ -93,6 +94,7 @@ async function fetchCertificateAuthorities( export const fetchCertificateAuthoritiesStepMap: GoogleCloudIntegrationStep = { id: PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES.id, + ingestionSourceId: IngestionSources.PRIVATE_CA_CERTIFICATE_AUTHORITIES, name: PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES.name, entities: [PrivatecaEntities.PRIVATE_CA_CERTIFICATE_AUTHORITY], relationships: [PrivatecaRelationships.PRIVATE_CA_POOL_CERTIFICATE_AUTHORITY], diff --git a/src/steps/pub-sub/constants.ts b/src/steps/pub-sub/constants.ts index 9d3746a6..08568922 100644 --- a/src/steps/pub-sub/constants.ts +++ b/src/steps/pub-sub/constants.ts @@ -14,3 +14,21 @@ export const RELATIONSHIP_TYPE_PUBSUB_TOPIC_USES_KMS_KEY = export const RELATIONSHIP_TYPE_PUBSUB_SUBSCRIPTION_USES_TOPIC = 'google_pubsub_subscription_uses_topic'; + +export const IngestionSources = { + PUBSUB_TOPICS: 'pubsub-topics', + PUBSUB_SUBSCRIPTIONS: 'pubsub-subscriptions', +}; + +export const PubSubIngestionConfig = { + [IngestionSources.PUBSUB_TOPICS]: { + title: 'Google Pub/Sub Topics', + description: 'Messaging topics for Pub/Sub.', + defaultsToDisabled: false, + }, + [IngestionSources.PUBSUB_SUBSCRIPTIONS]: { + title: 'Google Pub/Sub Subscriptions', + description: 'Subscriptions to Pub/Sub topics.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/pub-sub/index.ts b/src/steps/pub-sub/index.ts index 8e7840ae..45850c31 100644 --- a/src/steps/pub-sub/index.ts +++ b/src/steps/pub-sub/index.ts @@ -22,6 +22,7 @@ import { ENTITY_CLASS_PUBSUB_SUBSCRIPTION, ENTITY_TYPE_PUBSUB_SUBSCRIPTION, STEP_CREATE_PUBSUB_TOPIC_KMS_RELATIONSHIPS, + IngestionSources, } from './constants'; import { createPubSubSubscriptionEntity, @@ -169,6 +170,7 @@ export async function fetchPubSubSubscriptions( export const pubSubSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_PUBSUB_TOPICS, + ingestionSourceId: IngestionSources.PUBSUB_TOPICS, name: 'PubSub Topics', entities: [ { @@ -200,6 +202,7 @@ export const pubSubSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_PUBSUB_SUBSCRIPTIONS, + ingestionSourceId: IngestionSources.PUBSUB_SUBSCRIPTIONS, name: 'PubSub Subscriptions', entities: [ { diff --git a/src/steps/redis/constants.ts b/src/steps/redis/constants.ts index 5d8396dc..d7eb8d4b 100644 --- a/src/steps/redis/constants.ts +++ b/src/steps/redis/constants.ts @@ -7,3 +7,15 @@ export const ENTITY_CLASS_REDIS_INSTANCE = ['Database', 'DataStore', 'Host']; export const RELATIONSHIP_TYPE_REDIS_INSTANCE_USES_NETWORK = 'google_redis_instance_uses_compute_network'; + +export const IngestionSources = { + REDIS_INSTANCES: 'redis-instances', +}; + +export const RedisIngestionConfig = { + [IngestionSources.REDIS_INSTANCES]: { + title: 'Google Cloud Redis Instances', + description: 'Managed Redis in-memory data store.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/redis/index.ts b/src/steps/redis/index.ts index 0d766f87..566c335e 100644 --- a/src/steps/redis/index.ts +++ b/src/steps/redis/index.ts @@ -15,6 +15,7 @@ import { STEP_REDIS_INSTANCES, RELATIONSHIP_TYPE_REDIS_INSTANCE_USES_NETWORK, STEP_CREATE_REDIS_INSTANCE_NETWORK_RELATIONSHIPS, + IngestionSources, } from './constants'; import { ENTITY_TYPE_COMPUTE_NETWORK } from '../compute/constants'; import { createRedisInstanceEntity } from './converter'; @@ -84,6 +85,7 @@ export async function buildRedisInstanceUsesNetworkRelationships( export const redisSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_REDIS_INSTANCES, + ingestionSourceId: IngestionSources.REDIS_INSTANCES, name: 'Redis Instances', entities: [ { diff --git a/src/steps/resource-manager/constants.ts b/src/steps/resource-manager/constants.ts index 1078273b..49c9a04d 100644 --- a/src/steps/resource-manager/constants.ts +++ b/src/steps/resource-manager/constants.ts @@ -38,3 +38,36 @@ export const AUDIT_CONFIG_ALLOWS_GROUP_RELATIONSHIP_TYPE = 'google_cloud_audit_config_allows_group'; export const AUDIT_CONFIG_ALLOWS_DOMAIN_RELATIONSHIP_TYPE = 'google_cloud_audit_config_allows_domain'; + +export const IngestionSources = { + RESOURCE_MANAGER_ORGANIZATION: 'resource-manager-organization', + RESOURCE_MANAGER_FOLDERS: 'resource-manager-folders', + RESOURCE_MANAGER_PROJECT: 'resource-manager-project', + RESOURCE_MANAGER_AUDIT_CONFIG_IAM_POLICY: + 'resource-manager-audit-config-iam-policy', +}; + +export const ResourceManagerIngestionConfig = { + [IngestionSources.RESOURCE_MANAGER_ORGANIZATION]: { + title: 'GCP Resource Manager Organization', + description: 'Organizational resource management.', + defaultsToDisabled: false, + cannotBeDisabled: true, + }, + [IngestionSources.RESOURCE_MANAGER_FOLDERS]: { + title: 'GCP Resource Manager Folders', + description: 'Hierarchical organization of resources.', + defaultsToDisabled: false, + cannotBeDisabled: true, + }, + [IngestionSources.RESOURCE_MANAGER_PROJECT]: { + title: 'GCP Resource Manager Project', + description: 'Projects for resource organization.', + defaultsToDisabled: false, + }, + [IngestionSources.RESOURCE_MANAGER_AUDIT_CONFIG_IAM_POLICY]: { + title: 'GCP Audit Config IAM Policy', + description: 'Audit configurations for IAM policies.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/resource-manager/index.ts b/src/steps/resource-manager/index.ts index 59a0e764..7fcbfdda 100644 --- a/src/steps/resource-manager/index.ts +++ b/src/steps/resource-manager/index.ts @@ -37,6 +37,7 @@ import { AUDIT_CONFIG_ALLOWS_USER_RELATIONSHIP_TYPE, AUDIT_CONFIG_ALLOWS_GROUP_RELATIONSHIP_TYPE, AUDIT_CONFIG_ALLOWS_DOMAIN_RELATIONSHIP_TYPE, + IngestionSources, } from './constants'; import { IAM_SERVICE_ACCOUNT_ENTITY_TYPE, @@ -402,6 +403,7 @@ export function flattenAuditLogConfigs( export const resourceManagerSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_RESOURCE_MANAGER_ORGANIZATION, + ingestionSourceId: IngestionSources.RESOURCE_MANAGER_ORGANIZATION, name: 'Resource Manager Organization', entities: [ { @@ -418,6 +420,7 @@ export const resourceManagerSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_RESOURCE_MANAGER_FOLDERS, + ingestionSourceId: IngestionSources.RESOURCE_MANAGER_FOLDERS, name: 'Resource Manager Folders', entities: [ { @@ -473,6 +476,7 @@ export const resourceManagerSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_RESOURCE_MANAGER_PROJECT, + ingestionSourceId: IngestionSources.RESOURCE_MANAGER_PROJECT, name: 'Resource Manager Project', entities: [ { diff --git a/src/steps/secret-manager/constants.ts b/src/steps/secret-manager/constants.ts index be451dff..446a4eac 100644 --- a/src/steps/secret-manager/constants.ts +++ b/src/steps/secret-manager/constants.ts @@ -32,3 +32,21 @@ export const SecretManagerRelationships = { targetType: SecretManagerEntities.SECRET_VERSION._type, }, }; + +export const IngestionSources = { + SECRET_MANAGER_SECRETS: 'secret-manager-secrets', + SECRET_MANAGER_SECRET_VERSIONS: 'secret-manager-secret-versions', +}; + +export const SecretManagerIngestionConfig = { + [IngestionSources.SECRET_MANAGER_SECRETS]: { + title: 'Google Secret Manager Secrets', + description: 'Manage sensitive data securely.', + defaultsToDisabled: false, + }, + [IngestionSources.SECRET_MANAGER_SECRET_VERSIONS]: { + title: 'Google Secret Manager Versions', + description: 'Versioning for managed secrets.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/secret-manager/index.ts b/src/steps/secret-manager/index.ts index 240ce0a1..dd0ac891 100644 --- a/src/steps/secret-manager/index.ts +++ b/src/steps/secret-manager/index.ts @@ -13,6 +13,7 @@ import { SecretManagerEntities, SecretManagerRelationships, SecretManagerSteps, + IngestionSources, } from './constants'; import { createSecretEntity, createSecretVersionEntity } from './converters'; @@ -65,6 +66,7 @@ export async function fetchSecretVersions( export const secretManagerSteps: GoogleCloudIntegrationStep[] = [ { ...SecretManagerSteps.FETCH_SECRETS, + ingestionSourceId: IngestionSources.SECRET_MANAGER_SECRETS, entities: [SecretManagerEntities.SECRET], relationships: [], executionHandler: fetchSecrets, @@ -73,6 +75,7 @@ export const secretManagerSteps: GoogleCloudIntegrationStep[] = [ }, { ...SecretManagerSteps.FETCH_SECRET_VERSIONS, + ingestionSourceId: IngestionSources.SECRET_MANAGER_SECRET_VERSIONS, entities: [SecretManagerEntities.SECRET_VERSION], relationships: [SecretManagerRelationships.SECRET_HAS_VERSION], dependsOn: [SecretManagerSteps.FETCH_SECRETS.id], diff --git a/src/steps/service-usage/constants.ts b/src/steps/service-usage/constants.ts index 4ccb4dac..146ef0a8 100644 --- a/src/steps/service-usage/constants.ts +++ b/src/steps/service-usage/constants.ts @@ -43,3 +43,15 @@ export const ServiceUsageRelationships = { targetType: ServiceUsageEntities.API_SERVICE._type, }, }; + +export const IngestionSources = { + SERVICE_USAGE_API_SERVICES: 'service-usage-api-services', +}; + +export const ServiceUsageIngestionConfig = { + [IngestionSources.SERVICE_USAGE_API_SERVICES]: { + title: 'Google Service Usage APIs', + description: 'API management for GCP services.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/service-usage/index.ts b/src/steps/service-usage/index.ts index e6cf2067..600cf342 100644 --- a/src/steps/service-usage/index.ts +++ b/src/steps/service-usage/index.ts @@ -12,6 +12,7 @@ import { ServiceUsageStepIds, ServiceUsageEntities, ServiceUsageRelationships, + IngestionSources, } from './constants'; import { STEP_RESOURCE_MANAGER_PROJECT } from '../resource-manager'; import { getProjectEntity } from '../../utils/project'; @@ -108,6 +109,7 @@ export async function fetchApiServices( export const serviceUsageSteps: GoogleCloudIntegrationStep[] = [ { id: ServiceUsageStepIds.FETCH_API_SERVICES, + ingestionSourceId: IngestionSources.SERVICE_USAGE_API_SERVICES, name: 'API Services', entities: [ServiceUsageEntities.API_SERVICE], relationships: [ServiceUsageRelationships.PROJECT_HAS_API_SERVICE], diff --git a/src/steps/spanner/constants.ts b/src/steps/spanner/constants.ts index c9922cc0..b91ecc71 100644 --- a/src/steps/spanner/constants.ts +++ b/src/steps/spanner/constants.ts @@ -19,3 +19,27 @@ export const RELATIONSHIP_TYPE_SPANNER_INSTANCE_USES_CONFIG = 'google_spanner_instance_uses_config'; export const RELATIONSHIP_TYPE_SPANNER_INSTANCE_DATABASE_USES_KMS_KEY = 'google_spanner_database_uses_kms_crypto_key'; + +export const IngestionSources = { + SPANNER_INSTANCE_CONFIGS: 'spanner-instance-configs', + SPANNER_INSTANCES: 'spanner-instances', + SPANNER_INSTANCE_DATABASES: 'spanner-instance-databases', +}; + +export const SpannerIngestionConfig = { + [IngestionSources.SPANNER_INSTANCE_CONFIGS]: { + title: 'Google Spanner Instance Configs', + description: 'Configurations for Spanner instances.', + defaultsToDisabled: false, + }, + [IngestionSources.SPANNER_INSTANCES]: { + title: 'Google Spanner Instances', + description: 'Managed database instances in Spanner.', + defaultsToDisabled: false, + }, + [IngestionSources.SPANNER_INSTANCE_DATABASES]: { + title: 'Google Spanner Databases', + description: 'Databases within Spanner instances.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/spanner/index.ts b/src/steps/spanner/index.ts index 387a564c..579df159 100644 --- a/src/steps/spanner/index.ts +++ b/src/steps/spanner/index.ts @@ -27,6 +27,7 @@ import { RELATIONSHIP_TYPE_SPANNER_INSTANCE_HAS_DATABASE, RELATIONSHIP_TYPE_SPANNER_INSTANCE_USES_CONFIG, RELATIONSHIP_TYPE_SPANNER_INSTANCE_DATABASE_USES_KMS_KEY, + IngestionSources, } from './constants'; import { createSpannerInstanceConfiguration, @@ -182,6 +183,7 @@ export async function fetchSpannerInstanceDatabases( export const spannerSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_SPANNER_INSTANCE_CONFIGS, + ingestionSourceId: IngestionSources.SPANNER_INSTANCE_CONFIGS, name: 'Spanner Instance Configs', entities: [ { @@ -198,6 +200,7 @@ export const spannerSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_SPANNER_INSTANCES, + ingestionSourceId: IngestionSources.SPANNER_INSTANCES, name: 'Spanner Instances', entities: [ { @@ -221,6 +224,7 @@ export const spannerSteps: GoogleCloudIntegrationStep[] = [ }, { id: STEP_SPANNER_INSTANCE_DATABASES, + ingestionSourceId: IngestionSources.SPANNER_INSTANCE_DATABASES, name: 'Spanner Instance Databases', entities: [ { diff --git a/src/steps/sql-admin/constants.ts b/src/steps/sql-admin/constants.ts index ba30daf3..305d1130 100644 --- a/src/steps/sql-admin/constants.ts +++ b/src/steps/sql-admin/constants.ts @@ -28,3 +28,15 @@ export enum DATABASE_TYPE { POSTGRES = 'POSTGRES', SQL_SERVER = 'SQLSERVER', } + +export const IngestionSources = { + SQL_ADMIN_INSTANCES: 'sql-admin-instances', +}; + +export const SQLAdminIngestionConfig = { + [IngestionSources.SQL_ADMIN_INSTANCES]: { + title: 'Google SQL Admin Instances', + description: 'Managed SQL database instances.', + defaultsToDisabled: true, + }, +}; diff --git a/src/steps/sql-admin/index.ts b/src/steps/sql-admin/index.ts index 29a30dab..f4a1d1c2 100644 --- a/src/steps/sql-admin/index.ts +++ b/src/steps/sql-admin/index.ts @@ -31,6 +31,7 @@ import { SQL_MYSQL_INSTANCE_USES_KMS_KEY_RELATIONSHIP, SQL_SQL_INSTANCE_USES_KMS_KEY_RELATIONSHIP, SqlAdminSteps, + IngestionSources, } from './constants'; import { createMySQLInstanceEntity, @@ -159,6 +160,7 @@ export async function buildSqlAdminInstanceKmsKeyRelationships( export const sqlAdminSteps: GoogleCloudIntegrationStep[] = [ { id: STEP_SQL_ADMIN_INSTANCES, + ingestionSourceId: IngestionSources.SQL_ADMIN_INSTANCES, name: 'SQL Admin Instances', entities: [ { diff --git a/src/steps/storage/constants.ts b/src/steps/storage/constants.ts index 91c97c4d..188215ad 100644 --- a/src/steps/storage/constants.ts +++ b/src/steps/storage/constants.ts @@ -12,3 +12,15 @@ export const StorageEntitiesSpec = { _class: ['DataStore'], }, }; + +export const IngestionSources = { + STORAGE_BUCKETS: 'storage-buckets', +}; + +export const StorageIngestionConfig = { + [IngestionSources.STORAGE_BUCKETS]: { + title: 'Google Cloud Storage Buckets', + description: 'Object storage for large-scale data.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/storage/index.ts b/src/steps/storage/index.ts index a8699b56..b7cd6466 100644 --- a/src/steps/storage/index.ts +++ b/src/steps/storage/index.ts @@ -4,7 +4,11 @@ import { IntegrationStepContext, } from '../../types'; import { createCloudStorageBucketEntity } from './converters'; -import { StorageStepsSpec, StorageEntitiesSpec } from './constants'; +import { + StorageStepsSpec, + StorageEntitiesSpec, + IngestionSources, +} from './constants'; import { storage_v1 } from 'googleapis'; import { publishMissingPermissionEvent, @@ -225,6 +229,7 @@ export async function fetchStorageBuckets( export const storageSteps: GoogleCloudIntegrationStep[] = [ { id: StorageStepsSpec.FETCH_STORAGE_BUCKETS.id, + ingestionSourceId: IngestionSources.STORAGE_BUCKETS, name: StorageStepsSpec.FETCH_STORAGE_BUCKETS.name, entities: [StorageEntitiesSpec.STORAGE_BUCKET], relationships: [], diff --git a/src/steps/web-security-scanner/constants.ts b/src/steps/web-security-scanner/constants.ts index 551246f9..57799a6f 100644 --- a/src/steps/web-security-scanner/constants.ts +++ b/src/steps/web-security-scanner/constants.ts @@ -47,3 +47,21 @@ export const WebSecurityScannerRelationships = { targetType: WebSecurityScannerEntities.SCAN_RUN_FINDING._type, }, }; + +export const IngestionSources = { + WEB_SECURITY_SCANNER_CONFIGS: 'web-security-scanner-configs', + WEB_SECURITY_SCAN_RUNS: 'web-security-scan-runs', +}; + +export const WebSecurityScannerIngestionConfig = { + [IngestionSources.WEB_SECURITY_SCANNER_CONFIGS]: { + title: 'Google Web Security Scanner Configs', + description: 'Configurations for web security scans.', + defaultsToDisabled: false, + }, + [IngestionSources.WEB_SECURITY_SCAN_RUNS]: { + title: 'Google Web Security Scan Runs', + description: 'Execution of web security scans.', + defaultsToDisabled: false, + }, +}; diff --git a/src/steps/web-security-scanner/steps/fetch-scan-configs.ts b/src/steps/web-security-scanner/steps/fetch-scan-configs.ts index 783e605c..9ab52e55 100644 --- a/src/steps/web-security-scanner/steps/fetch-scan-configs.ts +++ b/src/steps/web-security-scanner/steps/fetch-scan-configs.ts @@ -6,6 +6,7 @@ import { WebSecurityScannerClient } from '../client'; import { WebSecurityScannerEntities, WebSecurityScannerSteps, + IngestionSources, } from '../constants'; import { createScanConfigEntity } from '../converters'; @@ -26,6 +27,7 @@ async function fetchScanConfigs( export const fetchScanConfigsStepMap: GoogleCloudIntegrationStep = { id: WebSecurityScannerSteps.FETCH_SCAN_CONFIGS.id, + ingestionSourceId: IngestionSources.WEB_SECURITY_SCANNER_CONFIGS, name: WebSecurityScannerSteps.FETCH_SCAN_CONFIGS.name, entities: [WebSecurityScannerEntities.SCAN_CONFIG], relationships: [], diff --git a/src/steps/web-security-scanner/steps/fetch-scan-runs.ts b/src/steps/web-security-scanner/steps/fetch-scan-runs.ts index 1cf907c2..ca33e71e 100644 --- a/src/steps/web-security-scanner/steps/fetch-scan-runs.ts +++ b/src/steps/web-security-scanner/steps/fetch-scan-runs.ts @@ -12,6 +12,7 @@ import { WebSecurityScannerEntities, WebSecurityScannerRelationships, WebSecurityScannerSteps, + IngestionSources, } from '../constants'; import { createScanRunEntity } from '../converters'; @@ -50,6 +51,7 @@ async function fetchScanRuns(context: IntegrationStepContext): Promise { export const fetchScanRunsStepMap: GoogleCloudIntegrationStep = { id: WebSecurityScannerSteps.FETCH_SCAN_RUNS.id, + ingestionSourceId: IngestionSources.WEB_SECURITY_SCAN_RUNS, name: WebSecurityScannerSteps.FETCH_SCAN_RUNS.name, entities: [WebSecurityScannerEntities.SCAN_RUN], relationships: [