chore: adds a script to fetch all gcp projects (#146)

Author: sameer-in

README.md

@@ -152,8 +152,14 @@ output "me" {
 ```
 
 ### Q: In organizaitonal setup, Compliance trust-relationship is not being deployed on our projects
-A: If your organizational uses folders we currently don't support that.
-<br/>S: A workaround would be to use the `benchmark_project_ids` parameter so you can define the projects where compliance role is to be deployed explicitly. Let us know if this workaround won't be enough and we will work on implementing a solution.
+
+As for 2023 April, organizations with projects under organizational unit folders, is supported with the
+[organizational compliance example](./examples/organization-org_compliance)
+
+<br/>S: If you want to target specific projects, you can still use the `benchmark_project_ids` parameter so you can define
+the projects where compliance role is to be deployed explicitly.
+<br/>You can use the [fetch-gcp-rojects.sh](./resources/fetch-gcp-projects.sh) utility to list organization member projects
+<br/>Let us know if this workaround won't be enough, and we will work on implementing a solution.
 
 ### Q: Compliance is not working. How can I check everything is properly setup
 

examples/organization-org_compliance/README.md

@@ -16,10 +16,16 @@ This example deploys Secure for Cloud into a GCP organizational account.
 ## Prerequisites
 
 1. Configure [Terraform **GCP** Provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs)
-2. Following **roles** are required in your GCP organization/project credentials
+2. Run the script at `resources/fetch-gcp-projects.sh <organization_ID>`. copy the output and provide it as input in the module
+   as benchmark_project_ids. e.g benchmark_project_ids = ["id1","id2"]. This script provides list of
+   all projects under folders and subfolders under an organization. If you don't provide this list
+   by default only those projects are selected which are directly under the org.
+3. To find your organization id please visit https://cloud.google.com/resource-manager/reference/rest/v1/projects/getAncestry
+4. Following **roles** are required in your GCP organization/project credentials
    * _Owner_
    * _Organization Admin_
-3. Besides, the following GCP **APIs must be enabled** to deploy resources correctly for:
+   * _Organization ID_
+5. Besides, the following GCP **APIs must be enabled** to deploy resources correctly for:
 
 ### Cloud Connector
 

resources/fetch-gcp-projects.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+#
+# usage
+# ./fetch-gcp-projects.sh <ORG-ID>
+
+# will return
+# ["A", "B", "C"]
+#
+
+
+#
+# Function to list projects under a folder recursively
+#
+list_projects_recursive() {
+  local folder_id="$1"
+
+  # List projects under the current folder
+  printf " %s" $(gcloud projects list --filter="parent.id=$folder_id" --format="value(projectId)")
+
+  # List subfolders and call this function recursively
+  local subfolders=$(gcloud resource-manager folders list --folder=$folder_id --format="value(name)")
+  for subfolder in $subfolders; do
+    list_projects_recursive "$subfolder"
+  done
+}
+
+
+
+#
+# main flow
+#
+
+if [ $# -ne 1 ]; then
+  echo "script must be launched with the organization id"
+  echo "usage $0 organizationId"
+  exit 1
+fi
+
+
+org_id=$1
+projectIds=()
+projectIds+=$(gcloud projects list --filter="parent.type=organization AND parent.id=$org_id" --format="value(projectId)")
+
+# List top-level folders
+folders=$(gcloud resource-manager folders list --organization=$org_id --format="value(name)")
+
+# Iterate through the top-level folders and list projects recursively
+for folder in $folders; do
+  projectIds+=$(list_projects_recursive "$folder")
+done
+
+projectList="["
+
+for value in $projectIds; do
+  projectList="$projectList\"$value\", "
+done
+
+# Remove the trailing comma and space
+projectList="${projectList%, }]"
+
+echo $projectList