@jupiterone/graph-google-cloud - npm Package Compare versions

Comparing version 0.1.0 to 0.2.0

CHANGELOG.md

@@ -11,2 +11,22 @@ # Changelog
 
+## 0.2.0 - 2020-08-11
+
+### Added
+
+- Ingest IAM roles as `google_iam_role`
+- Ingest IAM service accounts as `google_iam_service_account`
+- Ingest IAM service account keys as `google_iam_service_account_key` and build
+  `HAS` relationship between `google_iam_service_account` and
+  `google_iam_service_account_key`.
+- Ingest `google_user`
+- Build `ASSIGNED` relationship between `google_user` and `google_iam_role`
+- Fixes #10 - Build `ASSIGNED` relationship between `google_iam_service_account`
+  and `google_iam_role`
+
+### Updated
+
+- Fixes #11 - Update all existing entity keys to not include the `_type` prefix
+- Fixes #31 - Make `_type` naming convention consistent with G Suite integration
+  for `google_user` and the rest with Google Cloud Terraform provider.
+
 ## 0.1.0 - 2020-08-04
@@ -35,4 +55,4 @@
 - Ingestion of `google_cloud_function`
-- Ingestion of `google_cloud_storage_bucket`
+- Ingestion of `google_storage_bucket`
 - Ingestion of `google_cloud_api_service`
 - Integration setup documentation

dist/getStepStartStates.js

@@ -10,6 +10,12 @@ "use strict";
 const integrationConfig_1 = require("./utils/integrationConfig");
+const iam_1 = require("./steps/iam");
+const resource_manager_1 = require("./steps/resource-manager");
 async function getEnabledServiceNames(config) {
     const client = new client_1.ServiceUsageClient({ config });
     const enabledServices = await client.collectEnabledServices();
-    return enabledServices.map((v) => v.name);
+    return enabledServices.map((v) => {
+        // Each value looks like this: `projects/PROJ_ID_NUM/services/appengine.googleapis.com`
+        const serviceParts = v.name.split('/');
+        return serviceParts[serviceParts.length - 1];
+    });
 }
@@ -40,15 +46,17 @@ function validateInvocationConfig(context) {
     }
+    const createStepStartState = (serviceName) => {
+        return {
+            disabled: !enabledServiceNames.includes(serviceName),
+        };
+    };
     return {
-        [service_usage_1.STEP_API_SERVICES]: {
-            // This API will be enabled otherwise fetching services names above would fail
-            disabled: false,
-        },
-        [functions_1.STEP_CLOUD_FUNCTIONS]: {
-            disabled: enabledServiceNames.includes(types_1.ServiceUsageName.CLOUD_FUNCTIONS),
-        },
-        [storage_1.STEP_CLOUD_STORAGE_BUCKETS]: {
-            disabled: enabledServiceNames.includes(types_1.ServiceUsageName.STORAGE),
-        },
+        // This API will be enabled otherwise fetching services names above would fail
+        [service_usage_1.STEP_API_SERVICES]: { disabled: false },
+        [functions_1.STEP_CLOUD_FUNCTIONS]: createStepStartState(types_1.ServiceUsageName.CLOUD_FUNCTIONS),
+        [storage_1.STEP_CLOUD_STORAGE_BUCKETS]: createStepStartState(types_1.ServiceUsageName.STORAGE),
+        [iam_1.STEP_IAM_ROLES]: createStepStartState(types_1.ServiceUsageName.IAM),
+        [iam_1.STEP_IAM_SERVICE_ACCOUNTS]: createStepStartState(types_1.ServiceUsageName.IAM),
+        [resource_manager_1.STEP_RESOURCE_MANAGER_IAM_POLICY]: createStepStartState(types_1.ServiceUsageName.RESOURCE_MANAGER),
     };
 }
 exports.default = getStepStartStates;

dist/google-cloud/types.d.ts

@@ -8,3 +8,5 @@ export declare enum ServiceUsageListFilter {
     STORAGE = "storage.googleapis.com",
-    SERVICE_USAGE = "serviceusage.googleapis.com"
+    SERVICE_USAGE = "serviceusage.googleapis.com",
+    IAM = "iam.googleapis.com",
+    RESOURCE_MANAGER = "cloudresourcemanager.googleapis.com"
 }

dist/google-cloud/types.js

@@ -14,2 +14,4 @@ "use strict";
     ServiceUsageName["SERVICE_USAGE"] = "serviceusage.googleapis.com";
+    ServiceUsageName["IAM"] = "iam.googleapis.com";
+    ServiceUsageName["RESOURCE_MANAGER"] = "cloudresourcemanager.googleapis.com";
 })(ServiceUsageName = exports.ServiceUsageName || (exports.ServiceUsageName = {}));

dist/index.js

@@ -11,2 +11,4 @@ "use strict";
 const service_usage_1 = require("./steps/service-usage");
+const iam_1 = require("./steps/iam");
+const resource_manager_1 = require("./steps/resource-manager");
 exports.invocationConfig = {
@@ -20,3 +22,9 @@ instanceConfigFields: {
     getStepStartStates: getStepStartStates_1.default,
-    integrationSteps: [...functions_1.functionsSteps, ...storage_1.storageSteps, ...service_usage_1.serviceUsageSteps],
+    integrationSteps: [
+        ...functions_1.functionsSteps,
+        ...storage_1.storageSteps,
+        ...service_usage_1.serviceUsageSteps,
+        ...iam_1.iamSteps,
+        ...resource_manager_1.resourceManagerSteps,
+    ],
 };

dist/steps/functions/converters.js

@@ -6,3 +6,2 @@ "use strict";
 const constants_1 = require("./constants");
-const generateKeys_1 = require("../../utils/generateKeys");
 function createCloudFunctionEntity(cloudFunction) {
@@ -15,6 +14,3 @@ return integration_sdk_core_1.createIntegrationEntity({
                 _type: constants_1.CLOUD_FUNCTION_ENTITY_TYPE,
-                _key: generateKeys_1.generateEntityKey({
-                    type: constants_1.CLOUD_FUNCTION_ENTITY_TYPE,
-                    id: cloudFunction.name,
-                }),
+                _key: cloudFunction.name,
                 name: cloudFunction.name,
@@ -21,0 +17,0 @@ displayName: cloudFunction.name,

dist/steps/functions/index.js

@@ -21,3 +21,5 @@ "use strict";
     const client = new client_1.CloudFunctionsClient({ config: context.instance.config });
-    await client.iterateCloudFunctions(async (cloudFunction) => await jobState.addEntity(converters_1.createCloudFunctionEntity(cloudFunction)));
+    await client.iterateCloudFunctions(async (cloudFunction) => {
+        await jobState.addEntity(converters_1.createCloudFunctionEntity(cloudFunction));
+    });
 }
@@ -24,0 +26,0 @@ exports.fetchCloudFunctions = fetchCloudFunctions;

dist/steps/service-usage/client.d.ts

@@ -7,4 +7,4 @@ import { Client } from '../../google-cloud/client';
     iterateServices(callback: (data: serviceusage_v1.Schema$GoogleApiServiceusageV1Service) => Promise<void>, paramOverrides?: serviceusage_v1.Params$Resource$Services$List): Promise<void>;
-    iterateEnabledServices(callback: (data: serviceusage_v1.Schema$GoogleApiServiceusageV1Service) => Promise<void>): Promise<void>;
+    iterateEnabledServices(callback: (data: serviceusage_v1.Schema$GoogleApiServiceusageV1Service) => void | Promise<void>): Promise<void>;
     collectEnabledServices(): Promise<serviceusage_v1.Schema$GoogleApiServiceusageV1Service[]>;
 }

dist/steps/service-usage/client.js

@@ -32,3 +32,5 @@ "use strict";
     async iterateEnabledServices(callback) {
-        return this.iterateServices(callback, {
+        return this.iterateServices(async (result) => {
+            await callback(result);
+        }, {
             filter: types_1.ServiceUsageListFilter.ENABLED,
@@ -39,3 +41,3 @@ });
         const enabledServices = [];
-        await this.iterateEnabledServices(async (data) => {
+        await this.iterateEnabledServices((data) => {
             enabledServices.push(data);
@@ -42,0 +44,0 @@ });

dist/steps/service-usage/converters.js

@@ -6,3 +6,2 @@ "use strict";
 const constants_1 = require("./constants");
-const generateKeys_1 = require("../../utils/generateKeys");
 function createApiServiceEntity(data) {
@@ -20,6 +19,3 @@ var _a, _b;
                 _type: constants_1.API_SERVICE_ENTITY_TYPE,
-                _key: generateKeys_1.generateEntityKey({
-                    type: constants_1.API_SERVICE_ENTITY_TYPE,
-                    id: data.name,
-                }),
+                _key: data.name,
                 name: config.name,
@@ -26,0 +22,0 @@ displayName: config.title || undefined,

dist/steps/service-usage/index.js

@@ -21,3 +21,5 @@ "use strict";
     const client = new client_1.ServiceUsageClient({ config });
-    await client.iterateServices(async (service) => await jobState.addEntity(converters_1.createApiServiceEntity(service)));
+    await client.iterateServices(async (service) => {
+        await jobState.addEntity(converters_1.createApiServiceEntity(service));
+    });
 }
@@ -24,0 +26,0 @@ exports.fetchApiServices = fetchApiServices;

dist/steps/storage/constants.d.ts

 export declare const CLOUD_STORAGE_BUCKET_ENTITY_CLASS = "DataStore";
-export declare const CLOUD_STORAGE_BUCKET_ENTITY_TYPE = "google_cloud_storage_bucket";
+export declare const CLOUD_STORAGE_BUCKET_ENTITY_TYPE = "google_storage_bucket";
 export declare const STEP_CLOUD_STORAGE_BUCKETS = "fetch-cloud-storage-buckets";

dist/steps/storage/constants.js

@@ -5,3 +5,3 @@ "use strict";
 exports.CLOUD_STORAGE_BUCKET_ENTITY_CLASS = 'DataStore';
-exports.CLOUD_STORAGE_BUCKET_ENTITY_TYPE = 'google_cloud_storage_bucket';
+exports.CLOUD_STORAGE_BUCKET_ENTITY_TYPE = 'google_storage_bucket';
 exports.STEP_CLOUD_STORAGE_BUCKETS = 'fetch-cloud-storage-buckets';

dist/steps/storage/converters.js

@@ -6,3 +6,2 @@ "use strict";
 const constants_1 = require("./constants");
-const generateKeys_1 = require("../../utils/generateKeys");
 function getCloudStorageBucketWebLink(data, projectId) {
@@ -19,6 +18,3 @@ return `https://console.cloud.google.com/storage/browser/${data.name};tab=objects?forceOnBucketsSortingFiltering=false&project=${projectId}`;
                 _type: constants_1.CLOUD_STORAGE_BUCKET_ENTITY_TYPE,
-                _key: generateKeys_1.generateEntityKey({
-                    type: constants_1.CLOUD_STORAGE_BUCKET_ENTITY_TYPE,
-                    id: data.name,
-                }),
+                _key: `bucket:${data.id}`,
                 id: data.id,
@@ -25,0 +21,0 @@ name: data.name,

dist/steps/storage/index.js

@@ -21,3 +21,5 @@ "use strict";
     const client = new client_1.CloudStorageClient({ config });
-    await client.iterateCloudStorageBuckets(async (bucket) => await jobState.addEntity(converters_1.createCloudStorageBucketEntity(bucket, config.serviceAccountKeyConfig.project_id)));
+    await client.iterateCloudStorageBuckets(async (bucket) => {
+        await jobState.addEntity(converters_1.createCloudStorageBucketEntity(bucket, config.serviceAccountKeyConfig.project_id));
+    });
 }
@@ -24,0 +26,0 @@ exports.fetchStorageBuckets = fetchStorageBuckets;

package.json

 {
   "name": "@jupiterone/graph-google-cloud",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "A graph conversion tool for https://cloud.google.com/",
@@ -30,10 +30,8 @@ "license": "MPL-2.0",
   "peerDependencies": {
-    "@jupiterone/integration-sdk-core": "^2.8.0"
+    "@jupiterone/integration-sdk-core": "^2.10.0"
   },
   "devDependencies": {
-    "@jupiterone/data-model": "^0.7.1",
-    "@jupiterone/integration-sdk-core": "^2.8.0",
-    "@jupiterone/integration-sdk-dev-tools": "^2.8.0",
-    "@jupiterone/integration-sdk-testing": "^2.8.0",
-    "deepmerge": "^4.2.2",
+    "@jupiterone/integration-sdk-core": "^2.10.0",
+    "@jupiterone/integration-sdk-dev-tools": "^2.10.0",
+    "@jupiterone/integration-sdk-testing": "^2.10.0",
     "dotenv": "^8.2.0",
@@ -40,0 +38,0 @@ "ts-node": "^8.10.2"

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1030359

increased by4.05%

Dev dependency count

5

decreased by-28.57%

Number of package files

61

increased by35.56%

Lines of code

1434

increased by111.82%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes