Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor asset inventory #2879

Merged
merged 30 commits into from
Jan 16, 2025
Merged

Refactor asset inventory #2879

merged 30 commits into from
Jan 16, 2025

Conversation

romulets
Copy link
Member

@romulets romulets commented Jan 3, 2025
edited
Loading

Summary of your changes

  • Update Taxonomy
    • Remove sub_category
    • Remove sub_type
    • Change category
    • Change type
  • Move from asset to entity
  • Move asset.raw to Attributes
  • Move asset.tags to labels
  • Update fields to follow ecs definition:
    • host
    • user
    • cloud
    • network

Screenshot/Data

image

image

image

Related Issues

@romulets romulets requested a review from a team as a code owner January 3, 2025 14:34
@mergify Mergify
Copy link

mergify bot commented Jan 3, 2025

This pull request does not have a backport label. Could you fix it @romulets? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
    NOTE: backport-v8.x has been added to help with the transition to the new branch 8.x.

@mergify mergify bot added the backport-v8.x label Jan 3, 2025
@romulets romulets mentioned this pull request Jan 3, 2025
Merged
@romulets romulets force-pushed the refactor-asset-inventory branch from 772c717 to 7ace239 Compare January 6, 2025 15:42
@oren-zohar oren-zohar requested a review from orouz January 7, 2025 08:48
@romulets romulets force-pushed the refactor-asset-inventory branch from 7ace239 to 5af16e3 Compare January 7, 2025 14:02
orouz
orouz approved these changes Jan 8, 2025
View reviewed changes
Copy link
Collaborator

@orouz orouz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

internal/inventory/asset.go Outdated Show resolved Hide resolved
internal/inventory/asset.go
Comment on lines 130 to +138
type AssetEvent struct {
Asset Asset
Network *AssetNetwork
Cloud *AssetCloud
Host *AssetHost
IAM *AssetIAM
ResourcePolicies []AssetResourcePolicy
Entity Entity
Event Event
Network *Network
Cloud *Cloud
Host *Host
User *User
Labels map[string]string
RawAttributes *any
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's an ecs package in beats

maybe we can use that instead of defining known types ourselves?

not really related to this PR, we can do this separately if deemed worthy

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did use it, but the problem is that don't define json fields only ecs, have a look at the definition https://github.com/elastic/beats/blob/main/libbeat/ecs/host.go

Once I used this module we were publishing the Go Lang fields name instead of proper ecs fields

internal/inventory/awsfetcher/fetcher_iam_policy.go Show resolved Hide resolved
internal/inventory/awsfetcher/fetcher_iam_role.go Show resolved Hide resolved
internal/inventory/awsfetcher/fetcher_networking.go Show resolved Hide resolved
internal/inventory/azurefetcher/fetcher_storage.go
inventory.WithCloud(inventory.Cloud{
Provider: inventory.AzureCloudProvider,
AccountID: item.TenantId,
ServiceName: "Azure",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe use inventory.AssetClassification to make a more specific ServiceName

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no given guidance on what to add here. I might mimic AWS for consistency when I'm going over ECS fields in the next PR.

@mergify Mergify
Copy link

mergify bot commented Jan 8, 2025

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b refactor-asset-inventory upstream/refactor-asset-inventory
git merge upstream/main
git push upstream refactor-asset-inventory

@romulets romulets force-pushed the refactor-asset-inventory branch from 5af16e3 to eca77ed Compare January 8, 2025 12:40
@romulets romulets force-pushed the refactor-asset-inventory branch from 8d74ac7 to c58a61e Compare January 8, 2025 13:48
@kubasobon kubasobon merged commit cbadcb7 into elastic:main Jan 16, 2025
9 checks passed
@kubasobon kubasobon deleted the refactor-asset-inventory branch January 16, 2025 15:13
mergify bot pushed a commit that referenced this pull request Jan 16, 2025
@romulets @mergify
Refactor asset inventory (#2879)
94124f0 
(cherry picked from commit cbadcb7)

# Conflicts:
#	internal/inventory/awsfetcher/fetcher_lambda.go
#	tests/product/tests/data/aws_asset_inventory/test_cases.py
#	tests/product/tests/test_azure_asset_inventory.py
@mergify mergify bot mentioned this pull request Jan 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kubasobon kubasobon kubasobon left review comments

@orouz orouz orouz approved these changes

Assignees

@romulets romulets

Labels
backport-v8.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@romulets @kubasobon @orouz