Skip to content

Commit

Permalink
Add gcp_cloud_identity_group_membership and gcp_cloud_identity_group …
Browse files Browse the repository at this point in the history 
…tables. Closes #454 (#468)

Co-authored-by: madhushreeray@30 <[email protected]>
Co-authored-by: Ved misra <[email protected]>
  • Loading branch information
@karanpopat @madhushreeray30 @misraved
3 people authored Aug 7, 2023
1 parent c84b76f commit d4e89dd
Show file tree
Hide file tree
Showing 6 changed files with 585 additions and 1 deletion.
73 changes: 73 additions & 0 deletions docs/tables/gcp_cloud_identity_group.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Table: gcp_cloud_identity_group

A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".

**You must specify the parent resource** in the `where` clause (`where parent='C046psxkn'`) to list the identity groups.

## Examples

### Basic info

```sql
select
name,
display_name,
description,
create_time,
location,
project
from
gcp_cloud_identity_group
where
parent = 'C046psxkn';
```

### Get details for a specific group

```sql
select
name,
display_name,
description,
create_time,
location,
project
from
gcp_cloud_identity_group
where
name = 'group_name';
```

### Get dynamic group settings

```sql
select
name,
display_name,
dynamic_group_metadata ->> 'Status' as dynamic_group_status,
queries ->> 'Query' as dynamic_group_query,
queries ->> 'ResourceType' as dynamic_group_query_resource_type,
project
from
gcp_cloud_identity_group,
jsonb_array_elements(dynamic_group_metadata -> 'Queries') as queries
where
parent = 'C046psxkn';
```

### List groups created in the last 7 days

```sql
select
name,
display_name,
description,
create_time,
location,
project
from
gcp_cloud_identity_group
where
parent = 'C046psxkn'
and create_time > now() - interval '7' day;
```
89 changes: 89 additions & 0 deletions docs/tables/gcp_cloud_identity_group_membership.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Table: gcp_cloud_identity_group_membership

A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".

**You must specify the identity group name** in the `where` clause (`where group_name=''`) to list the identity group memberships.

## Examples

### Basic info

```sql
select
name,
group_name,
create_time,
type,
update_time
from
gcp_cloud_identity_group_membership
where
group_name = '123j0zll4288gmz';
```

### Get details of all google managed members in a group

```sql
select
name,
group_name,
create_time,
preferred_member_key ->> 'id' as member_id
from
gcp_cloud_identity_group_membership
where
group_name = '123j0zll4288gmz'
and preferred_member_key ->> 'namespace' is null;
```

### Get all the groups that are members of a specific group

```sql
select
name,
group_name,
create_time,
preferred_member_key ->> 'id' as member_id
from
gcp_cloud_identity_group_membership
where
group_name = '123j0zll4288gmz'
and type = 'GROUP';
```

### List roles assigned to each member of a group

```sql
select
name,
group_name,
create_time,
type,
preferred_member_key ->> 'id' as member_id,
role ->> 'name' as role_name,
role -> 'expiryDetail' ->> 'expireTime' as role_expiry_time
from
gcp_cloud_identity_group_membership,
jsonb_array_elements(roles) as role
where
group_name = '123j0zll4288gmz';
```

### Get details of a specific member of a group

```sql
select
name,
group_name,
create_time,
type,
preferred_member_key ->> 'id' as member_id,
role ->> 'name' as role_name,
role -> 'expiryDetail' ->> 'expireTime' as role_expiry_time
from
gcp_cloud_identity_group_membership,
jsonb_array_elements(roles) as role
where
group_name = '123j0zll4288gmz'
and name = '123454620869324818189';
```
4 changes: 3 additions & 1 deletion gcp/plugin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,16 @@ func Plugin(ctx context.Context) *plugin.Plugin {
Schema: ConfigSchema,
},
TableMap: map[string]*plugin.Table{
"gcp_audit_policy": tableGcpAuditPolicy(ctx),
"gcp_apikeys_key": tableGcpApiKeysKey(ctx),
"gcp_audit_policy": tableGcpAuditPolicy(ctx),
"gcp_bigquery_dataset": tableGcpBigQueryDataset(ctx),
"gcp_bigquery_job": tableGcpBigQueryJob(ctx),
"gcp_bigquery_table": tableGcpBigqueryTable(ctx),
"gcp_bigtable_instance": tableGcpBigtableInstance(ctx),
"gcp_billing_account": tableGcpBillingAccount(ctx),
"gcp_billing_budget": tableGcpBillingBudget(ctx),
"gcp_cloud_identity_group": tableGcpCloudIdentityGroup(ctx),
"gcp_cloud_identity_group_membership": tableGcpCloudIdentityGroupMembership(ctx),
"gcp_cloudfunctions_function": tableGcpCloudfunctionFunction(ctx),
"gcp_compute_address": tableGcpComputeAddress(ctx),
"gcp_compute_autoscaler": tableGcpComputeAutoscaler(ctx),
Expand Down
22 changes: 22 additions & 0 deletions gcp/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"google.golang.org/api/billingbudgets/v1"
"google.golang.org/api/cloudbilling/v1"
"google.golang.org/api/cloudfunctions/v1"
"google.golang.org/api/cloudidentity/v1"
"google.golang.org/api/cloudkms/v1"
"google.golang.org/api/cloudresourcemanager/v1"
"google.golang.org/api/compute/v1"
Expand Down Expand Up @@ -322,6 +323,27 @@ func CloudFunctionsService(ctx context.Context, d *plugin.QueryData) (*cloudfunc
return svc, nil
}

// CloudIdentityService returns the service connection for GCP Identity service
func CloudIdentityService(ctx context.Context, d *plugin.QueryData) (*cloudidentity.Service, error) {
// have we already created and cached the service?
serviceCacheKey := "CloudIdentityService"
if cachedData, ok := d.ConnectionManager.Cache.Get(serviceCacheKey); ok {
return cachedData.(*cloudidentity.Service), nil
}

// To get config arguments from plugin config file
opts := setSessionConfig(ctx, d.Connection)

// so it was not in cache - create service
svc, err := cloudidentity.NewService(ctx, opts...)
if err != nil {
return nil, err
}

d.ConnectionManager.Cache.Set(serviceCacheKey, svc)
return svc, nil
}

// DnsService returns the service connection for GCP DNS service
func DnsService(ctx context.Context, d *plugin.QueryData) (*dns.Service, error) {
// have we already created and cached the service?
Expand Down
Loading

0 comments on commit d4e89dd

Please sign in to comment.