Merge branch 'feature/cg-429-add-gcp-cloud-router' into 'main'

tyler-dunkel · tyler-dunkel · commit b7163a8c4d96 · 2022-02-03T15:28:52.000Z
Feature/cg-429 add gcp cloud router

See merge request auto-cloud/cloudgraph/provider/cloudgraph-provider-gcp!34
diff --git a/README.md b/README.md
@@ -62,40 +62,41 @@ CloudGraph GCP Provider will ask you what regions you would like to crawl and wi
 
 # Supported Services
 
-| Service            | Relations                                                           |
-| ------------------ | ------------------------------------------------------------------- |
-| alertPolicy        | project                                                             |
-| apiKeys            | project                                                             |
-| assets             | project                                                             |
-| bigQueryDataset                 | project                                                |
-| bigQueryConnection       | project                                                       |
-| bigQueryDataTransfer     | bigQueryDataTransferRun, project                              |
-| bigQueryDataTransferRun  | project                                                       |
-| bigQueryReservation      | project                                                       |
-| bigQueryReservationCapacityCommitment | project                                          |
-| cloudFunction      | project, vpc                                                        |
-| computeProject     | project                                                             |
-| kmsCryptoKeys      | iamPolicy, kmsKeyRing, project                                      |
-| dnsManagedZone     | project                                                             |
-| dnsPolicy          | project, network                                                    |
-| firewall           | network, project                                                    |
-| folder             | iamPolicy, organization, project                                    |
-| kmsKeyRing         | kmsCryptoKeys, project                                              |
-| iamPolicy          | folder, kmsCryptoKeys, project                                      |
-| logBucket          | logView, project                                                    |
-| logMetric          | project                                                             |
-| logSink            | project                                                             |
-| logView            | logBucket, project                                                  |
-| network            | dnsPolicy, firewall, project, sqlInstances, subnet, vmInstance, vpc |
-| organization       | folder, project                                                     |
-| project            | ALL SERVICES                                                        |
-| secretManager      | project                                                             |
-| serviceAccount     | project                                                             |
-| sqlInstances       | project, network                                                    |
-| sslPolicies        | project                                                             |
-| storageBucket      | project                                                             |
-| subnet             | project, network, vmInstance, vpc                                   |
-| targetSslProxies   | project                                                             |
-| targetHttpsProxies | project                                                             |
-| vmInstance         | project, network, subnet                                            |
-| vpcConnectors      | cloudFunction, project, network, subnet                             |
+| Service                               | Relations                                                                        |
+| ------------------------------------- | -------------------------------------------------------------------------------- |
+| alertPolicy                           | project                                                                          |
+| apiKeys                               | project                                                                          |
+| assets                                | project                                                                          |
+| bigQueryDataset                       | project                                                                          |
+| bigQueryConnection                    | project                                                                          |
+| bigQueryDataTransfer                  | bigQueryDataTransferRun, project                                                 |
+| bigQueryDataTransferRun               | project                                                                          |
+| bigQueryReservation                   | project                                                                          |
+| bigQueryReservationCapacityCommitment | project                                                                          |
+| cloudFunction                         | project, vpc                                                                     |
+| cloudRouter                           | project                                                                          |
+| computeProject                        | project                                                                          |
+| kmsCryptoKeys                         | iamPolicy, kmsKeyRing, project                                                   |
+| dnsManagedZone                        | project                                                                          |
+| dnsPolicy                             | project, network                                                                 |
+| firewall                              | network, project                                                                 |
+| folder                                | iamPolicy, organization, project                                                 |
+| kmsKeyRing                            | kmsCryptoKeys, project                                                           |
+| iamPolicy                             | folder, kmsCryptoKeys, project                                                   |
+| logBucket                             | logView, project                                                                 |
+| logMetric                             | project                                                                          |
+| logSink                               | project                                                                          |
+| logView                               | logBucket, project                                                               |
+| network                               | cloudRouter, dnsPolicy, firewall, project, sqlInstances, subnet, vmInstance, vpc |
+| organization                          | folder, project                                                                  |
+| project                               | ALL SERVICES                                                                     |
+| secretManager                         | project                                                                          |
+| serviceAccount                        | project                                                                          |
+| sqlInstances                          | project, network                                                                 |
+| sslPolicies                           | project                                                                          |
+| storageBucket                         | project                                                                          |
+| subnet                                | project, network, vmInstance, vpc                                                |
+| targetSslProxies                      | project                                                                          |
+| targetHttpsProxies                    | project                                                                          |
+| vmInstance                            | project, network, subnet                                                         |
+| vpcConnectors                         | cloudFunction, project, network, subnet                                          |
diff --git a/src/enums/schemasMap.ts b/src/enums/schemasMap.ts
@@ -14,6 +14,7 @@ export default {
   [services.bigQueryDataTransferRun]: 'gcpBigQueryDataTransferRun',
   [services.kmsKeyRing]: 'gcpKmsKeyRing',
   [services.kmsCryptoKeys]: 'gcpKmsCryptoKey',
+  [services.cloudRouter]: 'gcpCloudRouter',
   [services.dnsManagedZone]: 'gcpDnsManagedZone',
   [services.dnsPolicy]: 'gcpDnsPolicy',
   [services.vpcConnector]: 'gcpVpcConnector',
diff --git a/src/enums/serviceMap.ts b/src/enums/serviceMap.ts
@@ -8,6 +8,7 @@ import GcpBigQueryDataTransfer from '../services/bigQueryDataTransfer'
 import GcpBigQueryDataTransferRun from '../services/bigQueryDataTransferRun'
 import GcpKmsKeyRing from '../services/kms'
 import GcpKmsCryptoKey from '../services/kmsCryptoKey'
+import GcpCloudRouter from '../services/cloudRouter'
 import GcpDnsManagedZone from '../services/dnsManagedZone'
 import GcpVpc from '../services/vpc'
 import GcpIam from '../services/iam'
@@ -51,6 +52,7 @@ export default {
   [services.bigQueryDataTransferRun]: GcpBigQueryDataTransferRun,
   [services.kmsKeyRing]: GcpKmsKeyRing,
   [services.kmsCryptoKeys]: GcpKmsCryptoKey,
+  [services.cloudRouter]: GcpCloudRouter,
   [services.dnsManagedZone]: GcpDnsManagedZone,
   [services.dnsPolicy]: GcpDnsPolicy,
   [services.vpcConnector]: GcpVpc,
diff --git a/src/enums/services.ts b/src/enums/services.ts
@@ -41,6 +41,7 @@ export default {
   // databaseMigration: 'database-migration',
   // datastore: 'datastore',
   // firestore: 'firestore',
+  cloudRouter: 'cloudRouters',
   firewall: 'firewall',
   // spanner: 'spanner',
   // activeDirectory: 'active-directory',
diff --git a/src/services/cloudRouter/data.ts b/src/services/cloudRouter/data.ts
@@ -0,0 +1,56 @@
+import groupBy from 'lodash/groupBy'
+import { RoutersClient } from '@google-cloud/compute'
+import { google } from '@google-cloud/compute/build/protos/protos'
+import CloudGraph from '@cloudgraph/sdk'
+import gcpLoggerText from '../../properties/logger'
+import { GcpServiceInput } from '../../types'
+import { generateGcpErrorLog, initTestEndpoint } from '../../utils'
+
+const lt = { ...gcpLoggerText }
+const { logger } = CloudGraph
+const serviceName = 'Cloud Router'
+const apiEndpoint = initTestEndpoint(serviceName)
+
+export interface RawGcpCloudRouter extends 
+Omit<google.cloud.compute.v1.IRouter, 'id' | 'region' | 'network'> {
+  id: string,
+  region: string,
+  projectId: string,
+  network: string[],
+}
+
+export default async ({
+  regions,
+  config,
+}: GcpServiceInput): Promise<{
+  [region: string]: RawGcpCloudRouter[]
+}> => {
+  const { projectId } = config
+
+  const routerData: RawGcpCloudRouter[] = []
+  const computeClient = new RoutersClient({ ...config, apiEndpoint })
+  const allRegions = regions.split(',')
+  for (const region of allRegions) {
+    try {
+      const cloudRoutersIter = computeClient.listAsync({
+        project: projectId,
+        region,
+      })
+      for await (const {id, network, ...cloudRouter} of cloudRoutersIter) {
+        routerData.push({
+          id: id.toString(),
+          projectId,
+          ...cloudRouter,
+          region,
+          network: [network]
+        })
+      }
+    } catch (error) {
+      generateGcpErrorLog(serviceName, 'cloud router:listAsync', error)
+    }
+  }
+
+  logger.debug(lt.foundResources(serviceName, routerData.length))
+
+  return groupBy(routerData, 'region')
+}
diff --git a/src/services/cloudRouter/format.ts b/src/services/cloudRouter/format.ts
@@ -0,0 +1,149 @@
+import cuid from 'cuid'
+import { google } from '@google-cloud/compute/build/protos/protos'
+import { RawGcpCloudRouter } from './data'
+import { enumKeyToString } from '../../utils/format'
+import { GcpCloudRouter, GcpCloudRouterBgpPeer, GcpCloudRouterNat } from '../../types/generated'
+
+const formatBgpPeer = ({
+  advertisedGroups,
+  advertisedIpRanges,
+  advertisedRoutePriority,
+  advertiseMode,
+  interfaceName,
+  ipAddress,
+  managementType,
+  name,
+  peerAsn,
+  peerIpAddress,
+}: google.cloud.compute.v1.IRouterBgpPeer): GcpCloudRouterBgpPeer => {
+  return {
+    id: cuid(),
+    advertiseMode: enumKeyToString(google.cloud.compute.v1.RouterBgpPeer.AdvertiseMode, advertiseMode),
+    advertisedGroups: advertisedGroups?.map(
+      advertisedGroup => enumKeyToString(google.cloud.compute.v1.RouterBgpPeer.AdvertisedGroups, advertisedGroup)
+    ) || [],
+    advertisedIpRanges:
+      advertisedIpRanges?.map(({ description, range }) => ({
+        id: cuid(),
+        description,
+        range,
+      })) || [],
+    advertisedRoutePriority,
+    interfaceName,
+    ipAddress,
+    managementType: enumKeyToString(google.cloud.compute.v1.RouterInterface.ManagementType, managementType),
+    name,
+    peerAsn,
+    peerIpAddress,
+  }
+}
+
+const formatNat = ({
+  drainNatIps,
+  enableEndpointIndependentMapping,
+  icmpIdleTimeoutSec,
+  logConfig,
+  minPortsPerVm,
+  name: natName,
+  natIpAllocateOption,
+  natIps,
+  sourceSubnetworkIpRangesToNat,
+  subnetworks,
+  tcpEstablishedIdleTimeoutSec,
+  tcpTransitoryIdleTimeoutSec,
+  udpIdleTimeoutSec,
+}: google.cloud.compute.v1.IRouterNat): GcpCloudRouterNat => {
+  return {
+    id: cuid(),
+    drainNatIps,
+    enableEndpointIndependentMapping,
+    icmpIdleTimeoutSec,
+    logConfigEnable: logConfig?.enable,
+    logConfigFilter: enumKeyToString(google.cloud.compute.v1.RouterNatLogConfig.Filter, logConfig?.filter),
+    minPortsPerVm,
+    name: natName,
+    natIpAllocateOption: enumKeyToString(google.cloud.compute.v1.RouterNat.NatIpAllocateOption, natIpAllocateOption),
+    natIps,
+    sourceSubnetworkIpRangesToNat:
+      enumKeyToString(google.cloud.compute.v1.RouterNat.SourceSubnetworkIpRangesToNat, sourceSubnetworkIpRangesToNat),
+    subnetworks:
+      subnetworks?.map(
+        ({ name, secondaryIpRangeNames, sourceIpRangesToNat }) => ({
+          id: cuid(),
+          name,
+          secondaryIpRangeNames,
+          sourceIpRangesToNat: sourceIpRangesToNat?.map(
+            sourceIpRangeToNat => enumKeyToString(google.cloud.compute.v1.RouterNatSubnetworkToNat.SourceIpRangesToNat, sourceIpRangeToNat)
+          ) || [],
+        })
+      ) || [],
+    tcpEstablishedIdleTimeoutSec,
+    tcpTransitoryIdleTimeoutSec,
+    udpIdleTimeoutSec,
+  }
+}
+
+export default ({
+  service,
+  account,
+  region,
+}: {
+  service: RawGcpCloudRouter
+  account: string
+  region: string
+}): GcpCloudRouter => {
+  const {
+    bgp,
+    bgpPeers,
+    creationTimestamp,
+    description,
+    encryptedInterconnectRouter,
+    id,
+    interfaces,
+    kind,
+    name,
+    nats,
+    selfLink,
+  } = service
+
+  return {
+    id,
+    projectId: account,
+    region,
+    bgpAdvertiseMode: enumKeyToString(google.cloud.compute.v1.RouterBgp.AdvertiseMode, bgp?.advertiseMode),
+    bgpAdvertisedGroups: bgp?.advertisedGroups?.map(
+      advertisedGroup => enumKeyToString(google.cloud.compute.v1.RouterBgp.AdvertiseMode, advertisedGroup)
+    ) || [],
+    bgpAdvertisedIpRanges:
+      bgp?.advertisedIpRanges?.map(({ description: advIpRangeDDesc, range }) => ({
+        id: cuid(),
+        description: advIpRangeDDesc,
+        range,
+      })) || [],
+    bgpAsn: bgp?.asn || 0,
+    bgpPeers: bgpPeers?.map(bgpPeer => formatBgpPeer(bgpPeer)) || [],
+    creationTimestamp,
+    description,
+    encryptedInterconnectRouter,
+    interfaces: interfaces?.map(
+      ({
+        ipRange,
+        linkedInterconnectAttachment,
+        linkedVpnTunnel,
+        managementType,
+        name: interfaceName,
+      }) => ({
+        id: cuid(),
+        ipRange,
+        linkedInterconnectAttachment,
+        linkedVpnTunnel,
+        managementType: enumKeyToString(google.cloud.compute.v1.RouterInterface.ManagementType, managementType),
+        name: interfaceName,
+      })
+    ) || [],
+    kind,
+    name,
+    nats: nats?.map(nat => formatNat(nat)) || [],
+    selfLink,
+  }
+}
diff --git a/src/services/cloudRouter/index.ts b/src/services/cloudRouter/index.ts
@@ -0,0 +1,13 @@
+import { Service } from '@cloudgraph/sdk'
+import BaseService from '../base'
+import format from './format'
+import getData from './data'
+import mutation from './mutation'
+
+export default class GcpCloudRouter extends BaseService implements Service {
+  format = format.bind(this)
+
+  getData = getData.bind(this)
+
+  mutation = mutation;
+}
diff --git a/src/services/cloudRouter/mutation.ts b/src/services/cloudRouter/mutation.ts
@@ -0,0 +1,5 @@
+export default `mutation($input: [AddgcpCloudRouterInput!]!) {
+  addgcpCloudRouter(input: $input, upsert: true) {
+    numUids
+  }
+}`;
diff --git a/src/services/cloudRouter/schema.graphql b/src/services/cloudRouter/schema.graphql
diff --git a/src/services/network/schema.graphql b/src/services/network/schema.graphql
diff --git a/src/services/project/schema.graphql b/src/services/project/schema.graphql
diff --git a/src/types/generated.ts b/src/types/generated.ts

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +export default `mutation($input: [AddgcpCloudRouterInput!]!) {
 +  addgcpCloudRouter(input: $input, upsert: true) {
 +    numUids
 +  }
 +}`;