From 2cd728eafe26e66fba57f5820655efd3d5fcaadc Mon Sep 17 00:00:00 2001 From: HamzaAziz-1 Date: Mon, 8 Dec 2025 13:54:15 +0500 Subject: [PATCH] update gcp plugins --- helpers/google/api.js | 312 +++++++++--------- .../cloudFunctionV2HttpsOnly.js | 8 +- .../cloudFunctionV2HttpsOnly.spec.js | 79 +++-- .../cloudFunctionV2IngressSettings.js | 8 +- .../cloudFunctionV2IngressSettings.spec.js | 64 ++-- .../cloudFunctionV2LabelsAdded.js | 8 +- .../cloudFunctionV2LabelsAdded.spec.js | 54 +-- .../cloudFunctionV2OldRuntime.js | 5 +- .../cloudFunctionV2OldRuntime.spec.js | 60 ++-- .../cloudFunctionV2VPCConnector.js | 11 +- .../cloudFunctionV2VPCConnector.spec.js | 92 +++--- .../functionV2DefaultServiceAccount.js | 6 +- .../functionV2DefaultServiceAccount.spec.js | 74 ++--- 13 files changed, 386 insertions(+), 395 deletions(-) diff --git a/helpers/google/api.js b/helpers/google/api.js index 31c467b610..2d34d8144b 100644 --- a/helpers/google/api.js +++ b/helpers/google/api.js @@ -48,176 +48,176 @@ These fields should be according to the user and product manager, what they want var serviceMap = { 'Pub/Sub': - { - enabled: true, isSingleSource: true, InvAsset: 'Pub/Sub', InvService: 'Pub/Sub', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Pub/Sub', BridgeServiceName: 'topics', - BridgePluginCategoryName: 'gcp-Pub/Sub', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'topics', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Pub/Sub', - BridgeCollectionService: 'gcp-topics', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Pub/Sub', InvService: 'Pub/Sub', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Pub/Sub', BridgeServiceName: 'topics', + BridgePluginCategoryName: 'gcp-Pub/Sub', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'topics', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Pub/Sub', + BridgeCollectionService: 'gcp-topics', DataIdentifier: 'data', + }, 'DNS': - { - enabled: true, isSingleSource: true, InvAsset: 'Managed Zone', InvService: 'DNS', - InvResourceCategory: 'cloud_resources', InvResourceType: 'DNS', BridgeServiceName: 'managedzones', - BridgePluginCategoryName: 'gcp-DNS', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/zones/{name}', - BridgeResourceType: 'zones', BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-DNS', - BridgeCollectionService: 'gcp-managedZones', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Managed Zone', InvService: 'DNS', + InvResourceCategory: 'cloud_resources', InvResourceType: 'DNS', BridgeServiceName: 'managedzones', + BridgePluginCategoryName: 'gcp-DNS', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/zones/{name}', + BridgeResourceType: 'zones', BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-DNS', + BridgeCollectionService: 'gcp-managedZones', DataIdentifier: 'data', + }, 'VPC Network': - { - enabled: true, isSingleSource: true, InvAsset: 'VPC Network', InvService: 'VPC Network', - InvResourceCategory: 'cloud_resources', InvResourceType: 'VPC Network', BridgeServiceName: 'networks', - BridgePluginCategoryName: 'gcp-VPC Network', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'networks', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-VPC Network', - BridgeCollectionService: 'gcp-networks', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'VPC Network', InvService: 'VPC Network', + InvResourceCategory: 'cloud_resources', InvResourceType: 'VPC Network', BridgeServiceName: 'networks', + BridgePluginCategoryName: 'gcp-VPC Network', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'networks', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-VPC Network', + BridgeCollectionService: 'gcp-networks', DataIdentifier: 'data', + }, 'Cryptographic Keys': - { - enabled: true, isSingleSource: true, InvAsset: 'Cryptographic Key', InvService: 'Cryptographic Keys', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Cryptographic Key', BridgeServiceName: 'cryptokeys', - BridgePluginCategoryName: 'gcp-Cryptographic Keys', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'cryptoKeys', - BridgeResourceNameIdentifier: '', BridgeExecutionService: 'gcp-Cryptographic Keys', - BridgeCollectionService: 'gcp-cryptoKeys', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Cryptographic Key', InvService: 'Cryptographic Keys', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Cryptographic Key', BridgeServiceName: 'cryptokeys', + BridgePluginCategoryName: 'gcp-Cryptographic Keys', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'cryptoKeys', + BridgeResourceNameIdentifier: '', BridgeExecutionService: 'gcp-Cryptographic Keys', + BridgeCollectionService: 'gcp-cryptoKeys', DataIdentifier: 'data', + }, 'CLB': - { - enabled: true, isSingleSource: true, InvAsset: 'Url Map', InvService: 'CLB', - InvResourceCategory: 'cloud_resources', InvResourceType: 'CLB', BridgeServiceName: 'urlmaps', - BridgePluginCategoryName: 'gcp-CLB', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'urlMaps', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-CLB', - BridgeCollectionService: 'gcp-urlMaps', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Url Map', InvService: 'CLB', + InvResourceCategory: 'cloud_resources', InvResourceType: 'CLB', BridgeServiceName: 'urlmaps', + BridgePluginCategoryName: 'gcp-CLB', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'urlMaps', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-CLB', + BridgeCollectionService: 'gcp-urlMaps', DataIdentifier: 'data', + }, 'Deployment Manager': - { - enabled: true, isSingleSource: true, InvAsset: 'Deployment', InvService: 'Deployment Manager', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Deployment Manager', BridgeServiceName: 'deployments', - BridgePluginCategoryName: 'gcp-Deployment Manager', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'deployments', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Deployment Manager', - BridgeCollectionService: 'gcp-deployments', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Deployment', InvService: 'Deployment Manager', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Deployment Manager', BridgeServiceName: 'deployments', + BridgePluginCategoryName: 'gcp-Deployment Manager', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'deployments', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Deployment Manager', + BridgeCollectionService: 'gcp-deployments', DataIdentifier: 'data', + }, 'Logging': - { - enabled: true, isSingleSource: true, InvAsset: 'Alert Policy', InvService: 'Logging', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Logging', BridgeServiceName: 'alertpolicies', - BridgePluginCategoryName: 'gcp-Logging', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'alertPolicies', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Logging', - BridgeCollectionService: 'gcp-alertPolicies', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Alert Policy', InvService: 'Logging', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Logging', BridgeServiceName: 'alertpolicies', + BridgePluginCategoryName: 'gcp-Logging', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'alertPolicies', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Logging', + BridgeCollectionService: 'gcp-alertPolicies', DataIdentifier: 'data', + }, 'Dataproc': - { - enabled: true, isSingleSource: true, InvAsset: 'Cluster', InvService: 'Dataproc', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Dataproc', BridgeServiceName: 'dataproc', - BridgePluginCategoryName: 'gcp-Dataproc', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/regions/{region}/clusters/{name}', - BridgeResourceType: 'clusters', BridgeResourceNameIdentifier: 'clusterName', BridgeExecutionService: 'gcp-Dataproc', - BridgeCollectionService: 'gcp-dataproc', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Cluster', InvService: 'Dataproc', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Dataproc', BridgeServiceName: 'dataproc', + BridgePluginCategoryName: 'gcp-Dataproc', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/regions/{region}/clusters/{name}', + BridgeResourceType: 'clusters', BridgeResourceNameIdentifier: 'clusterName', BridgeExecutionService: 'gcp-Dataproc', + BridgeCollectionService: 'gcp-dataproc', DataIdentifier: 'data', + }, 'Dataflow': - { - enabled: true, isSingleSource: true, InvAsset: 'job', InvService: 'Dataflow', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Dataflow Job', BridgeServiceName: 'jobs', - BridgePluginCategoryName: 'gcp-Dataflow', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/jobs/{id}', BridgeResourceType: 'jobs', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Dataflow', - BridgeCollectionService: 'gcp-jobs', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'job', InvService: 'Dataflow', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Dataflow Job', BridgeServiceName: 'jobs', + BridgePluginCategoryName: 'gcp-Dataflow', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/jobs/{id}', BridgeResourceType: 'jobs', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Dataflow', + BridgeCollectionService: 'gcp-jobs', DataIdentifier: 'data', + }, 'API': - { - enabled: true, isSingleSource: true, InvAsset: 'API', InvService: 'API', - InvResourceCategory: 'cloud_resources', InvResourceType: 'API', BridgeServiceName: 'apikeys', - BridgePluginCategoryName: 'gcp-API', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'keys', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-API', - BridgeCollectionService: 'gcp-apiKeys', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'API', InvService: 'API', + InvResourceCategory: 'cloud_resources', InvResourceType: 'API', BridgeServiceName: 'apikeys', + BridgePluginCategoryName: 'gcp-API', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'keys', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-API', + BridgeCollectionService: 'gcp-apiKeys', DataIdentifier: 'data', + }, 'BigQuery': - { - enabled: true, isSingleSource: true, InvAsset: 'dataset', InvService: 'BigQuery', - InvResourceCategory: 'database', InvResourceType: 'BigQuery', BridgeServiceName: 'datasets', - BridgePluginCategoryName: 'gcp-BigQuery', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/datasets/{name}', BridgeResourceType: 'datasets', - BridgeResourceNameIdentifier: 'datasetId', BridgeExecutionService: 'gcp-BigQuery', - BridgeCollectionService: 'gcp-datasets', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'dataset', InvService: 'BigQuery', + InvResourceCategory: 'database', InvResourceType: 'BigQuery', BridgeServiceName: 'datasets', + BridgePluginCategoryName: 'gcp-BigQuery', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/datasets/{name}', BridgeResourceType: 'datasets', + BridgeResourceNameIdentifier: 'datasetId', BridgeExecutionService: 'gcp-BigQuery', + BridgeCollectionService: 'gcp-datasets', DataIdentifier: 'data', + }, 'BigTable': - { - enabled: true, isSingleSource: true, InvAsset: 'Instance', InvService: 'BigTable', - InvResourceCategory: 'database', InvResourceType: 'BigTable', BridgeServiceName: 'bigtable', - BridgePluginCategoryName: 'gcp-BigTable', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'instances', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-BigTable', - BridgeCollectionService: 'gcp-bigtable', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Instance', InvService: 'BigTable', + InvResourceCategory: 'database', InvResourceType: 'BigTable', BridgeServiceName: 'bigtable', + BridgePluginCategoryName: 'gcp-BigTable', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'instances', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-BigTable', + BridgeCollectionService: 'gcp-bigtable', DataIdentifier: 'data', + }, 'Spanner': - { - enabled: true, isSingleSource: true, InvAsset: 'Instance', InvService: 'Spanner', - InvResourceCategory: 'database', InvResourceType: 'Spanner', BridgeServiceName: 'spanner', - BridgePluginCategoryName: 'gcp-Spanner', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'instances', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Spanner', - BridgeCollectionService: 'gcp-spanner', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'Instance', InvService: 'Spanner', + InvResourceCategory: 'database', InvResourceType: 'Spanner', BridgeServiceName: 'spanner', + BridgePluginCategoryName: 'gcp-Spanner', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'instances', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Spanner', + BridgeCollectionService: 'gcp-spanner', DataIdentifier: 'data', + }, 'SQL': - { - enabled: true, isSingleSource: true, InvAsset: 'sql', InvService: 'sql', - InvResourceCategory: 'database', InvResourceType: 'sql', BridgeServiceName: 'sql', - BridgePluginCategoryName: 'gcp-SQL', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'instances', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-SQL', - BridgeCollectionService: 'gcp-sql', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'sql', InvService: 'sql', + InvResourceCategory: 'database', InvResourceType: 'sql', BridgeServiceName: 'sql', + BridgePluginCategoryName: 'gcp-SQL', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'instances', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-SQL', + BridgeCollectionService: 'gcp-sql', DataIdentifier: 'data', + }, 'Storage': - { - enabled: true, isSingleSource: true, InvAsset: 'storage', InvService: 'storage', - InvResourceCategory: 'storage', InvResourceType: 'bucket', BridgeServiceName: 'buckets', - BridgePluginCategoryName: 'gcp-Storage', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'b', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Storage', - BridgeCollectionService: 'gcp-buckets', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'storage', InvService: 'storage', + InvResourceCategory: 'storage', InvResourceType: 'bucket', BridgeServiceName: 'buckets', + BridgePluginCategoryName: 'gcp-Storage', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'b', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Storage', + BridgeCollectionService: 'gcp-buckets', DataIdentifier: 'data', + }, 'AI & ML': - { - enabled: true, isSingleSource: true, InvAsset: 'models', InvService: 'vertexAI', - InvResourceCategory: 'ai&ml', InvResourceType: 'VertexAI models', BridgeServiceName: 'vertexAI', - BridgePluginCategoryName: 'gcp-AI & ML', BridgeProvider: 'Google', BridgeCall: 'listModels', - BridgeArnIdentifier: '', BridgeIdTemplate: '{name}', BridgeResourceType: 'models', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-AI & ML', - BridgeCollectionService: 'gcp-vertexai', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'models', InvService: 'vertexAI', + InvResourceCategory: 'ai&ml', InvResourceType: 'VertexAI models', BridgeServiceName: 'vertexAI', + BridgePluginCategoryName: 'gcp-AI & ML', BridgeProvider: 'Google', BridgeCall: 'listModels', + BridgeArnIdentifier: '', BridgeIdTemplate: '{name}', BridgeResourceType: 'models', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-AI & ML', + BridgeCollectionService: 'gcp-vertexai', DataIdentifier: 'data', + }, 'CloudBuild': - { - enabled: true, isSingleSource: true, InvAsset: 'trigger', InvService: 'CloudBuild', - InvResourceCategory: 'cloud_resources', InvResourceType: 'trigger', BridgeServiceName: 'cloudbuild', - BridgePluginCategoryName: 'gcp-CloudBuild', BridgeProvider: 'Google', BridgeCall: 'triggers', - BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/locations/{region}/triggers/{name}', BridgeResourceType: 'triggers', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-CloudBuild', - BridgeCollectionService: 'gcp-cloudbuild', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'trigger', InvService: 'CloudBuild', + InvResourceCategory: 'cloud_resources', InvResourceType: 'trigger', BridgeServiceName: 'cloudbuild', + BridgePluginCategoryName: 'gcp-CloudBuild', BridgeProvider: 'Google', BridgeCall: 'triggers', + BridgeArnIdentifier: '', BridgeIdTemplate: 'projects/{cloudAccount}/locations/{region}/triggers/{name}', BridgeResourceType: 'triggers', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-CloudBuild', + BridgeCollectionService: 'gcp-cloudbuild', DataIdentifier: 'data', + }, 'Cloud Composer': - { - enabled: true, isSingleSource: true, InvAsset: 'environment', InvService: 'Cloud Composer', - InvResourceCategory: 'cloud_resources', InvResourceType: 'composer_environment', BridgeServiceName: 'composer', - BridgePluginCategoryName: 'gcp-Cloud Composer', BridgeProvider: 'Google', BridgeCall: 'environments', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'environments', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Cloud Composer', - BridgeCollectionService: 'gcp-composer', DataIdentifier: 'data', - }, + { + enabled: true, isSingleSource: true, InvAsset: 'environment', InvService: 'Cloud Composer', + InvResourceCategory: 'cloud_resources', InvResourceType: 'composer_environment', BridgeServiceName: 'composer', + BridgePluginCategoryName: 'gcp-Cloud Composer', BridgeProvider: 'Google', BridgeCall: 'environments', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'environments', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Cloud Composer', + BridgeCollectionService: 'gcp-composer', DataIdentifier: 'data', + }, 'Resource Manager': - { - enabled: true, isSingleSource: true, InvAsset: 'organization', InvService: 'Resource Manager', - InvResourceCategory: 'cloud_resources', InvResourceType: 'Organization', BridgeServiceName: 'organizations', - BridgePluginCategoryName: 'gcp-Resource Manager', BridgeProvider: 'Google', BridgeCall: 'list', - BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'organizations', - BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Resource Manager', - BridgeCollectionService: 'gcp-organizations', DataIdentifier: 'data', - } + { + enabled: true, isSingleSource: true, InvAsset: 'organization', InvService: 'Resource Manager', + InvResourceCategory: 'cloud_resources', InvResourceType: 'Organization', BridgeServiceName: 'organizations', + BridgePluginCategoryName: 'gcp-Resource Manager', BridgeProvider: 'Google', BridgeCall: 'list', + BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'organizations', + BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'gcp-Resource Manager', + BridgeCollectionService: 'gcp-organizations', DataIdentifier: 'data', + } }; var calls = { disks: { @@ -391,12 +391,12 @@ var calls = { } }, functionsv2: { - list: { - url: 'https://cloudfunctions.googleapis.com/v2/projects/{projectId}/locations/{locationId}/functions', + list : { + url: 'https://run.googleapis.com/v2/projects/{projectId}/locations/{locationId}/services', location: 'region', paginationKey: 'pageSize', pagination: true, - dataFilterKey: 'functions' + dataFilterKey: 'services' }, sendIntegration: { enabled: true @@ -864,7 +864,7 @@ var postcalls = { }, functionsv2: { getIamPolicy: { - url: 'https://cloudfunctions.googleapis.com/v2/{name}:getIamPolicy', + url: 'https://run.googleapis.com/v2/{name}:getIamPolicy', location: null, method: 'POST', reliesOnService: ['functionsv2'], diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.js index 00cecfef9f..04e7ce30b0 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.js @@ -38,12 +38,12 @@ module.exports = { functions.data.forEach(funct => { if (!funct.name) return; - if (!funct.environment || funct.environment !== 'GEN_2') return; + if (!funct.buildConfig || !funct.buildConfig.functionTarget) return; - let serviceConfig = funct.serviceConfig || {}; + let triggerType = funct.template && funct.template.annotations ? funct.template.annotations['cloudfunctions.googleapis.com/trigger-type'] : null; - if (serviceConfig.uri) { - if (serviceConfig.securityLevel && serviceConfig.securityLevel == 'SECURE_ALWAYS') { + if (triggerType === 'HTTP_TRIGGER' || funct.uri) { + if (funct.uri && funct.uri.startsWith('https://')) { helpers.addResult(results, 0, 'Cloud Function is configured to require HTTPS for HTTP invocations', region, funct.name); } else { diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.spec.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.spec.js index 0d7d2b42f6..3d2c5ec167 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.spec.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2HttpsOnly.spec.js @@ -4,56 +4,56 @@ var plugin = require('./cloudFunctionV2HttpsOnly'); const functions = [ { - "name": "projects/my-test-project/locations/us-central1/functions/function-1", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-1", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" + }, + "template": { + "annotations": { + "cloudfunctions.googleapis.com/trigger-type": "HTTP_TRIGGER" + } }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "uri": "https://us-central1-my-test-project.cloudfunctions.net/function-1", - "securityLevel": "SECURE_OPTIONAL" + "uri": "http://us-central1-my-test-project.cloudfunctions.net/function-1", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-2", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-2", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" + }, + "template": { + "annotations": { + "cloudfunctions.googleapis.com/trigger-type": "HTTP_TRIGGER" + } }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "uri": "https://us-central1-my-test-project.cloudfunctions.net/function-2", - "securityLevel": "SECURE_ALWAYS" + "uri": "https://us-central1-my-test-project.cloudfunctions.net/function-2", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-3", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "handleEvent" + "name": "projects/my-test-project/locations/us-central1/services/function-3", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" + }, + "template": { + "annotations": { + "cloudfunctions.googleapis.com/trigger-type": "EVENT_TRIGGER" + } }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com" + "buildConfig": { + "functionTarget": "handleEvent" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-4", - "environment": "GEN_1", - "state": "ACTIVE", - "runtime": "nodejs14", - "httpsTrigger": { - "url": "https://us-central1-my-test-project.cloudfunctions.net/function-4", - "securityLevel": "SECURE_OPTIONAL" + "name": "projects/my-test-project/locations/us-central1/services/regular-service", + "labels": { + "app": "my-app" } } ]; @@ -158,7 +158,7 @@ describe('httpTriggerRequireHttps', function () { plugin.run(cache, {}, callback); }); - it('should not check Gen 1 functions in v2 API response', function (done) { + it('should not check non-Cloud Functions services in Cloud Run API response', function (done) { const callback = (err, results) => { expect(results.length).to.equal(0); done(); @@ -174,4 +174,3 @@ describe('httpTriggerRequireHttps', function () { }) }); - diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.js index 78219be8b3..4e6e535127 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.js @@ -38,13 +38,11 @@ module.exports = { functions.data.forEach(func => { if (!func.name) return; - if (!func.environment || func.environment !== 'GEN_2') return; + if (!func.buildConfig || !func.buildConfig.functionTarget) return; - let ingressSettings = func.serviceConfig && func.serviceConfig.ingressSettings - ? func.serviceConfig.ingressSettings - : null; + let ingressSettings = func.ingress || null; - if (ingressSettings && ingressSettings.toUpperCase() == 'ALLOW_ALL') { + if (ingressSettings && ingressSettings.toUpperCase() == 'INGRESS_TRAFFIC_ALL') { helpers.addResult(results, 2, 'Cloud Function is configured to allow all traffic', region, func.name); } else if (ingressSettings) { diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.spec.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.spec.js index 13168f81e7..a051e87326 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.spec.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2IngressSettings.spec.js @@ -4,52 +4,43 @@ var plugin = require('./cloudFunctionV2IngressSettings'); const functions = [ { - "name": "projects/my-test-project/locations/us-central1/functions/function-1", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-1", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_ALL" + "ingress": "INGRESS_TRAFFIC_ALL", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-2", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-2", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_INTERNAL_AND_GCLB" + "ingress": "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-3", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-3", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com" + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-4", - "environment": "GEN_1", - "state": "ACTIVE", - "runtime": "nodejs14", - "ingressSettings": "ALLOW_ALL" + "name": "projects/my-test-project/locations/us-central1/services/regular-service", + "labels": { + "app": "my-app" + }, + "ingress": "INGRESS_TRAFFIC_ALL" } ]; @@ -153,7 +144,7 @@ describe('ingressAllTrafficDisabled', function () { plugin.run(cache, {}, callback); }); - it('should not check Gen 1 functions in v2 API response', function (done) { + it('should not check non-Cloud Functions services in Cloud Run API response', function (done) { const callback = (err, results) => { expect(results.length).to.equal(0); done(); @@ -168,5 +159,4 @@ describe('ingressAllTrafficDisabled', function () { }); }) -}); - +}); \ No newline at end of file diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.js index 3d7bdd6444..f263645843 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.js @@ -38,11 +38,13 @@ module.exports = { functions.data.forEach(func => { if (!func.name) return; - if (!func.environment || func.environment !== 'GEN_2') return; + if (!func.buildConfig || !func.buildConfig.functionTarget) return; - if (func.labels && Object.keys(func.labels).length) { + let userLabels = func.labels ? Object.keys(func.labels).filter(key => !key.startsWith('goog-')) : []; + + if (userLabels.length) { helpers.addResult(results, 0, - `${Object.keys(func.labels).length} labels found for Cloud Function`, region, func.name); + `${userLabels.length} labels found for Cloud Function`, region, func.name); } else { helpers.addResult(results, 2, 'Cloud Function does not have any labels', region, func.name); diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.spec.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.spec.js index 2bf55b1c37..3435966098 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.spec.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2LabelsAdded.spec.js @@ -4,40 +4,40 @@ var plugin = require('./cloudFunctionV2LabelsAdded'); const functions = [ { - "name": "projects/my-test-project/locations/us-central1/functions/function-1", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-1", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" + }, + "template": { + "serviceAccount": "test@test-project.iam.gserviceaccount.com" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_ALL" + "ingress": "INGRESS_TRAFFIC_ALL", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-2", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-2", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20", + "deployment-tool": "console-cloud", + "env": "production" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_INTERNAL_AND_GCLB" + "template": { + "serviceAccount": "test@test-project.iam.gserviceaccount.com" }, - "labels": { 'deployment-tool': 'console-cloud', 'env': 'production' } + "ingress": "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER", + "buildConfig": { + "functionTarget": "helloHttp" + } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-3", - "environment": "GEN_1", - "state": "ACTIVE", - "runtime": "nodejs14", - "ingressSettings": "ALLOW_ALL" + "name": "projects/my-test-project/locations/us-central1/services/regular-service", + "labels": { + "app": "my-app" + } } ]; @@ -124,7 +124,7 @@ describe('cloudFunctionLabelsAdded', function () { plugin.run(cache, {}, callback); }); - it('should not check Gen 1 functions in v2 API response', function (done) { + it('should not check non-Cloud Functions services in Cloud Run API response', function (done) { const callback = (err, results) => { expect(results.length).to.equal(0); done(); diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.js index 424fd12b6d..51c856822a 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.js @@ -85,10 +85,9 @@ module.exports = { functions.data.forEach(func => { if (!func.name) return; - if (!func.environment || func.environment !== 'GEN_2') return; + if (!func.buildConfig || !func.buildConfig.functionTarget) return; - let buildConfig = func.buildConfig || {}; - let runtime = buildConfig.runtime; + let runtime = func.labels && func.labels['goog-cloudfunctions-runtime'] ? func.labels['goog-cloudfunctions-runtime'] : null; if (!runtime) { helpers.addResult(results, 2, diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.spec.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.spec.js index 8aa9953135..e5bc27e9a5 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.spec.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2OldRuntime.spec.js @@ -4,48 +4,41 @@ var plugin = require('./cloudFunctionV2OldRuntime'); const functions = [ { - "name": "projects/my-test-project/locations/us-central1/functions/function-1", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs14", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-1", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs14" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_ALL" + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-2", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "python312", - "entryPoint": "main" + "name": "projects/my-test-project/locations/us-central1/services/function-2", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "python312", + "deployment-tool": "console-cloud" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_INTERNAL_AND_GCLB" - }, - "labels": { 'deployment-tool': 'console-cloud' } + "buildConfig": { + "functionTarget": "main" + } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-3", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com" + "name": "projects/my-test-project/locations/us-central1/services/function-3", + "labels": { + "goog-managed-by": "cloudfunctions" + }, + "buildConfig": { + "functionTarget": "handler" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-4", - "environment": "GEN_1", - "state": "ACTIVE", - "runtime": "nodejs14" + "name": "projects/my-test-project/locations/us-central1/services/regular-service", + "labels": { + "app": "my-app", + "runtime": "nodejs14" + } } ]; @@ -149,7 +142,7 @@ describe('cloudFunctionOldRuntime', function () { plugin.run(cache, {}, callback); }); - it('should not check Gen 1 functions in v2 API response', function (done) { + it('should not check non-Cloud Functions services in Cloud Run API response', function (done) { const callback = (err, results) => { expect(results.length).to.equal(0); done(); @@ -165,4 +158,3 @@ describe('cloudFunctionOldRuntime', function () { }) }); - diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.js index 075a94fb49..ee1255a6c3 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.js @@ -38,14 +38,13 @@ module.exports = { functions.data.forEach(func => { if (!func.name) return; - if (!func.environment || func.environment !== 'GEN_2') return; + if (!func.buildConfig || !func.buildConfig.functionTarget) return; - let serviceConfig = func.serviceConfig || {}; - let vpcConnector = serviceConfig.vpcConnector; - let vpcConnectorEgressSettings = serviceConfig.vpcConnectorEgressSettings; + let vpcAccess = func.template && func.template.vpcAccess ? func.template.vpcAccess : null; + let egress = vpcAccess ? vpcAccess.egress : null; - if (vpcConnector) { - if (vpcConnectorEgressSettings && vpcConnectorEgressSettings.toUpperCase() === 'ALL_TRAFFIC') { + if (vpcAccess && (vpcAccess.connector || (vpcAccess.networkInterfaces && vpcAccess.networkInterfaces.length))) { + if (egress && egress.toUpperCase() === 'ALL_TRAFFIC') { helpers.addResult(results, 0, 'Cloud Function is using a VPC Connector to route all traffic', region, func.name); } else { diff --git a/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.spec.js b/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.spec.js index 13ed92c6aa..25ab490275 100644 --- a/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.spec.js +++ b/plugins/google/cloudfunctionsv2/cloudFunctionV2VPCConnector.spec.js @@ -4,56 +4,69 @@ var plugin = require('./cloudFunctionV2VPCConnector'); const functions = [ { - "name": "projects/my-test-project/locations/us-central1/functions/function-1", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-1", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" + }, + "template": { + "serviceAccount": "test@test-project.iam.gserviceaccount.com" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_ALL" + "ingress": "INGRESS_TRAFFIC_ALL", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-2", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-2", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_INTERNAL_AND_GCLB", - "vpcConnector": "projects/my-test-project/locations/us-central1/connectors/cloud-func-connector", - "vpcConnectorEgressSettings": "ALL_TRAFFIC" + "template": { + "serviceAccount": "test@test-project.iam.gserviceaccount.com", + "vpcAccess": { + "connector": "projects/my-test-project/locations/us-central1/connectors/cloud-func-connector", + "egress": "ALL_TRAFFIC" + } + }, + "ingress": "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-3", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-3", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" }, - "serviceConfig": { - "serviceAccountEmail": "test@test-project.iam.gserviceaccount.com", - "vpcConnector": "projects/my-test-project/locations/us-central1/connectors/cloud-func-connector", - "vpcConnectorEgressSettings": "PRIVATE_RANGES_ONLY" + "template": { + "serviceAccount": "test@test-project.iam.gserviceaccount.com", + "vpcAccess": { + "networkInterfaces": [ + { + "network": "testvpc", + "subnetwork": "testvpc" + } + ], + "egress": "PRIVATE_RANGES_ONLY" + } + }, + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-4", - "environment": "GEN_1", - "state": "ACTIVE", - "runtime": "nodejs14", - "vpcConnector": "projects/my-test-project/locations/us-central1/connectors/cloud-func-connector" + "name": "projects/my-test-project/locations/us-central1/services/regular-service", + "labels": { + "app": "my-app" + }, + "template": { + "vpcAccess": { + "connector": "projects/my-test-project/locations/us-central1/connectors/cloud-func-connector" + } + } } ]; @@ -157,7 +170,7 @@ describe('serverlessVPCAccess', function () { plugin.run(cache, {}, callback); }); - it('should not check Gen 1 functions in v2 API response', function (done) { + it('should not check non-Cloud Functions services in Cloud Run API response', function (done) { const callback = (err, results) => { expect(results.length).to.equal(0); done(); @@ -173,4 +186,3 @@ describe('serverlessVPCAccess', function () { }) }); - diff --git a/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.js b/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.js index cceeadedb9..b8578f4497 100644 --- a/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.js +++ b/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.js @@ -38,10 +38,10 @@ module.exports = { functions.data.forEach(func => { if (!func.name) return; - if (!func.environment || func.environment !== 'GEN_2') return; + if (!func.buildConfig || !func.buildConfig.functionTarget) return; - let serviceAccountEmail = func.serviceConfig && func.serviceConfig.serviceAccountEmail - ? func.serviceConfig.serviceAccountEmail + let serviceAccountEmail = func.template && func.template.serviceAccount + ? func.template.serviceAccount : null; if (serviceAccountEmail && serviceAccountEmail.endsWith('@appspot.gserviceaccount.com')) { diff --git a/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.spec.js b/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.spec.js index 0682572761..da00f785b4 100644 --- a/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.spec.js +++ b/plugins/google/cloudfunctionsv2/functionV2DefaultServiceAccount.spec.js @@ -4,53 +4,54 @@ var plugin = require('./functionV2DefaultServiceAccount'); const functions = [ { - "name": "projects/my-test-project/locations/us-central1/functions/function-1", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-1", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" + }, + "template": { + "serviceAccount": "aqua@appspot.gserviceaccount.com" }, - "serviceConfig": { - "serviceAccountEmail": "aqua@appspot.gserviceaccount.com", - "ingressSettings": "ALLOW_ALL" + "ingress": "INGRESS_TRAFFIC_ALL", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-2", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-2", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20", + "deployment-tool": "console-cloud" }, - "serviceConfig": { - "serviceAccountEmail": "custom-sa@my-test-project.iam.gserviceaccount.com", - "ingressSettings": "ALLOW_INTERNAL_AND_GCLB" + "template": { + "serviceAccount": "custom-sa@my-test-project.iam.gserviceaccount.com" }, - "labels": { 'deployment-tool': 'console-cloud' } + "ingress": "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER", + "buildConfig": { + "functionTarget": "helloHttp" + } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-3", - "environment": "GEN_2", - "state": "ACTIVE", - "updateTime": "2021-09-24T06:18:15.265Z", - "buildConfig": { - "runtime": "nodejs20", - "entryPoint": "helloWorld" + "name": "projects/my-test-project/locations/us-central1/services/function-3", + "labels": { + "goog-managed-by": "cloudfunctions", + "goog-cloudfunctions-runtime": "nodejs20" }, - "serviceConfig": { - "ingressSettings": "ALLOW_INTERNAL_ONLY" + "template": {}, + "ingress": "INGRESS_TRAFFIC_INTERNAL_ONLY", + "buildConfig": { + "functionTarget": "helloHttp" } }, { - "name": "projects/my-test-project/locations/us-central1/functions/function-4", - "environment": "GEN_1", - "state": "ACTIVE", - "runtime": "nodejs14", - "serviceAccountEmail": "aqua@appspot.gserviceaccount.com" + "name": "projects/my-test-project/locations/us-central1/services/regular-service", + "labels": { + "app": "my-app" + }, + "template": { + "serviceAccount": "aqua@appspot.gserviceaccount.com" + } } ]; @@ -154,7 +155,7 @@ describe('functionDefaultServiceAccount', function () { plugin.run(cache, {}, callback); }); - it('should not check Gen 1 functions in v2 API response', function (done) { + it('should not check non-Cloud Functions services in Cloud Run API response', function (done) { const callback = (err, results) => { expect(results.length).to.equal(0); done(); @@ -170,4 +171,3 @@ describe('functionDefaultServiceAccount', function () { }) }); -