Merge pull request #233 from JupiterOne/fix-org-step-state

Disable organization steps using both configurationOrganizationProjects config value and whether the service API is enabled
JupiterOne · Jun 9, 2021 · f328973 · f328973
2 parents 2b622e3 + 962737d
commit f328973
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,13 @@ and this project adheres to
 
 ## [Unreleased]
 
+## 0.37.1 - 2021-06-08
+
+### Fixed
+
+- Disable organization steps using both `configurationOrganizationProjects`
+  config value and whether the service API is enabled
+
 ## 0.37.0 - 2021-06-08
 
 ### Added

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@jupiterone/graph-google-cloud",
-  "version": "0.37.0",
+  "version": "0.37.1",
   "description": "A graph conversion tool for https://cloud.google.com/",
   "license": "MPL-2.0",
   "main": "dist/index.js",

diff --git a/src/getStepStartStates.ts b/src/getStepStartStates.ts
@@ -118,19 +118,13 @@ function makeStepStartStates(
   return stepStartStates;
 }
 
-// Perhaps needs a better name?
 // Idea here is that we encapsulate/group all the steps that should be run
 // when configureOrganizationProjects is set
 export function getOrganizationSteps() {
   return [
-    // First of many, others will be VPC-related
     STEP_RESOURCE_MANAGER_ORGANIZATION,
     STEP_RESOURCE_MANAGER_FOLDERS,
     STEP_RESOURCE_MANAGER_ORG_PROJECT_RELATIONSHIPS,
-    STEP_ACCESS_CONTEXT_MANAGER_ACCESS_POLICIES,
-    STEP_ACCESS_CONTEXT_MANAGER_ACCESS_LEVELS,
-    STEP_ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETERS,
-    CLOUD_ASSET_STEPS.BINDINGS,
   ];
 }
 
@@ -168,6 +162,7 @@ export default async function getStepStartStates(
       `Failed to fetch enabled service names. Ability to list services is required to run the Google Cloud integration. (error=${err.message})`,
     );
   }
+
   const createStepStartState = (
     primaryServiceName: ServiceUsageName,
     ...additionalServiceNames: ServiceUsageName[]
@@ -179,14 +174,35 @@ export default async function getStepStartStates(
     );
   };
 
+  function createOrgStepStartState(
+    primaryServiceName: ServiceUsageName,
+    ...additionalServiceNames: ServiceUsageName[]
+  ): StepStartState {
+    return {
+      disabled:
+        !config.configureOrganizationProjects ||
+        createStepStartState(primaryServiceName, ...additionalServiceNames)
+          .disabled,
+    };
+  }
+
   return {
     // Organization-required steps
     ...makeStepStartStates([...getOrganizationSteps()], organizationSteps),
+    [STEP_ACCESS_CONTEXT_MANAGER_ACCESS_POLICIES]: createOrgStepStartState(
+      ServiceUsageName.ACCESS_CONTEXT_MANAGER,
+    ),
+    [STEP_ACCESS_CONTEXT_MANAGER_ACCESS_LEVELS]: createOrgStepStartState(
+      ServiceUsageName.ACCESS_CONTEXT_MANAGER,
+    ),
+    [STEP_ACCESS_CONTEXT_MANAGER_SERVICE_PERIMETERS]: createOrgStepStartState(
+      ServiceUsageName.ACCESS_CONTEXT_MANAGER,
+    ),
     // Rest of steps...
     // This API will be enabled otherwise fetching services names above would fail
     [STEP_RESOURCE_MANAGER_PROJECT]: { disabled: false },
     [STEP_API_SERVICES]: { disabled: false },
-    [CLOUD_ASSET_STEPS.BINDINGS]: createStepStartState(
+    [CLOUD_ASSET_STEPS.BINDINGS]: createOrgStepStartState(
       ServiceUsageName.CLOUD_ASSET,
     ),
     [STEP_CLOUD_FUNCTIONS]: createStepStartState(

diff --git a/src/google-cloud/types.ts b/src/google-cloud/types.ts
@@ -29,4 +29,5 @@ export enum ServiceUsageName {
   SPANNER = 'spanner.googleapis.com',
   API_GATEWAY = 'apigateway.googleapis.com',
   PRIVATE_CA = 'privateca.googleapis.com',
+  ACCESS_CONTEXT_MANAGER = 'accesscontextmanager.googleapis.com',
 }