Fixes GoogleCloudPlatform#181: DM/forseti: refactoring

GoogleCloudPlatform#181 - Added version, links to docs - Switched to using type provider
bohdanyurov-gl · Jul 16, 2019 · 9172175 · 9172175
1 parent 025d475
commit 9172175
Show file tree

Hide file tree

Showing 6 changed files with 80 additions and 1 deletion.
diff --git a/dm/templates/forseti/client.py b/dm/templates/forseti/client.py
@@ -104,6 +104,7 @@ def generate_config(context):
     resources = [
         {
             'name': instance_name,
+            # https://cloud.google.com/compute/docs/reference/rest/v1/instances
             'type': 'gcp-types/compute-v1:instances',
             'properties':
                 {

diff --git a/dm/templates/forseti/client.py.schema b/dm/templates/forseti/client.py.schema
@@ -15,9 +15,17 @@
 info:
   title: Forseti Security
   author: Sourced Group Inc.
+  version: 1.0.0
   description: |
     Supports creation of a Forseti Security client instance.
 
+    For more information on this resource:
+    https://forsetisecurity.org/
+
+    APIs endpoints used by this template:
+    - gcp-types/compute-v1:instances =>
+        https://cloud.google.com/compute/docs/reference/rest/v1/instances
+
 imports:
   - path: client.py
 
@@ -80,6 +88,7 @@ properties:
   serviceAccountScopes:
     type: array
     default: []
+    uniqItems: true
     description: |
       The list of scopes to be made available for the service account.
     items:
@@ -90,6 +99,7 @@ properties:
         for more details.
   tags:
     type: array
+    uniqItems: true
     default: []
     description: Network tags for the instance.
 

diff --git a/dm/templates/forseti/forseti.py b/dm/templates/forseti/forseti.py
@@ -40,8 +40,16 @@
 ]
 PROJECT_REMOVE_SA = True
 PROJECT_REMOVE_VPC = True
+# https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy
+# https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy
+# https://cloud.google.com/resource-manager/reference/rest/v1/organizations/getIamPolicy
+# https://cloud.google.com/resource-manager/reference/rest/v1/organizations/setIamPolicy
 CLOUD_MAN = 'gcp-types/cloudresourcemanager-v1:cloudresourcemanager'
+# https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/getIamPolicy
+# https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/setIamPolicy
 IAM = 'gcp-types/iam-v1:iam.projects'
+# https://cloud.google.com/storage/docs/json_api/v1/buckets/getIamPolicy
+# https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
 STORAGE = 'gcp-types/storage-v1:storage'
 
 # If True, the organization and project policies that were previously added for
@@ -236,7 +244,8 @@ def get_service_account(
     sa_res_name = account_id
     sa_res = {
         'name': sa_res_name,
-        'type': 'iam.v1.serviceAccount',
+        # https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts
+        'type': 'gcp-types/iam-v1:iam.projects.serviceAccounts',
         'properties':
             {
                 'accountId': account_id,
@@ -501,6 +510,7 @@ def get_cloud_sql(properties, project_id):
 
     sql = {
         'name': instance_name,
+        # https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/instances
         'type': 'gcp-types/sqladmin-v1beta4:instances',
         'properties': {
             'name': instance_name,
@@ -530,6 +540,7 @@ def get_cloud_sql(properties, project_id):
     db_name = instance_name + '-db'
     database = {
         'name': db_name,
+        # https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/databases
         'type': 'gcp-types/sqladmin-v1beta4:databases',
         'properties':
             {
@@ -555,6 +566,7 @@ def get_firewall_rule(name, properties, project_id, network):
 
     resource = {
         'name': name,
+        # https://cloud.google.com/compute/docs/reference/rest/v1/firewalls
         'type': 'gcp-types/compute-v1:firewalls',
         'properties': copy.deepcopy(properties)
     }
@@ -612,6 +624,7 @@ def get_network(project_id):
 
     network = {
         'name': name,
+        # https://cloud.google.com/compute/docs/reference/rest/v1/networks
         'type': 'gcp-types/compute-v1:networks',
         'properties': {
             'name': name,

diff --git a/dm/templates/forseti/forseti.py.schema b/dm/templates/forseti/forseti.py.schema
@@ -15,16 +15,50 @@
 info:
   title: Forseti Security
   author: Sourced Group Inc.
+  version: 1.0.0
   description: |
     Supports creation of a Forseti Security project, client, and server
     instances.
 
+    For more information on this resource:
+    https://forsetisecurity.org/
+
+    APIs endpoints used by this template:
+    - gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.getIamPolicy =>
+      https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy
+    - gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.setIamPolicy =>
+      https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy
+    - gcp-types/cloudresourcemanager-v1:cloudresourcemanager.organizations.getIamPolicy =>
+      https://cloud.google.com/resource-manager/reference/rest/v1/organizations/getIamPolicy
+    - gcp-types/cloudresourcemanager-v1:cloudresourcemanager.organizations.setIamPolicy =>
+      https://cloud.google.com/resource-manager/reference/rest/v1/organizations/setIamPolicy
+    - gcp-types/iam-v1:iam.projects.serviceAccounts.getIamPolicy =>
+      https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/getIamPolicy
+    - gcp-types/iam-v1:iam.projects.serviceAccounts.setIamPolicy =>
+      https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/setIamPolicy
+    - gcp-types/storage-v1:storage.buckets.getIamPolicy =>
+      https://cloud.google.com/storage/docs/json_api/v1/buckets/getIamPolicy
+    - gcp-types/storage-v1:storage.buckets.getIamPolicy =>
+      https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
+    - gcp-types/sqladmin-v1beta4:instances =>
+        https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/instances
+    - gcp-types/sqladmin-v1beta4:databases =>
+        https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/databases
+    - gcp-types/compute-v1:firewalls =>
+        https://cloud.google.com/compute/docs/reference/rest/v1/firewalls
+    - gcp-types/compute-v1:networks =>
+        https://cloud.google.com/compute/docs/reference/rest/v1/networks
+    - gcp-types/iam-v1:iam.projects.serviceAccounts =>
+        https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts
+
 imports:
   - path: ../project/project.py
     name: project.py
   - path: server.py
   - path: client.py
 
+additionalProperties: false
+
 required:
   - project
   - organizationId
@@ -37,6 +71,7 @@ properties:
   project:
     type: object
     description: Forseti project settings.
+    additionalProperties: false
     properties:
       create:
         type: boolean
@@ -54,6 +89,7 @@ properties:
       parent:
         type: object
         description: The parent of the project.
+        additionalProperties: false
         properties:
           type:
             type: string
@@ -78,12 +114,14 @@ properties:
   server:
     type: object
     description: The Forseti server config.
+    additionalProperties: false
     required:
       - zone
     properties:
       serviceAccount:
         type: object
         description: Forseti server's new service account settings.
+        additionalProperties: false
         properties:
           accountId:
             type: string
@@ -139,13 +177,15 @@ properties:
   client:
     type: object
     description: The Forseti client instance configuration.
+    additionalProperties: false
     required:
       - zone
     properties:
       serviceAccount:
         type: object
         description: |
           Forseti client's new service account settings.
+        additionalProperties: false
         properties:
           accountId:
             type: string
@@ -189,6 +229,7 @@ properties:
   bucket:
     type: object
     description: The Forseti server's configuration bucket.
+    additionalProperties: false
     required:
       - name
     properties:
@@ -205,6 +246,7 @@ properties:
   cloudSql:
     type: object
     description: The Forseti Cloud SQL instance configuration.
+    additionalProperties: false
     required:
       - region
       - instanceName

diff --git a/dm/templates/forseti/server.py b/dm/templates/forseti/server.py
@@ -175,6 +175,7 @@ def generate_config(context):
     resources.append(
         {
             'name': instance_name,
+            # https://cloud.google.com/compute/docs/reference/rest/v1/instances
             'type': 'gcp-types/compute-v1:instances',
             'properties':
                 {

diff --git a/dm/templates/forseti/server.py.schema b/dm/templates/forseti/server.py.schema
@@ -15,12 +15,22 @@
 info:
   title: Forseti Security
   author: Sourced Group Inc.
+  version: 1.0.0
   description: |
     Supports creation of a Forseti Security server instance.
 
+    For more information on this resource:
+    https://forsetisecurity.org/
+
+    APIs endpoints used by this template:
+    - gcp-types/compute-v1:instances =>
+        https://cloud.google.com/compute/docs/reference/rest/v1/instances
+
 imports:
   - path: server.py
 
+additionalProperties: false
+
 required:
   - project
   - zone
@@ -104,6 +114,7 @@ properties:
   serviceAccountScopes:
     type: array
     default: []
+    uniqItems: true
     description: |
       The list of scopes to be made available for the service account.
     items:
@@ -114,6 +125,7 @@ properties:
         for more details.
   tags:
     type: array
+    uniqItems: true
     default: []
     description: Network tags for the instance.