gcp - add artifact-repository resource (#8444)

cloud-custodian · May 5, 2023 · 4a3c396 · 4a3c396
1 parent 38774f2
commit 4a3c396
Show file tree

Hide file tree

Showing 10 changed files with 151 additions and 7 deletions.
diff --git a/tools/c7n_gcp/c7n_gcp/query.py b/tools/c7n_gcp/c7n_gcp/query.py
@@ -330,6 +330,17 @@ def _extract_fields(source, mappings):
         return result
 
 
+class RegionalResourceManager(ChildResourceManager):
+
+    def get_parent_resource_query(self):
+        query = None
+        if self.config.regions and 'all' not in self.config.regions:
+            query = [{'name': r} for r in self.config.regions]
+        elif self.config.region:
+            query = [{'name': self.config.region}]
+        return query
+
+
 class TypeMeta(type):
 
     def __repr__(cls):

diff --git a/tools/c7n_gcp/c7n_gcp/region.py b/tools/c7n_gcp/c7n_gcp/region.py
@@ -0,0 +1,46 @@
+# Copyright The Cloud Custodian Authors.
+# SPDX-License-Identifier: Apache-2.0
+import json
+from pathlib import Path
+
+from .provider import resources
+from .query import TypeInfo
+
+
+REGION_DATA_PATH = Path(__file__).parent / "regions.json"
+
+
+@resources.register('region')
+class Region:
+
+    class resource_type(TypeInfo):
+
+        name = id = 'name'
+        scope = 'global'
+        default_report_fields = ['name']
+        service = 'regions'
+
+    filter_registry = {}
+    action_registry = {}
+
+    def __init__(self, ctx=None, data=()):
+        self.ctx = ctx
+        self.data = data
+        with open(REGION_DATA_PATH) as fh:
+            self.regions = json.load(fh)
+
+    def get_permissions(self):
+        return ()
+
+    def resources(self, resource_ids=()):
+        if resource_ids:
+            return [{'name': r} for r in self.regions if r in resource_ids]
+        elif 'query' in self.data:
+            qregions = {q['name'] for q in self.data['query']}
+            return [{'name': r} for r in self.regions if r in qregions]
+        else:
+            return [{'name': r} for r in self.regions]
+
+    @classmethod
+    def get_regions(cls):
+        return list(cls().regions)
diff --git a/tools/c7n_gcp/c7n_gcp/resources/artifactregistry.py b/tools/c7n_gcp/c7n_gcp/resources/artifactregistry.py
@@ -0,0 +1,34 @@
+from c7n.utils import local_session
+from c7n_gcp.provider import resources
+from c7n_gcp.query import RegionalResourceManager, ChildTypeInfo
+
+
+@resources.register('artifact-repository')
+class ArtifactRegistryRepository(RegionalResourceManager):
+    """Artifact Registry Repository
+
+    https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories
+    """
+    class resource_type(ChildTypeInfo):
+        service = 'artifactregistry'
+        version = 'v1'
+        component = 'projects.locations.repositories'
+        enum_spec = ('list', 'repositories[]', None)
+        scope = 'parent'
+        name = id = 'id'
+        parent_spec = {
+            'resource': 'region',
+            'child_enum_params': {
+                ('name', 'region')},
+            'use_child_query': True,
+        }
+        permissions = ('artifactregistry.repositories.list',)
+        default_report_fields = ['displayName', 'expireTime']
+
+    def _get_child_enum_args(self, parent_instance):
+        return {
+            'parent': 'projects/{}/locations/{}'.format(
+                local_session(self.session_factory).get_default_project(),
+                parent_instance['name'],
+            )
+        }
diff --git a/tools/c7n_gcp/c7n_gcp/resources/resource_map.py b/tools/c7n_gcp/c7n_gcp/resources/resource_map.py
@@ -7,6 +7,8 @@
     "gcp.app-engine-domain-mapping": "c7n_gcp.resources.appengine.AppEngineDomainMapping",
     "gcp.app-engine-firewall-ingress-rule": (
         "c7n_gcp.resources.appengine.AppEngineFirewallIngressRule"),
+    "gcp.artifact-repository": (
+        "c7n_gcp.resources.artifactregistry.ArtifactRegistryRepository"),
     "gcp.autoscaler": "c7n_gcp.resources.compute.Autoscaler",
     "gcp.bq-dataset": "c7n_gcp.resources.bigquery.DataSet",
     "gcp.bq-job": "c7n_gcp.resources.bigquery.BigQueryJob",

diff --git a/tools/c7n_gcp/poetry.lock b/tools/c7n_gcp/poetry.lock
diff --git a/...ositories-query/get-v1-projects-cloud-custodian-locations-us-central1-repositories_1.json b/...ositories-query/get-v1-projects-cloud-custodian-locations-us-central1-repositories_1.json
@@ -0,0 +1,28 @@
+{
+  "headers": {
+    "content-type": "application/json; charset=UTF-8",
+    "vary": "Origin, X-Origin, Referer",
+    "date": "Mon, 18 Jul 2022 13:03:45 GMT",
+    "server": "ESF",
+    "cache-control": "private",
+    "x-xss-protection": "0",
+    "x-frame-options": "SAMEORIGIN",
+    "x-content-type-options": "nosniff",
+    "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
+    "transfer-encoding": "chunked",
+    "status": "200",
+    "content-length": "251",
+    "-content-encoding": "gzip",
+    "content-location": "https://artifactregistry.googleapis.com/v1/projects/cloud-custodian/locations/us-central1/repositories?alt=json"
+  },
+  "body": {
+    "repositories": [
+      {
+        "name": "projects/cloud-custodian/locations/us-central1/repositories/test",
+        "format": "DOCKER",
+        "createTime": "2022-07-18T12:12:41.936064Z",
+        "updateTime": "2022-07-18T12:12:41.936064Z"
+      }
+    ]
+  }
+}
diff --git a/tools/c7n_gcp/tests/test_artifactregistry.py b/tools/c7n_gcp/tests/test_artifactregistry.py
@@ -0,0 +1,17 @@
+from gcp_common import BaseTest
+
+
+class ArtifactRegistryRepositoryTest(BaseTest):
+
+    def test_query(self):
+        factory = self.replay_flight_data('artifactregistry-repositories-query')
+        p = self.load_policy({
+            'name': 'artifact',
+            'resource': 'gcp.artifact-repository'},
+            config={'region': 'us-central1'},
+            session_factory=factory)
+        resources = p.run()
+
+        self.assertTrue(len(resources), 1)
+        self.assertEqual(resources[0]['name'], 'projects/cloud-custodian/'
+                                               'locations/us-central1/repositories/test')
diff --git a/tools/c7n_gcp/tests/test_query.py b/tools/c7n_gcp/tests/test_query.py
@@ -16,6 +16,7 @@ def test_gcp_resource_metadata_asset_type():
         'app-engine-certificate',
         'app-engine-firewall-ingress-rule',
         'app-engine-domain-mapping',
+        'artifact-repository',
         'bq-job',
         'bq-project',
         'build',
@@ -31,7 +32,8 @@ def test_gcp_resource_metadata_asset_type():
         'sql-backup-run',
         'sql-ssl-cert',
         'sql-user',
-        'pubsub-snapshot'
+        'pubsub-snapshot',
+        'region'
     ))
     missing = set()
     for k, v in GoogleCloud.resources.items():

diff --git a/tools/c7n_gcp/tests/test_report.py b/tools/c7n_gcp/tests/test_report.py
@@ -15,9 +15,11 @@ def test_report_metadata(self):
 
         missing = set()
         for k, v in GoogleCloud.resources.items():
-            if (not v.resource_type.id or
-                not v.resource_type.name or
-                    not v.resource_type.default_report_fields):
+            if not v.resource_type.id:
+                missing.add("%s~%s" % (k, v))
+            if not v.resource_type.name:
+                missing.add("%s~%s" % (k, v))
+            if not v.resource_type.default_report_fields:
                 missing.add("%s~%s" % (k, v))
 
         if missing:

diff --git a/tools/c7n_gcp/tests/test_resource.py b/tools/c7n_gcp/tests/test_resource.py
@@ -32,6 +32,8 @@ def test_check_permissions(self):
             policy = Bag({'name': 'permcheck',
                      'resource': 'gcp.%s' % k,
                      'provider_name': 'gcp'})
+            if k in ('region',):
+                continue
             ctx = self.get_context(config=cfg, policy=policy)
             mgr = v(ctx, policy)
             perms = mgr.get_permissions()