def start_gcp_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
"""
Starts the GCP ingestion process by initializing Google Application Default Credentials, creating the necessary
resource objects, listing all GCP organizations and projects available to the GCP identity, and supplying that
context to all intel modules.
:param neo4j_session: The Neo4j session
:param config: A `cartography.config` object
:return: Nothing
"""
common_job_parameters = {
"UPDATE_TAG": config.update_tag,
}
try:
# Explicitly use Application Default Credentials.
# See https://oauth2client.readthedocs.io/en/latest/source/
# oauth2client.client.html#oauth2client.client.OAuth2Credentials
credentials = GoogleCredentials.get_application_default()
except ApplicationDefaultCredentialsError as e:
logger.debug(
"Error occurred calling GoogleCredentials.get_application_default().",
exc_info=True)
logger.error(
("Unable to initialize Google Compute Platform creds. If you don't have GCP data or don't want to load "
"GCP data then you can ignore this message. Otherwise, the error code is: %s "
"Make sure your GCP credentials are configured correctly, your credentials file (if any) is valid, and "
"that the identity you are authenticating to has the securityReviewer role attached."
),
e,
)
return
resources = _initialize_resources(credentials)
# If we don't have perms to pull Orgs or Folders from GCP, we will skip safely
crm.sync_gcp_organizations(neo4j_session, resources.crm_v1,
config.update_tag, common_job_parameters)
crm.sync_gcp_folders(neo4j_session, resources.crm_v2, config.update_tag,
common_job_parameters)
projects = crm.get_gcp_projects(resources.crm_v1)
_sync_multiple_projects(neo4j_session, resources, projects,
config.update_tag, common_job_parameters)
run_analysis_job(
'gcp_compute_asset_inet_exposure.json',
neo4j_session,
common_job_parameters,
)
run_analysis_job(
'gcp_gke_asset_exposure.json',
neo4j_session,
common_job_parameters,
)
run_analysis_job(
'gcp_gke_basic_auth.json',
neo4j_session,
common_job_parameters,
)
def start_gcp_ingestion(session, config):
common_job_parameters = {
"UPDATE_TAG": config.update_tag,
}
try:
# Explicitly use Application Default Credentials.
# See https://oauth2client.readthedocs.io/en/latest/source/
# oauth2client.client.html#oauth2client.client.OAuth2Credentials
credentials = GoogleCredentials.get_application_default()
except ApplicationDefaultCredentialsError as e:
logger.debug(
"Error occurred calling GoogleCredentials.get_application_default().",
exc_info=True)
logger.error((
"Unable to initialize Google Compute Platform creds. If you don't have GCP data or don't want to load "
"GCP data then you can ignore this message. Otherwise, the error code is: %s "
"Make sure your GCP credentials are configured correctly, your credentials file (if any) is valid, and "
"that the identity you are authenticating to has the securityReviewer role attached."
), e)
return
crm.sync_gcp_organizations(session, credentials, config.update_tag,
common_job_parameters)