def add_project_generated_fields(config): """Adds a generated_fields block to a project definition.""" project_id = config.project['project_id'] generated_fields = field_generation.get_generated_fields_ref( project_id, config.root) generated_fields[ 'log_sink_service_account'] = utils.get_log_sink_service_account( _LOG_SINK_NAME, project_id) gce_instance_info = utils.get_gce_instance_info(project_id) if gce_instance_info: generated_fields['gce_instance_info'] = gce_instance_info
def add_project_generated_fields(config): """Adds a generated_fields block to a project definition.""" project_id = config.project['project_id'] generated_fields = config.generated_fields['projects'][project_id] generated_fields[ 'log_sink_service_account'] = utils.get_log_sink_service_account( _LOG_SINK_NAME, project_id) if 'gce_instances' not in config.project.get('resources', {}): generated_fields.pop('gce_instance_info', None) return gce_instance_info = utils.get_gce_instance_info(project_id) if gce_instance_info: generated_fields['gce_instance_info'] = gce_instance_info
def add_generated_fields(project): """Adds a generated_fields block to a project definition, if not already set. Args: project (dict): Config dictionary of a single project. """ if 'generated_fields' not in project: project_id = project['project_id'] project['generated_fields'] = { 'project_number': utils.get_project_number(project_id), 'log_sink_service_account': utils.get_log_sink_service_account(_LOG_SINK_NAME, project_id), } gce_instance_info = utils.get_gce_instance_info(project_id) if gce_instance_info: project['generated_fields']['gce_instance_info'] = gce_instance_info
def add_project_generated_fields(config): """Adds a generated_fields block to a project definition.""" project_id = config.project['project_id'] logging.info('Adding project post deployment fields for %s', project_id) if _GENERATED_FIELDS_NAME in config.project: return config.project[_GENERATED_FIELDS_NAME] = { 'project_number': utils.get_project_number(project_id), 'log_sink_service_account': utils.get_log_sink_service_account(_LOG_SINK_NAME, project_id), } gce_instance_info = utils.get_gce_instance_info(project_id) if gce_instance_info: config.project[_GENERATED_FIELDS_NAME][ 'gce_instance_info'] = gce_instance_info
def deploy_bigquery_audit_logs(config): """Deploys the BigQuery audit logs dataset, if used.""" if FLAGS.enable_new_style_resources: logging.info('BQ audit logs will be deployed through CFT.') return data_project_id = config.project['project_id'] logs_dataset = copy.deepcopy( config.project['audit_logs']['logs_bigquery_dataset']) if config.audit_logs_project: logging.info('Creating remote BigQuery logs dataset.') audit_project_id = config.audit_logs_project['project_id'] owners_group = config.audit_logs_project['owners_group'] else: logging.info('Creating local BigQuery logs dataset.') audit_project_id = data_project_id logs_dataset['name'] = 'audit_logs' owners_group = config.project['owners_group'] # Get the service account for the newly-created log sink. logs_dataset[ 'log_sink_service_account'] = utils.get_log_sink_service_account( _LOG_SINK_NAME, data_project_id) deployment_name = 'audit-logs-{}-bq'.format( data_project_id.replace('_', '-')) path = os.path.join(os.path.dirname(__file__), 'templates/remote_audit_logs.py') dm_template_dict = { 'imports': [{ 'path': path }], 'resources': [{ 'type': path, 'name': deployment_name, 'properties': { 'owners_group': owners_group, 'auditors_group': config.project['auditors_group'], 'logs_bigquery_dataset': logs_dataset, }, }] } utils.run_deployment(dm_template_dict, deployment_name, audit_project_id)
def add_project_generated_fields(config): """Adds a generated_fields block to a project definition.""" project_id = config.project['project_id'] generated_fields = config.project.get(_GENERATED_FIELDS_NAME) if not generated_fields: generated_fields = {} config.project[_GENERATED_FIELDS_NAME] = generated_fields if 'project_number' not in generated_fields: generated_fields['project_number'] = utils.get_project_number(project_id) if 'log_sink_service_account' not in generated_fields: generated_fields[ 'log_sink_service_account'] = utils.get_log_sink_service_account( _LOG_SINK_NAME, project_id) gce_instance_info = utils.get_gce_instance_info(project_id) if gce_instance_info: generated_fields['gce_instance_info'] = gce_instance_info