def add_project_generated_fields(config):
"""Adds a generated_fields block to a project definition."""
project_id = config.project['project_id']
generated_fields = field_generation.get_generated_fields_ref(
project_id, config.root)
generated_fields[
'log_sink_service_account'] = utils.get_log_sink_service_account(
_LOG_SINK_NAME, project_id)
gce_instance_info = utils.get_gce_instance_info(project_id)
if gce_instance_info:
generated_fields['gce_instance_info'] = gce_instance_info
def add_project_generated_fields(config):
"""Adds a generated_fields block to a project definition."""
project_id = config.project['project_id']
generated_fields = config.generated_fields['projects'][project_id]
generated_fields[
'log_sink_service_account'] = utils.get_log_sink_service_account(
_LOG_SINK_NAME, project_id)
if 'gce_instances' not in config.project.get('resources', {}):
generated_fields.pop('gce_instance_info', None)
return
gce_instance_info = utils.get_gce_instance_info(project_id)
if gce_instance_info:
generated_fields['gce_instance_info'] = gce_instance_info
def add_generated_fields(project):
"""Adds a generated_fields block to a project definition, if not already set.
Args:
project (dict): Config dictionary of a single project.
"""
if 'generated_fields' not in project:
project_id = project['project_id']
project['generated_fields'] = {
'project_number':
utils.get_project_number(project_id),
'log_sink_service_account':
utils.get_log_sink_service_account(_LOG_SINK_NAME, project_id),
}
gce_instance_info = utils.get_gce_instance_info(project_id)
if gce_instance_info:
project['generated_fields']['gce_instance_info'] = gce_instance_info
def add_project_generated_fields(config):
"""Adds a generated_fields block to a project definition."""
project_id = config.project['project_id']
logging.info('Adding project post deployment fields for %s', project_id)
if _GENERATED_FIELDS_NAME in config.project:
return
config.project[_GENERATED_FIELDS_NAME] = {
'project_number':
utils.get_project_number(project_id),
'log_sink_service_account':
utils.get_log_sink_service_account(_LOG_SINK_NAME, project_id),
}
gce_instance_info = utils.get_gce_instance_info(project_id)
if gce_instance_info:
config.project[_GENERATED_FIELDS_NAME][
'gce_instance_info'] = gce_instance_info
def deploy_bigquery_audit_logs(config):
"""Deploys the BigQuery audit logs dataset, if used."""
if FLAGS.enable_new_style_resources:
logging.info('BQ audit logs will be deployed through CFT.')
return
data_project_id = config.project['project_id']
logs_dataset = copy.deepcopy(
config.project['audit_logs']['logs_bigquery_dataset'])
if config.audit_logs_project:
logging.info('Creating remote BigQuery logs dataset.')
audit_project_id = config.audit_logs_project['project_id']
owners_group = config.audit_logs_project['owners_group']
else:
logging.info('Creating local BigQuery logs dataset.')
audit_project_id = data_project_id
logs_dataset['name'] = 'audit_logs'
owners_group = config.project['owners_group']
# Get the service account for the newly-created log sink.
logs_dataset[
'log_sink_service_account'] = utils.get_log_sink_service_account(
_LOG_SINK_NAME, data_project_id)
deployment_name = 'audit-logs-{}-bq'.format(
data_project_id.replace('_', '-'))
path = os.path.join(os.path.dirname(__file__),
'templates/remote_audit_logs.py')
dm_template_dict = {
'imports': [{
'path': path
}],
'resources': [{
'type': path,
'name': deployment_name,
'properties': {
'owners_group': owners_group,
'auditors_group': config.project['auditors_group'],
'logs_bigquery_dataset': logs_dataset,
},
}]
}
utils.run_deployment(dm_template_dict, deployment_name, audit_project_id)
def add_project_generated_fields(config):
"""Adds a generated_fields block to a project definition."""
project_id = config.project['project_id']
generated_fields = config.project.get(_GENERATED_FIELDS_NAME)
if not generated_fields:
generated_fields = {}
config.project[_GENERATED_FIELDS_NAME] = generated_fields
if 'project_number' not in generated_fields:
generated_fields['project_number'] = utils.get_project_number(project_id)
if 'log_sink_service_account' not in generated_fields:
generated_fields[
'log_sink_service_account'] = utils.get_log_sink_service_account(
_LOG_SINK_NAME, project_id)
gce_instance_info = utils.get_gce_instance_info(project_id)
if gce_instance_info:
generated_fields['gce_instance_info'] = gce_instance_info
