def split_by_resource(self, metric_list): for m in metric_list: resource_name = jmespath.search(self.metric_key, m) self.resource_metric_dict[resource_name] = m def process_resource(self, resource): resource_metric = resource.setdefault('c7n.metrics', {}) resource_name = self.manager.resource_type.get_metric_resource_name( resource) metric = self.resource_metric_dict.get(resource_name) if not metric and not self.missing_value: return False if not metric: metric_value = self.missing_value else: metric_value = float( list(metric["points"][0]["value"].values())[0]) resource_metric[self.c7n_metric_key] = metric matched = self.op(metric_value, self.value) return matched @classmethod def register_resources(klass, registry, resource_class): resource_class.filter_registry.register('metrics', klass) gcp_resources.subscribe(GCPMetricsFilter.register_resources)
message = { 'event': event, 'account_id': project, 'account': project, 'region': 'all', 'policy': self.manager.data } message['action'] = self.expand_variables(message) for batch in utils.chunks(resources, self.batch_size): message['resources'] = batch self.publish_message(message, client) # Methods to handle GCP Pub Sub topic publishing def publish_message(self, message, client): """Publish message to a GCP pub/sub topic """ return client.execute_command('publish', { 'topic': self.data['transport']['topic'], 'body': { 'messages': { 'data': self.pack(message) } } }) gcp_resources.subscribe( gcp_resources.EVENT_FINAL, Notify.register_notify_action)
rid = r.get('organizationId') rtype = 'organizations' return "//cloudresourcemanager.googleapis.com/{}/{}".format( rtype, rid) def name_container(r): return "//container.googleapis.com/{}".format( "/".join(urlparse(r['selfLink']).path.strip('/').split('/')[1:])) def name_storage(r): return "//storage.googleapis.com/{}".format(r['name']) def name_appengine(r): return "//appengine.googleapis.com/{}".format(r['name']) ResourceNameAdapters = { 'appengine': name_appengine, 'cloudresourcemanager': name_resourcemanager, 'compute': name_compute, 'container': name_container, 'iam': name_iam, 'storage': name_storage, } gcp_resources.subscribe( gcp_resources.EVENT_FINAL, PostFinding.register_resource)
def _get_current_labels(self, resource): return resource.get('labels', {}) @classmethod def register_resources(cls, registry, resource_class): if resource_class.resource_type.labels: resource_class.action_registry.register('set-labels', SetLabelsAction) resource_class.action_registry.register('mark-for-op', LabelDelayedAction) resource_class.filter_registry.register('marked-for-op', LabelActionFilter) gcp_resources.subscribe(BaseLabelAction.register_resources) class SetLabelsAction(BaseLabelAction): """Set labels to GCP resources :example: This policy will label all existing resource groups with a value such as environment .. code-block:: yaml policies: - name: gcp-add-multiple-labels resource: gcp.instance description: |
rtype = 'projects' else: rid = r.get('organizationId') rtype = 'organizations' return "//cloudresourcemanager.googleapis.com/{}/{}".format(rtype, rid) def name_container(r): return "//container.googleapis.com/{}".format("/".join( urlparse(r['selfLink']).path.strip('/').split('/')[1:])) def name_storage(r): return "//storage.googleapis.com/{}".format(r['name']) def name_appengine(r): return "//appengine.googleapis.com/{}".format(r['name']) ResourceNameAdapters = { 'appengine': name_appengine, 'cloudresourcemanager': name_resourcemanager, 'compute': name_compute, 'container': name_container, 'iam': name_iam, 'storage': name_storage, } gcp_resources.subscribe(PostFinding.register_resource)
'region': 'all', 'policy': self.manager.data } message['action'] = self.expand_variables(message) for batch in utils.chunks(resources, self.batch_size): message['resources'] = batch self.publish_message(message, client) # Methods to handle GCP Pub Sub topic publishing def publish_message(self, message, client): """Publish message to a GCP pub/sub topic """ return client.execute_command( 'publish', { 'topic': self.data['transport']['topic'], 'body': { 'messages': { 'data': self.pack(message) } } }) @classmethod def register_resource(cls, registry, resource_class): resource_class.action_registry.register('notify', Notify) gcp_resources.subscribe(Notify.register_resource)
for r in resources: resource_filter.append('resourceName:"{}"'.format(r[self.manager.resource_type.name])) resource_filter.append(' OR ') resource_filter.pop() return ''.join(resource_filter) def split_by_resource(self, finding_list): for f in finding_list: resource_name = f["finding"]["resourceName"].split('/')[-1] resource_findings = self.findings_by_resource.get(resource_name, []) resource_findings.append(f['finding']) self.findings_by_resource[resource_name] = resource_findings def process_resource(self, resource): if not resource.get(self.annotation_key): resource_name = resource[self.manager.resource_type.name] resource[self.annotation_key] = self.findings_by_resource.get(resource_name, []) if self.data.get('key'): resource[self.annotation_key] = [ finding for finding in resource[self.annotation_key] if self.match(finding)] return len(resource[self.annotation_key]) > 0 @classmethod def register_resources(klass, registry, resource_class): resource_class.filter_registry.register('scc-findings', klass) gcp_resources.subscribe(SecurityComandCenterFindingsFilter.register_resources)
return model.get_label_params(resource, all_labels) def _get_current_labels(self, resource): return resource.get('labels', {}) @classmethod def register_resources(cls, registry, resource_class): if resource_class.resource_type.labels: resource_class.action_registry.register('set-labels', SetLabelsAction) resource_class.action_registry.register('mark-for-op', LabelDelayedAction) resource_class.filter_registry.register('marked-for-op', LabelActionFilter) gcp_resources.subscribe(gcp_resources.EVENT_REGISTER, BaseLabelAction.register_resources) class SetLabelsAction(BaseLabelAction): """Set labels to GCP resources :example: This policy will label all existing resource groups with a value such as environment .. code-block:: yaml policies: - name: gcp-add-multiple-labels resource: gcp.instance description: |