cloud-foundation-fabric/blueprints/cloud-operations/scheduled-asset-inventory-e.../README.md

# Scheduled Cloud Asset Inventory Export to Bigquery

This blueprint shows how to leverage [Cloud Asset Inventory Exporting to Bigquery](https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery) feature to keep track of your project wide assets over time storing information in Bigquery.

The data stored in Bigquery can then be used for different purposes:

- dashboarding
- analysis

The blueprint uses export resources at the project level for ease of testing, in actual use a few changes are needed to operate at the resource hierarchy level:

- the export should be set at the folder or organization level
- the `roles/cloudasset.viewer` on the service account should be set at the folder or organization level

The resources created in this blueprint are shown in the high level diagram below:

<img src="diagram.png" width="640px">

## Prerequisites

Ensure that you grant your account one of the following roles on your project, folder, or organization:

- Cloud Asset Viewer role (`roles/cloudasset.viewer`)
- Owner primitive role (`roles/owner`)

## Running the blueprint

Clone this repository, specify your variables in a `terraform.tvars` and then go through the following steps to create resources:

- `terraform init`
- `terraform apply`

Once done testing, you can clean up resources by running `terraform destroy`. To persist state, check out the `backend.tf.sample` file.

## Testing the blueprint

Once resources are created, you can run queries on the data you exported on Bigquery. [Here](https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery#querying_an_asset_snapshot) you can find some blueprint of queries you can run.

You can also create a dashboard connecting [Looker Studio](https://lookerstudio.google.com/) or any other BI tools of your choice to your Bigquery dataset.

## File exporter for JSON, CSV (optional). 

This is an optional part.

Regular file-based exports of data from Cloud Asset Inventory may be useful for e.g. scale-out network dependencies discovery tools like [Planet Exporter](https://github.com/williamchanrico/planet-exporter), or to update legacy workloads tracking or configuration management systems. Bigquery supports multiple [export formats](https://cloud.google.com/bigquery/docs/exporting-data#export_formats_and_compression_types) and one may upload objects to Storage Bucket using provided Cloud Function. Specify `job.DestinationFormat` as defined in [documentation](https://cloud.google.com/python/docs/reference/bigquery/latest/google.cloud.bigquery.job.DestinationFormat), e.g. `NEWLINE_DELIMITED_JSON`.

It helps to create custom [scheduled query](https://cloud.google.com/bigquery/docs/scheduling-queries#console) from CAI export tables, and to write out results in to dedicated table (with overwrites). Define such query's output columns to comply with downstream systems' fields requirements, and time query execution after CAI export into BQ for freshness. See [sample queries](https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery-sample-queries).

This is an optional part, created if `cai_gcs_export` is set to `true`. The high level diagram extends to the following:

<img src="diagram_optional.png" width="640px">
<!-- BEGIN TFDOC -->

## Variables

| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [cai_config](variables.tf#L36) | Cloud Asset Inventory export config. | <code title="object&#40;&#123;&#10;  bq_dataset         &#61; string&#10;  bq_table           &#61; string&#10;  bq_table_overwrite &#61; bool&#10;  target_node        &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
| [project_id](variables.tf#L101) | Project id that references existing project. | <code>string</code> | ✓ |  |
| [billing_account](variables.tf#L17) | Billing account id used as default for new projects. | <code>string</code> |  | <code>null</code> |
| [bundle_path](variables.tf#L23) | Path used to write the intermediate Cloud Function code bundle. | <code>string</code> |  | <code>&#34;.&#47;bundle.zip&#34;</code> |
| [bundle_path_cffile](variables.tf#L30) | Path used to write the intermediate Cloud Function code bundle. | <code>string</code> |  | <code>&#34;.&#47;bundle_cffile.zip&#34;</code> |
| [cai_gcs_export](variables.tf#L47) | Enable optional part to export tables to GCS. | <code>bool</code> |  | <code>false</code> |
| [file_config](variables.tf#L54) | Optional BQ table as a file export function config. | <code title="object&#40;&#123;&#10;  bucket     &#61; string&#10;  filename   &#61; string&#10;  format     &#61; string&#10;  bq_dataset &#61; string&#10;  bq_table   &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  bucket     &#61; null&#10;  filename   &#61; null&#10;  format     &#61; null&#10;  bq_dataset &#61; null&#10;  bq_table   &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [location](variables.tf#L73) | Appe Engine location used in the example. | <code>string</code> |  | <code>&#34;europe-west&#34;</code> |
| [name](variables.tf#L80) | Arbitrary string used to name created resources. | <code>string</code> |  | <code>&#34;asset-inventory&#34;</code> |
| [name_cffile](variables.tf#L88) | Arbitrary string used to name created resources. | <code>string</code> |  | <code>&#34;cffile-exporter&#34;</code> |
| [project_create](variables.tf#L95) | Create project instead ofusing an existing one. | <code>bool</code> |  | <code>true</code> |
| [region](variables.tf#L106) | Compute region used in the example. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
| [root_node](variables.tf#L112) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | <code>string</code> |  | <code>null</code> |

## Outputs

| name | description | sensitive |
|---|---|:---:|
| [bq-dataset](outputs.tf#L17) | Bigquery instance details. |  |
| [cloud-function](outputs.tf#L22) | Cloud Function instance details. |  |

<!-- END TFDOC -->

## Test

```hcl
module "test" {
  source          = "./fabric/blueprints/cloud-operations/scheduled-asset-inventory-export-bq"
  billing_account = "1234-ABCD-1234"
  cai_config = {
    bq_dataset         = "my-dataset"
    bq_table           = "my_table"
    bq_table_overwrite = "true"
    target_node        = "organization/1234567890"
  }
  cai_gcs_export = true
  file_config = {
    bucket     = "my-bucket"
    filename   = "my-folder/myfile.json"
    format     = "NEWLINE_DELIMITED_JSON"
    bq_dataset = "my-dataset"
    bq_table   = "my_table"
  }
  project_create = true
  project_id     = "project-1"
}
# tftest modules=8 resources=34
```
Add readme and outputs 2020-09-17 08:26:17 -07:00			`# Scheduled Cloud Asset Inventory Export to Bigquery`

More updates 2 2022-09-09 07:40:37 -07:00			`This blueprint shows how to leverage [Cloud Asset Inventory Exporting to Bigquery](https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery) feature to keep track of your project wide assets over time storing information in Bigquery.`
Add readme and outputs 2020-09-17 08:26:17 -07:00
			`The data stored in Bigquery can then be used for different purposes:`

			`- dashboarding`
			`- analysis`

More updates 2 2022-09-09 07:40:37 -07:00			`The blueprint uses export resources at the project level for ease of testing, in actual use a few changes are needed to operate at the resource hierarchy level:`
Fix roles Implement PR comments Make example at Project level to keep it simpler 2020-09-24 08:16:43 -07:00
remove merge diff 2020-09-24 09:48:40 -07:00			`- the export should be set at the folder or organization level`
			- the `roles/cloudasset.viewer` on the service account should be set at the folder or organization level
Add readme and outputs 2020-09-17 08:26:17 -07:00
More updates 2 2022-09-09 07:40:37 -07:00			`The resources created in this blueprint are shown in the high level diagram below:`
Add readme and outputs 2020-09-17 08:26:17 -07:00
			`<img src="diagram.png" width="640px">`

update changelog, readmes 2020-09-17 08:38:27 -07:00			`## Prerequisites`
minimal Markdown syntax fixes and lang tweaks to READMEs 2020-09-17 11:06:54 -07:00
			`Ensure that you grant your account one of the following roles on your project, folder, or organization:`

			- Cloud Asset Viewer role (`roles/cloudasset.viewer`)
			- Owner primitive role (`roles/owner`)
Add readme and outputs 2020-09-17 08:26:17 -07:00
More updates 2 2022-09-09 07:40:37 -07:00			`## Running the blueprint`
minimal Markdown syntax fixes and lang tweaks to READMEs 2020-09-17 11:06:54 -07:00
Add readme and outputs 2020-09-17 08:26:17 -07:00			Clone this repository, specify your variables in a `terraform.tvars` and then go through the following steps to create resources:

			- `terraform init`
			- `terraform apply`

			Once done testing, you can clean up resources by running `terraform destroy`. To persist state, check out the `backend.tf.sample` file.

More updates 2 2022-09-09 07:40:37 -07:00			`## Testing the blueprint`
Add readme and outputs 2020-09-17 08:26:17 -07:00
More updates 2 2022-09-09 07:40:37 -07:00			`Once resources are created, you can run queries on the data you exported on Bigquery. [Here](https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery#querying_an_asset_snapshot) you can find some blueprint of queries you can run.`
minimal Markdown syntax fixes and lang tweaks to READMEs 2020-09-17 11:06:54 -07:00
Fix external documentation links (#1347) 2023-05-01 22:26:58 -07:00			`You can also create a dashboard connecting [Looker Studio](https://lookerstudio.google.com/) or any other BI tools of your choice to your Bigquery dataset.`
Add readme and outputs 2020-09-17 08:26:17 -07:00
Change README to two diagrams 2021-12-23 01:38:58 -08:00			`## File exporter for JSON, CSV (optional).`
Update test_plan and README 2021-12-16 05:27:51 -08:00
Change README 2021-12-23 06:16:27 -08:00			`This is an optional part.`

Fix external documentation links (#1347) 2023-05-01 22:26:58 -07:00			Regular file-based exports of data from Cloud Asset Inventory may be useful for e.g. scale-out network dependencies discovery tools like [Planet Exporter](https://github.com/williamchanrico/planet-exporter), or to update legacy workloads tracking or configuration management systems. Bigquery supports multiple [export formats](https://cloud.google.com/bigquery/docs/exporting-data#export_formats_and_compression_types) and one may upload objects to Storage Bucket using provided Cloud Function. Specify `job.DestinationFormat` as defined in [documentation](https://cloud.google.com/python/docs/reference/bigquery/latest/google.cloud.bigquery.job.DestinationFormat), e.g. `NEWLINE_DELIMITED_JSON`.
Update test_plan and README 2021-12-16 05:27:51 -08:00
Change README, add diagram ( gcpdraw a6e4ec4f-7d6c-4796-b63e-ee4ce7b1792f ) 2021-12-22 22:26:47 -08:00			`It helps to create custom [scheduled query](https://cloud.google.com/bigquery/docs/scheduling-queries#console) from CAI export tables, and to write out results in to dedicated table (with overwrites). Define such query's output columns to comply with downstream systems' fields requirements, and time query execution after CAI export into BQ for freshness. See [sample queries](https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery-sample-queries).`
Update test_plan and README 2021-12-16 05:27:51 -08:00
Re-run pydoc 2021-12-23 07:20:43 -08:00			This is an optional part, created if `cai_gcs_export` is set to `true`. The high level diagram extends to the following:
Change README to two diagrams 2021-12-23 01:38:58 -08:00
			`<img src="diagram_optional.png" width="640px">`
Add readme and outputs 2020-09-17 08:26:17 -07:00			`<!-- BEGIN TFDOC -->`
Redo pydoc + local linting checks 2021-12-23 07:33:39 -08:00
Add readme and outputs 2020-09-17 08:26:17 -07:00			`## Variables`

			`\| name \| description \| type \| required \| default \|`
Redo pydoc + local linting checks 2021-12-23 07:33:39 -08:00			`\|---\|---\|:---:\|:---:\|:---:\|`
Link vars and outputs from README 2022-01-22 04:34:35 -08:00			`\| [cai_config](variables.tf#L36) \| Cloud Asset Inventory export config. \| <code title="object({ bq_dataset = string bq_table = string bq_table_overwrite = bool target_node = string })">object({…})</code> \| ✓ \| \|`
			`\| [project_id](variables.tf#L101) \| Project id that references existing project. \| <code>string</code> \| ✓ \| \|`
			`\| [billing_account](variables.tf#L17) \| Billing account id used as default for new projects. \| <code>string</code> \| \| <code>null</code> \|`
			`\| [bundle_path](variables.tf#L23) \| Path used to write the intermediate Cloud Function code bundle. \| <code>string</code> \| \| <code>"./bundle.zip"</code> \|`
			`\| [bundle_path_cffile](variables.tf#L30) \| Path used to write the intermediate Cloud Function code bundle. \| <code>string</code> \| \| <code>"./bundle_cffile.zip"</code> \|`
Add periods at the end of each description field where missing (#478) 2022-01-31 01:45:34 -08:00			`\| [cai_gcs_export](variables.tf#L47) \| Enable optional part to export tables to GCS. \| <code>bool</code> \| \| <code>false</code> \|`
Link vars and outputs from README 2022-01-22 04:34:35 -08:00			\| [file_config](variables.tf#L54) \| Optional BQ table as a file export function config. \| <code title="object({ bucket = string filename = string format = string bq_dataset = string bq_table = string })">object({…})</code> \| \| <code title="{ bucket = null filename = null format = null bq_dataset = null bq_table = null }">{…}</code> \|
			`\| [location](variables.tf#L73) \| Appe Engine location used in the example. \| <code>string</code> \| \| <code>"europe-west"</code> \|`
			`\| [name](variables.tf#L80) \| Arbitrary string used to name created resources. \| <code>string</code> \| \| <code>"asset-inventory"</code> \|`
			`\| [name_cffile](variables.tf#L88) \| Arbitrary string used to name created resources. \| <code>string</code> \| \| <code>"cffile-exporter"</code> \|`
			`\| [project_create](variables.tf#L95) \| Create project instead ofusing an existing one. \| <code>bool</code> \| \| <code>true</code> \|`
			`\| [region](variables.tf#L106) \| Compute region used in the example. \| <code>string</code> \| \| <code>"europe-west1"</code> \|`
			`\| [root_node](variables.tf#L112) \| The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. \| <code>string</code> \| \| <code>null</code> \|`
Add readme and outputs 2020-09-17 08:26:17 -07:00
			`## Outputs`

			`\| name \| description \| sensitive \|`
			`\|---\|---\|:---:\|`
Link vars and outputs from README 2022-01-22 04:34:35 -08:00			`\| [bq-dataset](outputs.tf#L17) \| Bigquery instance details. \| \|`
			`\| [cloud-function](outputs.tf#L22) \| Cloud Function instance details. \| \|`
Redo pydoc + local linting checks 2021-12-23 07:33:39 -08:00
Add readme and outputs 2020-09-17 08:26:17 -07:00			`<!-- END TFDOC -->`
Update cloud operations tests 2023-02-10 05:24:10 -08:00
			`## Test`

			```hcl
			`module "test" {`
			`source = "./fabric/blueprints/cloud-operations/scheduled-asset-inventory-export-bq"`
			`billing_account = "1234-ABCD-1234"`
			`cai_config = {`
			`bq_dataset = "my-dataset"`
			`bq_table = "my_table"`
			`bq_table_overwrite = "true"`
			`target_node = "organization/1234567890"`
			`}`
			`cai_gcs_export = true`
			`file_config = {`
			`bucket = "my-bucket"`
			`filename = "my-folder/myfile.json"`
			`format = "NEWLINE_DELIMITED_JSON"`
			`bq_dataset = "my-dataset"`
			`bq_table = "my_table"`
			`}`
			`project_create = true`
			`project_id = "project-1"`
			`}`
			`# tftest modules=8 resources=34`
			```