From 0ce81743f2b964f29ee4dfbe6e15f8167b9954e1 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Thu, 8 Jul 2021 08:57:27 +0200 Subject: [PATCH] Update CAI example (#274) * Add Asset Inventory API to project module * Create feed from terraform in CAI example * Fix tests * sort services Co-authored-by: Ludovico Magnocavallo --- .../README.md | 3 --- .../asset-inventory-feed-remediation/main.tf | 19 +++++++++++++++++-- .../outputs.tf | 11 ----------- modules/project/outputs.tf | 3 ++- modules/project/service_accounts.tf | 3 ++- .../test_plan.py | 2 +- .../test_plan.py | 2 +- .../data_platform_foundations/test_plan.py | 2 +- 8 files changed, 24 insertions(+), 21 deletions(-) diff --git a/cloud-operations/asset-inventory-feed-remediation/README.md b/cloud-operations/asset-inventory-feed-remediation/README.md index 5d584935..9f624884 100644 --- a/cloud-operations/asset-inventory-feed-remediation/README.md +++ b/cloud-operations/asset-inventory-feed-remediation/README.md @@ -33,7 +33,6 @@ Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/c - `terraform init` - `terraform apply -var project_id=my-project-id` -- copy and paste the `feed_create` output in the console then run it to create the feed Once done testing, you can clean up resources by running `terraform destroy`. To persist state, check out the `backend.tf.sample` file. @@ -41,7 +40,6 @@ Once done testing, you can clean up resources by running `terraform destroy`. To The terraform outputs generate preset `gcloud` commands that you can copy and run in the console, to complete configuration and test the example: -- `feed_create` is run once to create the feed, as there's currently no Terraform resource available for Cloud Asset feeds - `subscription_pull` shows messages in the PubSub queue, to check feed message format if the Cloud Function is disabled - `cf_logs` shows Cloud Function logs to check that remediation works - `tag_add` adds a non-compliant tag to the test instance, and triggers the Cloud Function remediation process @@ -70,7 +68,6 @@ Run the `subscription_pull` command until it returns nothing, then run the follo | name | description | sensitive | |---|---|:---:| | cf_logs | Cloud Function logs read command. | | -| feed_create | Feed gcloud command. | | | subscription_pull | Subscription pull command. | | | tag_add | Instance add tag command. | | | tag_show | Instance add tag command. | | diff --git a/cloud-operations/asset-inventory-feed-remediation/main.tf b/cloud-operations/asset-inventory-feed-remediation/main.tf index 36c56d19..d0487ba8 100644 --- a/cloud-operations/asset-inventory-feed-remediation/main.tf +++ b/cloud-operations/asset-inventory-feed-remediation/main.tf @@ -25,8 +25,9 @@ module "project" { project_create = var.project_create services = [ "cloudasset.googleapis.com", - "compute.googleapis.com", - "cloudfunctions.googleapis.com" + "cloudbuild.googleapis.com", + "cloudfunctions.googleapis.com", + "compute.googleapis.com" ] service_config = { disable_on_destroy = false, @@ -117,3 +118,17 @@ module "simple-vm-example" { resource "random_pet" "random" { length = 1 } + +# Create a feed that sends notifications about instance updates. +resource "google_cloud_asset_project_feed" "project_feed" { + project = module.project.project_id + feed_id = var.name + content_type = "RESOURCE" + asset_types = ["compute.googleapis.com/Instance"] + + feed_output_config { + pubsub_destination { + topic = module.pubsub.topic.id + } + } +} diff --git a/cloud-operations/asset-inventory-feed-remediation/outputs.tf b/cloud-operations/asset-inventory-feed-remediation/outputs.tf index cfa97914..812d69c7 100644 --- a/cloud-operations/asset-inventory-feed-remediation/outputs.tf +++ b/cloud-operations/asset-inventory-feed-remediation/outputs.tf @@ -26,17 +26,6 @@ gcloud logging read ' END } -output "feed_create" { - description = "Feed gcloud command." - value = <