Cloud data provider #1144
Merged
Cloud data provider #1144
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request does not have a backport label. Could you fix it @uri-weisman? 🙏
|
📊 Allure Report - 💔 Some tests failed or were broken.
|
5 tasks
olegsu
reviewed
Jul 24, 2023
olegsu
reviewed
Jul 24, 2023
olegsu
reviewed
Jul 24, 2023
olegsu
reviewed
Jul 24, 2023
olegsu
reviewed
Jul 24, 2023
olegsu
reviewed
Jul 24, 2023
olegsu
reviewed
Jul 24, 2023
orestisfl
reviewed
Jul 25, 2023
orestisfl
requested changes
Jul 25, 2023
| @@ -60,25 +72,43 @@ func (a DataProvider) FetchData(_ string, id string) (types.Data, error) { | |||
| } | |||
|
|
|||
| func (a DataProvider) EnrichEvent(event *beat.Event, resMetadata fetching.ResourceMetadata) error { | |||
| _, err := event.Fields.Put(cloudAccountIdField, strings.FirstNonEmpty(resMetadata.AwsAccountId, a.accountId)) | |||
| err := insertIfNotEmpty(cloudAccountIdField, strings.FirstNonEmpty(resMetadata.AwsAccountId, a.accountId), event) | |||
There was a problem hiding this comment.
Blocker: make sure this doesn't break aws orgs account fields (LGTM but let's double check)
There was a problem hiding this comment.
@orestisfl how this can be validated?
There was a problem hiding this comment.
Right now, manually since we don't have E2E tests yet.
However, the unit tests cover the case already so maybe it's overkill.
orestisfl
reviewed
Jul 25, 2023
orestisfl
reviewed
Jul 25, 2023
orestisfl
reviewed
Jul 25, 2023
orestisfl
reviewed
Jul 25, 2023
orestisfl
reviewed
Jul 25, 2023
orestisfl
reviewed
Jul 25, 2023
olegsu
reviewed
Jul 25, 2023
orestisfl
reviewed
Jul 25, 2023
Comment on lines
+35
to
+92
| type ProviderGetter interface { | ||
| GetIdentity(ctx context.Context, cfg config.GcpConfig) (*cloud.Identity, error) | ||
| } | ||
|
|
||
| type Provider struct { | ||
| service ResourceManager | ||
| logger *logp.Logger | ||
| } | ||
|
|
||
| // CloudResourceManagerService is a wrapper around the GCP resource manager service to make it easier to mock | ||
| type CloudResourceManagerService struct { | ||
| service *cloudresourcemanager.Service | ||
| } | ||
|
|
||
| type ResourceManager interface { | ||
| projectsGet(context.Context, string) (*cloudresourcemanager.Project, error) | ||
| } | ||
|
|
||
| func NewProvider(ctx context.Context, cfg *config.Config, logger *logp.Logger) *Provider { | ||
| gcpClientOpt, err := auth.GetGcpClientConfig(cfg, logger) | ||
| if err != nil { | ||
| logger.Errorf("failed to get GCP client config: %v", err) | ||
| return nil | ||
| } | ||
| gcpClientOpt = append(gcpClientOpt, option.WithScopes(cloudresourcemanager.CloudPlatformReadOnlyScope)) | ||
| crmService, err := cloudresourcemanager.NewService(ctx, gcpClientOpt...) | ||
| if err != nil { | ||
| logger.Errorf("failed to create GCP resource manager service: %v", err) | ||
| return nil | ||
| } | ||
|
|
||
| return &Provider{ | ||
| service: &CloudResourceManagerService{service: crmService}, | ||
| logger: logger, | ||
| } | ||
| } | ||
|
|
||
| // GetIdentity returns GCP identity information | ||
| func (p *Provider) GetIdentity(ctx context.Context, cfg config.GcpConfig) (*cloud.Identity, error) { | ||
| proj, err := p.service.projectsGet(ctx, "projects/"+cfg.ProjectId) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| return &cloud.Identity{ | ||
| Provider: provider, | ||
| ProjectId: proj.ProjectId, | ||
| ProjectName: proj.DisplayName, | ||
| }, nil | ||
| } | ||
|
|
||
| func (p *CloudResourceManagerService) projectsGet(ctx context.Context, id string) (*cloudresourcemanager.Project, error) { | ||
| project, err := p.service.Projects.Get(id).Context(ctx).Do() | ||
| if err != nil { | ||
| return nil, fmt.Errorf("unable to get project with id '%v': %v", id, err) | ||
| } | ||
| return project, nil | ||
| } |
There was a problem hiding this comment.
Returning nil from NewProvider can introduce segfault risks. GetIdentity is only called once in the lifetime of the app so we can move all initialization code in the body of the function like we do for other Dependencies in the Benchmark
Suggested change
| type ProviderGetter interface { | |
| GetIdentity(ctx context.Context, cfg config.GcpConfig) (*cloud.Identity, error) | |
| } | |
| type Provider struct { | |
| service ResourceManager | |
| logger *logp.Logger | |
| } | |
| // CloudResourceManagerService is a wrapper around the GCP resource manager service to make it easier to mock | |
| type CloudResourceManagerService struct { | |
| service *cloudresourcemanager.Service | |
| } | |
| type ResourceManager interface { | |
| projectsGet(context.Context, string) (*cloudresourcemanager.Project, error) | |
| } | |
| func NewProvider(ctx context.Context, cfg *config.Config, logger *logp.Logger) *Provider { | |
| gcpClientOpt, err := auth.GetGcpClientConfig(cfg, logger) | |
| if err != nil { | |
| logger.Errorf("failed to get GCP client config: %v", err) | |
| return nil | |
| } | |
| gcpClientOpt = append(gcpClientOpt, option.WithScopes(cloudresourcemanager.CloudPlatformReadOnlyScope)) | |
| crmService, err := cloudresourcemanager.NewService(ctx, gcpClientOpt...) | |
| if err != nil { | |
| logger.Errorf("failed to create GCP resource manager service: %v", err) | |
| return nil | |
| } | |
| return &Provider{ | |
| service: &CloudResourceManagerService{service: crmService}, | |
| logger: logger, | |
| } | |
| } | |
| // GetIdentity returns GCP identity information | |
| func (p *Provider) GetIdentity(ctx context.Context, cfg config.GcpConfig) (*cloud.Identity, error) { | |
| proj, err := p.service.projectsGet(ctx, "projects/"+cfg.ProjectId) | |
| if err != nil { | |
| return nil, err | |
| } | |
| return &cloud.Identity{ | |
| Provider: provider, | |
| ProjectId: proj.ProjectId, | |
| ProjectName: proj.DisplayName, | |
| }, nil | |
| } | |
| func (p *CloudResourceManagerService) projectsGet(ctx context.Context, id string) (*cloudresourcemanager.Project, error) { | |
| project, err := p.service.Projects.Get(id).Context(ctx).Do() | |
| if err != nil { | |
| return nil, fmt.Errorf("unable to get project with id '%v': %v", id, err) | |
| } | |
| return project, nil | |
| } | |
| type ProviderGetter interface { | |
| GetIdentity(ctx context.Context, cfg config.GcpConfig) (*cloud.Identity, error) | |
| } | |
| type Provider struct { | |
| } | |
| // CloudResourceManagerService is a wrapper around the GCP resource manager service to make it easier to mock | |
| type CloudResourceManagerService struct { | |
| service *cloudresourcemanager.Service | |
| } | |
| type ResourceManager interface { | |
| projectsGet(context.Context, string) (*cloudresourcemanager.Project, error) | |
| } | |
| // GetIdentity returns GCP identity information | |
| func (p *Provider) GetIdentity(ctx context.Context, logger *logp.Logger, cfg config.GcpConfig) (*cloud.Identity, error) { | |
| gcpClientOpt, err := auth.GetGcpClientConfig(cfg, logger) | |
| if err != nil { | |
| return nil, err | |
| } | |
| gcpClientOpt = append(gcpClientOpt, option.WithScopes(cloudresourcemanager.CloudPlatformReadOnlyScope)) | |
| crmService, err := cloudresourcemanager.NewService(ctx, gcpClientOpt...) | |
| if err != nil { | |
| logger.Errorf("failed to create GCP resource manager service: %v", err) | |
| return nil, err | |
| } | |
| proj, err := CloudResourceManagerService{service: crmService}.projectsGet(ctx, "projects/"+cfg.ProjectId) | |
| if err != nil { | |
| return nil, err | |
| } | |
| return &cloud.Identity{ | |
| Provider: provider, | |
| ProjectId: proj.ProjectId, | |
| ProjectName: proj.DisplayName, | |
| }, nil | |
| } | |
| func (p CloudResourceManagerService) projectsGet(ctx context.Context, id string) (*cloudresourcemanager.Project, error) { | |
| project, err := p.service.Projects.Get(id).Context(ctx).Do() | |
| if err != nil { | |
| return nil, fmt.Errorf("unable to get project with id '%v': %v", id, err) | |
| } | |
| return project, nil | |
| } |
which also requires changing GetGcpClientConfig:
func GetGcpClientConfig(gcpCred config.GcpConfig, log *logp.Logger) ([]option.ClientOption, error) {There was a problem hiding this comment.
@orestisfl - I get your point but in your implementation, I won't be able to mock the cloudresourcemanager service.
There was a problem hiding this comment.
can we return also an error in that case?
There was a problem hiding this comment.
How about:
// GetIdentity returns GCP identity information
func (p *Provider) GetIdentity(ctx context.Context, cfg config.GcpConfig, logger *logp.Logger) (*cloud.Identity, error) {
if err := p.initialize(ctx, cfg, logger); err != nil {
return nil, err
}
proj, err := p.service.projectsGet(ctx, "projects/"+cfg.ProjectId)
if err != nil {
return nil, err
}
return &cloud.Identity{
Provider: provider,
ProjectId: proj.ProjectId,
ProjectName: proj.DisplayName,
}, nil
}
func (p *Provider) initialize(ctx context.Context, cfg config.GcpConfig, logger *logp.Logger) error {
if p.service != nil {
return nil
}
gcpClientOpt, err := auth.GetGcpClientConfig(cfg, logger)
if err != nil {
return err
}
gcpClientOpt = append(gcpClientOpt, option.WithScopes(cloudresourcemanager.CloudPlatformReadOnlyScope))
crmService, err := cloudresourcemanager.NewService(ctx, gcpClientOpt...)
if err != nil {
return err
}
p.service = &CloudResourceManagerService{service: crmService}
return nil
}
|
This pull request is now in conflicts. Could you fix it? 🙏 |
orestisfl
approved these changes
Jul 25, 2023
| @@ -71,11 +71,11 @@ func validateJSONFromFile(filePath string) error { | |||
|
|
|||
| b, err := os.ReadFile(filePath) | |||
| if err != nil { | |||
| return fmt.Errorf("The file %q cannot be read", filePath) | |||
| return fmt.Errorf("the file %q cannot be read", filePath) | |||
There was a problem hiding this comment.
Suggested change
| return fmt.Errorf("the file %q cannot be read", filePath) | |
| return fmt.Errorf("file %q cannot be read", filePath) |
| } | ||
|
|
||
| if !json.Valid(b) { | ||
| return fmt.Errorf("The file %q does not contain valid JSON", filePath) | ||
| return fmt.Errorf("the file %q does not contain valid JSON", filePath) |
There was a problem hiding this comment.
Suggested change
| return fmt.Errorf("the file %q does not contain valid JSON", filePath) | |
| return fmt.Errorf("file %q does not contain valid JSON", filePath) |
olegsu
approved these changes
Jul 25, 2023
orestisfl
added a commit
to orestisfl/cloudbeat
that referenced
this pull request
Jul 26, 2023
As discussed in elastic#1144 (comment)
2 tasks
orestisfl
added a commit
to orestisfl/cloudbeat
that referenced
this pull request
Jul 26, 2023
As discussed in elastic#1144 (comment)
orestisfl
added a commit
that referenced
this pull request
Jul 27, 2023
As discussed in #1144 (comment)
orestisfl
added a commit
that referenced
this pull request
Jul 31, 2023
As discussed in #1144 (comment)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of your changes
Screenshot/Data
GCP
AWS
Related Issues
Checklist