Skip to content

Commit

Permalink
fix: add trusting organization options
Browse files Browse the repository at this point in the history
Signed-off-by: seolmin <seolmin@megazone.com>
  • Loading branch information
stat-kwon committed Apr 11, 2024
1 parent e62f436 commit 65c35d2
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 78 deletions.
35 changes: 0 additions & 35 deletions src/plugin/connector/cloud_asset_connector.py

This file was deleted.

4 changes: 0 additions & 4 deletions src/plugin/connector/resource_manager_v1_connector.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,3 @@ def __init__(self, **kwargs):
def list_projects(self):
result = self.client.projects().list().execute()
return result.get("projects", [])

def get_iam_policy(self, resource=None):
resource = resource or f"{self.project_id}"
return self.client.projects().getIamPolicy(resource=resource).execute()
53 changes: 14 additions & 39 deletions src/plugin/manager/account_collector_manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
from spaceone.core.manager import BaseManager
from plugin.connector.resource_manager_v1_connector import ResourceManagerV1Connector
from plugin.connector.resource_manager_v3_connector import ResourceManagerV3Connector
from plugin.connector.cloud_asset_connector import CloudAssetConnector

_LOGGER = logging.getLogger("spaceone")

Expand All @@ -16,17 +15,22 @@ class AccountCollectorManager(BaseManager):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.options = kwargs["options"]
self.trusting_organization = self.options.get("trusting_organization", False)
self.exclude_projects = self.options.get("exclude_projects", [])
self.exclude_folders = self.options.get("exclude_folders", [])
self.exclude_folders = [
str(int(folder_id)) for folder_id in self.exclude_folders
]

self.secret_data = kwargs["secret_data"]
self.trusted_service_account = self.secret_data["client_email"]

self.resource_manager_v1_connector = ResourceManagerV1Connector(
secret_data=self.secret_data
)
self.resource_manager_v3_connector = ResourceManagerV3Connector(
secret_data=self.secret_data
)
self.cloud_asset_connector = CloudAssetConnector(secret_data=self.secret_data)
self.exclude_projects = None
self.exclude_folders = None
self.results = []

def sync(self) -> list:
Expand All @@ -43,12 +47,6 @@ def sync(self) -> list:
}
]
"""
self.exclude_projects = self.options.get("exclude_projects", [])
self.exclude_folders = self.options.get("exclude_folders", [])
self.exclude_folders = [
str(int(folder_id)) for folder_id in self.exclude_folders
]

projects_info = self.resource_manager_v1_connector.list_projects()
organization_info = self._get_organization_info(projects_info)

Expand Down Expand Up @@ -148,8 +146,12 @@ def _create_project_response(self, parent, locations):
self._check_exclude_project(project_id)
and project_state == "ACTIVE"
):
self._check_list_iam_polices_by_api(project_id)
if self._is_trusting_project(project_id):
if self.trusting_organization:
_LOGGER.debug(
f"[sync] ServiceAccount is Trusted with Organization (ServiceAccount: {self.trusted_service_account}, Project ID: {project_id})"
)
self.results.append(self._make_result(project_info, locations))
elif self._is_trusting_project(project_id):
self.results.append(self._make_result(project_info, locations))
else:
self.results.append(
Expand Down Expand Up @@ -180,30 +182,3 @@ def _check_exclude_project(self, project_id):
if fnmatch.fnmatch(project_id, exclude_project_id):
return False
return True

def _check_list_iam_polices_by_api(self, project_id):
try:
rm_project_polices = self.resource_manager_v1_connector.get_iam_policy(
resource=project_id
)
_LOGGER.debug(
f"[sync] project_polices by resource manager api: {rm_project_polices}"
)
except Exception as e:
_LOGGER.error(
f"[sync] failed to get project_polices by resource manager api => {e}"
)

try:
ca_project_polices = self.cloud_asset_connector.list_iam_polices_in_project(
project_id
)
sleep(2)

_LOGGER.debug(
f"[sync] project_polices by cloud asset api : {ca_project_polices}"
)
except Exception as e:
_LOGGER.error(
f"[sync] failed to get project_polices by cloud asset api => {e}"
)

0 comments on commit 65c35d2

Please sign in to comment.