Merge pull request #706 from ShubhamPalriwala/feature/668-support-gcp…

…-certs feat: support certificates in GCP
tailwarden · Apr 7, 2023 · 887924e · 887924e
2 parents acd6373 + d0220f8
commit 887924e
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 0 deletions.
diff --git a/go.mod b/go.mod
@@ -74,8 +74,11 @@ require (
 	k8s.io/client-go v0.26.1
 )
 
+require cloud.google.com/go/longrunning v0.4.1 // indirect
+
 require (
 	cloud.google.com/go v0.110.0 // indirect
+	cloud.google.com/go/certificatemanager v1.6.0
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.12.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2 // indirect

diff --git a/go.sum b/go.sum
@@ -3,6 +3,8 @@ cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
 cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
 cloud.google.com/go/bigquery v1.48.0 h1:u+fhS1jJOkPO9vdM84M8HO5VznTfVUicBeoXNKD26ho=
 cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac=
+cloud.google.com/go/certificatemanager v1.6.0 h1:5C5UWeSt8Jkgp7OWn2rCkLmYurar/vIWIoSQ2+LaTOc=
+cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8=
 cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY=
 cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -11,6 +13,7 @@ cloud.google.com/go/datacatalog v1.12.0 h1:3uaYULZRLByPdbuUvacGeqneudztEM4xqKQsB
 cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE=
 cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY=
 cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo=
 cloud.google.com/go/monitoring v1.13.0 h1:2qsrgXGVoRXpP7otZ14eE1I568zAa92sJSDPyOJvwjM=
 cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw=
 cloud.google.com/go/storage v1.30.0 h1:g1yrbxAWOrvg/594228pETWkOi00MLTrOWfh56veU5o=

diff --git a/providers/gcp/certificate/certificate.go b/providers/gcp/certificate/certificate.go
@@ -0,0 +1,81 @@
+package certficate
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"time"
+
+	"github.com/sirupsen/logrus"
+	"github.com/tailwarden/komiser/models"
+	"github.com/tailwarden/komiser/providers"
+	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
+
+	certificatemanager "cloud.google.com/go/certificatemanager/apiv1"
+	certificatemanagerpb "cloud.google.com/go/certificatemanager/apiv1/certificatemanagerpb"
+)
+
+func Certificates(ctx context.Context, client providers.ProviderClient) ([]models.Resource, error) {
+	resources := make([]models.Resource, 0)
+
+	certificateManagerClient, err := certificatemanager.NewClient(ctx, option.WithCredentials(client.GCPClient.Credentials))
+	if err != nil {
+		logrus.WithError(err).Errorf("failed to create certificate client")
+		return resources, err
+	}
+
+	reg := &certificatemanagerpb.ListCertificatesRequest{
+		Parent: "projects/" + client.GCPClient.Credentials.ProjectID + "/locations/global",
+	}
+	certificates := certificateManagerClient.ListCertificates(ctx, reg)
+
+	for {
+		certificate, err := certificates.Next()
+		if err == iterator.Done {
+			break
+		}
+		if err != nil {
+			logrus.WithError(err).Errorf("failed to list certificates")
+			return resources, err
+		}
+
+		certificateNameWithoutProjectAndLocation := extractCertificateName(certificate.Name)
+
+		resources = append(resources, models.Resource{
+			Provider:   "GCP",
+			Account:    client.Name,
+			Service:    "Certificate",
+			ResourceId: certificate.Name,
+			Name:       certificateNameWithoutProjectAndLocation,
+			CreatedAt:  certificate.CreateTime.AsTime(),
+			Cost:       0,
+			Metadata:   certificate.Labels,
+			FetchedAt:  time.Now(),
+			Link:       fmt.Sprintf("https://console.cloud.google.com/security/ccm/certificates/details/global/name/%s?project=%s", certificateNameWithoutProjectAndLocation, client.GCPClient.Credentials.ProjectID),
+		})
+
+	}
+
+	logrus.WithFields(logrus.Fields{
+		"provider":  "GCP",
+		"account":   client.Name,
+		"service":   "Certificate Manager",
+		"resources": len(resources),
+	}).Info("Fetched resources")
+
+	return resources, nil
+
+}
+
+func extractCertificateName(s string) string {
+	pattern := `projects\/[^\/]+\/locations\/[^\/]+\/certificates\/([^\/]+)`
+
+	regex := regexp.MustCompile(pattern)
+	match := regex.FindStringSubmatch(s)
+
+	if len(match) > 1 {
+		return match[1]
+	}
+	return s
+}
diff --git a/providers/gcp/gcp.go b/providers/gcp/gcp.go
@@ -6,6 +6,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/tailwarden/komiser/providers"
 	"github.com/tailwarden/komiser/providers/gcp/bigquery"
+	certficate "github.com/tailwarden/komiser/providers/gcp/certificate"
 	"github.com/tailwarden/komiser/providers/gcp/compute"
 	"github.com/tailwarden/komiser/providers/gcp/storage"
 	"github.com/tailwarden/komiser/utils"
@@ -17,6 +18,7 @@ func listOfSupportedServices() []providers.FetchDataFunction {
 		compute.Instances,
 		storage.Buckets,
 		bigquery.BigQueryTables,
+		certficate.Certificates,
 	}
 }