Merge pull request #1453 from snyk/feat/google_compute_global_forwarding_rule

feat: google compute global forwarding rule

Author: almog27

pkg/iac/terraform/state/terraform_state_reader_test.go

@@ -379,6 +379,7 @@ func TestTerraformStateReader_Google_Resources(t *testing.T) {
 		{name: "compute node group", dirName: "google_compute_node_group", wantErr: false},
 		{name: "compute forwarding rule", dirName: "google_compute_forwarding_rule", wantErr: false},
 		{name: "compute instance group manager", dirName: "google_compute_instance_group_manager", wantErr: false},
+		{name: "compute global forwarding rule", dirName: "google_compute_global_forwarding_rule", wantErr: false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

pkg/iac/terraform/state/test/google_compute_global_forwarding_rule/results.golden.json

@@ -0,0 +1,19 @@
+[
+ {
+  "Id": "projects/driftctl-qa-1/global/forwardingRules/global-rule",
+  "Type": "google_compute_global_forwarding_rule",
+  "Attrs": {
+   "description": "",
+   "id": "projects/driftctl-qa-1/global/forwardingRules/global-rule",
+   "ip_address": "34.120.169.13",
+   "ip_protocol": "TCP",
+   "ip_version": "",
+   "load_balancing_scheme": "EXTERNAL",
+   "name": "global-rule",
+   "port_range": "80",
+   "project": "driftctl-qa-1",
+   "self_link": "https://www.googleapis.com/compute/v1/projects/driftctl-qa-1/global/forwardingRules/global-rule",
+   "target": "projects/driftctl-qa-1/global/targetHttpProxies/target-proxy"
+  }
+ }
+]

pkg/iac/terraform/state/test/google_compute_global_forwarding_rule/terraform.tfstate

@@ -0,0 +1,46 @@
+{
+  "version": 4,
+  "terraform_version": "0.14.6",
+  "serial": 35,
+  "lineage": "49d84423-0f98-9ac4-ffe0-84ef3126d36f",
+  "outputs": {},
+  "resources": [
+    {
+      "mode": "managed",
+      "type": "google_compute_global_forwarding_rule",
+      "name": "default",
+      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "description": "",
+            "id": "projects/driftctl-qa-1/global/forwardingRules/global-rule",
+            "ip_address": "34.120.169.13",
+            "ip_protocol": "TCP",
+            "ip_version": "",
+            "label_fingerprint": "42WmSpB8rSM=",
+            "labels": null,
+            "load_balancing_scheme": "EXTERNAL",
+            "metadata_filters": [],
+            "name": "global-rule",
+            "network": "",
+            "port_range": "80",
+            "project": "driftctl-qa-1",
+            "self_link": "https://www.googleapis.com/compute/v1/projects/driftctl-qa-1/global/forwardingRules/global-rule",
+            "target": "projects/driftctl-qa-1/global/targetHttpProxies/target-proxy",
+            "timeouts": null
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19",
+          "dependencies": [
+            "google_compute_backend_service.default",
+            "google_compute_http_health_check.default",
+            "google_compute_target_http_proxy.default",
+            "google_compute_url_map.default"
+          ]
+        }
+      ]
+    }
+  ]
+}

pkg/remote/google/google_compute_global_forwarding_rule_enumerator.go

@@ -0,0 +1,46 @@
+package google
+
+import (
+	remoteerror "github.com/snyk/driftctl/pkg/remote/error"
+	"github.com/snyk/driftctl/pkg/remote/google/repository"
+	"github.com/snyk/driftctl/pkg/resource"
+	"github.com/snyk/driftctl/pkg/resource/google"
+)
+
+type GoogleComputeGlobalForwardingRuleEnumerator struct {
+	repository repository.AssetRepository
+	factory    resource.ResourceFactory
+}
+
+func NewGoogleComputeGlobalForwardingRuleEnumerator(repo repository.AssetRepository, factory resource.ResourceFactory) *GoogleComputeGlobalForwardingRuleEnumerator {
+	return &GoogleComputeGlobalForwardingRuleEnumerator{
+		repository: repo,
+		factory:    factory,
+	}
+}
+
+func (e *GoogleComputeGlobalForwardingRuleEnumerator) SupportedType() resource.ResourceType {
+	return google.GoogleComputeGlobalForwardingRuleResourceType
+}
+
+func (e *GoogleComputeGlobalForwardingRuleEnumerator) Enumerate() ([]*resource.Resource, error) {
+	globalForwardingRules, err := e.repository.SearchAllGlobalForwardingRules()
+	if err != nil {
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
+	}
+
+	results := make([]*resource.Resource, 0, len(globalForwardingRules))
+
+	for _, res := range globalForwardingRules {
+		results = append(
+			results,
+			e.factory.CreateAbstractResource(
+				string(e.SupportedType()),
+				trimResourceName(res.GetName()),
+				map[string]interface{}{},
+			),
+		)
+	}
+
+	return results, err
+}

pkg/remote/google/init.go

@@ -101,6 +101,7 @@ func Init(version string, alerter *alerter.Alerter,
 	remoteLibrary.AddEnumerator(NewGoogleComputeNodeGroupEnumerator(assetRepository, factory))
 	remoteLibrary.AddEnumerator(NewGoogleComputeForwardingRuleEnumerator(assetRepository, factory))
 	remoteLibrary.AddEnumerator(NewGoogleComputeInstanceGroupManagerEnumerator(assetRepository, factory))
+	remoteLibrary.AddEnumerator(NewGoogleComputeGlobalForwardingRuleEnumerator(assetRepository, factory))
 
 	err = resourceSchemaRepository.Init(terraform.GOOGLE, provider.Version(), provider.Schema())
 	if err != nil {

pkg/remote/google/repository/asset.go

@@ -13,29 +13,30 @@ import (
 
 // https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_resource_types
 const (
-	storageBucketAssetType         = "storage.googleapis.com/Bucket"
-	computeFirewallAssetType       = "compute.googleapis.com/Firewall"
-	computeRouterAssetType         = "compute.googleapis.com/Router"
-	computeInstanceAssetType       = "compute.googleapis.com/Instance"
-	computeNetworkAssetType        = "compute.googleapis.com/Network"
-	computeSubnetworkAssetType     = "compute.googleapis.com/Subnetwork"
-	computeDiskAssetType           = "compute.googleapis.com/Disk"
-	computeImageAssetType          = "compute.googleapis.com/Image"
-	dnsManagedZoneAssetType        = "dns.googleapis.com/ManagedZone"
-	computeInstanceGroupAssetType  = "compute.googleapis.com/InstanceGroup"
-	bigqueryDatasetAssetType       = "bigquery.googleapis.com/Dataset"
-	bigqueryTableAssetType         = "bigquery.googleapis.com/Table"
-	computeAddressAssetType        = "compute.googleapis.com/Address"
-	computeGlobalAddressAssetType  = "compute.googleapis.com/GlobalAddress"
-	cloudFunctionsFunction         = "cloudfunctions.googleapis.com/CloudFunction"
-	bigtableInstanceAssetType      = "bigtableadmin.googleapis.com/Instance"
-	bigtableTableAssetType         = "bigtableadmin.googleapis.com/Table"
-	sqlDatabaseInstanceAssetType   = "sqladmin.googleapis.com/Instance"
-	healthCheckAssetType           = "compute.googleapis.com/HealthCheck"
-	cloudRunServiceAssetType       = "run.googleapis.com/Service"
-	nodeGroupAssetType             = "compute.googleapis.com/NodeGroup"
-	computeForwardingRuleAssetType = "compute.googleapis.com/ForwardingRule"
-	instanceGroupManagerAssetType  = "compute.googleapis.com/InstanceGroupManager"
+	storageBucketAssetType               = "storage.googleapis.com/Bucket"
+	computeFirewallAssetType             = "compute.googleapis.com/Firewall"
+	computeRouterAssetType               = "compute.googleapis.com/Router"
+	computeInstanceAssetType             = "compute.googleapis.com/Instance"
+	computeNetworkAssetType              = "compute.googleapis.com/Network"
+	computeSubnetworkAssetType           = "compute.googleapis.com/Subnetwork"
+	computeDiskAssetType                 = "compute.googleapis.com/Disk"
+	computeImageAssetType                = "compute.googleapis.com/Image"
+	dnsManagedZoneAssetType              = "dns.googleapis.com/ManagedZone"
+	computeInstanceGroupAssetType        = "compute.googleapis.com/InstanceGroup"
+	bigqueryDatasetAssetType             = "bigquery.googleapis.com/Dataset"
+	bigqueryTableAssetType               = "bigquery.googleapis.com/Table"
+	computeAddressAssetType              = "compute.googleapis.com/Address"
+	computeGlobalAddressAssetType        = "compute.googleapis.com/GlobalAddress"
+	cloudFunctionsFunction               = "cloudfunctions.googleapis.com/CloudFunction"
+	bigtableInstanceAssetType            = "bigtableadmin.googleapis.com/Instance"
+	bigtableTableAssetType               = "bigtableadmin.googleapis.com/Table"
+	sqlDatabaseInstanceAssetType         = "sqladmin.googleapis.com/Instance"
+	healthCheckAssetType                 = "compute.googleapis.com/HealthCheck"
+	cloudRunServiceAssetType             = "run.googleapis.com/Service"
+	nodeGroupAssetType                   = "compute.googleapis.com/NodeGroup"
+	computeForwardingRuleAssetType       = "compute.googleapis.com/ForwardingRule"
+	instanceGroupManagerAssetType        = "compute.googleapis.com/InstanceGroupManager"
+	computeGlobalForwardingRuleAssetType = "compute.googleapis.com/GlobalForwardingRule"
 )
 
 type AssetRepository interface {
@@ -62,6 +63,7 @@ type AssetRepository interface {
 	SearchAllNodeGroups() ([]*assetpb.Asset, error)
 	SearchAllForwardingRules() ([]*assetpb.Asset, error)
 	SearchAllInstanceGroupManagers() ([]*assetpb.Asset, error)
+	SearchAllGlobalForwardingRules() ([]*assetpb.Asset, error)
 }
 
 type assetRepository struct {
@@ -91,6 +93,7 @@ func (s assetRepository) listAllResources(ty string) ([]*assetpb.Asset, error) {
 			nodeGroupAssetType,
 			computeForwardingRuleAssetType,
 			instanceGroupManagerAssetType,
+			computeGlobalForwardingRuleAssetType,
 		},
 	}
 	var results []*assetpb.Asset
@@ -273,3 +276,7 @@ func (s assetRepository) SearchAllForwardingRules() ([]*assetpb.Asset, error) {
 func (s assetRepository) SearchAllInstanceGroupManagers() ([]*assetpb.Asset, error) {
 	return s.listAllResources(instanceGroupManagerAssetType)
 }
+
+func (s assetRepository) SearchAllGlobalForwardingRules() ([]*assetpb.Asset, error) {
+	return s.listAllResources(computeGlobalForwardingRuleAssetType)
+}

pkg/remote/google/repository/mock_AssetRepository.go

@@ -1652,3 +1652,112 @@ func TestGoogleComputeInstanceGroupManager(t *testing.T) {
 		})
 	}
 }
+
+func TestGoogleComputeGlobalForwardingRule(t *testing.T) {
+	cases := []struct {
+		test             string
+		assertExpected   func(t *testing.T, got []*resource.Resource)
+		response         []*assetpb.Asset
+		responseErr      error
+		setupAlerterMock func(alerter *mocks.AlerterInterface)
+		wantErr          error
+	}{
+		{
+			test:     "no compute global forwarding rules",
+			response: []*assetpb.Asset{},
+			assertExpected: func(t *testing.T, got []*resource.Resource) {
+				assert.Len(t, got, 0)
+			},
+		},
+		{
+			test: "multiple compute global forwarding rules",
+			assertExpected: func(t *testing.T, got []*resource.Resource) {
+				assert.Len(t, got, 2)
+				assert.Equal(t, "//projects/driftctl-qa-1/global/forwardingRules/global-rule-foo", got[0].ResourceId())
+				assert.Equal(t, "google_compute_global_forwarding_rule", got[0].ResourceType())
+
+				assert.Equal(t, "//projects/driftctl-qa-1/global/forwardingRules/global-rule-bar", got[1].ResourceId())
+				assert.Equal(t, "google_compute_global_forwarding_rule", got[1].ResourceType())
+			},
+			response: []*assetpb.Asset{
+				{
+					AssetType: "compute.googleapis.com/GlobalForwardingRule",
+					Name:      "//projects/driftctl-qa-1/global/forwardingRules/global-rule-foo",
+				},
+				{
+					AssetType: "compute.googleapis.com/GlobalForwardingRule",
+					Name:      "//projects/driftctl-qa-1/global/forwardingRules/global-rule-bar",
+				},
+			},
+		},
+		{
+			test: "cannot list compute global forwarding rules",
+			assertExpected: func(t *testing.T, got []*resource.Resource) {
+				assert.Len(t, got, 0)
+			},
+			responseErr: status.Error(codes.PermissionDenied, "The caller does not have permission"),
+			setupAlerterMock: func(alerter *mocks.AlerterInterface) {
+				alerter.On(
+					"SendAlert",
+					"google_compute_global_forwarding_rule",
+					alerts.NewRemoteAccessDeniedAlert(
+						common.RemoteGoogleTerraform,
+						remoteerr.NewResourceListingError(
+							status.Error(codes.PermissionDenied, "The caller does not have permission"),
+							"google_compute_global_forwarding_rule",
+						),
+						alerts.EnumerationPhase,
+					),
+				).Once()
+			},
+		},
+	}
+
+	providerVersion := "3.78.0"
+	schemaRepository := testresource.InitFakeSchemaRepository(terraform.GOOGLE, providerVersion)
+	googleresource.InitResourcesMetadata(schemaRepository)
+	factory := terraform.NewTerraformResourceFactory(schemaRepository)
+
+	for _, c := range cases {
+		t.Run(c.test, func(tt *testing.T) {
+			scanOptions := ScannerOptions{}
+			providerLibrary := terraform.NewProviderLibrary()
+			remoteLibrary := common.NewRemoteLibrary()
+
+			// Initialize mocks
+			alerter := &mocks.AlerterInterface{}
+			if c.setupAlerterMock != nil {
+				c.setupAlerterMock(alerter)
+			}
+
+			assetClient, err := testgoogle.NewFakeAssertServerWithList(c.response, c.responseErr)
+			if err != nil {
+				tt.Fatal(err)
+			}
+
+			realProvider, err := terraform2.InitTestGoogleProvider(providerLibrary, providerVersion)
+			if err != nil {
+				tt.Fatal(err)
+			}
+
+			repo := repository.NewAssetRepository(assetClient, realProvider.GetConfig(), cache.New(0))
+
+			remoteLibrary.AddEnumerator(google.NewGoogleComputeGlobalForwardingRuleEnumerator(repo, factory))
+
+			testFilter := &filter.MockFilter{}
+			testFilter.On("IsTypeIgnored", mock.Anything).Return(false)
+
+			s := NewScanner(remoteLibrary, alerter, scanOptions, testFilter)
+			got, err := s.Resources()
+			assert.Equal(tt, err, c.wantErr)
+			if err != nil {
+				return
+			}
+			alerter.AssertExpectations(tt)
+			testFilter.AssertExpectations(tt)
+			if c.assertExpected != nil {
+				c.assertExpected(t, got)
+			}
+		})
+	}
+}

pkg/remote/google_compute_scanner_test.go

@@ -0,0 +1,3 @@
+package google
+
+const GoogleComputeGlobalForwardingRuleResourceType = "google_compute_global_forwarding_rule"

pkg/resource/google/google_compute_global_forwarding_rule.go

@@ -0,0 +1,30 @@
+package google_test
+
+import (
+	"testing"
+
+	"github.com/snyk/driftctl/test"
+	"github.com/snyk/driftctl/test/acceptance"
+)
+
+func TestAcc_Google_ComputeGlobalForwardingRule(t *testing.T) {
+	acceptance.Run(t, acceptance.AccTestCase{
+		TerraformVersion: "0.15.5",
+		Paths:            []string{"./testdata/acc/google_compute_global_forwarding_rule"},
+		Args: []string{
+			"scan",
+			"--to", "gcp+tf",
+		},
+		Checks: []acceptance.AccCheck{
+			{
+				Check: func(result *test.ScanResult, stdout string, err error) {
+					if err != nil {
+						t.Fatal(err)
+					}
+					result.AssertInfrastructureIsInSync()
+					result.AssertManagedCount(1)
+				},
+			},
+		},
+	})
+}