✨ gcp instance sub-command for v9 (#1681)

This allows to scan a GCP VM via a snapshot/clone. Fixes #1675 Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Sep 12, 2023 · 25f623f · 25f623f
1 parent 34db175
commit 25f623f
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 10 deletions.
diff --git a/providers/gcp/config/config.go b/providers/gcp/config/config.go
@@ -55,13 +55,19 @@ var Config = plugin.Provider{
 					Long:    "project-id",
 					Type:    plugin.FlagType_String,
 					Default: "",
-					Desc:    "specify the GCP project ID where the target instance is located (only used for snapshots)",
+					Desc:    "specify the GCP project ID where the target instance is located",
 				},
 				{
 					Long:    "zone",
 					Type:    plugin.FlagType_String,
 					Default: "",
-					Desc:    "specify the GCP zone where the target instance is located (only used for snapshots)",
+					Desc:    "specify the GCP zone where the target instance is located",
+				},
+				{
+					Long:    "create-snapshot",
+					Type:    plugin.FlagType_Bool,
+					Default: "false",
+					Desc:    "create a new snapshot instead of using the latest available snapshot (only used for instance)",
 				},
 			},
 		},

diff --git a/providers/gcp/connection/connection.go b/providers/gcp/connection/connection.go
@@ -26,6 +26,7 @@ const (
 	Folder
 	Gcr
 	Snapshot
+	Instance
 )
 
 type GcpConnection struct {
@@ -79,6 +80,9 @@ func NewGcpConnection(id uint32, asset *inventory.Asset, conf *inventory.Config)
 	} else if conf.Options["snapshot-name"] != "" {
 		resourceType = Snapshot
 		resourceID = conf.Options["snapshot-name"]
+	} else if conf.Options["instance-name"] != "" {
+		resourceType = Instance
+		resourceID = conf.Options["instance-name"]
 	}
 
 	var override string

diff --git a/providers/gcp/connection/gcpinstancesnapshot/provider.go b/providers/gcp/connection/gcpinstancesnapshot/provider.go
@@ -163,6 +163,8 @@ func NewGcpSnapshotConnection(id uint32, conf *inventory.Config, asset *inventor
 			mi.diskUrl = diskUrl
 
 		}
+		asset.Name = instanceInfo.InstanceName
+		asset.PlatformIds = []string{instanceInfo.PlatformMrn}
 	case "snapshot":
 		snapshotInfo, err := sc.SnapshotInfo(target.ProjectID, target.SnapshotName)
 		if err != nil {
@@ -176,6 +178,8 @@ func NewGcpSnapshotConnection(id uint32, conf *inventory.Config, asset *inventor
 		}
 		log.Debug().Str("disk", diskUrl).Msg("created disk from snapshot")
 		mi.diskUrl = diskUrl
+		asset.Name = conf.Options["snapshot-name"]
+		asset.PlatformIds = []string{snapshotInfo.PlatformMrn}
 	default:
 		return nil, errors.New("invalid target type")
 	}
@@ -217,6 +221,7 @@ func NewGcpSnapshotConnection(id uint32, conf *inventory.Config, asset *inventor
 		PlatformId: conf.PlatformId,
 		Options:    conf.Options,
 		Type:       conf.Type,
+		Record:     conf.Record,
 	}, asset)
 	if err != nil {
 		errorHandler()
@@ -241,11 +246,8 @@ func NewGcpSnapshotConnection(id uint32, conf *inventory.Config, asset *inventor
 		return nil, errors.New("failed to detect OS")
 	}
 	asset.Id = conf.Type
-	asset.Name = conf.Options["snapshot-name"]
 	asset.Platform.Kind = c.Kind()
 	asset.Platform.Runtime = c.Runtime()
-	platformId := fmt.Sprintf("//platformid.api.mondoo.app/runtime/gcp/compute/v1/projects/%s/snapshots/%s", conf.Options["project-id"], conf.Options["snapshot-name"])
-	asset.PlatformIds = []string{platformId}
 
 	return c, nil
 }

diff --git a/providers/gcp/connection/gcpinstancesnapshot/snapshot.go b/providers/gcp/connection/gcpinstancesnapshot/snapshot.go
@@ -88,9 +88,9 @@ func (sc *SnapshotCreator) InstanceInfo(projectID, zone, instanceName string) (i
 	}
 
 	ii.ProjectID = projectID
-	ii.Zone = instance.Zone
+	ii.Zone = zone
 	ii.InstanceName = instance.Name
-	ii.PlatformMrn = gce.MondooGcpInstancePlatformMrn(projectID, instance.Zone, instance.Name)
+	ii.PlatformMrn = gce.MondooGcpInstancePlatformMrn(projectID, zone, instance.Name)
 
 	// search for boot disk
 	var bootDisk *compute.AttachedDisk

diff --git a/providers/gcp/provider/provider.go b/providers/gcp/provider/provider.go
@@ -78,7 +78,7 @@ func (s *Service) ParseCLI(req *plugin.ParseCLIReq) (*plugin.ParseCLIRes, error)
 	}
 
 	if len(req.Args) != 2 {
-		return nil, errors.New("missing argument, use `gcp project id`, `gcp organization id`, `gcp folder id` or `gcp snapshot name`")
+		return nil, errors.New("missing argument, use `gcp project id`, `gcp organization id`, `gcp folder id`, `gcp instance name`, or `gcp snapshot name`")
 	}
 
 	conf := &inventory.Config{
@@ -92,7 +92,7 @@ func (s *Service) ParseCLI(req *plugin.ParseCLIReq) (*plugin.ParseCLIRes, error)
 		credentialsPath = string(x.Value)
 	}
 
-	// these flags are currently only used for the snapshot sub-command
+	// used for snapshot and instance sub-commands
 	var projectId string
 	if x, ok := flags["project-id"]; ok && len(x.Value) != 0 {
 		projectId = string(x.Value)
@@ -102,7 +102,14 @@ func (s *Service) ParseCLI(req *plugin.ParseCLIReq) (*plugin.ParseCLIRes, error)
 	if x, ok := flags["zone"]; ok && len(x.Value) != 0 {
 		zone = string(x.Value)
 	}
-	// ^^ snapshot flags
+	// ^^ snapshot and instance flags
+
+	// these flags are currently only used for the instnace sub-command
+	var createSnapshot string
+	if x, ok := flags["create-snapshot"]; ok && len(x.Value) != 0 {
+		createSnapshot = string(x.Value)
+	}
+	// ^^ instance flags
 
 	envVars := []string{
 		"GOOGLE_APPLICATION_CREDENTIALS",
@@ -149,6 +156,14 @@ func (s *Service) ParseCLI(req *plugin.ParseCLIReq) (*plugin.ParseCLIRes, error)
 		conf.Options["type"] = "snapshot"
 		conf.Type = string(gcpinstancesnapshot.SnapshotConnectionType)
 		conf.Discover = nil
+	case "instance":
+		conf.Options["instance-name"] = req.Args[1]
+		conf.Options["type"] = "instance"
+		conf.Options["project-id"] = projectId
+		conf.Options["zone"] = zone
+		conf.Options["create-snapshot"] = createSnapshot
+		conf.Type = string(gcpinstancesnapshot.SnapshotConnectionType)
+		conf.Discover = nil
 	}
 
 	asset := inventory.Asset{