Merge pull request #5 from kangwork/master

Added `SecurityIAMManagement` recommendation with some revisions

src/cloudforet/plugin/connector/iam.py

@@ -0,0 +1,82 @@
+import logging
+from spaceone.core import cache
+from cloudforet.plugin.connector.base import GoogleCloudConnector
+
+
+
+__all__ = ["IAMConnector"]
+
+_LOGGER = logging.getLogger("spaceone")
+
+
+class IAMConnector(GoogleCloudConnector):
+    google_client_service = "iam"
+    version = "v1"
+
+    def list_predefined_roles(self):
+        roles = []
+        request = self.client.roles().list(pageSize=1000, view='FULL')
+
+        while True:
+            response = request.execute()
+
+            roles.extend(response.get("roles", []))
+
+            request = (
+                self.client.roles()
+                .list_next(previous_request=request, previous_response=response)
+            )
+
+            if request is None:
+                break
+
+        return roles
+
+    def list_project_roles(self, project_id: str = None):
+        parent = f"projects/{project_id}"
+        roles = []
+        request = self.client.projects().roles().list(parent=parent, pageSize=1000, view='FULL')
+        while True:
+            response = request.execute()
+
+            roles.extend(response.get("roles", []))
+
+            request = (
+                self.client.projects()
+                .roles()
+                .list_next(previous_request=request, previous_response=response)
+            )
+
+            if request is None:
+                break
+
+        return roles
+
+    def list_organization_roles(self, resource):
+        roles = []
+        request = self.client.organizations().roles().list(parent=resource, pageSize=1000, view='FULL')
+
+        while True:
+            response = request.execute()
+            roles.extend(response.get("roles", []))
+
+            request = (
+                self.client.organizations()
+                .roles()
+                .list_next(previous_request=request, previous_response=response)
+            )
+
+            if request is None:
+                break
+
+        return roles
+
+    def get_all_roles_to_permissions_dict(self, project_id: str, organization_id: str):
+        roles_to_permissions = {}
+        roles = self.list_predefined_roles()
+        roles.extend(self.list_project_roles(project_id))
+        if organization_id:
+            roles.extend(self.list_organization_roles(organization_id))
+        for role in roles:
+            roles_to_permissions[role.get("name")] = role.get("includedPermissions", [])
+        return roles_to_permissions

src/cloudforet/plugin/connector/recommender/cloud_asset.py

@@ -1,5 +1,4 @@
 import logging
-
 from cloudforet.plugin.connector.base import GoogleCloudConnector
 
 __all__ = ["CloudAssetConnector"]

src/cloudforet/plugin/connector/recommender/insight.py

@@ -0,0 +1,51 @@
+import logging
+
+from cloudforet.plugin.connector.base import GoogleCloudConnector
+__all__ = ["InsightConnector"]
+_LOGGER = logging.getLogger(__name__)
+
+
+class InsightConnector(GoogleCloudConnector):
+    google_client_service = "recommender"
+    version = "v1beta1"
+
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+
+    def get_policy_insight(self, insight_id: str, **query):
+        insight_parent = f"projects/{self.project_id}/locations/global/insightTypes/google.iam.policy/insights/{insight_id}"
+        query.update({"parent": insight_parent})
+        request = (
+            self.client.projects()
+            .locations()
+            .insightTypes()
+            .insights()
+            .get(**query)
+        )
+        response = request.execute()
+        return response
+
+    def list_insights(self, insight_parent, **query):
+        insights = []
+        query.update({"parent": insight_parent})
+        request = (
+            self.client.projects()
+            .locations()
+            .insightTypes()
+            .insights()
+            .list(**query)
+        )
+
+        while request is not None:
+            response = request.execute()
+            insights.extend(
+                insight for insight in response.get("insights", [])
+            )
+            request = (
+                self.client.projects()
+                .locations()
+                .insightTypes()
+                .insights()
+                .list_next(previous_request=request, previous_response=response)
+            )
+        return insights

src/cloudforet/plugin/connector/recommender/recommendation.py

@@ -1,7 +1,6 @@
 import logging
 
 from cloudforet.plugin.connector.base import GoogleCloudConnector
-
 __all__ = ["RecommendationConnector"]
 _LOGGER = logging.getLogger(__name__)
 
@@ -26,9 +25,9 @@ def list_recommendations(self, recommendation_parent, **query):
 
         while request is not None:
             response = request.execute()
-            recommendations = [
+            recommendations.extend([
                 recommendation for recommendation in response.get("recommendations", [])
-            ]
+            ])
             request = (
                 self.client.projects()
                 .locations()

src/cloudforet/plugin/manager/__init__.py

@@ -1,3 +1,3 @@
 from cloudforet.plugin.manager.base import ResourceManager
-
-from cloudforet.plugin.manager.recommender.recommendation import RecommendationManager
+from cloudforet.plugin.manager.recommender.security_iam_manager import SecurityIAMRecommendationManager
+# from cloudforet.plugin.manager.recommender.recommendation_manager import RecommendationManager