Extend GCP support - Githubissues

lyft / cartography

Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.

https://lyft.github.io/cartography/

Apache License 2.0

2.96k stars 330 forks source link

Extend GCP support #415

Open marco-lancini opened 3 years ago

marco-lancini commented 3 years ago

Title: Extend list of GCP services supported by Cartography

Description: To increase overall adoption of Cartography by the community, we should extend support for GCP. A list of initial services that could be useful to have ingested are:

Cloud functions
Cloud run
IAM (users/service accounts/roles/groups)
Identity-Aware Proxy
Databases
- Bigtable
- Datastore
- Firestore
- SQL
Container registry
API Gateway
~~DNS entries~~ --> #474

steakunderscore commented 3 years ago

Supporting the GCP Container Analysis API would be a good option. This API is a frontend for hosted Grafeas. This data would be useful to correlate vulnerabilities to other assess like container images.

jalseth commented 3 years ago

I've started on the Cloud SQL portion of this, I should have the PR ready within a week or so.

mpurusottamc commented 2 years ago

We have started working on Cloud Function, IAM, Cloud Run and Database related services. Will open PRs one after another in next few weeks.

marco-lancini commented 2 years ago

We have started working on Cloud Function, IAM, Cloud Run and Database related services. Will open PRs one after another in next few weeks.

@mpurusottamc: Looking forward to it!

kbroughton commented 2 years ago

Has cartography considered using the cloud asset inventora IAM_policy export as a generic means for data ingestión? Fields are Instance name Asset type Ancestors -folders Bindings - iam privileges.

You could combine that with a CAI resources export to get details for each resource. AFAIK the resource.DATA field is the same as equivalent gcloud output + one type field.