Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/deas/gcp-housekeeper-fns

Generic GCP Cloud Functions driven by Schedule and Audit Events
https://github.com/deas/gcp-housekeeper-fns

gcp google-cloud-platform serverless terraform-modules

Last synced: 24 days ago
JSON representation

Generic GCP Cloud Functions driven by Schedule and Audit Events

Host: GitHub
URL: https://github.com/deas/gcp-housekeeper-fns
Owner: deas
Created: 2022-05-24T06:20:39.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-06-27T06:16:12.000Z (over 2 years ago)
Last Synced: 2024-04-15T02:45:00.004Z (7 months ago)
Topics: gcp, google-cloud-platform, serverless, terraform-modules
Language: Go
Homepage:
Size: 95.7 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # GCP Cloud Functions driven by Schedule and Audit Events

This project aims to provide generic schedule and audit event driven Cloud Functions.

Functionality currently covers:

- Labeling GCE instances on creation

- Hardening the Compute Default account (revoking `role/editor`)

- GCE instances instance actions (e.g. start/stop) based on Asset Search

More hopefully coming soon.

Additionally, we aim at decent support for the larger product lifecyle with an emphasis on a DevOps experience including short cycle times. We leverage Cloud Foundation Toolkit, Cloud Functions Framework, GitHub Actions and Terraform. We cover unit- and integration testing. We stripped dependencies where reasonable and extended where we wanted to go further or connected the dots.

The v1 versions leverage PubSub Log Sinks, 🧪 v2 🥼 is based on EventArc/CloudEvents.

## Usage

Sample Cloud Function and VM deployments designed to play together are provided in the `examples` folder. Unless explicitly disabled, they are also used by the integration tests.

You may want to

```shell

export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=your-sa@your-prj-id.iam.gserviceaccount.com

```

to get proper access when trying them out.

### Inputs

No input.

### Outputs

| Name | Description |

|------|-------------|

| entry\_points\_v1 | The v1 function entry points provided by this module |

| entry\_points\_v2 | The v2 function entry points provided by this module |

| excludes | Files we want to exlude |

| path | The path to the function source |

| runtime | The runtime |

## Development

There are various `Makefile` targets providing entrypoints for CI and steps you might want to do during development.

Cloud Function implementations are currently Go based and we use [Functions Framework for Go](https://github.com/GoogleCloudPlatform/functions-framework-go) during development.

Start local service

```shell

# export FUNCTION_TARGET=LabelPubSub # Not needed atm

# export GCP_HOUSEKEEPER_READ_ONLY=1 # If you want read only access to GCP 

export GCP_HOUSEKEEPER_FUNCTION=ActionsPubSub # Framework workaround atm

make serve

```

Send PubSub payload to local Label Function

```shell

message=test/audit-compute-instance-create.json

endpoint=http://localhost:8080 # Issue with framework : Only one endpoint per process

cat <