init google cloud vpc resources

apps/event-worker/package.json

@@ -19,6 +19,7 @@
     "@ctrlplane/job-dispatch": "workspace:*",
     "@ctrlplane/logger": "workspace:*",
     "@ctrlplane/validators": "workspace:*",
+    "@google-cloud/compute": "^4.9.0",
     "@google-cloud/container": "^5.16.0",
     "@kubernetes/client-node": "^0.22.0",
     "@octokit/auth-app": "^7.1.0",

apps/event-worker/src/resource-scan/eks.ts → apps/event-worker/src/resource-scan/aws/eks.ts

@@ -14,7 +14,7 @@ import { logger } from "@ctrlplane/logger";
 import { ReservedMetadataKey } from "@ctrlplane/validators/conditions";
 
 import type { AwsCredentials } from "./aws.js";
-import { omitNullUndefined } from "../utils.js";
+import { omitNullUndefined } from "../../utils.js";
 import { assumeRole, assumeWorkspaceRole } from "./aws.js";
 
 const log = logger.child({ label: "resource-scan/eks" });

apps/event-worker/src/resource-scan/aws/index.ts

@@ -0,0 +1,23 @@
+import { logger } from "@ctrlplane/logger";
+
+import { createResourceScanWorker } from "../utils.js";
+import { getEksResources } from "./eks.js";
+
+const log = logger.child({ label: "resource-scan/aws" });
+
+export const createAwsResourceScanWorker = () =>
+  createResourceScanWorker(async (rp) => {
+    if (rp.resource_provider_aws == null) {
+      log.info(
+        `No AWS provider found for resource provider ${rp.resource_provider.id}, skipping scan`,
+      );
+      return [];
+    }
+
+    const resources = await getEksResources(
+      rp.workspace,
+      rp.resource_provider_aws,
+    );
+
+    return resources;
+  });

apps/event-worker/src/resource-scan/google/client.ts

@@ -0,0 +1,40 @@
+import type { AuthClient } from "google-auth-library";
+import { GoogleAuth, Impersonated } from "google-auth-library";
+
+import { logger } from "@ctrlplane/logger";
+
+const log = logger.child({ label: "resource-scan/gke/google" });
+
+export const sourceCredentials = new GoogleAuth({
+  scopes: ["https://www.googleapis.com/auth/cloud-platform"],
+});
+
+const getImpersonatedClient = async (targetPrincipal: string) =>
+  new Impersonated({
+    sourceClient: await sourceCredentials.getClient(),
+    targetPrincipal,
+    lifetime: 3600,
+    delegates: [],
+    targetScopes: ["https://www.googleapis.com/auth/cloud-platform"],
+  });
+
+export const getGoogleClient = async <T>(
+  ClientClass: new (options?: any) => T,
+  targetPrincipal?: string | null,
+  clientName = "Google client",
+): Promise<[T, AuthClient | undefined]> => {
+  try {
+    if (targetPrincipal == null)
+      return [new ClientClass(), await sourceCredentials.getClient()];
+    const authClient = await getImpersonatedClient(targetPrincipal);
+    return [new ClientClass({ authClient }), authClient];
+  } catch (error: any) {
+    log.error(
+      `Failed to get ${clientName}${
+        targetPrincipal ? ` for ${targetPrincipal}` : ""
+      }: ${error.message}`,
+      { error, targetPrincipal },
+    );
+    throw error;
+  }
+};