feat(provdier/google): Display serviceAccount properties for firewall…

… rules (spinnaker#6929)
christopherthielen · May 6, 2019 · 243f530 · 243f530
1 parent 3647ca5
commit 243f530
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/app/scripts/modules/google/src/help/gce.help.ts b/app/scripts/modules/google/src/help/gce.help.ts
@@ -77,6 +77,10 @@ const helpContents: { [key: string]: string } = {
   'gce.securityGroup.sourceTags':
     'Traffic is only allowed from sources that match one of these tags, or one of the source CIDR ranges below.',
   'gce.securityGroup.targetTags': 'Traffic is only allowed if the target instance has one of these tags.',
+  'gce.securityGroup.targetServiceAccounts':
+    'Traffic is allowed if the target instance has one of these service accounts.',
+  'gce.securityGroup.sourceServiceAccounts':
+    'Traffic is allowed if the source instance has one of these service accounts.',
   'gce.serverGroup.associatePublicIpAddress.providerField':
     'Check if new GCE server groups in this application should be assigned a public IP address by default.',
   'gce.serverGroup.resizeWithAutoscalingPolicy': `

diff --git a/app/scripts/modules/google/src/securityGroup/details/securityGroupDetail.controller.js b/app/scripts/modules/google/src/securityGroup/details/securityGroupDetail.controller.js
@@ -89,6 +89,20 @@ module.exports = angular
                 $scope.securityGroup.sourceTags = sourceTags.substring(1, sourceTags.length - 1).split(', ');
               }
 
+              // These come back from the global firewall endpoint as '[account-a@project.iam.gserviceaccount.com, account-b@project.iam.gserviceaccount.com]'
+              if (typeof $scope.securityGroup.targetServiceAccounts === 'string') {
+                let targetServiceAccounts = $scope.securityGroup.targetServiceAccounts;
+                $scope.securityGroup.targetServiceAccounts = targetServiceAccounts
+                  .substring(1, targetServiceAccounts.length - 1)
+                  .split(', ');
+              }
+              if (typeof $scope.securityGroup.sourceServiceAccounts === 'string') {
+                let sourceServiceAccounts = $scope.securityGroup.sourceServiceAccounts;
+                $scope.securityGroup.sourceServiceAccounts = sourceServiceAccounts
+                  .substring(1, sourceServiceAccounts.length - 1)
+                  .split(', ');
+              }
+
               $scope.securityGroup.sourceRanges = _.chain($scope.securityGroup.ipRangeRules)
                 .map(rule => {
                   return rule.range.ip && rule.range.cidr ? rule.range.ip + rule.range.cidr : null;

diff --git a/app/scripts/modules/google/src/securityGroup/details/securityGroupDetail.html b/app/scripts/modules/google/src/securityGroup/details/securityGroupDetail.html
@@ -144,6 +144,22 @@ <h3 class="horizontal middle space-between flex-1" select-on-dbl-click>
       </ul>
       <div ng-if="!securityGroup.sourceTags.length">None</div>
     </collapsible-section>
+    <collapsible-section heading="Target Service Accounts ({{securityGroup.targetServiceAccounts.length || 0}})">
+      <ul ng-if="securityGroup.targetServiceAccounts.length">
+        <li ng-repeat="serviceAccount in securityGroup.targetServiceAccounts">
+          {{serviceAccount}}
+        </li>
+      </ul>
+      <div ng-if="!securityGroup.targetServiceAccounts.length">None</div>
+    </collapsible-section>
+    <collapsible-section heading="Source Service Accounts ({{securityGroup.sourceServiceAccounts.length || 0}})">
+      <ul ng-if="securityGroup.sourceServiceAccounts.length">
+        <li ng-repeat="serviceAccount in securityGroup.sourceServiceAccounts">
+          {{serviceAccount}}
+        </li>
+      </ul>
+      <div ng-if="!securityGroup.sourceServiceAccounts.length">None</div>
+    </collapsible-section>
     <collapsible-section heading="Logs">
       <ul>
         <li ng-if="securityGroup.logsLink">