Indirect node counting taxonomy query file

Used to count resources managed in a given cloud provider, GCP in this case. Refer to README.md for more info.
2025-08-03 12:44:29 -07:00 · 2025-07-21 15:47:03 -06:00 · 2025-07-21 15:47:03 -06:00 · 853b2643cb
commit 853b2643cb
parent 0bf24440d1
1 changed files with 54 additions and 0 deletions
--- a/extensions/audit/taxonomy.jq
+++ b/extensions/audit/taxonomy.jq
@ -0,0 +1,54 @@
+(
+  {
+    "google.cloud.gcp_bigquery_dataset": "Database",
+    "google.cloud.gcp_bigquery_table": "Database",
+    "google.cloud.gcp_compute_address": "Network",
+    "google.cloud.gcp_compute_disk": "Storage",
+    "google.cloud.gcp_compute_firewall": "Security & Identity",
+    "google.cloud.gcp_compute_instance": "Compute",
+    "google.cloud.gcp_compute_instance_group_manager": "Compute",
+    "google.cloud.gcp_compute_instance_template": "Compute",
+    "google.cloud.gcp_compute_network": "Network",
+    "google.cloud.gcp_compute_ssl_certificate": "Security & Identity",
+    "google.cloud.gcp_container_cluster": "Containers",
+    "google.cloud.gcp_container_node_pool": "Containers",
+    "google.cloud.gcp_dns_managed_zone": "Network",
+    "google.cloud.gcp_dns_resource_record_set": "Network",
+    "google.cloud.gcp_filestore_instance": "Storage",
+    "google.cloud.gcp_iam_role": "Security & Identity",
+    "google.cloud.gcp_iam_service_account": "Security & Identity",
+    "google.cloud.gcp_kms_key_ring": "Security & Identity",
+    "google.cloud.gcp_pubsub_subscription": "App Integration",
+    "google.cloud.gcp_pubsub_topic": "App Integration",
+    "google.cloud.gcp_resource_record_set": "Network",
+    "google.cloud.gcp_sourcerepo_repository": "Developer Tools",
+    "google.cloud.gcp_sql_instance": "Database",
+    "google.cloud.gcp_storage_bucket": "Storage",
+  } as $actions|
+  .[] |
+  (if has("results") then  # if ran in a loop, flatten it
+    .results[] as $result |
+    . + $result |
+    del(.results)
+  else
+    .
+  end) as $data |
+  select($data.action | in($actions))  |  # only select objects defined in the action mapping
+  ($data.id // $data.etag // $data.selfLink // $data.name) as $id |  # not everything returns an ID
+  ($data.name // $id) as $name |  # not everything returns a name
+  ($data.kind // "missing") as $kind |  # not everything returns a kind
+  select($name != null and $id != null) |
+    {
+      name: $name,
+      canonical_facts: {
+        id: $id,
+        name: $name,
+        kind: $kind,
+      },
+      facts: {
+        infra_type: "PublicCloud",
+        infra_bucket: ($actions[$data.action] // "Unknown" | ascii_upcase),
+        device_type: $kind,
+      }
+    }
+)