Inventory

This quickstart describes how to get started with Forseti Inventory. Forseti Inventory collects and stores information about your Google Cloud Platform (GCP) resources. Forseti Scanner and Enforcer use Inventory data to perform operations.

Google Cloud Platform Resource Coverage

This page lists the Google Cloud Platform (GCP) resources that currently have coverage in Forseti or are planned to have coverage. If a resource you’re interested in isn’t listed, please open an issue or contribute!

Resource Inventory Scanner Enforcer
App Engine Apps Done TODO TODO
BigQuery Done Done TODO
Buckets Done Done TODO
BucketAccessControls Done Done TODO
Cloud SQL Done Done TODO
Compute Engine Backend Services Done Done TODO
Compute Engine Instances Done Done TODO
Compute Engine Instance Groups Done Done TODO
Compute Engine Instance Group Managers Done Done TODO
Compute Engine Instance Templates Done Done TODO
Firewalls Done TODO Done
Folders Done Done TODO
Folders Cloud IAM Policies Done Done TODO
GSuite Groups Done Done TODO
GSuite Group Members Done Done TODO
IAM GrantableRoles In Progress TODO TODO
Load Balancer Forwarding Rules Done Done TODO
Organizations Done N/A TODO
Organizations Cloud IAM Policies Done Done TODO
Projects Done N/A TODO
Projects Cloud IAM Policies Done Done TODO
Service Accounts Done TODO TODO

Executing the inventory loader

After you install Forseti, you can use the forseti_inventory command to run the Inventory tool. If you installed Forseti in a virtualenv, activate the virtualenv first.

To display Inventory flag options, run the following commands:

  forseti_inventory --helpshort

Configuring Inventory

To run Forseti, you’ll need to set up your configuration file. Edit the forseti_conf.yaml sample file and save it as forseti_conf.yaml.

You will also need to edit, at a minimum, the following variables in the config file:

  • db_host: If using Cloud SQL Proxy, this is usually “127.0.0.1”.
  • db_user: The database user you created. If you deployed using Deployment Manager, the default value is “root”.
  • db_name: The name of the database you created in the Cloud SQL instance. If you deployed using Deployment Manager, the default value is “forseti_security”.

What’s next