Vanta Developer Console

Recipe - Scope Accounts by Group

https://developer.vanta.com/recipes/scope-jira-account-by-group

Suggest Edits

This Node.js script automates the process of updating the scope of Account resources in a Vanta via the API. It filters resources based on a regular expression match and then updates their scope (in-scope or out-of-scope) accordingly.

Dependencies

Setup

Install the required dependencies:

npm install graphql-request graphql

Set the token variable to your Vanta API key.

const token = `YOUR_API_KEY`

πŸ“˜

Configuration

The script provides several configuration options:

  • resultsPerPage: Controls the number of resources fetched per API request (default: 50, maximum: 100).
  • generateChangesFile: If set to true, the script will save mutated resources to a file for later reconciliation.
  • changesFile: Specifies a file containing resources to be marked in scope.
  • logResults: If set to true, mutated resources will be logged to the console.
  • resource: Specifies the resource type (e.g., "JiraAccountList").
  • strictMatch: If set to true, only resources with exact matches to the regexList will be mutated. If false, resources with any single string match between regexList and regexField will be mutated.
  • regexField: The field on which to evaluate the regex match (must return a list of strings).
  • regexList: An array of strings to match on the resource's regexField.

πŸ“˜

Usage

  • Customize the configuration options in the script as needed.
  • Run the script:

node your_script_filename.js

πŸ“˜

How It Works

  1. The script initializes the GraphQL client with the provided Vanta API key.
  2. It checks if a changes file exists. If it does, the script will mutate resources based on the changes file.
  3. If no changes file is detected, the script fetches the resources from the Vanta API using the queryAccounts GraphQL query.
  4. The resources are filtered using the filterResources function based on the specified regex field and regex list.
  5. The filtered resources are passed to the updateResources function to update their scope.
  6. The updateResources function splits the resources into chunks and mutates them using the setOutOfScopeAccountsMutation GraphQL mutation.

πŸ“˜

Functions

  • chunkSizing(resourceUids): Splits resource lists into chunks of a specified size.
  • updateResources(inputList): Updates the scope of resources based on the input list and writes the mutated resources to a file for later reconciliation (optional).
  • filterResources(accounts): Filters resources based on the configured regex field and regex list and passes the filtered resources to the updateResources function.
  • runRecipe(): Queries resources using the Vanta API and filters them using the filterResources function. If a changes file is detected, the script will update the scope of resources based on the changes file.

🚧

Limitations

  • This script is only compatible with 'Account' type resources.
  • The script currently supports only resources with a regexField that returns a list of strings.
  • The maximum number of resources that can be fetched per API request is 100.

πŸ‘

Successful Output:

js git:(main): node scopeJiraGroups.js  
'Resources matching [ jira-servicemanagement-users,jira-software-users ] \\n' +  
  'on groupList: '  
\[  
  {  
    accountId: '60b03326196bee0069296ade',  
    accountName: '[email protected]',  
    createdAt: '2023-04-13T23:55:56.235Z',  
    displayName: 'Hayao Miyazaki',  
    externalURL: null,  
    fetchError: null,  
    groupList: [ 'jira-servicemanagement-users', 'jira-software-users' ],  
    uid: 'eyJkIjoiNWZjODI0MjBhMjI4ZjZiNmY3MTM1MmFjIiwidCI6IkppcmFBY2NvdW50IiwidSI6IjYwYjAzMzI2MTk2YmVlMDA2OTI5NmFkZSJ9',  
    vantaOwner: {  
      createdAt: '2022-11-02T20:01:15.569Z',  
      displayName: 'Hayao Miyazaki',  
      email: '[email protected]',  
      uid: 'eyJkIjoiNWZjODI0MjBhMjI4ZjZiNmY3MTM1MmFjIiwidCI6IlVzZXIiLCJ1IjoiNjM2MmNjOGI1MzkxNmM2ZmJlMDg2OTMwIn0='  
    }  
  },  
  {  
    accountId: '62d8766310c44eb6e321aed4',  
    accountName: '[email protected]',  
    createdAt: '2023-04-13T23:55:56.252Z',  
    displayName: 'yuri',  
    externalURL: null,  
    fetchError: null,  
    groupList: [ 'jira-servicemanagement-users', 'jira-software-users' ],  
    uid: 'eyJkIjoiNWZjODI0MjBhMjI4ZjZiNmY3MTM1MmFjIiwidCI6IkppcmFBY2NvdW50IiwidSI6IjYyZDg3NjYzMTBjNDRlYjZlMzIxYWVkNCJ9',  
    vantaOwner: null  
  }  
]  
Writing resources to changes file:  
'./JiraAccountList-Sat15Apr202323:11:25GMT.json'  
'Mutating 2 resources...'  
Mutating chunk size of 2 resources..  
'{"setFetchedResourceScopes":{"countChanged":2,"countNotApplicable":0}}'

Updated 10 days ago