feat(securitycenter): Add Resource SCC Management API Org ETD Custom Module code samples (Update, Get Eff, List Eff, List Desc, Validate) #9912
Conversation
There was a problem hiding this comment.
Hi @lovenishs04 and reviewers,
I'm currently reviewing this pull request and will post my detailed review in a few minutes. In the meantime, here's a quick summary to help everyone get up to speed:
This pull request adds several new code samples for the Security Command Center Management API's Org Event Threat Detection Custom Module. The intent is to provide comprehensive examples for common operations, addressing issues b/347346777, b/347346891, b/347346970, b/347346994, and b/347346149.
Here's a breakdown of the changes:
- New Java files added:
GetEffectiveEventThreatDetectionCustomModule.java: Retrieves an effective Event Threat Detection Custom Module.ListDescendantEventThreatDetectionCustomModules.java: Lists descendant Event Threat Detection Custom Modules.ListEffectiveEventThreatDetectionCustomModules.java: Lists effective Event Threat Detection Custom Modules.UpdateEventThreatDetectionCustomModule.java: Updates an Event Threat Detection Custom Module.ValidateEventThreatDetectionCustomModule.java: Validates an Event Threat Detection Custom Module.
EventThreatDetectionCustomModuleTest.javaupdated: Added comprehensive test cases for all new functionalities.
All new files include standard copyright headers and follow the sample format guide. The pom.xml parent is updated to the latest shared-configuration. The README file has been updated accordingly. Note that the PR mentions the need for new API enables and env vars in testing projects. The author has also stated that tests and lint checks pass.
I'll be checking for completeness, correctness, and adherence to style guidelines in my full review.
And now, a little haiku to brighten your day:
Code flows like a stream,
Tests run green, a joyful sight,
Bugs flee in the night.
Thanks!
Gemini
product-auto-label
bot
added
api: securitycenter
There was a problem hiding this comment.
This pull request adds several code samples for the Security Command Center Management API's Organization Event Threat Detection Custom Modules. The samples cover Update, Get Effective, List Effective, List Descendant, and Validate functionalities. Overall, the code is well-structured and functional. However, there are a few areas that could be improved:
- Hardcoded Values: The
projectIdandcustomModuleIdare hardcoded. These should be parameterized, either through command-line arguments or environment variables, to make the samples more reusable. - Error Handling: While the code handles
IOException, it lacks more specific error handling and input validation. This is crucial for robustness. - Documentation: The existing comments are minimal. More detailed explanations of the code's logic, parameters, and potential exceptions would greatly enhance readability and understanding.
- README Updates: The PR description mentions updating the README. Ensure this is done thoroughly to guide users on how to use the new samples.
I've provided more specific feedback in the individual file reviews below. Addressing these points will significantly improve the quality and usability of the code samples.
...nter/snippets/src/main/java/management/api/GetEffectiveEventThreatDetectionCustomModule.java
Show resolved
Hide resolved
...r/snippets/src/main/java/management/api/ListDescendantEventThreatDetectionCustomModules.java
Show resolved
Hide resolved
...er/snippets/src/main/java/management/api/ListEffectiveEventThreatDetectionCustomModules.java
Show resolved
Hide resolved
...and-center/snippets/src/main/java/management/api/UpdateEventThreatDetectionCustomModule.java
Show resolved
Hide resolved
...d-center/snippets/src/main/java/management/api/ValidateEventThreatDetectionCustomModule.java
Show resolved
Hide resolved
...nter/snippets/src/main/java/management/api/GetEffectiveEventThreatDetectionCustomModule.java
Show resolved
Hide resolved
...r/snippets/src/main/java/management/api/ListDescendantEventThreatDetectionCustomModules.java
Show resolved
Hide resolved
|
|
||
| ListDescendantEventThreatDetectionCustomModulesRequest request = | ||
| ListDescendantEventThreatDetectionCustomModulesRequest.newBuilder() | ||
| .setParent(String.format("projects/%s/locations/global", projectId)) |
There was a problem hiding this comment.
nit: consider to be consistent regarding how you compose the strings. in another example (get effective event threat...) you set the composed string into a variable and in this one you do it "inline". pick one method to align all code samples. my recommendation is to do it as in the "get" sample because it is easy to review and the name of the variable can give meaningful hint.
| // once, and can be reused for multiple requests. | ||
| try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { | ||
|
|
||
| String name = |
There was a problem hiding this comment.
nit: I understand that this variable is used as a value for the "name" property. However, as a variable name it is too generic. while it should be OK to use this name in this particular 4 line code sample. If more lines will be inserted, it will be harder to understand what "name" means. consider using more descriptive name. E.g. qualifiedModuleName, moduleName, etc.
...er/snippets/src/main/java/management/api/ListEffectiveEventThreatDetectionCustomModules.java
Show resolved
Hide resolved
| ValidateEventThreatDetectionCustomModuleRequest request = | ||
| ValidateEventThreatDetectionCustomModuleRequest.newBuilder() | ||
| .setParent(String.format("projects/%s/locations/global", projectId)) | ||
| .setRawText(rawText) // Use raw JSON as a string for validation |
There was a problem hiding this comment.
nit: "raw text" as the name of the set property vs. raw JSON in the comment is confusing. Consider refactoring. For example, lose "raw" in the comment.
| ValidateEventThreatDetectionCustomModuleRequest.newBuilder() | ||
| .setParent(String.format("projects/%s/locations/global", projectId)) | ||
| .setRawText(rawText) // Use raw JSON as a string for validation | ||
| .setType("CONFIGURABLE_BAD_IP") |
There was a problem hiding this comment.
Is this the only type of validation? Otherwise, how does user figure out the literal to use for "setType()"?
Consider to provide a URL in the comments or refactor the code to explain the value source.
There was a problem hiding this comment.
documentation URL is already provided in the comments in the top which will be having all the details
There was a problem hiding this comment.
is this user-friendly? consider what a user has to do in order to figure out the values.
There was a problem hiding this comment.
from the document link https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/validate. I can see this is the only type configured. And also I took the reference from the golang samples https://github.com/GoogleCloudPlatform/golang-samples/blob/main/securitycenter/management_api/event_threat_detection/validate_event_threat_detection_custom_module.go. Here also they have configured the same type.
| String rawText = | ||
| "{\n" | ||
| + "\"ips\": [\"192.0.2.1\"],\n" | ||
| + "\"metadata\": {\n" | ||
| + " \"properties\": {\n" | ||
| + " \"someProperty\": \"someValue\"\n" | ||
| + " },\n" | ||
| + " \"severity\": \"MEDIUM\"\n" | ||
| + "}\n" | ||
| + "}"; |
There was a problem hiding this comment.
It is not readable. Consider losing "\n" in the literals.
The example does not explain how to build JSON. Consider providing a URL to the schema or showing options in the code.
I would recommend to pass JSON as an argument (probably together with the type unless the latter is not necessary or can be derived from JSON).
...d-center/snippets/src/main/java/management/api/ValidateEventThreatDetectionCustomModule.java
Show resolved
Hide resolved
...mmand-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java
Show resolved
Hide resolved
lovenishs04
added
the
kokoro:force-run
kokoro-team
removed
the
kokoro:force-run
| public class GetEffectiveEventThreatDetectionCustomModule { | ||
|
|
||
| public static void main(String[] args) throws IOException { | ||
| // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.effectiveEventThreatDetectionCustomModules/get |
There was a problem hiding this comment.
if the comment(s) are not required, please delete them
| public class ListDescendantEventThreatDetectionCustomModules { | ||
|
|
||
| public static void main(String[] args) throws IOException { | ||
| // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/listDescendant |
There was a problem hiding this comment.
if the comment(s) are not required, please delete them
| public class ListEffectiveEventThreatDetectionCustomModules { | ||
|
|
||
| public static void main(String[] args) throws IOException { | ||
| // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.effectiveEventThreatDetectionCustomModules/list |
There was a problem hiding this comment.
if the comment(s) are not required, please delete them
| public class UpdateEventThreatDetectionCustomModule { | ||
|
|
||
| public static void main(String[] args) throws IOException { | ||
| // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/patch |
There was a problem hiding this comment.
if the comment(s) are not required, please delete them
| .setEnablementState(EnablementState.DISABLED) | ||
| .build(); | ||
|
|
||
| // Set the field mask to specify which properties should be updated. | ||
| FieldMask fieldMask = FieldMask.newBuilder().addPaths("enablement_state").build(); | ||
|
|
||
| UpdateEventThreatDetectionCustomModuleRequest request = | ||
| UpdateEventThreatDetectionCustomModuleRequest.newBuilder() | ||
| .setEventThreatDetectionCustomModule(eventThreatDetectionCustomModule) | ||
| .setUpdateMask(fieldMask) | ||
| .build(); |
There was a problem hiding this comment.
is it user-friendly? would it be easy for you to figure out that the link 60 lines up is the one you should look at to figure out parameters? Also the link points neither to the mask format nor to the request. It means a user has to scroll up to find the link, to open the link, to read the full article and then open two other articles.
|
|
||
| public static void main(String[] args) throws IOException { | ||
|
|
||
| // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/validate |
There was a problem hiding this comment.
i am unsure that I understand the relevance of the comment in PR #9598 to this line. please, DM me to discuss.
| ValidateEventThreatDetectionCustomModuleRequest.newBuilder() | ||
| .setParent(String.format("projects/%s/locations/global", projectId)) | ||
| .setRawText(rawText) // Use raw JSON as a string for validation | ||
| .setType("CONFIGURABLE_BAD_IP") |
There was a problem hiding this comment.
is this user-friendly? consider what a user has to do in order to figure out the values.
...mmand-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java
Show resolved
Hide resolved
* chore(job): migrate regions by associating them with an official product with a job_ prefix (#9883) * chore(endpoints): delete region 'swagger' in endpoints/multiple-versions (#9857) * chore(endpoints): delete region swagger to openapi-v1.yaml * chore(endpoints): delete region swagger to openapi-v2.yaml * chore(job): delete sample jobs_java_dependencies_beta (#9810) * chore(job): delete sample jobs_java_dependencies_beta * chore(job): delete region_tab 'jobs_java_dependencies_beta' and update 'google-api-services-jobs' version * feat(compute): add compute disk regional replicated sample (#9697) * Implemented compute_disk_regional_replicated sample, created test * Fixed zone * Fixed test * Fixed test * Fixed disk size * Fixed code as requested in the comment * feat(compute): add compute disk start/stop replication samples (#9650) * Implemented compute_disk_start_replication and compute_disk_stop_replication samples, created tests * Fixed test * Deleted not related classes * Fixed lint issue * Increased timeout * Split samples for zonal location * Fixed code * Fixed code * Increased timeout * Increased timeout * feat(tpu): add tpu vm create spot sample. (#9610) * Changed package, added information to CODEOWNERS * Added information to CODEOWNERS * Added timeout * Fixed parameters for test * Fixed DeleteTpuVm and naming * Added comment, created Util class * Fixed naming * Fixed whitespace * Split PR into smaller, deleted redundant code * Implemented tpu_vm_create_spot sample, created test * changed zone * Changed zone * Fixed empty lines and tests, deleted cleanup method * Changed zone * Deleted redundant test class * Increased timeout * Fixed test * feat(tpu): add tpu vm create startup script sample. (#9612) * Changed package, added information to CODEOWNERS * Added information to CODEOWNERS * Added timeout * Fixed parameters for test * Fixed DeleteTpuVm and naming * Added comment, created Util class * Fixed naming * Fixed whitespace * Split PR into smaller, deleted redundant code * Implemented tpu_vm_create_startup_script sample, created test * Fixed tests and empty lines * Changed zone * Deleted redundant test classes * Increased timeout * Fixed code * feat(tpu): add tpu queued resources create/get/delete samples (#9613) * Changed package, added information to CODEOWNERS * Added information to CODEOWNERS * Added timeout * Fixed parameters for test * Fixed DeleteTpuVm and naming * Added comment, created Util class * Fixed naming * Fixed whitespace * Split PR into smaller, deleted redundant code * Implemented tpu_queued_resources_create, tpu_queued_resources_get, tpu_queued_resources_delete_force and tpu_queued_resources_delete samples, created tests * Fixed test * Fixed tests * Fixed error massage * Fixed typo * Fixed zone * Fixed test * Fixed code * Deleted commented imports * Fixed code as requested in comments * feat(tpu): add tpu queued resources create spot (#9615) Add a code sample for tpu_queued_resources_create_spot * chore: add translate dev team for translate samples (#9888) b/385243174 * feat(securitycenter): Add Resource SCC Management API Org ETD Custom Module code samples (Create, Delete, List, Get) (#9743) * sample codes for event threat detection custom modules * addressed comments * addressed comments * addressed comments * addressed comments * fix(compute): fixed compute_reservation_create_shared sample and test to use mocked client (#9840) * Fixed sample and test to use mocked client * Fixed code as requested in the comments * feat(compute): add compute instance create replicated boot disk sample (#9735) * Implemented compute_instance_create_replicated_boot_disk sample, created test * Fixed test * Fixed code as requested in the comments * Fixed Util class * Fixed code * feat(compute): add compute consistency group stop replication (#9694) * Implemented compute_consistency_group_create and compute_consistency_group_delete samples, created test * Implemented compute_consistency_group_stop_replication sample * Implemented compute_consistency_group_stop_replication sample * Created test and added needed classes for testing * Fixed test * Moved clean up methods * Added clean up methods for reservations * Fixed clean up method * Fixed clean up method * Added timeout * Reverted not related changes * Reverted not related changes * Reverted not related changes * Reverted not related changes * Fixed code * Split samples for zonal location * Added comments for methods * Fixed comments * feat(secretmanager): add optional ttl to create secret sample (#9889) * feat(secretmanager): add optional ttl to create secret sample * nit: Update secretmanager/src/main/java/secretmanager/CreateSecret.java Co-authored-by: code-review-assist[bot] <182814678+code-review-assist[bot]@users.noreply.github.com> * fix(secretmanager): fix comment indentation to resolve linting issues --------- Co-authored-by: Jennifer Davis <[email protected]> Co-authored-by: code-review-assist[bot] <182814678+code-review-assist[bot]@users.noreply.github.com> * feat(tpu): add tpu queued resources list sample (#9614) * Changed package, added information to CODEOWNERS * Added information to CODEOWNERS * Added timeout * Fixed parameters for test * Fixed DeleteTpuVm and naming * Added comment, created Util class * Fixed naming * Fixed whitespace * Split PR into smaller, deleted redundant code * Implemented tpu_queued_resources_create, tpu_queued_resources_get, tpu_queued_resources_delete_force and tpu_queued_resources_delete samples, created tests * Implemented tpu_queued_resources_list sample, created test * Fixed test * Fixed tests, deleted cleanup method * Fixed test * Fixed imports * feat(compute): add compute disk create secondary regional sample (#9641) * Implemented compute_disk_create_secondary_regional. created test * Fixed test * Fixed test * Fixed test * Fixed zone * Fixed naming * Fixed spaces * Fixed code * Fixed indentations * Fixed variable * Fixed code * Added cleanup methods * Fixed lint issue * Fixed lint issue * Fixed test * Fixed code * Fixed code * Fixed code * Deleted duplicated assertion * feat(compute): add compute disk create secondary sample. (#9643) * Implemented compute_disk_create_secondary sample, created test * Fixed code * Fixed variable * Fixed code * Merged changes from main * Fixed lint issue * fix(storage): migrate old region all to storagetransfer_transfer_all step 1 (#9917) * fix(job): remove old region create_job (#9914) * feat(compute): attach/ remove snapshot schedule to disk (#9791) * Implemented compute_snapshot_schedule_attach sample, created test * Implemented compute_snapshot_schedule_remove sample, created test * Fixed code * Fixed code as requested in the comments * feat(compute): add compute consistency group clone sample (#9885) * Implemented compute_consistency_group_clone and compute_consistency_group_clone_regional_disk samples, created tests * Fixed naming * feat(compute): add compute instance attach regional disk force sample (#9730) * Implemented compute_instance_attach_regional_disk_force sample, created test * Added clean up method * Fixed comments and parameters * Test order deleted * Fixed code * Fixed code * Fixed code * Increased timeout * Increased timeout * Increased timeout * Fixed code * Fixed code * Fixed code * Fixed naming * feat(compute): add compute disk create secondary custom sample (#9644) * Implemented compute_disk_create_secondary_custom sample, created test * Fixed code * Fixed variable * Fixed code * Fixed whitespace * Fixed whitespace * feat(compute): add compute snapshot schedule create/get/edit/list/delete samples (#9742) * Implemented compute_snapshot_schedule_delete and compute_snapshot_schedule_create samples, created test * Fixed test * Added compute_snapshot_schedule_get sample, created test * Fixed naming * Implemented compute_snapshot_schedule_edit, created test * Fixed naming * Implemented compute_snapshot_schedule_list sample, created test * Cleaned resources * Cleaned resources * Cleaned resources * Cleaned resources * Fixed test * Added comment * Fixed tests * Fixed code * Fixed code as requested in the comments * feat(compute): add compute disk create with snapshot schedule (#9788) * Implemented compute_disk_create_with_snapshot_schedule sample, created test * Fixed code * Fixed code * Fixed test * Fixed code * Fixed code as requested in the comments * Fixed lint issue * Fixed lint issue * Deleted redundant code * feat(tpu): add tpu queued resources time bound sample. (#9617) * Changed package, added information to CODEOWNERS * Added information to CODEOWNERS * Added timeout * Fixed parameters for test * Fixed DeleteTpuVm and naming * Added comment, created Util class * Fixed naming * Fixed whitespace * Split PR into smaller, deleted redundant code * Implemented tpu_queued_resources_create, tpu_queued_resources_get, tpu_queued_resources_delete_force and tpu_queued_resources_delete samples, created tests * Implemented tpu_queued_resources_time_bound sample, created test * Changed zone for tpu * Cleanup resources * Fixed tests * Fixed test * Fixed code as requested in the comments * Fixed code as requested in the comments * fix(job): delete old region tag update_job_with_field_mask (#9940) * feat(job): migrate region tags to include product prefix (#9966) * fix(endpoints): migrate all regions (#9943) * fix: disable flakybot reporting (#9968) * chore(job): remove unused region tags (#9969) * feat(securitycenter): Add Resource SCC Management API Org ETD Custom Module code samples (Update, Get Eff, List Eff, List Desc, Validate) (#9912) * sample codes for event threat detection custom modules * fixed lint * addressed comments * lint fix * addressed comments --------- Co-authored-by: OremGLG <[email protected]> Co-authored-by: eapl.me <[email protected]> Co-authored-by: Тетяна Ягодська <[email protected]> Co-authored-by: Jennifer Davis <[email protected]> Co-authored-by: lovenishs04 <[email protected]> Co-authored-by: alarconesparza <[email protected]> Co-authored-by: Jennifer Davis <[email protected]> Co-authored-by: code-review-assist[bot] <182814678+code-review-assist[bot]@users.noreply.github.com> Co-authored-by: Brian Dorsey <[email protected]>
Description
Fixes # b/347346777, b/347346891, b/347346970, b/347346994, b/347346149
This PR adds SCC Managament API Org Event Threat Detection Custom Module Code Samples for Update, Get Effective, List Effective, List Descendant and Validate.
Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.
Checklist
pom.xmlparent set to latestshared-configurationmvn clean verifyrequiredmvn -P lint checkstyle:checkrequiredmvn -P lint clean compile pmd:cpd-check spotbugs:checkadvisory only