Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(securitycenter): Add Resource SCC Management API Org ETD Custom Module code samples (Update, Get Eff, List Eff, List Desc, Validate) #9912

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

lovenishs04
Copy link
Contributor

Description

Fixes # b/347346777, b/347346891, b/347346970, b/347346994, b/347346149
This PR adds SCC Managament API Org Event Threat Detection Custom Module Code Samples for Update, Get Effective, List Effective, List Descendant and Validate.

Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.

Checklist

  • I have followed Sample Format Guide
  • pom.xml parent set to latest shared-configuration
  • Appropriate changes to README are included in PR
  • These samples need a new API enabled in testing projects to pass (let us know which ones)
  • These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
  • Tests pass: mvn clean verify required
  • Lint passes: mvn -P lint checkstyle:check required
  • Static Analysis: mvn -P lint clean compile pmd:cpd-check spotbugs:check advisory only
  • This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
  • This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
  • Please merge this PR for me once it is approved

@lovenishs04 lovenishs04 requested review from yoshi-approver and a team as code owners December 23, 2024 07:37
Copy link

snippet-bot bot commented Dec 23, 2024

Here is the summary of changes.

You are about to add 5 region tags.

This comment is generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.
To update this comment, add snippet-bot:force-run label or use the checkbox below:

  • Refresh this comment

Copy link
Contributor

@code-review-assist code-review-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @lovenishs04 and reviewers,

I'm currently reviewing this pull request and will post my detailed review in a few minutes. In the meantime, here's a quick summary to help everyone get up to speed:

This pull request adds several new code samples for the Security Command Center Management API's Org Event Threat Detection Custom Module. The intent is to provide comprehensive examples for common operations, addressing issues b/347346777, b/347346891, b/347346970, b/347346994, and b/347346149.

Here's a breakdown of the changes:

  • New Java files added:
    • GetEffectiveEventThreatDetectionCustomModule.java: Retrieves an effective Event Threat Detection Custom Module.
    • ListDescendantEventThreatDetectionCustomModules.java: Lists descendant Event Threat Detection Custom Modules.
    • ListEffectiveEventThreatDetectionCustomModules.java: Lists effective Event Threat Detection Custom Modules.
    • UpdateEventThreatDetectionCustomModule.java: Updates an Event Threat Detection Custom Module.
    • ValidateEventThreatDetectionCustomModule.java: Validates an Event Threat Detection Custom Module.
  • EventThreatDetectionCustomModuleTest.java updated: Added comprehensive test cases for all new functionalities.

All new files include standard copyright headers and follow the sample format guide. The pom.xml parent is updated to the latest shared-configuration. The README file has been updated accordingly. Note that the PR mentions the need for new API enables and env vars in testing projects. The author has also stated that tests and lint checks pass.

I'll be checking for completeness, correctness, and adherence to style guidelines in my full review.


And now, a little haiku to brighten your day:

Code flows like a stream,
Tests run green, a joyful sight,
Bugs flee in the night.

Thanks!
Gemini

@product-auto-label product-auto-label bot added api: securitycenter Issues related to the Security Command Center API. samples Issues that are directly related to samples. labels Dec 23, 2024
Copy link
Contributor

@code-review-assist code-review-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This pull request adds several code samples for the Security Command Center Management API's Organization Event Threat Detection Custom Modules. The samples cover Update, Get Effective, List Effective, List Descendant, and Validate functionalities. Overall, the code is well-structured and functional. However, there are a few areas that could be improved:

  • Hardcoded Values: The projectId and customModuleId are hardcoded. These should be parameterized, either through command-line arguments or environment variables, to make the samples more reusable.
  • Error Handling: While the code handles IOException, it lacks more specific error handling and input validation. This is crucial for robustness.
  • Documentation: The existing comments are minimal. More detailed explanations of the code's logic, parameters, and potential exceptions would greatly enhance readability and understanding.
  • README Updates: The PR description mentions updating the README. Ensure this is done thoroughly to guide users on how to use the new samples.

I've provided more specific feedback in the individual file reviews below. Addressing these points will significantly improve the quality and usability of the code samples.

Comment on lines +29 to +32
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = "project_id";

String customModuleId = "custom_module_id";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The projectId and customModuleId are hardcoded. It's best practice to pass these as parameters to the main method. This allows for greater flexibility and reusability. Consider using environment variables as a fallback if the arguments aren't provided.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = "project_id";
String customModuleId = "custom_module_id";
String projectId = System.getenv("GOOGLE_CLOUD_PROJECT");
String customModuleId = System.getenv("CUSTOM_MODULE_ID");
if (args.length == 2) {
projectId = args[0];
customModuleId = args[1];
} else if (args.length != 0) {
System.out.println("Usage: java GetEffectiveEventThreatDetectionCustomModule <projectId> <customModuleId> OR set GOOGLE_CLOUD_PROJECT and CUSTOM_MODULE_ID env vars");
return;
}
if (projectId == null || projectId.isEmpty()) {
throw new IllegalArgumentException("Project ID not provided. Please provide it as a command line argument or set the GOOGLE_CLOUD_PROJECT environment variable.");
}
if (customModuleId == null || customModuleId.isEmpty()) {
throw new IllegalArgumentException("Custom Module ID not provided. Please provide it as a command line argument or set the CUSTOM_MODULE_ID environment variable.");
}


public static void main(String[] args) throws IOException {
// https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/listDescendant
// TODO: Developer should replace project_id with a real project ID before running this code
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Similar to the previous suggestion, parameterize the projectId. Accept it as a command-line argument or retrieve it from an environment variable.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = System.getenv("GOOGLE_CLOUD_PROJECT");
if (args.length == 1) {
projectId = args[0];
} else if (args.length != 0) {
System.out.println("Usage: java ListDescendantEventThreatDetectionCustomModules <projectId> OR set GOOGLE_CLOUD_PROJECT env var");
return;
}
if (projectId == null || projectId.isEmpty()) {
throw new IllegalArgumentException("Project ID not provided. Please provide it as a command line argument or set the GOOGLE_CLOUD_PROJECT environment variable.");
}


public static void main(String[] args) throws IOException {
// https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.effectiveEventThreatDetectionCustomModules/list
// TODO: Developer should replace project_id with a real project ID before running this code
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Parameterize the projectId for consistency and reusability. Accept it as a command-line argument or retrieve it from an environment variable.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = System.getenv("GOOGLE_CLOUD_PROJECT");
if (args.length == 1) {
projectId = args[0];
} else if (args.length != 0) {
System.out.println("Usage: java ListEffectiveEventThreatDetectionCustomModules <projectId> OR set GOOGLE_CLOUD_PROJECT env var");
return;
}
if (projectId == null || projectId.isEmpty()) {
throw new IllegalArgumentException("Project ID not provided. Please provide it as a command line argument or set the GOOGLE_CLOUD_PROJECT environment variable.");
}

Comment on lines +31 to +34
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = "project_id";

String customModuleId = "custom_module_id";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The projectId and customModuleId should be parameterized, similar to the other samples. This improves reusability and allows for easier testing.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = "project_id";
String customModuleId = "custom_module_id";
String projectId = System.getenv("GOOGLE_CLOUD_PROJECT");
String customModuleId = System.getenv("CUSTOM_MODULE_ID");
if (args.length == 2) {
projectId = args[0];
customModuleId = args[1];
} else if (args.length != 0) {
System.out.println("Usage: java UpdateEventThreatDetectionCustomModule <projectId> <customModuleId> OR set GOOGLE_CLOUD_PROJECT and CUSTOM_MODULE_ID env vars");
return;
}
if (projectId == null || projectId.isEmpty()) {
throw new IllegalArgumentException("Project ID not provided. Please provide it as a command line argument or set the GOOGLE_CLOUD_PROJECT environment variable.");
}
if (customModuleId == null || customModuleId.isEmpty()) {
throw new IllegalArgumentException("Custom Module ID not provided. Please provide it as a command line argument or set the CUSTOM_MODULE_ID environment variable.");
}

public static void main(String[] args) throws IOException {

// https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/validate
// TODO: Developer should replace project_id with a real project ID before running this code
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Parameterize the projectId to avoid hardcoding. Accept it as a command-line argument or retrieve it from an environment variable.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
String projectId = System.getenv("GOOGLE_CLOUD_PROJECT");
if (args.length == 1) {
projectId = args[0];
} else if (args.length != 0) {
System.out.println("Usage: java ValidateEventThreatDetectionCustomModule <projectId> OR set GOOGLE_CLOUD_PROJECT env var");
return;
}
if (projectId == null || projectId.isEmpty()) {
throw new IllegalArgumentException("Project ID not provided. Please provide it as a command line argument or set the GOOGLE_CLOUD_PROJECT environment variable.");
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: securitycenter Issues related to the Security Command Center API. samples Issues that are directly related to samples.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants