Skip to content

feat(securitycenter): Add Resource SCC Management API Org Security Center Service Custom Module samples (Get, List, Update) #9913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jan 24, 2025
Merged

feat(securitycenter): Add Resource SCC Management API Org Security Center Service Custom Module samples (Get, List, Update) #9913

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2c060e8
sample codes for security center service
lovenishs04 Dec 23, 2024
d90b092
fixed lint
lovenishs04 Dec 23, 2024
18d539a
addressed comments
lovenishs04 Jan 14, 2025
42a77ea
header update
lovenishs04 Jan 14, 2025
c539b92
addressed comment
lovenishs04 Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions security-command-center/snippets/src/main/java/management/api/GetSecurityCenterService.java
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: in this and other files consider to remove unnecessary new lines

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: security-command-center/snippets/src/main/java/management/api/UpdateSecurityCenterService.java still has empty lines

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package management.api;

// [START securitycenter_get_security_center_service]
import com.google.cloud.securitycentermanagement.v1.GetSecurityCenterServiceRequest;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterService;
import java.io.IOException;

public class GetSecurityCenterService {

public static void main(String[] args) throws IOException {
// https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.securityCenterServices/get
// TODO: Developer should replace project_id with a real project ID before running this code
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

The TODO comment should be more actionable. Instead of just stating what the developer needs to do, consider providing a more descriptive placeholder or example. Per the Sample Format Guide, placeholder values should be enclosed in angle brackets.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
// TODO: Replace <project-id> with your project ID
String projectId = "<project-id>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

String projectId = "project_id";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Per the Sample Format Guide, use angle brackets for placeholders. This makes it clear what needs replacing and improves readability.

Suggested change
String projectId = "project_id";
String projectId = "<project-id>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

// Replace service with one of the valid values:
// container-threat-detection, event-threat-detection, security-health-analytics,
// vm-threat-detection, web-security-scanner
String service = "service";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Use angle brackets for the placeholder to adhere to the Sample Format Guide.

Suggested change
String service = "service";
String service = "<service>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed


getSecurityCenterService(projectId, service);
}

public static SecurityCenterService getSecurityCenterService(String projectId, String service)
throws IOException {

// Initialize client that will be used to send requests. This client only needs
// to be created
// once, and can be reused for multiple requests.
try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) {

String name =
String.format(
"projects/%s/locations/global/securityCenterServices/%s", projectId, service);

GetSecurityCenterServiceRequest request =
GetSecurityCenterServiceRequest.newBuilder().setName(name).build();

SecurityCenterService response = client.getSecurityCenterService(request);

return response;
}
}
}
// [END securitycenter_get_security_center_service]
54 changes: 54 additions & 0 deletions ...rity-command-center/snippets/src/main/java/management/api/ListSecurityCenterServices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/*
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package management.api;

// [START securitycenter_list_security_center_service]
import com.google.cloud.securitycentermanagement.v1.ListSecurityCenterServicesRequest;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient.ListSecurityCenterServicesPagedResponse;
import java.io.IOException;

public class ListSecurityCenterServices {

public static void main(String[] args) throws IOException {
// https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.securityCenterServices/list
// TODO: Developer should replace project_id with a real project ID before running this code
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Make this TODO comment more actionable and use angle brackets for the placeholder, as per the Sample Format Guide.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
// TODO: Replace <project-id> with your project ID
String projectId = "<project-id>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

String projectId = "project_id";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Use angle brackets for placeholders to follow the Sample Format Guide.

Suggested change
String projectId = "project_id";
String projectId = "<project-id>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed


listSecurityCenterServices(projectId);
}

public static ListSecurityCenterServicesPagedResponse listSecurityCenterServices(String projectId)
throws IOException {

// Initialize client that will be used to send requests. This client only needs
// to be created
// once, and can be reused for multiple requests.
try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) {

ListSecurityCenterServicesRequest request =
ListSecurityCenterServicesRequest.newBuilder()
.setParent(String.format("projects/%s/locations/global", projectId))
.build();

ListSecurityCenterServicesPagedResponse response = client.listSecurityCenterServices(request);

return response;
}
}
}
// [END securitycenter_list_security_center_service]
76 changes: 76 additions & 0 deletions ...ity-command-center/snippets/src/main/java/management/api/UpdateSecurityCenterService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
/*
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package management.api;

// [START securitycenter_update_security_center_service]
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterService;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterService.EnablementState;
import com.google.cloud.securitycentermanagement.v1.UpdateSecurityCenterServiceRequest;
import com.google.protobuf.FieldMask;
import java.io.IOException;

public class UpdateSecurityCenterService {

public static void main(String[] args) throws IOException {
// https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.securityCenterServices/patch
// TODO: Developer should replace project_id with a real project ID before running this code
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Ensure the TODO comment is actionable and uses angle brackets for placeholders, consistent with the Sample Format Guide.

Suggested change
// TODO: Developer should replace project_id with a real project ID before running this code
// TODO: Replace <project-id> with your project ID
String projectId = "<project-id>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

String projectId = "project_id";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Use angle brackets for placeholders as per the Sample Format Guide.

Suggested change
String projectId = "project_id";
String projectId = "<project-id>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

// Replace service with one of the valid values:
// container-threat-detection, event-threat-detection, security-health-analytics,
// vm-threat-detection, web-security-scanner
String service = "service";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Use angle brackets for the placeholder to be consistent with the Sample Format Guide.

Suggested change
String service = "service";
String service = "<service>";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed


updateSecurityCenterService(projectId, service);
}

public static SecurityCenterService updateSecurityCenterService(String projectId, String service)
throws IOException {

// Initialize client that will be used to send requests. This client only needs
// to be created
// once, and can be reused for multiple requests.
try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) {

String name =
String.format(
"projects/%s/locations/global/securityCenterServices/%s", projectId, service);

// Define the security center service configuration, update the
// IntendedEnablementState accordingly.
SecurityCenterService securityCenterService =
SecurityCenterService.newBuilder()
.setName(name)
.setIntendedEnablementState(EnablementState.ENABLED)
.build();

// Set the field mask to specify which properties should be updated.
FieldMask fieldMask = FieldMask.newBuilder().addPaths("intended_enablement_state").build();

UpdateSecurityCenterServiceRequest request =
UpdateSecurityCenterServiceRequest.newBuilder()
.setSecurityCenterService(securityCenterService)
.setUpdateMask(fieldMask)
.build();

SecurityCenterService response = client.updateSecurityCenterService(request);

return response;
}
}
}
// [END securitycenter_update_security_center_service]
80 changes: 80 additions & 0 deletions security-command-center/snippets/src/test/java/management/api/SecurityCenterServiceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
/*
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package management.api;

import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;

import com.google.cloud.securitycentermanagement.v1.SecurityCenterService;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterService.EnablementState;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient.ListSecurityCenterServicesPagedResponse;
import java.io.IOException;
import java.util.stream.StreamSupport;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
public class SecurityCenterServiceTest {
// TODO(Developer): Replace the below variable
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Instead of a TODO, provide clear instructions on setting the environment variable. This improves the clarity and usability of the test code. For example:

// Set the SCC_PROJECT_ID environment variable. See https://cloud.google.com/docs/authentication/getting-started for more details.
private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID");
Suggested change
// TODO(Developer): Replace the below variable
// Set the SCC_PROJECT_ID environment variable. See https://cloud.google.com/docs/authentication/getting-started for more details.
private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID");

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think this comment should be removed. There is no point in TODO comment such this in the test code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID");
private static final String SERVICE = "EVENT_THREAT_DETECTION";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what guarantee that this service exists?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually there are multiple services mentioned in the documentation. https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.securityCenterServices/get
Out of these services I have picked up one and also ensured that it is available in the security command center console and also tested this in my local machine.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: please add a comment explaining this. Also the documentation that I see shows the following list:

  • container-threat-detection
  • event-threat-detection
  • security-health-analytics
  • vm-threat-detection
  • web-security-scanner
    The service in the test is EVENT_THREAT_DETECTION. The documentation should explain the value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed


// Check if the required environment variables are set.
public static void requireEnvVar(String envVarName) {
assertWithMessage(String.format("Missing environment variable '%s' ", envVarName))
.that(System.getenv(envVarName))
.isNotEmpty();
}

@BeforeClass
public static void setUp() {
requireEnvVar("GOOGLE_APPLICATION_CREDENTIALS");
requireEnvVar("SCC_PROJECT_ID");
}

@Test
public void testGetSecurityCenterService() throws IOException {
SecurityCenterService response =
GetSecurityCenterService.getSecurityCenterService(PROJECT_ID, SERVICE);
assertNotNull(response);
// check whether the response contains the specified service
assertThat(response.getName()).contains(SERVICE);
}

@Test
public void testListSecurityCenterServices() throws IOException {
ListSecurityCenterServicesPagedResponse response =
ListSecurityCenterServices.listSecurityCenterServices(PROJECT_ID);
assertNotNull(response);
// check whether the response contains the specified service
assertTrue(
StreamSupport.stream(response.iterateAll().spliterator(), false)
.anyMatch(service -> service.getName().contains(SERVICE)));
}

@Test
public void testUpdateSecurityCenterService() throws IOException {
SecurityCenterService response =
UpdateSecurityCenterService.updateSecurityCenterService(PROJECT_ID, SERVICE);
assertNotNull(response);
assertThat(response.getIntendedEnablementState().equals(EnablementState.ENABLED));
}
}