Merge branch 'main' into scc-management-api-etd-remaining-modules

GoogleCloudPlatform · Jan 31, 2025 · db931a8 · db931a8
2 parents 4bc887b + 4f660cd
commit db931a8
Show file tree

Hide file tree

Showing 6 changed files with 263 additions and 1 deletion.
diff --git a/.github/config/nodejs-dev.jsonc b/.github/config/nodejs-dev.jsonc
@@ -194,6 +194,7 @@
     "run/pubsub",
     "run/websockets",
     "secret-manager",
+    "security-center/snippets",
     "service-directory/snippets",
     "storage-control",
     "texttospeech",

diff --git a/.github/config/nodejs-prod.jsonc b/.github/config/nodejs-prod.jsonc
@@ -102,7 +102,6 @@
     "run/markdown-preview/editor", // Error: could not create an identity token: Cannot fetch ID token in this environment, use GCE or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to a service account credentials JSON file
     "run/system-package", // Error: ENOENT: no such file or directory, access '/usr/bin/dot'
     "scheduler", // SyntaxError: Cannot use import statement outside a module
-    "security-center/snippets", // Error: 3 INVALID_ARGUMENT: Fail to resolve resource 'organizations/undefined/locations/global'
     "speech", // AssertionError: expected 'Transcription:  Okay, I\'m here.\n Hi…' to match /Terrific. It's on the way./
     "storagetransfer", // CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
     "talent", // AssertionError: expected '' to match /Job summary/

diff --git a/security-center/snippets/management_api/getSecurityCenterService.js b/security-center/snippets/management_api/getSecurityCenterService.js
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// Retrieve a specific security center service by its name.
+function main(organizationId, service, location = 'global') {
+  // [START securitycenter_get_security_center_service]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /*
+   * Required. Resource name of security center service
+   *     Its format is
+   *    `organizations/[organizationId]/locations/[location]/securityCenterServices/[service]`
+   *    `folders/[folderId]/locations/[location]/securityCenterServices/[service]`
+   *    `projects/[projectId]/locations/[location]/securityCenterServices/[service]`
+   */
+  // TODO(developer): Update the organization ID, location, and service name to match your environment.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  // const service = 'SERVICE';
+  // Replace SERVICE with one of the valid values:
+  // container-threat-detection, event-threat-detection, security-health-analytics,
+  // vm-threat-detection, web-security-scanner
+  const name = `organizations/${organizationId}/locations/${location}/securityCenterServices/${service}`;
+
+  // Build the request.
+  const getSecurityCenterServiceRequest = {
+    name: name,
+  };
+
+  async function getSecurityCenterService() {
+    // Call the API.
+    const [response] = await client.getSecurityCenterService(
+      getSecurityCenterServiceRequest
+    );
+    console.log('Retrieved SecurityCenterService:', response.name);
+  }
+
+  getSecurityCenterService();
+  // [END securitycenter_get_security_center_service]
+}
+
+main(...process.argv.slice(2));
diff --git a/security-center/snippets/management_api/listSecurityCenterServices.js b/security-center/snippets/management_api/listSecurityCenterServices.js
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// List all security center services for the given parent.
+function main(organizationId, location = 'global') {
+  // [START securitycenter_list_security_center_service]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /**
+   *  Required. The name of the parent resource. Its
+   *  format is "organizations/[organizationId]/locations/[location]",
+   *  "folders/[folderId]/locations/[location]", or
+   *  "projects/[projectId]/locations/[location]".
+   */
+  //TODO(developer): Update the organization ID and location to match your environment.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  // Build the request.
+  const listSecurityCenterServicesRequest = {
+    parent: parent,
+  };
+
+  async function listSecurityCenterServices() {
+    // Call the API.
+    const [services] = await client.listSecurityCenterServices(
+      listSecurityCenterServicesRequest
+    );
+    for (const service of services) {
+      console.log('Security Center Service Name:', service.name);
+    }
+  }
+
+  listSecurityCenterServices();
+  // [END securitycenter_list_security_center_service]
+}
+
+main(...process.argv.slice(2));
diff --git a/security-center/snippets/management_api/updateSecurityCenterService.js b/security-center/snippets/management_api/updateSecurityCenterService.js
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// Updates a security center service configuration.
+function main(organizationId, service, location = 'global') {
+  // [START securitycenter_update_security_center_service]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /*
+   * Required. Resource name of security center service
+   *     Its format is
+   *    `organizations/[organizationId]/locations/[location]/securityCenterServices/[service]`
+   *    `folders/[folderId]/locations/[location]/securityCenterServices/[service]`
+   *    `projects/[projectId]/locations/[location]/securityCenterServices/[service]`
+   */
+  // TODO(developer): Update the organization ID, location, and service name to match your environment.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  // const service = 'SERVICE';
+  // Replace SERVICE with one of the valid values:
+  // container-threat-detection, event-threat-detection, security-health-analytics,
+  // vm-threat-detection, web-security-scanner
+  const name = `organizations/${organizationId}/locations/${location}/securityCenterServices/${service}`;
+
+  // Define the security center service configuration, update the
+  // IntendedEnablementState accordingly.
+  const securityCenterService = {
+    name: name,
+    intendedEnablementState: 'ENABLED',
+  };
+
+  // Set the field mask to specify which properties should be updated.
+  const fieldMask = {
+    paths: ['intended_enablement_state'],
+  };
+
+  // Build the request.
+  const updateSecurityCenterServiceRequest = {
+    securityCenterService: securityCenterService,
+    updateMask: fieldMask,
+  };
+
+  async function updateSecurityCenterService() {
+    // Call the API.
+    const [response] = await client.updateSecurityCenterService(
+      updateSecurityCenterServiceRequest
+    );
+    console.log(
+      `Updated SecurityCenterService: ${response.name} with new enablement state: ${response.intendedEnablementState}`
+    );
+  }
+
+  updateSecurityCenterService();
+  // [END securitycenter_update_security_center_service]
+}
+
+main(...process.argv.slice(2));
diff --git a/security-center/snippets/system-test/management_api/securityCenterService.test.js b/security-center/snippets/system-test/management_api/securityCenterService.test.js
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const {assert} = require('chai');
+const {execSync} = require('child_process');
+const exec = cmd => execSync(cmd, {encoding: 'utf8'});
+const {describe, it} = require('mocha');
+
+// TODO(developer): Update the organization ID and service name to match your testing environment
+const organizationId = '1081635000895';
+// Replace service with one of the valid values:
+// container-threat-detection, event-threat-detection, security-health-analytics,
+// vm-threat-detection, web-security-scanner
+const service = 'event_threat_detection';
+
+describe('Security Center Service', async () => {
+  const data = {
+    orgId: organizationId,
+    service: service,
+  };
+
+  it('should get the security center service', done => {
+    const output = exec(
+      `node management_api/getSecurityCenterService.js ${data.orgId} ${data.service}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.service));
+    assert.match(output, /Retrieved SecurityCenterService/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should list the security center services', done => {
+    const output = exec(
+      `node management_api/listSecurityCenterServices.js ${data.orgId}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.service.toUpperCase()));
+    assert.match(output, /Security Center Service Name/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should update the security center service', done => {
+    const output = exec(
+      `node management_api/updateSecurityCenterService.js ${data.orgId} ${data.service}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.service));
+    assert.match(output, /Updated SecurityCenterService/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+});