From 0b4df77b07e6e741c245172b777cbd4d541db112 Mon Sep 17 00:00:00 2001 From: Patrick Glinsman Date: Fri, 5 Apr 2019 10:24:39 -0700 Subject: [PATCH 01/10] Added SecurityCenter code samples for Findings, Organizations, SecurityMarks, and Sources. --- .../snippets/AssetSnippets.java | 12 +- .../snippets/FindingSnippets.java | 280 ++++++++++++++++++ .../snippets/OrganizationSnippets.java | 74 +++++ .../snippets/SecurityMarkSnippets.java | 222 ++++++++++++++ .../snippets/SourceSnippets.java | 188 ++++++++++++ .../snippets/ITAssetSnippets.java | 8 +- .../snippets/ITFindingSnippets.java | 66 +++++ .../snippets/ITOrganizationSnippets.java | 26 ++ .../snippets/ITSecurityMarkSnippets.java | 61 ++++ .../snippets/ITSourceSnippets.java | 56 ++++ 10 files changed, 983 insertions(+), 10 deletions(-) create mode 100644 google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java create mode 100644 google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java create mode 100644 google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java create mode 100644 google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java create mode 100644 google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java create mode 100644 google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java create mode 100644 google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java create mode 100644 google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 349b295980dd..feacb41d15e5 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -15,11 +15,11 @@ */ package com.google.cloud.examples.securitycenter.snippets; -import com.google.cloud.securitycenter.v1beta1.ListAssetsRequest; -import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; -import com.google.cloud.securitycenter.v1beta1.OrganizationName; -import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient; -import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient.ListAssetsPagedResponse; +import com.google.cloud.securitycenter.v1.ListAssetsRequest; +import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListAssetsPagedResponse; import com.google.common.base.MoreObjects; import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; @@ -84,7 +84,7 @@ static ImmutableList listAssetsWithFilter(OrganizationName org // this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); - System.out.println("Projects:"); + System.out.println("Project assets:"); System.out.println(results); return results; } catch (IOException e) { diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java new file mode 100644 index 000000000000..e3c251476723 --- /dev/null +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -0,0 +1,280 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import com.google.cloud.securitycenter.v1.Finding; +import com.google.cloud.securitycenter.v1.Finding.State; +import com.google.cloud.securitycenter.v1.FindingName; +import com.google.cloud.securitycenter.v1.ListFindingsRequest; +import com.google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListFindingsPagedResponse; +import com.google.cloud.securitycenter.v1.SourceName; +import com.google.cloud.securitycenter.v1.UpdateFindingRequest; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import com.google.iam.v1.TestIamPermissionsResponse; +import com.google.protobuf.FieldMask; +import com.google.protobuf.Timestamp; +import com.google.protobuf.Value; +import java.io.IOException; +import java.util.ArrayList; +import org.threeten.bp.Instant; + +/** Snippets for how to work with Findings in Cloud Security Command Center. */ +public class FindingSnippets { + private FindingSnippets() {} + + /** + * Create a finding under a source. + * + * @param sourceName The source for the finding. + */ + // [START create_finding] + static Finding createFinding(SourceName sourceName, String findingId) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of("123234324", "423432321"); + // String findingId = "samplefindingid"; + + // Use the current time as the finding "event time". + Instant eventTime = Instant.now(); + + // The resource this finding applies to. The CSCC UI can link + // the findings for a resource to the corresponding Asset of a resource + // if there are matches. + String resourceName = "//cloudresourcemanager.googleapis.com/organizations/11232"; + + // Start setting up a request to create a finding in a source. + Finding finding = Finding.newBuilder() + .setParent(sourceName.toString()) + .setState(State.ACTIVE).setResourceName(resourceName) + .setEventTime(Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano())) + .setCategory("MEDIUM_RISK_ONE").build(); + + // Call the API. + Finding response = client.createFinding(sourceName, findingId, finding); + + System.out.println("Created Finding: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END create_finding] + + /** + * Create a finding with source properties under a source. + * + * @param sourceName The source for the finding. + */ + // [START create_finding_with_source_properties] + static Finding createFindingWithSourceProperties(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of("123234324", "423432321"); + + // Use the current time as the finding "event time". + Instant eventTime = Instant.now(); + + // Controlled by caller. + String findingId = "samplefindingid2"; + + // The resource this finding applies to. The CSCC UI can link + // the findings for a resource to the corresponding Asset of a resource + // if there are matches. + String resourceName = "//cloudresourcemanager.googleapis.com/organizations/11232"; + + // Define source properties values as protobuf "Value" objects. + Value stringValue = Value.newBuilder().setStringValue("stringExample").build(); + Value numValue = Value.newBuilder().setNumberValue(1234).build(); + ImmutableMap sourceProperties = + ImmutableMap.of("stringKey", stringValue, "numKey", numValue); + + // Start setting up a request to create a finding in a source. + Finding finding = Finding.newBuilder() + .setParent(sourceName.toString()) + .setState(State.ACTIVE) + .setResourceName(resourceName) + .setEventTime(Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano())) + .putAllSourceProperties(sourceProperties).build(); + + // Call the API. + Finding response = client.createFinding(sourceName, findingId, finding); + + System.out.println("Created Finding with Source Properties: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END create_finding_with_source_properties] + + /** + * Update a finding under a source. + * + * @param findingName The finding to update. + */ + // [START update_finding] + static Finding updateFinding(FindingName findingName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // FindingName findingName = FindingName.of("123234324", "423432321", "samplefindingid2"); + + // Use the current time as the finding "event time". + Instant eventTime = Instant.now(); + + // Define source properties values as protobuf "Value" objects. + Value stringValue = Value.newBuilder().setStringValue("value").build(); + + FieldMask updateMask = FieldMask.newBuilder() + .addPaths("event_time") + .addPaths("source_properties.stringKey").build(); + + Finding finding = Finding.newBuilder() + .setName(findingName.toString()) + .setEventTime(Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano())) + .putSourceProperties("stringKey", stringValue).build(); + + UpdateFindingRequest.Builder request = + UpdateFindingRequest.newBuilder().setFinding(finding).setUpdateMask(updateMask); + + // Call the API. + Finding response = client.updateFinding(request.build()); + + System.out.println("Updated Finding: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END update_finding] + + /** + * List all findings under an organization. + * + * @param organizationName The source to list all findings for. + */ + // [START list_all_findings] + static ImmutableList listAllFindings(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // OrganizationName organizationName = OrganizationName.of("123234324"); + SourceName sourceName = SourceName.of(organizationName.getOrganization(), "-"); + + ListFindingsRequest.Builder request = + ListFindingsRequest.newBuilder().setParent(sourceName.toString()); + + // Call the API. + ListFindingsPagedResponse response = client.listFindings(request.build()); + + // This creates one list for all findings. If your organization has a large number of findings + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END list_all_findings] + + /** + * List filtered findings under a source. + * + * @param sourceName The source to list filtered findings for. + */ + // [START list_filtered_findings] + static ImmutableList listFilteredFindings(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of("123234324", "423432321"); + + // Create filter to category of MEDIUM_RISK_ONE + String filter = "category=\"MEDIUM_RISK_ONE\""; + + ListFindingsRequest.Builder request = + ListFindingsRequest.newBuilder().setParent(sourceName.toString()).setFilter(filter); + + // Call the API. + ListFindingsPagedResponse response = client.listFindings(request.build()); + + // This creates one list for all findings in the filter.If your organization has a large number of + // findings this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END list_filtered_findings] + + /** + * List findings at a specific time under a source. + * + * @param sourceName The source to list findings at a specific time for. + */ + // [START list_findings_at_time] + static ImmutableList listFindingsAtTime(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of("123234324", "423432321"); + + // 5 days ago + Instant fiveDaysAgo = Instant.now().minusSeconds(60*60*24*5); + + ListFindingsRequest.Builder request = + ListFindingsRequest.newBuilder() + .setParent(sourceName.toString()) + .setReadTime(Timestamp.newBuilder() + .setSeconds(fiveDaysAgo.getEpochSecond()) + .setNanos(fiveDaysAgo.getNano())); + + // Call the API. + ListFindingsPagedResponse response = client.listFindings(request.build()); + + // This creates one list for all findings in the filter.If your organization has a large number of + // findings this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END list_findings_at_time] + + /** + * Demonstrate calling testIamPermissions to determin if the service account has the correct + * permissions. + * + * @param sourceName The source to create a finding for. + */ + // [START test_iam_permissions] + static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of("123234324", "423432321"); + + //Iam permission to test. + ArrayList permissionsToTest = new ArrayList<>(); + permissionsToTest.add("securitycenter.findings.update"); + + // Call the API. + TestIamPermissionsResponse response = + client.testIamPermissions(sourceName.toString(), permissionsToTest); + System.out.println("IAM Permission:"); + System.out.println(response); + + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END test_iam_permissions] +} diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java new file mode 100644 index 000000000000..e3558a0a3a82 --- /dev/null +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java @@ -0,0 +1,74 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import com.google.cloud.securitycenter.v1.GetOrganizationSettingsRequest; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.OrganizationSettings; +import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.UpdateOrganizationSettingsRequest; +import com.google.protobuf.FieldMask; +import java.io.IOException; + +/** Snippets for how to work with Organizations in Cloud Security Command Center. */ +public class OrganizationSnippets { + + private OrganizationSnippets() {} + + /** + * Gets current settings for an organization. + * + * @param organizationName The organization to get settings for. + */ + // [START get_organization_settings] + static OrganizationSettings getOrganizationSettings(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to get OrganizationSettings for. + // OrganizationName organizationName = OrganizationName.of("123234324"); + GetOrganizationSettingsRequest.Builder request = + GetOrganizationSettingsRequest.newBuilder() + .setName(organizationName.toString() + "/organizationSettings"); + + // Call the API. + OrganizationSettings response = client.getOrganizationSettings(request.build()); + + System.out.println("Organization Settings:"); + System.out.println(response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END get_organization_settings] + + /** + * Update Asset Discovery OrganizationSettings for an organization + * + * @param organizationName The organization to update settings for. + */ + // [START update_organization_settings] + static OrganizationSettings updateOrganizationSettings(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to update OrganizationSettings for. + // OrganizationName organizationName = OrganizationName.of("123234324"); + OrganizationSettings organizationSettings = OrganizationSettings.newBuilder() + .setName(organizationName.toString() + "/organizationSettings") + .setEnableAssetDiscovery(true).build(); + FieldMask updateMask = FieldMask.newBuilder().addPaths("enable_asset_discovery").build(); + + UpdateOrganizationSettingsRequest.Builder request = + UpdateOrganizationSettingsRequest.newBuilder() + .setOrganizationSettings(organizationSettings) + .setUpdateMask(updateMask); + + // Call the API. + OrganizationSettings response = client.updateOrganizationSettings(request.build()); + + System.out.println("Organization Settings have been updated:"); + System.out.println(response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END update_organization_settings] + +} diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java new file mode 100644 index 000000000000..e357a18aa0c1 --- /dev/null +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java @@ -0,0 +1,222 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import com.google.cloud.securitycenter.v1.Asset; +import com.google.cloud.securitycenter.v1.Finding; +import com.google.cloud.securitycenter.v1.ListAssetsRequest; +import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; +import com.google.cloud.securitycenter.v1.ListFindingsRequest; +import com.google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListAssetsPagedResponse; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListFindingsPagedResponse; +import com.google.cloud.securitycenter.v1.SecurityMarks; +import com.google.cloud.securitycenter.v1.SourceName; +import com.google.cloud.securitycenter.v1.UpdateSecurityMarksRequest; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import com.google.protobuf.FieldMask; +import java.io.IOException; + +public class SecurityMarkSnippets { + + private SecurityMarkSnippets() {} + + /** + * Add security mark to an asset. + * + * @param asset The asset to add the security mark for. + */ + // [START add_to_asset] + static SecurityMarks addToAsset(Asset asset) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to add security marks for an asset. + ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); + + // Add security marks and field mask for security marks. + SecurityMarks securityMarks = SecurityMarks.newBuilder() + .setName(asset.getName() + "/securityMarks") + .putAllMarks(markMap).build(); + FieldMask updateMask = FieldMask.newBuilder() + .addPaths("marks.key_a") + .addPaths("marks.key_b").build(); + + UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask).build(); + + // Call the API. + SecurityMarks response = client.updateSecurityMarks(request); + + System.out.println("Security Marks:"); + System.out.println(response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END add_to_asset] + + /** + * Clear security marks for an asset. + * + * @param asset The asset to clear the security marks for. + */ + // [START clear_from_asset] + static SecurityMarks clearFromAsset(Asset asset) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to clear security marks for an asset. + // Create security mark and field mask for clearing security marks. + SecurityMarks securityMarks = SecurityMarks.newBuilder() + .setName(asset.getName() + "/securityMarks").build(); + FieldMask updateMask = FieldMask.newBuilder() + .addPaths("marks.key_a").addPaths("marks.key_b").build(); + + UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask).build(); + + // Call the API. + SecurityMarks response = client.updateSecurityMarks(request); + + System.out.println("Security Marks cleared:"); + System.out.println(response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END clear_from_asset] + + /** + * Deletes and updates a security mark for an asset. + * + * @param asset The asset to update and remove the security marks for. + */ + // [START delete_and_update_marks] + static SecurityMarks deleteAndUpdateMarks(Asset asset) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to clear and update security marks for an asset. + // Create security mark and field mask for clearing security marks. + SecurityMarks securityMarks = SecurityMarks.newBuilder() + .setName(asset.getName() + "/securityMarks") + .putMarks("key_a", "new_value_for_a").build(); + FieldMask updateMask = FieldMask.newBuilder() + .addPaths("marks.key_a").addPaths("marks.key_b").build(); + + UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask).build(); + + // Call the API. + SecurityMarks response = client.updateSecurityMarks(request); + + System.out.println("Security Marks updated and cleared:"); + System.out.println(response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END delete_and_update_marks] + + /** + * Add security mark to a finding. + * + * @param finding The finding to add the security mark for. + */ + // [START add_to_finding] + static SecurityMarks addToFinding(Finding finding) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to add security marks for a finding. + ImmutableMap markMap = + ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); + + // Add security marks and field mask for security marks. + SecurityMarks securityMarks = SecurityMarks.newBuilder() + .setName(finding.getName() + "/securityMarks") + .putAllMarks(markMap).build(); + FieldMask updateMask = FieldMask.newBuilder() + .addPaths("marks.key_a").addPaths("marks.key_b").build(); + + UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks).setUpdateMask(updateMask).build(); + + // Call the API. + SecurityMarks response = client.updateSecurityMarks(request); + + System.out.println("Security Marks:"); + System.out.println(response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END add_to_finding] + + /** + * Lists all assets with a filter on security marks. + * + * @param organizationName The organization to list assets for. + */ + // [START list_assets_with_filter] + static ImmutableList listAssetsWithQueryMarks(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to list all assets filtered by a specific security mark. + // OrganizationName organizationName = OrganizationName.of("123234324"); + ListAssetsRequest request = + ListAssetsRequest.newBuilder() + .setParent(organizationName.toString()) + .setFilter( + "security_marks.marks.key_a = \"value_a\"") + .build(); + + // Call the API. + ListAssetsPagedResponse response = client.listAssets(request); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Assets with security mark - key_a=value_a:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END list_assets_with_filter] + + /** + * List all findings with a filter on security marks. + * + * @param sourceName The source to list filtered findings for. + */ + // [START list_filtered_findings] + static ImmutableList listFindingsWithQueryMarks(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to list all findings filtered by a specific security mark. + // SourceName sourceName = SourceName.of("123234324", "423432321"); + // Create filter for NOT security_mark key_a=value_a + String filter = "NOT security_marks.marks.key_a=\"value_a\""; + + ListFindingsRequest.Builder request = + ListFindingsRequest.newBuilder().setParent(sourceName.toString()).setFilter(filter); + + // Call the API. + ListFindingsPagedResponse response = client.listFindings(request.build()); + + // This creates one list for all findings in the filter.If your organization has a large number of + // findings this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings with security mark - key_a=value_a:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END list_filtered_findings] + +} diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java new file mode 100644 index 000000000000..8c8e494ae347 --- /dev/null +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java @@ -0,0 +1,188 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import com.google.cloud.securitycenter.v1.CreateSourceRequest; +import com.google.cloud.securitycenter.v1.GetSourceRequest; +import com.google.cloud.securitycenter.v1.ListSourcesRequest; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListSourcesPagedResponse; +import com.google.cloud.securitycenter.v1.Source; +import com.google.cloud.securitycenter.v1.SourceName; +import com.google.cloud.securitycenter.v1.UpdateSourceRequest; +import com.google.common.collect.ImmutableList; +import com.google.iam.v1.Binding; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.protobuf.FieldMask; +import java.io.IOException; + +/** Snippets for how to work with Sources in Cloud Security Command Center. */ +public class SourceSnippets { + private SourceSnippets() {} + + /** + * Create a source under an organization. + * + * @param organizationName The organization for the source. + */ + // [START create_source] + static Source createSource(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to create a source in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + Source source = Source.newBuilder().setDisplayName("Customized Display Name") + .setDescription("A new custom source that does X").build(); + + CreateSourceRequest.Builder request = + CreateSourceRequest.newBuilder().setParent(organizationName.toString()).setSource(source); + + // Call the API. + Source response = client.createSource(request.build()); + + System.out.println("Created Source: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END create_source] + + /** + * List sources under an organization. + * + * @param organizationName The organization for the source. + */ + // [START list_source] + static ImmutableList listSources(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to list sources in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + ListSourcesRequest.Builder request = + ListSourcesRequest.newBuilder().setParent(organizationName.toString()); + + // Call the API. + ListSourcesPagedResponse response = client.listSources(request.build()); + + // This creates one list for all sources. If your organization has a large number of sources + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Sources:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END list_source] + + /** + * Update a source under an organization. + * + * @param sourceName The source to update. + */ + // [START update_source] + static Source updateSource(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to update a source. + // SourceName sourceName = SourceName.of("123234324", "423432321"); + Source source = Source.newBuilder().setDisplayName("Updated Display Name") + .setName(sourceName.toString()).build(); + FieldMask updateMask = FieldMask.newBuilder().addPaths("display_name").build(); + + UpdateSourceRequest.Builder request = + UpdateSourceRequest.newBuilder().setSource(source).setUpdateMask(updateMask); + + // Call the API. + Source response = client.updateSource(request.build()); + + System.out.println("Updated Source: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END update_source] + + /** + * Get a source under an organization. + * + * @param sourceName The source to get. + */ + // [START get_source] + static Source getSource(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to get a source. + // SourceName sourceName = SourceName.of("123234324", "423432321"); + GetSourceRequest.Builder request = + GetSourceRequest.newBuilder().setName(sourceName.toString()); + + // Call the API. + Source response = client.getSource(request.build()); + + System.out.println("Source: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END get_source] + + /** + * Set IAM policy for a source. + * + * @param sourceName The source to set IAM Policy for. + */ + // [START set_source_iam_policy] + static Policy setIamPolicySource(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Set up IAM Policy for the user csccclienttest@gmail.com to use the role findingsEditor. + // The user must be a valid google account. + Policy oldPolicy = client.getIamPolicy(sourceName.toString()); + Binding bindings = Binding.newBuilder() + .setRole("roles/securitycenter.findingsEditor") + .addMembers("user:csccclienttest@gmail.com").build(); + Policy policy = oldPolicy.toBuilder().addBindings(bindings).build(); + + // Start setting up a request to set IAM policy for a source. + // SourceName sourceName = SourceName.of("123234324", "423432321"); + SetIamPolicyRequest.Builder request = + SetIamPolicyRequest.newBuilder().setPolicy(policy).setResource(sourceName.toString()); + + // Call the API. + Policy response = client.setIamPolicy(request.build()); + + System.out.println("Policy: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END set_source_iam_policy] + + /** + * Get IAM policy for a source. + * + * @param sourceName The source to set IAM Policy for. + */ + // [START get_source_iam_policy] + static Policy getIamPolicySource(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request to get IAM policy for a source. + // SourceName sourceName = SourceName.of("123234324", "423432321"); + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder().setResource(sourceName.toString()).build(); + + // Call the API. + Policy response = client.getIamPolicy(request); + + System.out.println("Policy: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END get_source_iam_policy] + +} \ No newline at end of file diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index b3198b52075f..9a3b215754cd 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -19,9 +19,9 @@ import static junit.framework.TestCase.assertTrue; import static org.junit.Assert.assertEquals; -import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; -import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult.State; -import com.google.cloud.securitycenter.v1beta1.OrganizationName; +import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; +import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult.StateChange; +import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.common.collect.ImmutableList; import java.io.IOException; import org.junit.Test; @@ -67,7 +67,7 @@ public void testChangesReturnsValues() { getOrganizationId(), Duration.ofDays(3), SOMETHING_INSTANCE); assertTrue("Result: " + result.toString(), result.toString().contains("ADDED")); assertTrue(3 >= result.size()); - assertEquals(result.get(0).getState(), State.ADDED); + assertEquals(result.get(0).getStateChange(), StateChange.ADDED); } private static OrganizationName getOrganizationId() { diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java new file mode 100644 index 000000000000..dfa4c289a800 --- /dev/null +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java @@ -0,0 +1,66 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import static junit.framework.TestCase.assertNotNull; +import static junit.framework.TestCase.assertTrue; + +import com.google.cloud.securitycenter.v1.FindingName; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SourceName; +import com.google.protobuf.Value; +import java.io.IOException; +import org.junit.BeforeClass; +import org.junit.Test; + +/** Smoke tests for {@link com.google.cloud.examples.securitycenter.snippets.FindingSnippets} */ +public class ITFindingSnippets { + + private static SourceName SOURCE_NAME; + private static FindingName FINDING_NAME; + + @BeforeClass + public static void setUp() throws IOException { + SOURCE_NAME = SourceName.parse(SourceSnippets.createSource(getOrganizationId()).getName()); + FINDING_NAME = FindingName.parse(FindingSnippets.createFinding(SOURCE_NAME, "testfindingid").getName()); + } + + @Test + public void testCreateFinding() throws IOException { + assertNotNull(FindingSnippets.createFinding(SOURCE_NAME, "samplefindingid")); + } + + @Test + public void testCreateFindingWithSourceProperties() throws IOException { + assertNotNull(FindingSnippets.createFindingWithSourceProperties(SOURCE_NAME)); + } + + @Test + public void testUpdateFinding() throws IOException { + Value stringValue = Value.newBuilder().setStringValue("value").build(); + assertTrue(FindingSnippets.updateFinding(FINDING_NAME).getSourcePropertiesMap().get("stringKey").equals(stringValue)); + } + + @Test + public void testListAllFindings() throws IOException { + assertTrue(FindingSnippets.listAllFindings(getOrganizationId()).size() > 1); + } + + @Test + public void testListFilteredFindings() throws IOException { + assertTrue(FindingSnippets.listFilteredFindings(SOURCE_NAME).size() > 0); + } + + @Test + public void testListFindingsAtTime() throws IOException { + assertTrue(FindingSnippets.listFindingsAtTime(SOURCE_NAME).size() == 0); + } + + @Test + public void testTestIamPermissions() throws IOException { + assertTrue(FindingSnippets.testIamPermissions(SOURCE_NAME).getPermissions(0).equals("securitycenter.findings.update")); + } + + private static OrganizationName getOrganizationId() { + return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); + } + +} diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java new file mode 100644 index 000000000000..ee99a91f714b --- /dev/null +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java @@ -0,0 +1,26 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import static junit.framework.TestCase.assertNotNull; +import static junit.framework.TestCase.assertTrue; + +import com.google.cloud.securitycenter.v1.OrganizationName; +import java.io.IOException; +import org.junit.Test; + +public class ITOrganizationSnippets { + + @Test + public void testGetOrganizationSettings() throws IOException { + assertNotNull(OrganizationSnippets.getOrganizationSettings(getOrganizationId())); + } + + @Test + public void testUpdateOrganizationSettings() throws IOException { + assertTrue(OrganizationSnippets.updateOrganizationSettings(getOrganizationId()).getAssetDiscoveryConfig().isInitialized()); + } + + private static OrganizationName getOrganizationId() { + return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); + } + +} diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java new file mode 100644 index 000000000000..af38ae205428 --- /dev/null +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java @@ -0,0 +1,61 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import static junit.framework.TestCase.assertFalse; +import static junit.framework.TestCase.assertTrue; + +import com.google.cloud.securitycenter.v1.Asset; +import com.google.cloud.securitycenter.v1.Finding; +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SourceName; +import java.io.IOException; +import org.junit.BeforeClass; +import org.junit.Test; + +public class ITSecurityMarkSnippets { + + private static Asset ASSET; + private static SourceName SOURCE_NAME; + private static Finding FINDING; + + @BeforeClass + public static void setUp() throws IOException { + ASSET = AssetSnippets.listAssets(getOrganizationId()).get(0).getAsset(); + SOURCE_NAME = SourceName.parse(SourceSnippets.createSource(getOrganizationId()).getName()); + FINDING = FindingSnippets.createFinding(SOURCE_NAME, "testfindingid"); + } + + @Test + public void testAddToAsset() throws IOException { + assertTrue(SecurityMarkSnippets.addToAsset(ASSET).getMarksOrThrow("key_a").equals("value_a")); + } + + @Test + public void testClearFromAsset() throws IOException { + assertFalse(SecurityMarkSnippets.clearFromAsset(ASSET).containsMarks("key_a")); + } + + @Test + public void testDeleteAndUpdateMarks() throws IOException { + assertTrue(SecurityMarkSnippets.deleteAndUpdateMarks(ASSET).getMarksOrThrow("key_a").equals("new_value_for_a")); + } + + @Test + public void testAddToFinding() throws IOException { + assertTrue(SecurityMarkSnippets.addToFinding(FINDING).getMarksOrThrow("key_a").equals("value_a")); + } + + @Test + public void testListAssetsWithQueryMarks() throws IOException { + assertTrue(SecurityMarkSnippets.listAssetsWithQueryMarks(getOrganizationId()).size() > 0); + } + + @Test + public void testListFindingsWithQueryMarks() throws IOException { + assertTrue(SecurityMarkSnippets.listFindingsWithQueryMarks(SOURCE_NAME).size() > 0); + } + + private static OrganizationName getOrganizationId() { + return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); + } + +} diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java new file mode 100644 index 000000000000..8d7419c8ea07 --- /dev/null +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java @@ -0,0 +1,56 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import static junit.framework.TestCase.assertTrue; +import static junit.framework.TestCase.assertNotNull; + +import com.google.cloud.securitycenter.v1.OrganizationName; +import com.google.cloud.securitycenter.v1.SourceName; +import java.io.IOException; +import org.junit.BeforeClass; +import org.junit.Test; + +/** Smoke tests for {@link com.google.cloud.examples.securitycenter.snippets.SourceSnippets} */ +public class ITSourceSnippets { + + private static SourceName SOURCE_NAME; + + @BeforeClass + public static void setUp() throws IOException { + SOURCE_NAME = SourceName.parse(SourceSnippets.createSource(getOrganizationId()).getName()); + } + + @Test + public void testCreateSource() throws IOException { + assertNotNull(SourceSnippets.createSource(getOrganizationId())); + } + + @Test + public void testListSources() throws IOException { + assertTrue(SourceSnippets.listSources(getOrganizationId()).size() > 1); + } + + @Test + public void testUpdateSource() throws IOException { + assertTrue(SourceSnippets.updateSource(SOURCE_NAME).getDisplayName().equals("Updated Display Name")); + } + + @Test + public void testGetSource() throws IOException { + assertTrue(SourceSnippets.getSource(SOURCE_NAME).getName().equals(SOURCE_NAME.toString())); + } + + @Test + public void testSetSourceIamPolicy() throws IOException { + assertTrue(SourceSnippets.setIamPolicySource(SOURCE_NAME).getBindings(0).getRole().equals("roles/securitycenter.findingsEditor")); + } + + @Test + public void testGetSourceIamPolicy() throws IOException { + assertNotNull(SourceSnippets.getIamPolicySource(SOURCE_NAME)); + } + + private static OrganizationName getOrganizationId() { + return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); + } + +} From e8aa2313b6813dbe3923a2353998c81d560b372e Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Fri, 5 Apr 2019 14:06:06 -0700 Subject: [PATCH 02/10] Fix formatting --- .../snippets/FindingSnippets.java | 82 ++++++++++------- .../snippets/OrganizationSnippets.java | 8 +- .../snippets/SecurityMarkSnippets.java | 90 +++++++++++-------- .../snippets/SourceSnippets.java | 24 +++-- .../snippets/ITFindingSnippets.java | 15 +++- .../snippets/ITOrganizationSnippets.java | 6 +- .../snippets/ITSecurityMarkSnippets.java | 9 +- .../snippets/ITSourceSnippets.java | 12 ++- 8 files changed, 151 insertions(+), 95 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index e3c251476723..53cbbd2ddb11 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -44,13 +44,17 @@ static Finding createFinding(SourceName sourceName, String findingId) { String resourceName = "//cloudresourcemanager.googleapis.com/organizations/11232"; // Start setting up a request to create a finding in a source. - Finding finding = Finding.newBuilder() - .setParent(sourceName.toString()) - .setState(State.ACTIVE).setResourceName(resourceName) - .setEventTime(Timestamp.newBuilder() - .setSeconds(eventTime.getEpochSecond()) - .setNanos(eventTime.getNano())) - .setCategory("MEDIUM_RISK_ONE").build(); + Finding finding = + Finding.newBuilder() + .setParent(sourceName.toString()) + .setState(State.ACTIVE) + .setResourceName(resourceName) + .setEventTime( + Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano())) + .setCategory("MEDIUM_RISK_ONE") + .build(); // Call the API. Finding response = client.createFinding(sourceName, findingId, finding); @@ -91,14 +95,17 @@ static Finding createFindingWithSourceProperties(SourceName sourceName) { ImmutableMap.of("stringKey", stringValue, "numKey", numValue); // Start setting up a request to create a finding in a source. - Finding finding = Finding.newBuilder() - .setParent(sourceName.toString()) - .setState(State.ACTIVE) - .setResourceName(resourceName) - .setEventTime(Timestamp.newBuilder() - .setSeconds(eventTime.getEpochSecond()) - .setNanos(eventTime.getNano())) - .putAllSourceProperties(sourceProperties).build(); + Finding finding = + Finding.newBuilder() + .setParent(sourceName.toString()) + .setState(State.ACTIVE) + .setResourceName(resourceName) + .setEventTime( + Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano())) + .putAllSourceProperties(sourceProperties) + .build(); // Call the API. Finding response = client.createFinding(sourceName, findingId, finding); @@ -127,16 +134,21 @@ static Finding updateFinding(FindingName findingName) { // Define source properties values as protobuf "Value" objects. Value stringValue = Value.newBuilder().setStringValue("value").build(); - FieldMask updateMask = FieldMask.newBuilder() - .addPaths("event_time") - .addPaths("source_properties.stringKey").build(); - - Finding finding = Finding.newBuilder() - .setName(findingName.toString()) - .setEventTime(Timestamp.newBuilder() - .setSeconds(eventTime.getEpochSecond()) - .setNanos(eventTime.getNano())) - .putSourceProperties("stringKey", stringValue).build(); + FieldMask updateMask = + FieldMask.newBuilder() + .addPaths("event_time") + .addPaths("source_properties.stringKey") + .build(); + + Finding finding = + Finding.newBuilder() + .setName(findingName.toString()) + .setEventTime( + Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano())) + .putSourceProperties("stringKey", stringValue) + .build(); UpdateFindingRequest.Builder request = UpdateFindingRequest.newBuilder().setFinding(finding).setUpdateMask(updateMask); @@ -169,7 +181,8 @@ static ImmutableList listAllFindings(OrganizationName organi // Call the API. ListFindingsPagedResponse response = client.listFindings(request.build()); - // This creates one list for all findings. If your organization has a large number of findings + // This creates one list for all findings. If your organization has a large number of + // findings // this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); @@ -201,7 +214,8 @@ static ImmutableList listFilteredFindings(SourceName sourceN // Call the API. ListFindingsPagedResponse response = client.listFindings(request.build()); - // This creates one list for all findings in the filter.If your organization has a large number of + // This creates one list for all findings in the filter.If your organization has a large + // number of // findings this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); @@ -225,19 +239,21 @@ static ImmutableList listFindingsAtTime(SourceName sourceNam // SourceName sourceName = SourceName.of("123234324", "423432321"); // 5 days ago - Instant fiveDaysAgo = Instant.now().minusSeconds(60*60*24*5); + Instant fiveDaysAgo = Instant.now().minusSeconds(60 * 60 * 24 * 5); ListFindingsRequest.Builder request = ListFindingsRequest.newBuilder() .setParent(sourceName.toString()) - .setReadTime(Timestamp.newBuilder() - .setSeconds(fiveDaysAgo.getEpochSecond()) - .setNanos(fiveDaysAgo.getNano())); + .setReadTime( + Timestamp.newBuilder() + .setSeconds(fiveDaysAgo.getEpochSecond()) + .setNanos(fiveDaysAgo.getNano())); // Call the API. ListFindingsPagedResponse response = client.listFindings(request.build()); - // This creates one list for all findings in the filter.If your organization has a large number of + // This creates one list for all findings in the filter.If your organization has a large + // number of // findings this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); @@ -261,7 +277,7 @@ static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // SourceName sourceName = SourceName.of("123234324", "423432321"); - //Iam permission to test. + // Iam permission to test. ArrayList permissionsToTest = new ArrayList<>(); permissionsToTest.add("securitycenter.findings.update"); diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java index e3558a0a3a82..e07e65198f8e 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java @@ -49,9 +49,11 @@ static OrganizationSettings updateOrganizationSettings(OrganizationName organiza try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to update OrganizationSettings for. // OrganizationName organizationName = OrganizationName.of("123234324"); - OrganizationSettings organizationSettings = OrganizationSettings.newBuilder() - .setName(organizationName.toString() + "/organizationSettings") - .setEnableAssetDiscovery(true).build(); + OrganizationSettings organizationSettings = + OrganizationSettings.newBuilder() + .setName(organizationName.toString() + "/organizationSettings") + .setEnableAssetDiscovery(true) + .build(); FieldMask updateMask = FieldMask.newBuilder().addPaths("enable_asset_discovery").build(); UpdateOrganizationSettingsRequest.Builder request = diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java index e357a18aa0c1..b57117e76556 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java @@ -34,16 +34,19 @@ static SecurityMarks addToAsset(Asset asset) { ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); // Add security marks and field mask for security marks. - SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(asset.getName() + "/securityMarks") - .putAllMarks(markMap).build(); - FieldMask updateMask = FieldMask.newBuilder() - .addPaths("marks.key_a") - .addPaths("marks.key_b").build(); + SecurityMarks securityMarks = + SecurityMarks.newBuilder() + .setName(asset.getName() + "/securityMarks") + .putAllMarks(markMap) + .build(); + FieldMask updateMask = + FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build(); - UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() - .setSecurityMarks(securityMarks) - .setUpdateMask(updateMask).build(); + UpdateSecurityMarksRequest request = + UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask) + .build(); // Call the API. SecurityMarks response = client.updateSecurityMarks(request); @@ -67,14 +70,16 @@ static SecurityMarks clearFromAsset(Asset asset) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to clear security marks for an asset. // Create security mark and field mask for clearing security marks. - SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(asset.getName() + "/securityMarks").build(); - FieldMask updateMask = FieldMask.newBuilder() - .addPaths("marks.key_a").addPaths("marks.key_b").build(); - - UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() - .setSecurityMarks(securityMarks) - .setUpdateMask(updateMask).build(); + SecurityMarks securityMarks = + SecurityMarks.newBuilder().setName(asset.getName() + "/securityMarks").build(); + FieldMask updateMask = + FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build(); + + UpdateSecurityMarksRequest request = + UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask) + .build(); // Call the API. SecurityMarks response = client.updateSecurityMarks(request); @@ -98,15 +103,19 @@ static SecurityMarks deleteAndUpdateMarks(Asset asset) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to clear and update security marks for an asset. // Create security mark and field mask for clearing security marks. - SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(asset.getName() + "/securityMarks") - .putMarks("key_a", "new_value_for_a").build(); - FieldMask updateMask = FieldMask.newBuilder() - .addPaths("marks.key_a").addPaths("marks.key_b").build(); + SecurityMarks securityMarks = + SecurityMarks.newBuilder() + .setName(asset.getName() + "/securityMarks") + .putMarks("key_a", "new_value_for_a") + .build(); + FieldMask updateMask = + FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build(); - UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() - .setSecurityMarks(securityMarks) - .setUpdateMask(updateMask).build(); + UpdateSecurityMarksRequest request = + UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask) + .build(); // Call the API. SecurityMarks response = client.updateSecurityMarks(request); @@ -129,18 +138,22 @@ static SecurityMarks deleteAndUpdateMarks(Asset asset) { static SecurityMarks addToFinding(Finding finding) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to add security marks for a finding. - ImmutableMap markMap = - ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); + ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); // Add security marks and field mask for security marks. - SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(finding.getName() + "/securityMarks") - .putAllMarks(markMap).build(); - FieldMask updateMask = FieldMask.newBuilder() - .addPaths("marks.key_a").addPaths("marks.key_b").build(); + SecurityMarks securityMarks = + SecurityMarks.newBuilder() + .setName(finding.getName() + "/securityMarks") + .putAllMarks(markMap) + .build(); + FieldMask updateMask = + FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build(); - UpdateSecurityMarksRequest request = UpdateSecurityMarksRequest.newBuilder() - .setSecurityMarks(securityMarks).setUpdateMask(updateMask).build(); + UpdateSecurityMarksRequest request = + UpdateSecurityMarksRequest.newBuilder() + .setSecurityMarks(securityMarks) + .setUpdateMask(updateMask) + .build(); // Call the API. SecurityMarks response = client.updateSecurityMarks(request); @@ -160,15 +173,15 @@ static SecurityMarks addToFinding(Finding finding) { * @param organizationName The organization to list assets for. */ // [START list_assets_with_filter] - static ImmutableList listAssetsWithQueryMarks(OrganizationName organizationName) { + static ImmutableList listAssetsWithQueryMarks( + OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to list all assets filtered by a specific security mark. // OrganizationName organizationName = OrganizationName.of("123234324"); ListAssetsRequest request = ListAssetsRequest.newBuilder() .setParent(organizationName.toString()) - .setFilter( - "security_marks.marks.key_a = \"value_a\"") + .setFilter("security_marks.marks.key_a = \"value_a\"") .build(); // Call the API. @@ -206,7 +219,8 @@ static ImmutableList listFindingsWithQueryMarks(SourceName s // Call the API. ListFindingsPagedResponse response = client.listFindings(request.build()); - // This creates one list for all findings in the filter.If your organization has a large number of + // This creates one list for all findings in the filter.If your organization has a large + // number of // findings this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java index 8c8e494ae347..6283d05a098a 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java @@ -31,8 +31,11 @@ static Source createSource(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to create a source in an organization. // OrganizationName organizationName = OrganizationName.of("123234324"); - Source source = Source.newBuilder().setDisplayName("Customized Display Name") - .setDescription("A new custom source that does X").build(); + Source source = + Source.newBuilder() + .setDisplayName("Customized Display Name") + .setDescription("A new custom source that does X") + .build(); CreateSourceRequest.Builder request = CreateSourceRequest.newBuilder().setParent(organizationName.toString()).setSource(source); @@ -87,8 +90,11 @@ static Source updateSource(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to update a source. // SourceName sourceName = SourceName.of("123234324", "423432321"); - Source source = Source.newBuilder().setDisplayName("Updated Display Name") - .setName(sourceName.toString()).build(); + Source source = + Source.newBuilder() + .setDisplayName("Updated Display Name") + .setName(sourceName.toString()) + .build(); FieldMask updateMask = FieldMask.newBuilder().addPaths("display_name").build(); UpdateSourceRequest.Builder request = @@ -140,9 +146,11 @@ static Policy setIamPolicySource(SourceName sourceName) { // Set up IAM Policy for the user csccclienttest@gmail.com to use the role findingsEditor. // The user must be a valid google account. Policy oldPolicy = client.getIamPolicy(sourceName.toString()); - Binding bindings = Binding.newBuilder() - .setRole("roles/securitycenter.findingsEditor") - .addMembers("user:csccclienttest@gmail.com").build(); + Binding bindings = + Binding.newBuilder() + .setRole("roles/securitycenter.findingsEditor") + .addMembers("user:csccclienttest@gmail.com") + .build(); Policy policy = oldPolicy.toBuilder().addBindings(bindings).build(); // Start setting up a request to set IAM policy for a source. @@ -185,4 +193,4 @@ static Policy getIamPolicySource(SourceName sourceName) { } // [END get_source_iam_policy] -} \ No newline at end of file +} diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java index dfa4c289a800..edfee0d38680 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java @@ -20,7 +20,8 @@ public class ITFindingSnippets { @BeforeClass public static void setUp() throws IOException { SOURCE_NAME = SourceName.parse(SourceSnippets.createSource(getOrganizationId()).getName()); - FINDING_NAME = FindingName.parse(FindingSnippets.createFinding(SOURCE_NAME, "testfindingid").getName()); + FINDING_NAME = + FindingName.parse(FindingSnippets.createFinding(SOURCE_NAME, "testfindingid").getName()); } @Test @@ -36,7 +37,11 @@ public void testCreateFindingWithSourceProperties() throws IOException { @Test public void testUpdateFinding() throws IOException { Value stringValue = Value.newBuilder().setStringValue("value").build(); - assertTrue(FindingSnippets.updateFinding(FINDING_NAME).getSourcePropertiesMap().get("stringKey").equals(stringValue)); + assertTrue( + FindingSnippets.updateFinding(FINDING_NAME) + .getSourcePropertiesMap() + .get("stringKey") + .equals(stringValue)); } @Test @@ -56,11 +61,13 @@ public void testListFindingsAtTime() throws IOException { @Test public void testTestIamPermissions() throws IOException { - assertTrue(FindingSnippets.testIamPermissions(SOURCE_NAME).getPermissions(0).equals("securitycenter.findings.update")); + assertTrue( + FindingSnippets.testIamPermissions(SOURCE_NAME) + .getPermissions(0) + .equals("securitycenter.findings.update")); } private static OrganizationName getOrganizationId() { return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } - } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java index ee99a91f714b..efc187227e89 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java @@ -16,11 +16,13 @@ public void testGetOrganizationSettings() throws IOException { @Test public void testUpdateOrganizationSettings() throws IOException { - assertTrue(OrganizationSnippets.updateOrganizationSettings(getOrganizationId()).getAssetDiscoveryConfig().isInitialized()); + assertTrue( + OrganizationSnippets.updateOrganizationSettings(getOrganizationId()) + .getAssetDiscoveryConfig() + .isInitialized()); } private static OrganizationName getOrganizationId() { return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } - } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java index af38ae205428..1fdb67316ffa 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java @@ -36,12 +36,16 @@ public void testClearFromAsset() throws IOException { @Test public void testDeleteAndUpdateMarks() throws IOException { - assertTrue(SecurityMarkSnippets.deleteAndUpdateMarks(ASSET).getMarksOrThrow("key_a").equals("new_value_for_a")); + assertTrue( + SecurityMarkSnippets.deleteAndUpdateMarks(ASSET) + .getMarksOrThrow("key_a") + .equals("new_value_for_a")); } @Test public void testAddToFinding() throws IOException { - assertTrue(SecurityMarkSnippets.addToFinding(FINDING).getMarksOrThrow("key_a").equals("value_a")); + assertTrue( + SecurityMarkSnippets.addToFinding(FINDING).getMarksOrThrow("key_a").equals("value_a")); } @Test @@ -57,5 +61,4 @@ public void testListFindingsWithQueryMarks() throws IOException { private static OrganizationName getOrganizationId() { return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } - } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java index 8d7419c8ea07..4acbed6c60dd 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java @@ -1,7 +1,7 @@ package com.google.cloud.examples.securitycenter.snippets; -import static junit.framework.TestCase.assertTrue; import static junit.framework.TestCase.assertNotNull; +import static junit.framework.TestCase.assertTrue; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.cloud.securitycenter.v1.SourceName; @@ -31,7 +31,8 @@ public void testListSources() throws IOException { @Test public void testUpdateSource() throws IOException { - assertTrue(SourceSnippets.updateSource(SOURCE_NAME).getDisplayName().equals("Updated Display Name")); + assertTrue( + SourceSnippets.updateSource(SOURCE_NAME).getDisplayName().equals("Updated Display Name")); } @Test @@ -41,7 +42,11 @@ public void testGetSource() throws IOException { @Test public void testSetSourceIamPolicy() throws IOException { - assertTrue(SourceSnippets.setIamPolicySource(SOURCE_NAME).getBindings(0).getRole().equals("roles/securitycenter.findingsEditor")); + assertTrue( + SourceSnippets.setIamPolicySource(SOURCE_NAME) + .getBindings(0) + .getRole() + .equals("roles/securitycenter.findingsEditor")); } @Test @@ -52,5 +57,4 @@ public void testGetSourceIamPolicy() throws IOException { private static OrganizationName getOrganizationId() { return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } - } From 3ad41b059b66d07abd8f0abd350c26f33f6c38b7 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Fri, 5 Apr 2019 14:28:51 -0700 Subject: [PATCH 03/10] Fix formatting and other small style issues --- .../snippets/FindingSnippets.java | 10 ++++--- .../snippets/SecurityMarkSnippets.java | 30 ++++++++++--------- .../snippets/SourceSnippets.java | 7 +++-- .../snippets/ITSecurityMarkSnippets.java | 13 +++++--- .../snippets/ITSourceSnippets.java | 2 +- 5 files changed, 36 insertions(+), 26 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index 53cbbd2ddb11..705269be76b2 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -18,6 +18,7 @@ import com.google.protobuf.Value; import java.io.IOException; import java.util.ArrayList; +import org.threeten.bp.Duration; import org.threeten.bp.Instant; /** Snippets for how to work with Findings in Cloud Security Command Center. */ @@ -173,6 +174,7 @@ static Finding updateFinding(FindingName findingName) { static ImmutableList listAllFindings(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // OrganizationName organizationName = OrganizationName.of("123234324"); + // "-" Indicates listing across all sources. SourceName sourceName = SourceName.of(organizationName.getOrganization(), "-"); ListFindingsRequest.Builder request = @@ -203,7 +205,7 @@ static ImmutableList listAllFindings(OrganizationName organi // [START list_filtered_findings] static ImmutableList listFilteredFindings(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*org_id=*/"123234324", /*source_id=*/"423432321"); // Create filter to category of MEDIUM_RISK_ONE String filter = "category=\"MEDIUM_RISK_ONE\""; @@ -236,10 +238,10 @@ static ImmutableList listFilteredFindings(SourceName sourceN // [START list_findings_at_time] static ImmutableList listFindingsAtTime(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*org_id=*/"123234324", /*source_id=*/"423432321"); // 5 days ago - Instant fiveDaysAgo = Instant.now().minusSeconds(60 * 60 * 24 * 5); + Instant fiveDaysAgo = Instant.now().minus(Duration.ofDays(5)); ListFindingsRequest.Builder request = ListFindingsRequest.newBuilder() @@ -275,7 +277,7 @@ static ImmutableList listFindingsAtTime(SourceName sourceNam // [START test_iam_permissions] static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*org_id=*/"123234324", /*source_id=*/"423432321"); // Iam permission to test. ArrayList permissionsToTest = new ArrayList<>(); diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java index b57117e76556..26d44b6f4818 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java @@ -1,7 +1,5 @@ package com.google.cloud.examples.securitycenter.snippets; -import com.google.cloud.securitycenter.v1.Asset; -import com.google.cloud.securitycenter.v1.Finding; import com.google.cloud.securitycenter.v1.ListAssetsRequest; import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1.ListFindingsRequest; @@ -25,18 +23,19 @@ private SecurityMarkSnippets() {} /** * Add security mark to an asset. * - * @param asset The asset to add the security mark for. + * @param assetName The asset resource to add the security mark for. */ // [START add_to_asset] - static SecurityMarks addToAsset(Asset asset) { + static SecurityMarks addToAsset(String assetName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { + // asset_name = "organizations/123123342/assets/12312321"; // Start setting up a request to add security marks for an asset. ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); // Add security marks and field mask for security marks. SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(asset.getName() + "/securityMarks") + .setName(assetName + "/securityMarks") .putAllMarks(markMap) .build(); FieldMask updateMask = @@ -63,15 +62,16 @@ static SecurityMarks addToAsset(Asset asset) { /** * Clear security marks for an asset. * - * @param asset The asset to clear the security marks for. + * @param assetName The asset resource to clear the security marks for. */ // [START clear_from_asset] - static SecurityMarks clearFromAsset(Asset asset) { + static SecurityMarks clearFromAsset(String assetName) { + // asset_name = "organizations/123123342/assets/12312321"; try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to clear security marks for an asset. // Create security mark and field mask for clearing security marks. SecurityMarks securityMarks = - SecurityMarks.newBuilder().setName(asset.getName() + "/securityMarks").build(); + SecurityMarks.newBuilder().setName(assetName + "/securityMarks").build(); FieldMask updateMask = FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build(); @@ -96,16 +96,17 @@ static SecurityMarks clearFromAsset(Asset asset) { /** * Deletes and updates a security mark for an asset. * - * @param asset The asset to update and remove the security marks for. + * @param assetName The asset resource path to update and remove the security marks for. */ // [START delete_and_update_marks] - static SecurityMarks deleteAndUpdateMarks(Asset asset) { + static SecurityMarks deleteAndUpdateMarks(String assetName) { + // asset_name = "organizations/123123342/assets/12312321"; try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to clear and update security marks for an asset. // Create security mark and field mask for clearing security marks. SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(asset.getName() + "/securityMarks") + .setName(assetName + "/securityMarks") .putMarks("key_a", "new_value_for_a") .build(); FieldMask updateMask = @@ -132,10 +133,11 @@ static SecurityMarks deleteAndUpdateMarks(Asset asset) { /** * Add security mark to a finding. * - * @param finding The finding to add the security mark for. + * @param findingName The finding resource path to add the security mark for. */ // [START add_to_finding] - static SecurityMarks addToFinding(Finding finding) { + static SecurityMarks addToFinding(String findingName) { + // finding_name = "organizations/1112/sources/1234/findings/findingid"; try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to add security marks for a finding. ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); @@ -143,7 +145,7 @@ static SecurityMarks addToFinding(Finding finding) { // Add security marks and field mask for security marks. SecurityMarks securityMarks = SecurityMarks.newBuilder() - .setName(finding.getName() + "/securityMarks") + .setName(findingName + "/securityMarks") .putAllMarks(markMap) .build(); FieldMask updateMask = diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java index 6283d05a098a..f178c1c87b1c 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java @@ -141,15 +141,16 @@ static Source getSource(SourceName sourceName) { * @param sourceName The source to set IAM Policy for. */ // [START set_source_iam_policy] - static Policy setIamPolicySource(SourceName sourceName) { + static Policy setIamPolicySource(SourceName sourceName, String userEmail) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // Set up IAM Policy for the user csccclienttest@gmail.com to use the role findingsEditor. + // userEmail = "someuser@domain.com" + // Set up IAM Policy for the user userMail to use the role findingsEditor. // The user must be a valid google account. Policy oldPolicy = client.getIamPolicy(sourceName.toString()); Binding bindings = Binding.newBuilder() .setRole("roles/securitycenter.findingsEditor") - .addMembers("user:csccclienttest@gmail.com") + .addMembers("user:" + userEmail) .build(); Policy policy = oldPolicy.toBuilder().addBindings(bindings).build(); diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java index 1fdb67316ffa..999872d8069d 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java @@ -26,18 +26,21 @@ public static void setUp() throws IOException { @Test public void testAddToAsset() throws IOException { - assertTrue(SecurityMarkSnippets.addToAsset(ASSET).getMarksOrThrow("key_a").equals("value_a")); + assertTrue( + SecurityMarkSnippets.addToAsset(ASSET.getName()) + .getMarksOrThrow("key_a") + .equals("value_a")); } @Test public void testClearFromAsset() throws IOException { - assertFalse(SecurityMarkSnippets.clearFromAsset(ASSET).containsMarks("key_a")); + assertFalse(SecurityMarkSnippets.clearFromAsset(ASSET.getName()).containsMarks("key_a")); } @Test public void testDeleteAndUpdateMarks() throws IOException { assertTrue( - SecurityMarkSnippets.deleteAndUpdateMarks(ASSET) + SecurityMarkSnippets.deleteAndUpdateMarks(ASSET.getName()) .getMarksOrThrow("key_a") .equals("new_value_for_a")); } @@ -45,7 +48,9 @@ public void testDeleteAndUpdateMarks() throws IOException { @Test public void testAddToFinding() throws IOException { assertTrue( - SecurityMarkSnippets.addToFinding(FINDING).getMarksOrThrow("key_a").equals("value_a")); + SecurityMarkSnippets.addToFinding(FINDING.getName()) + .getMarksOrThrow("key_a") + .equals("value_a")); } @Test diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java index 4acbed6c60dd..957742b96719 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java @@ -43,7 +43,7 @@ public void testGetSource() throws IOException { @Test public void testSetSourceIamPolicy() throws IOException { assertTrue( - SourceSnippets.setIamPolicySource(SOURCE_NAME) + SourceSnippets.setIamPolicySource(SOURCE_NAME, " csccclienttest@gmail.com") .getBindings(0) .getRole() .equals("roles/securitycenter.findingsEditor")); From e9a36f30f90be91e5c614677a9541f005079fe8f Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Fri, 5 Apr 2019 14:36:52 -0700 Subject: [PATCH 04/10] fix typo --- .../examples/securitycenter/snippets/ITSourceSnippets.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java index 957742b96719..7f78055dbc0b 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java @@ -43,7 +43,7 @@ public void testGetSource() throws IOException { @Test public void testSetSourceIamPolicy() throws IOException { assertTrue( - SourceSnippets.setIamPolicySource(SOURCE_NAME, " csccclienttest@gmail.com") + SourceSnippets.setIamPolicySource(SOURCE_NAME, "csccclienttest@gmail.com") .getBindings(0) .getRole() .equals("roles/securitycenter.findingsEditor")); From a59ed4c663874fd6124c46d50941f9a3b74e6f23 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Fri, 5 Apr 2019 18:21:14 -0700 Subject: [PATCH 05/10] Add set finding state example --- .../snippets/FindingSnippets.java | 32 ++++++++++++++++++- .../snippets/ITFindingSnippets.java | 7 ++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index 705269be76b2..0b7fb9263b11 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -120,7 +120,7 @@ static Finding createFindingWithSourceProperties(SourceName sourceName) { // [END create_finding_with_source_properties] /** - * Update a finding under a source. + * Update a finding's source properties. * * @param findingName The finding to update. */ @@ -165,6 +165,36 @@ static Finding updateFinding(FindingName findingName) { } // [END update_finding] + /** + * Updates a finding's state to INACTIVE. + * + * @param findingName The finding to update. + */ + // [START update_finding_state] + static Finding setFindingState(FindingName findingName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // FindingName findingName = FindingName.of("123234324", "423432321", "samplefindingid2"); + + // Use the current time as the finding "event time". + Instant eventTime = Instant.now(); + + Finding response = + client.setFindingState( + findingName, + State.INACTIVE, + Timestamp.newBuilder() + .setSeconds(eventTime.getEpochSecond()) + .setNanos(eventTime.getNano()) + .build()); + + System.out.println("Updated Finding: " + response); + return response; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END update_finding_state] + /** * List all findings under an organization. * diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java index edfee0d38680..31349d84b570 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java @@ -3,6 +3,7 @@ import static junit.framework.TestCase.assertNotNull; import static junit.framework.TestCase.assertTrue; +import com.google.cloud.securitycenter.v1.Finding.State; import com.google.cloud.securitycenter.v1.FindingName; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.cloud.securitycenter.v1.SourceName; @@ -44,6 +45,12 @@ public void testUpdateFinding() throws IOException { .equals(stringValue)); } + @Test + public void testUpdateFindingState() throws IOException { + Value stringValue = Value.newBuilder().setStringValue("value").build(); + assertTrue(FindingSnippets.setFindingState(FINDING_NAME).getState().equals(State.INACTIVE)); + } + @Test public void testListAllFindings() throws IOException { assertTrue(FindingSnippets.listAllFindings(getOrganizationId()).size() > 1); From d70048ce6fb05bbf6ad6432fde82e939e9741582 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Mon, 8 Apr 2019 10:59:33 -0700 Subject: [PATCH 06/10] Add apache headers --- .../securitycenter/snippets/AssetSnippets.java | 2 +- .../securitycenter/snippets/FindingSnippets.java | 15 +++++++++++++++ .../snippets/OrganizationSnippets.java | 15 +++++++++++++++ .../snippets/SecurityMarkSnippets.java | 15 +++++++++++++++ .../securitycenter/snippets/SourceSnippets.java | 15 +++++++++++++++ .../snippets/ITFindingSnippets.java | 15 +++++++++++++++ .../snippets/ITOrganizationSnippets.java | 15 +++++++++++++++ .../snippets/ITSecurityMarkSnippets.java | 15 +++++++++++++++ .../securitycenter/snippets/ITSourceSnippets.java | 15 +++++++++++++++ 9 files changed, 121 insertions(+), 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index feacb41d15e5..c5f011496f90 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index 0b7fb9263b11..0ad8104081c1 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import com.google.cloud.securitycenter.v1.Finding; diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java index e07e65198f8e..3fcae6de8e65 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import com.google.cloud.securitycenter.v1.GetOrganizationSettingsRequest; diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java index 26d44b6f4818..e6210680d450 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import com.google.cloud.securitycenter.v1.ListAssetsRequest; diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java index f178c1c87b1c..bd4c1a3e9bff 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import com.google.cloud.securitycenter.v1.CreateSourceRequest; diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java index 31349d84b570..bf7fc6159ca5 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import static junit.framework.TestCase.assertNotNull; diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java index efc187227e89..699299d6eaaa 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITOrganizationSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import static junit.framework.TestCase.assertNotNull; diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java index 999872d8069d..964fe2ac5e31 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import static junit.framework.TestCase.assertFalse; diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java index 7f78055dbc0b..96d03a92483e 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSourceSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import static junit.framework.TestCase.assertNotNull; From e015cc33262ca6eaa2f69d8d96ba122dadc0c0ce Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Tue, 9 Apr 2019 13:31:02 -0700 Subject: [PATCH 07/10] Fixes from bugbash --- .../snippets/AssetSnippets.java | 23 +++++----- .../snippets/FindingSnippets.java | 42 ++++++++++--------- .../snippets/OrganizationSnippets.java | 4 +- .../snippets/SecurityMarkSnippets.java | 19 +++++---- .../snippets/SourceSnippets.java | 13 +++--- .../snippets/ITAssetSnippets.java | 2 +- .../snippets/ITSecurityMarkSnippets.java | 3 +- 7 files changed, 58 insertions(+), 48 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index c5f011496f90..eb9a6f930f3c 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -40,7 +40,7 @@ private AssetSnippets() {} static ImmutableList listAssets(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to search for all assets in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); @@ -48,7 +48,7 @@ static ImmutableList listAssets(OrganizationName organizationN ListAssetsPagedResponse response = client.listAssets(request.build()); // This creates one list for all assets. If your organization has a large number of assets - // this can cause out of memory issues. You can process them batches by returning + // this can cause out of memory issues. You can process them incrementally by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("All assets:"); @@ -69,19 +69,18 @@ static ImmutableList listAssets(OrganizationName organizationN static ImmutableList listAssetsWithFilter(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to search for all assets in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); - ListAssetsRequest request = + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); + ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder() .setParent(organizationName.toString()) .setFilter( - "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"") - .build(); + "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""); // Call the API. - ListAssetsPagedResponse response = client.listAssets(request); + ListAssetsPagedResponse response = client.listAssets(request.build()); // This creates one list for all assets. If your organization has a large number of assets - // this can cause out of memory issues. You can process them batches by returning + // this can cause out of memory issues. You can process them incrementally by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("Project assets:"); @@ -104,7 +103,7 @@ static ImmutableList listAssetsAsOfYesterday( OrganizationName organizationName, Instant asOf) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to search for all assets in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); // Initialize the builder with the organization and filter ListAssetsRequest.Builder request = @@ -121,7 +120,7 @@ static ImmutableList listAssetsAsOfYesterday( ListAssetsPagedResponse response = client.listAssets(request.build()); // This creates one list for all assets. If your organization has a large number of assets - // this can cause out of memory issues. You can process them batches by returning + // this can cause out of memory issues. You can process them incrementally by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("Projects:"); @@ -146,7 +145,7 @@ static ImmutableList listAssetAndStatusChanges( try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to search for all assets in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder() .setParent(organizationName.toString()) @@ -165,7 +164,7 @@ static ImmutableList listAssetAndStatusChanges( ListAssetsPagedResponse response = client.listAssets(request.build()); // This creates one list for all assets. If your organization has a large number of assets - // this can cause out of memory issues. You can process them batches by returning + // this can cause out of memory issues. You can process them incrementally by returning // the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("Projects:"); diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index 0ad8104081c1..50451cb0deec 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -48,7 +48,8 @@ private FindingSnippets() {} // [START create_finding] static Finding createFinding(SourceName sourceName, String findingId) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); // String findingId = "samplefindingid"; // Use the current time as the finding "event time". @@ -91,7 +92,8 @@ static Finding createFinding(SourceName sourceName, String findingId) { // [START create_finding_with_source_properties] static Finding createFindingWithSourceProperties(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); // Use the current time as the finding "event time". Instant eventTime = Instant.now(); @@ -142,7 +144,8 @@ static Finding createFindingWithSourceProperties(SourceName sourceName) { // [START update_finding] static Finding updateFinding(FindingName findingName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // FindingName findingName = FindingName.of("123234324", "423432321", "samplefindingid2"); + // FindingName findingName = FindingName.of(/*organization=*/"123234324", + // /*source=*/"423432321", /*findingId=*/"samplefindingid2"); // Use the current time as the finding "event time". Instant eventTime = Instant.now(); @@ -188,7 +191,8 @@ static Finding updateFinding(FindingName findingName) { // [START update_finding_state] static Finding setFindingState(FindingName findingName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // FindingName findingName = FindingName.of("123234324", "423432321", "samplefindingid2"); + // FindingName findingName = FindingName.of(/*organization=*/"123234324", + // /*source=*/"423432321", /*findingId=*/"samplefindingid2"); // Use the current time as the finding "event time". Instant eventTime = Instant.now(); @@ -218,7 +222,7 @@ static Finding setFindingState(FindingName findingName) { // [START list_all_findings] static ImmutableList listAllFindings(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); // "-" Indicates listing across all sources. SourceName sourceName = SourceName.of(organizationName.getOrganization(), "-"); @@ -229,9 +233,8 @@ static ImmutableList listAllFindings(OrganizationName organi ListFindingsPagedResponse response = client.listFindings(request.build()); // This creates one list for all findings. If your organization has a large number of - // findings - // this can cause out of memory issues. You can process them batches by returning - // the Iterable returned response.iterateAll() directly. + // findings this can cause out of memory issues. You can process them in incrementally + // by returning the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("Findings:"); System.out.println(results); @@ -250,7 +253,8 @@ static ImmutableList listAllFindings(OrganizationName organi // [START list_filtered_findings] static ImmutableList listFilteredFindings(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of(/*org_id=*/"123234324", /*source_id=*/"423432321"); + // SourceName sourceName = SourceName.of(/*organizationId=*/"123234324", + // /*sourceId=*/"423432321"); // Create filter to category of MEDIUM_RISK_ONE String filter = "category=\"MEDIUM_RISK_ONE\""; @@ -261,10 +265,9 @@ static ImmutableList listFilteredFindings(SourceName sourceN // Call the API. ListFindingsPagedResponse response = client.listFindings(request.build()); - // This creates one list for all findings in the filter.If your organization has a large - // number of - // findings this can cause out of memory issues. You can process them batches by returning - // the Iterable returned response.iterateAll() directly. + // This creates one list for all findings. If your organization has a large number of + // findings this can cause out of memory issues. You can process them in incrementally + // by returning the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("Findings:"); System.out.println(results); @@ -283,7 +286,8 @@ static ImmutableList listFilteredFindings(SourceName sourceN // [START list_findings_at_time] static ImmutableList listFindingsAtTime(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of(/*org_id=*/"123234324", /*source_id=*/"423432321"); + // SourceName sourceName = SourceName.of(/*organizationId=*/"123234324", + // /*sourceId=*/"423432321"); // 5 days ago Instant fiveDaysAgo = Instant.now().minus(Duration.ofDays(5)); @@ -299,10 +303,9 @@ static ImmutableList listFindingsAtTime(SourceName sourceNam // Call the API. ListFindingsPagedResponse response = client.listFindings(request.build()); - // This creates one list for all findings in the filter.If your organization has a large - // number of - // findings this can cause out of memory issues. You can process them batches by returning - // the Iterable returned response.iterateAll() directly. + // This creates one list for all findings. If your organization has a large number of + // findings this can cause out of memory issues. You can process them in incrementally + // by returning the Iterable returned response.iterateAll() directly. ImmutableList results = ImmutableList.copyOf(response.iterateAll()); System.out.println("Findings:"); System.out.println(results); @@ -322,7 +325,8 @@ static ImmutableList listFindingsAtTime(SourceName sourceNam // [START test_iam_permissions] static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // SourceName sourceName = SourceName.of(/*org_id=*/"123234324", /*source_id=*/"423432321"); + // SourceName sourceName = SourceName.of(/*organizationId=*/"123234324", + // /*sourceId=*/"423432321"); // Iam permission to test. ArrayList permissionsToTest = new ArrayList<>(); diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java index 3fcae6de8e65..712323cc1bae 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/OrganizationSnippets.java @@ -37,7 +37,7 @@ private OrganizationSnippets() {} static OrganizationSettings getOrganizationSettings(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to get OrganizationSettings for. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); GetOrganizationSettingsRequest.Builder request = GetOrganizationSettingsRequest.newBuilder() .setName(organizationName.toString() + "/organizationSettings"); @@ -63,7 +63,7 @@ static OrganizationSettings getOrganizationSettings(OrganizationName organizatio static OrganizationSettings updateOrganizationSettings(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to update OrganizationSettings for. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); OrganizationSettings organizationSettings = OrganizationSettings.newBuilder() .setName(organizationName.toString() + "/organizationSettings") diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java index e6210680d450..fe2babce754d 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java @@ -15,6 +15,7 @@ */ package com.google.cloud.examples.securitycenter.snippets; +import com.google.cloud.securitycenter.v1.FindingName; import com.google.cloud.securitycenter.v1.ListAssetsRequest; import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1.ListFindingsRequest; @@ -43,7 +44,7 @@ private SecurityMarkSnippets() {} // [START add_to_asset] static SecurityMarks addToAsset(String assetName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { - // asset_name = "organizations/123123342/assets/12312321"; + // String assetName = "organizations/123123342/assets/12312321"; // Start setting up a request to add security marks for an asset. ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); @@ -81,7 +82,7 @@ static SecurityMarks addToAsset(String assetName) { */ // [START clear_from_asset] static SecurityMarks clearFromAsset(String assetName) { - // asset_name = "organizations/123123342/assets/12312321"; + // String assetName = "organizations/123123342/assets/12312321"; try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to clear security marks for an asset. // Create security mark and field mask for clearing security marks. @@ -115,7 +116,7 @@ static SecurityMarks clearFromAsset(String assetName) { */ // [START delete_and_update_marks] static SecurityMarks deleteAndUpdateMarks(String assetName) { - // asset_name = "organizations/123123342/assets/12312321"; + // String assetName = "organizations/123123342/assets/12312321"; try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to clear and update security marks for an asset. // Create security mark and field mask for clearing security marks. @@ -151,8 +152,9 @@ static SecurityMarks deleteAndUpdateMarks(String assetName) { * @param findingName The finding resource path to add the security mark for. */ // [START add_to_finding] - static SecurityMarks addToFinding(String findingName) { - // finding_name = "organizations/1112/sources/1234/findings/findingid"; + static SecurityMarks addToFinding(FindingName findingName) { + // FindingName findingName = FindingName.of(/*organization=*/"123234324", + // /*source=*/"423432321", /*findingId=*/"samplefindingid2"); try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to add security marks for a finding. ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b"); @@ -194,7 +196,7 @@ static ImmutableList listAssetsWithQueryMarks( OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to list all assets filtered by a specific security mark. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); ListAssetsRequest request = ListAssetsRequest.newBuilder() .setParent(organizationName.toString()) @@ -226,8 +228,9 @@ static ImmutableList listAssetsWithQueryMarks( static ImmutableList listFindingsWithQueryMarks(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request for to list all findings filtered by a specific security mark. - // SourceName sourceName = SourceName.of("123234324", "423432321"); - // Create filter for NOT security_mark key_a=value_a + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); + String filter = "NOT security_marks.marks.key_a=\"value_a\""; ListFindingsRequest.Builder request = diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java index bd4c1a3e9bff..0f6c84290aa2 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SourceSnippets.java @@ -45,7 +45,7 @@ private SourceSnippets() {} static Source createSource(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to create a source in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); Source source = Source.newBuilder() .setDisplayName("Customized Display Name") @@ -75,7 +75,7 @@ static Source createSource(OrganizationName organizationName) { static ImmutableList listSources(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to list sources in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); + // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324"); ListSourcesRequest.Builder request = ListSourcesRequest.newBuilder().setParent(organizationName.toString()); @@ -104,7 +104,8 @@ static ImmutableList listSources(OrganizationName organizationName) { static Source updateSource(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to update a source. - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); Source source = Source.newBuilder() .setDisplayName("Updated Display Name") @@ -135,7 +136,8 @@ static Source updateSource(SourceName sourceName) { static Source getSource(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to get a source. - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); GetSourceRequest.Builder request = GetSourceRequest.newBuilder().setName(sourceName.toString()); @@ -194,7 +196,8 @@ static Policy setIamPolicySource(SourceName sourceName, String userEmail) { static Policy getIamPolicySource(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Start setting up a request to get IAM policy for a source. - // SourceName sourceName = SourceName.of("123234324", "423432321"); + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(sourceName.toString()).build(); diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index 9a3b215754cd..256064b72148 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -51,7 +51,7 @@ public void testBeforeDateNoAssetsReturned() { @Test public void testListAssetsNoFilterOrDate() { - assertTrue(59 >= AssetSnippets.listAssets(getOrganizationId()).size()); + assertTrue(59 <= AssetSnippets.listAssets(getOrganizationId()).size()); } @Test diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java index 964fe2ac5e31..a3c07c118e8d 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITSecurityMarkSnippets.java @@ -20,6 +20,7 @@ import com.google.cloud.securitycenter.v1.Asset; import com.google.cloud.securitycenter.v1.Finding; +import com.google.cloud.securitycenter.v1.FindingName; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.cloud.securitycenter.v1.SourceName; import java.io.IOException; @@ -63,7 +64,7 @@ public void testDeleteAndUpdateMarks() throws IOException { @Test public void testAddToFinding() throws IOException { assertTrue( - SecurityMarkSnippets.addToFinding(FINDING.getName()) + SecurityMarkSnippets.addToFinding(FindingName.parse(FINDING.getName())) .getMarksOrThrow("key_a") .equals("value_a")); } From 74ad310cdcc5031b4f8dfe29468f9e0b82dccb8b Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Wed, 10 Apr 2019 14:17:24 -0700 Subject: [PATCH 08/10] Add snippets for asset discovery and group findings/assets --- .../snippets/AssetSnippets.java | 138 ++++++++++++- .../snippets/FindingSnippets.java | 189 +++++++++++++++++- .../snippets/ITAssetSnippets.java | 44 ++++ .../snippets/ITFindingSnippets.java | 31 +++ 4 files changed, 400 insertions(+), 2 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index eb9a6f930f3c..01db2496c8b2 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -15,15 +15,24 @@ */ package com.google.cloud.examples.securitycenter.snippets; +import com.google.api.gax.longrunning.OperationFuture; +import com.google.api.gax.rpc.ResourceExhaustedException; +import com.google.cloud.securitycenter.v1.GroupAssetsRequest; +import com.google.cloud.securitycenter.v1.GroupResult; import com.google.cloud.securitycenter.v1.ListAssetsRequest; import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.GroupAssetsPagedResponse; import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListAssetsPagedResponse; import com.google.common.base.MoreObjects; import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; +import com.google.protobuf.Empty; import java.io.IOException; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; import org.threeten.bp.Duration; import org.threeten.bp.Instant; @@ -174,7 +183,134 @@ static ImmutableList listAssetAndStatusChanges( throw new RuntimeException("Couldn't create client.", e); } } - // [END list_asset_changes_status_changes] + // [END list_asset_changes_status_changes]\ + + + /** + * Groups all assets by their specified properties (e.g. type) for an organization. + * + * @param organizationName The organization to group assets for. + */ + // [START group_all_assets] + static ImmutableList groupAssets(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to group all assets by type in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + GroupAssetsRequest.Builder request = + GroupAssetsRequest.newBuilder() + .setGroupBy("security_center_properties.resource_type") + .setParent(organizationName.toString()); + + // Call the API. + GroupAssetsPagedResponse response = client.groupAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("All assets:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_all_assets] + + /** + * Filters all assets by their specified properties and groups them by specified properties for an + * organization. + * + * @param organizationName The organization to group assets for. + */ + // [START group_all_assets_with_filter] + static ImmutableList groupAssetsWithFilter(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to filter all assets by type and group them by project in an + // organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + GroupAssetsRequest.Builder request = + GroupAssetsRequest.newBuilder() + .setFilter( + "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"") + .setGroupBy("security_center_properties.resource_project") + .setParent(organizationName.toString()); + + // Call the API. + GroupAssetsPagedResponse response = client.groupAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("All assets:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_all_assets_with_filter] + + /** + * Groups all assets by their state_changes (ADDED/DELETED/ACTIVE) during a period of time for an + * organization. + * + * @param organizationName The organization to group assets for. + */ + // [START group_all_assets_with_compare_duration] + static ImmutableList groupAssetsWithCompareDuration( + OrganizationName organizationName, Duration duration) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to group all assets during a period of time in an + // organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + GroupAssetsRequest.Builder request = + GroupAssetsRequest.newBuilder() + .setGroupBy("state_change") + .setParent(organizationName.toString()); + request + .getCompareDurationBuilder() + .setSeconds(duration.getSeconds()) + .setNanos(duration.getNano()); + + // Call the API. + GroupAssetsPagedResponse response = client.groupAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("All assets:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_all_assets_with_compare_duration] + + // [START run_asset_discovery] + static void runAssetDiscovery(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Call the API. Note calls to runAssetDiscovery are throttled if too many requests + // are made. + OperationFuture result = client + .runAssetDiscoveryAsync(organizationName); + + + // Uncomment this line to wait for a certain amount of time for the asset discovery run + // to complete. + // result.get(130, TimeUnit.SECONDS); + System.out.println("Asset discovery runs asynchronously."); + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } catch (ResourceExhaustedException e) { + System.out.println("Asset discovery run already in progress."); + } + } + // [END run_asset_discovery] + public static void main(String... args) { String org_id = System.getenv("ORGANIZATION_ID"); diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index 50451cb0deec..40a8bfcccc42 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -18,10 +18,13 @@ import com.google.cloud.securitycenter.v1.Finding; import com.google.cloud.securitycenter.v1.Finding.State; import com.google.cloud.securitycenter.v1.FindingName; +import com.google.cloud.securitycenter.v1.GroupFindingsRequest; +import com.google.cloud.securitycenter.v1.GroupResult; import com.google.cloud.securitycenter.v1.ListFindingsRequest; import com.google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.cloud.securitycenter.v1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1.SecurityCenterClient.GroupFindingsPagedResponse; import com.google.cloud.securitycenter.v1.SecurityCenterClient.ListFindingsPagedResponse; import com.google.cloud.securitycenter.v1.SourceName; import com.google.cloud.securitycenter.v1.UpdateFindingRequest; @@ -33,6 +36,7 @@ import com.google.protobuf.Value; import java.io.IOException; import java.util.ArrayList; +import java.util.List; import org.threeten.bp.Duration; import org.threeten.bp.Instant; @@ -329,7 +333,7 @@ static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) { // /*sourceId=*/"423432321"); // Iam permission to test. - ArrayList permissionsToTest = new ArrayList<>(); + List permissionsToTest = new ArrayList<>(); permissionsToTest.add("securitycenter.findings.update"); // Call the API. @@ -344,4 +348,187 @@ static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) { } } // [END test_iam_permissions] + + /** + * Group all findings under an organization across all sources by their specified properties (e.g. + * category). + * + * @param organizationName The organizatoin to group all findings for. + */ + // [START group_all_findings] + static ImmutableList groupFindings(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // OrganizationName organizationName = OrganizationName.of("123234324"); + SourceName sourceName = SourceName.of(organizationName.getOrganization(), "-"); + + GroupFindingsRequest.Builder request = + GroupFindingsRequest.newBuilder().setParent(sourceName.toString()).setGroupBy("category"); + + // Call the API. + GroupFindingsPagedResponse response = client.groupFindings(request.build()); + + // This creates one list for all findings. If your organization has a large number of + // findings + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_all_findings] + + /** + * Group findings under an organization and a source by their specified properties (e.g. + * category). + * + * @param sourceName The source to limit the findings to. + */ + // [START group_findings_with_source] + static ImmutableList groupFindingsWithSource(SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); + + GroupFindingsRequest.Builder request = + GroupFindingsRequest.newBuilder().setParent(sourceName.toString()).setGroupBy("category"); + + // Call the API. + GroupFindingsPagedResponse response = client.groupFindings(request.build()); + + // This creates one list for all findings. If your organization has a large number of + // findings + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_findings_with_source] + + /** + * Group active findings under an organization and a source by their specified properties (e.g. + * category). + * + * @param sourceName The source to limit the findings to. + */ + // [START group_active_findings_with_source] + static ImmutableList groupActiveFindingsWithSource( + SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); + + GroupFindingsRequest.Builder request = + GroupFindingsRequest.newBuilder() + .setParent(sourceName.toString()) + .setGroupBy("category") + .setFilter("state=\"ACTIVE\""); + + // Call the API. + GroupFindingsPagedResponse response = client.groupFindings(request.build()); + + // This creates one list for all findings. If your organization has a large number of + // findings + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_active_findings_with_source] + + /** + * Group active findings under an organization and a source by their specified properties (e.g. + * category) at a specified time. + * + * @param sourceName The source to limit the findings to. + */ + // [START group_active_findings_with_source_at_time] + static ImmutableList groupActiveFindingsWithSourceAtTime( + SourceName sourceName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); + + // 1 day ago + Instant oneDayAgo = Instant.now().minusSeconds(60 * 60 * 24); + + GroupFindingsRequest.Builder request = + GroupFindingsRequest.newBuilder() + .setParent(sourceName.toString()) + .setGroupBy("category") + .setFilter("state=\"ACTIVE\"") + .setReadTime( + Timestamp.newBuilder() + .setSeconds(oneDayAgo.getEpochSecond()) + .setNanos(oneDayAgo.getNano())); + + // Call the API. + GroupFindingsPagedResponse response = client.groupFindings(request.build()); + + // This creates one list for all findings. If your organization has a large number of + // findings + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_active_findings_with_source_at_time] + + /** + * Group active findings under an organization and a source by their state_changes + * (ADDED/CHANGED/UNCHANGED) during a period. + * + * @param sourceName The source to limit the findings to. + */ + // [START group_active_findings_with_source_and_compare_duration] + static ImmutableList groupActiveFindingsWithSourceAndCompareDuration( + SourceName sourceName, Duration duration) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ + // "423432321"); + + GroupFindingsRequest.Builder request = + GroupFindingsRequest.newBuilder() + .setParent(sourceName.toString()) + .setGroupBy("state_change") + .setFilter("state=\"ACTIVE\""); + request + .getCompareDurationBuilder() + .setSeconds(duration.getSeconds()) + .setNanos(duration.getNano()); + + // Call the API. + GroupFindingsPagedResponse response = client.groupFindings(request.build()); + + // This creates one list for all findings. If your organization has a large number of + // findings + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Findings:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } + } + // [END group_active_findings_with_source_and_compare_duration] } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index 256064b72148..8fd884c64a1e 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -19,11 +19,17 @@ import static junit.framework.TestCase.assertTrue; import static org.junit.Assert.assertEquals; +import com.google.cloud.securitycenter.v1.GroupResult; import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult.StateChange; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.common.collect.ImmutableList; +import java.io.BufferedOutputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.OutputStream; +import java.io.PrintStream; +import org.apache.commons.lang3.CharSet; import org.junit.Test; import org.threeten.bp.Duration; import org.threeten.bp.Instant; @@ -70,6 +76,44 @@ public void testChangesReturnsValues() { assertEquals(result.get(0).getStateChange(), StateChange.ADDED); } + @Test + public void testGroupAssets() { + ImmutableList results = AssetSnippets.groupAssets(getOrganizationId()); + assertTrue(results.size() > 0); + } + + @Test + public void testGroupAssetsWithFilter() { + ImmutableList results = AssetSnippets.groupAssetsWithFilter(getOrganizationId()); + assertTrue(results.size() > 0); + } + + @Test + public void testGroupAssetsWithCompareDuration() { + ImmutableList results = + AssetSnippets.groupAssetsWithCompareDuration( + getOrganizationId(), Duration.ofSeconds(86400)); + assertTrue(results.size() > 0); + } + + @Test + public void testRunAssetDiscovery() throws IOException { + PrintStream oldStream = System.out; + try { + + ByteArrayOutputStream capture = new ByteArrayOutputStream(); + PrintStream out = new PrintStream(capture); + System.setOut(out); + AssetSnippets.runAssetDiscovery(getOrganizationId()); + + out.flush(); + assertTrue(capture.toString(), capture.toString().equals("Asset discovery runs asynchronously.\n") || + capture.toString().equals("Asset discovery run already in progress.\n")); + } finally { + System.setOut(oldStream); + } + } + private static OrganizationName getOrganizationId() { return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java index bf7fc6159ca5..6d50c7b2c5cb 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java @@ -15,6 +15,7 @@ */ package com.google.cloud.examples.securitycenter.snippets; +import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertNotNull; import static junit.framework.TestCase.assertTrue; @@ -26,6 +27,7 @@ import java.io.IOException; import org.junit.BeforeClass; import org.junit.Test; +import org.threeten.bp.Duration; /** Smoke tests for {@link com.google.cloud.examples.securitycenter.snippets.FindingSnippets} */ public class ITFindingSnippets { @@ -89,6 +91,35 @@ public void testTestIamPermissions() throws IOException { .equals("securitycenter.findings.update")); } + @Test + public void testGroupFindings() throws IOException { + assertTrue(FindingSnippets.groupFindings(getOrganizationId()).size() > 0); + } + + @Test + public void testGroupFindingsWithSource() throws IOException { + assertTrue(FindingSnippets.groupFindingsWithSource(SOURCE_NAME).size() > 0); + } + + @Test + public void testGroupActiveFindingsWithSource() throws IOException { + assertTrue(FindingSnippets.groupActiveFindingsWithSource(SOURCE_NAME).size() > 0); + } + + @Test + public void testGroupActiveFindingsWithSourceAtTime() throws IOException { + assertEquals(0, FindingSnippets.groupActiveFindingsWithSourceAtTime(SOURCE_NAME).size()); + } + + @Test + public void testGroupActiveFindingsWithSourceAndCompareDuration() throws IOException { + assertTrue( + FindingSnippets.groupActiveFindingsWithSourceAndCompareDuration( + SOURCE_NAME, Duration.ofDays(1)) + .size() + > 0); + } + private static OrganizationName getOrganizationId() { return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } From e8ce59ab1072e24b6346825526f180711d95fc19 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Thu, 11 Apr 2019 13:40:42 -0700 Subject: [PATCH 09/10] fix formatting --- .../securitycenter/snippets/AssetSnippets.java | 9 +-------- .../securitycenter/snippets/FindingSnippets.java | 6 ++---- .../securitycenter/snippets/ITAssetSnippets.java | 11 +++++------ .../securitycenter/snippets/ITFindingSnippets.java | 4 ++-- 4 files changed, 10 insertions(+), 20 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 01db2496c8b2..62300bbfda6a 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -30,9 +30,6 @@ import com.google.common.collect.ImmutableList; import com.google.protobuf.Empty; import java.io.IOException; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.TimeoutException; import org.threeten.bp.Duration; import org.threeten.bp.Instant; @@ -185,7 +182,6 @@ static ImmutableList listAssetAndStatusChanges( } // [END list_asset_changes_status_changes]\ - /** * Groups all assets by their specified properties (e.g. type) for an organization. * @@ -295,9 +291,7 @@ static void runAssetDiscovery(OrganizationName organizationName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // Call the API. Note calls to runAssetDiscovery are throttled if too many requests // are made. - OperationFuture result = client - .runAssetDiscoveryAsync(organizationName); - + OperationFuture result = client.runAssetDiscoveryAsync(organizationName); // Uncomment this line to wait for a certain amount of time for the asset discovery run // to complete. @@ -311,7 +305,6 @@ static void runAssetDiscovery(OrganizationName organizationName) { } // [END run_asset_discovery] - public static void main(String... args) { String org_id = System.getenv("ORGANIZATION_ID"); if (args.length > 0) { diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java index 40a8bfcccc42..4980aa54205a 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/FindingSnippets.java @@ -420,8 +420,7 @@ static ImmutableList groupFindingsWithSource(SourceName sourceName) * @param sourceName The source to limit the findings to. */ // [START group_active_findings_with_source] - static ImmutableList groupActiveFindingsWithSource( - SourceName sourceName) { + static ImmutableList groupActiveFindingsWithSource(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ // "423432321"); @@ -456,8 +455,7 @@ static ImmutableList groupActiveFindingsWithSource( * @param sourceName The source to limit the findings to. */ // [START group_active_findings_with_source_at_time] - static ImmutableList groupActiveFindingsWithSourceAtTime( - SourceName sourceName) { + static ImmutableList groupActiveFindingsWithSourceAtTime(SourceName sourceName) { try (SecurityCenterClient client = SecurityCenterClient.create()) { // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/ // "423432321"); diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index 8fd884c64a1e..04261bd25a6e 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -24,12 +24,9 @@ import com.google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult.StateChange; import com.google.cloud.securitycenter.v1.OrganizationName; import com.google.common.collect.ImmutableList; -import java.io.BufferedOutputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.io.PrintStream; -import org.apache.commons.lang3.CharSet; import org.junit.Test; import org.threeten.bp.Duration; import org.threeten.bp.Instant; @@ -105,10 +102,12 @@ public void testRunAssetDiscovery() throws IOException { PrintStream out = new PrintStream(capture); System.setOut(out); AssetSnippets.runAssetDiscovery(getOrganizationId()); - + out.flush(); - assertTrue(capture.toString(), capture.toString().equals("Asset discovery runs asynchronously.\n") || - capture.toString().equals("Asset discovery run already in progress.\n")); + assertTrue( + capture.toString(), + capture.toString().equals("Asset discovery runs asynchronously.\n") + || capture.toString().equals("Asset discovery run already in progress.\n")); } finally { System.setOut(oldStream); } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java index 6d50c7b2c5cb..5634a03e84e7 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITFindingSnippets.java @@ -115,8 +115,8 @@ public void testGroupActiveFindingsWithSourceAtTime() throws IOException { public void testGroupActiveFindingsWithSourceAndCompareDuration() throws IOException { assertTrue( FindingSnippets.groupActiveFindingsWithSourceAndCompareDuration( - SOURCE_NAME, Duration.ofDays(1)) - .size() + SOURCE_NAME, Duration.ofDays(1)) + .size() > 0); } From 2813feef0c9a80293739b67fd53a4b4a2f856b24 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Mon, 15 Apr 2019 10:58:51 -0700 Subject: [PATCH 10/10] remove trailing backslash --- .../cloud/examples/securitycenter/snippets/AssetSnippets.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 62300bbfda6a..a614ea12496e 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -180,7 +180,7 @@ static ImmutableList listAssetAndStatusChanges( throw new RuntimeException("Couldn't create client.", e); } } - // [END list_asset_changes_status_changes]\ + // [END list_asset_changes_status_changes] /** * Groups all assets by their specified properties (e.g. type) for an organization.