diff --git a/security-center/snippets/management_api/deleteSecurityHealthAnalyticsCustomModule.js b/security-center/snippets/management_api/deleteSecurityHealthAnalyticsCustomModule.js new file mode 100644 index 0000000000..8ef4b9d83a --- /dev/null +++ b/security-center/snippets/management_api/deleteSecurityHealthAnalyticsCustomModule.js @@ -0,0 +1,51 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +'use strict'; + +/** + * Delete the security health analytics custom module + */ +function main(organizationId, customModuleId, locationId = 'global') { + // [START securitycenter_delete_security_health_analytics_custom_module] + // npm install '@google-cloud/securitycentermanagement' + const { + SecurityCenterManagementClient, + } = require('@google-cloud/securitycentermanagement'); + + const client = new SecurityCenterManagementClient(); + + /* + * Required. Resource name of security health analytics module. + * Its format is + * `organizations/[organization_id]/locations/[location_id]/securityHealthAnalyticsCustomModules/[custom_module]` + * `folders/[folder_id]/locations/[location_id]/securityHealthAnalyticsCustomModules/[custom_module]` + * `projects/[project_id]/locations/[location_id]/securityHealthAnalyticsCustomModules/[custom_module]` + */ + const name = `organizations/${organizationId}/locations/${locationId}/securityHealthAnalyticsCustomModules/${customModuleId}`; + + async function deleteSecurityHealthAnalyticsCustomModule() { + const [response] = await client.deleteSecurityHealthAnalyticsCustomModule({ + name: name, + }); + console.log( + 'Security Health Analytics Custom Module delete succeeded: ', + response + ); + } + + deleteSecurityHealthAnalyticsCustomModule(); + // [END securitycenter_delete_security_health_analytics_custom_module] +} + +main(...process.argv.slice(2)); diff --git a/security-center/snippets/management_api/listDescendantSecurityHealthAnalyticsCustomModule.js b/security-center/snippets/management_api/listDescendantSecurityHealthAnalyticsCustomModule.js new file mode 100644 index 0000000000..f02369c9e7 --- /dev/null +++ b/security-center/snippets/management_api/listDescendantSecurityHealthAnalyticsCustomModule.js @@ -0,0 +1,52 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +'use strict'; + +/** + * List all descendant security health analytics custom module under a given parent resource + */ +function main(organizationId, locationId = 'global') { + // [START securitycenter_list_descendant_security_health_analytics_custom_module] + // npm install '@google-cloud/securitycentermanagement' + const { + SecurityCenterManagementClient, + } = require('@google-cloud/securitycentermanagement'); + + const client = new SecurityCenterManagementClient(); + + /* + * Required. The name of the parent resource of security health analytics module + * Its format is + * `organizations/[organization_id]/locations/[location_id]` + * `folders/[folder_id]/locations/[location_id]` + * `projects/[project_id]/locations/[location_id]` + */ + const parent = `organizations/${organizationId}/locations/${locationId}`; + + async function listDescendantSecurityHealthAnalyticsCustomModule() { + const [response] = + await client.listDescendantSecurityHealthAnalyticsCustomModules({ + parent: parent, + }); + console.log( + 'Security Health Analytics Custom Module list descendant succeeded: ', + response + ); + } + + listDescendantSecurityHealthAnalyticsCustomModule(); + // [END securitycenter_list_descendant_security_health_analytics_custom_module] +} + +main(...process.argv.slice(2)); diff --git a/security-center/snippets/management_api/listEffectiveSecurityHealthAnalyticsCustomModule.js b/security-center/snippets/management_api/listEffectiveSecurityHealthAnalyticsCustomModule.js new file mode 100644 index 0000000000..9e24a1142f --- /dev/null +++ b/security-center/snippets/management_api/listEffectiveSecurityHealthAnalyticsCustomModule.js @@ -0,0 +1,52 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +'use strict'; + +/** + * List all effective security health analytics custom module under a given parent resource + */ +function main(organizationId, locationId = 'global') { + // [START securitycenter_list_effective_security_health_analytics_custom_module] + // npm install '@google-cloud/securitycentermanagement' + const { + SecurityCenterManagementClient, + } = require('@google-cloud/securitycentermanagement'); + + const client = new SecurityCenterManagementClient(); + + /* + * Required. The name of the parent resource of security health analytics module + * Its format is + * `organizations/[organization_id]/locations/[location_id]` + * `folders/[folder_id]/locations/[location_id]` + * `projects/[project_id]/locations/[location_id]` + */ + const parent = `organizations/${organizationId}/locations/${locationId}`; + + async function listEffectiveSecurityHealthAnalyticsCustomModule() { + const [response] = + await client.listEffectiveSecurityHealthAnalyticsCustomModules({ + parent: parent, + }); + console.log( + 'Security Health Analytics Custom Module list effective succeeded: ', + response + ); + } + + listEffectiveSecurityHealthAnalyticsCustomModule(); + // [END securitycenter_list_effective_security_health_analytics_custom_module] +} + +main(...process.argv.slice(2)); diff --git a/security-center/snippets/management_api/listSecurityHealthAnalyticsCustomModule.js b/security-center/snippets/management_api/listSecurityHealthAnalyticsCustomModule.js new file mode 100644 index 0000000000..fbc3c03ade --- /dev/null +++ b/security-center/snippets/management_api/listSecurityHealthAnalyticsCustomModule.js @@ -0,0 +1,51 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +'use strict'; + +/** + * List all security health analytics custom module under a given parent resource + */ +function main(organizationId, locationId = 'global') { + // [START securitycenter_list_security_health_analytics_custom_module] + // npm install '@google-cloud/securitycentermanagement' + const { + SecurityCenterManagementClient, + } = require('@google-cloud/securitycentermanagement'); + + const client = new SecurityCenterManagementClient(); + + /* + * Required. The name of the parent resource of security health analytics module + * Its format is + * `organizations/[organization_id]/locations/[location_id]` + * `folders/[folder_id]/locations/[location_id]` + * `projects/[project_id]/locations/[location_id]` + */ + const parent = `organizations/${organizationId}/locations/${locationId}`; + + async function listSecurityHealthAnalyticsCustomModule() { + const [response] = await client.listSecurityHealthAnalyticsCustomModules({ + parent: parent, + }); + console.log( + 'Security Health Analytics Custom Module list succeeded: ', + response + ); + } + + listSecurityHealthAnalyticsCustomModule(); + // [END securitycenter_list_security_health_analytics_custom_module] +} + +main(...process.argv.slice(2)); diff --git a/security-center/snippets/management_api/simulateSecurityHealthAnalyticsCustomModule.js b/security-center/snippets/management_api/simulateSecurityHealthAnalyticsCustomModule.js new file mode 100644 index 0000000000..c8e3c65bb2 --- /dev/null +++ b/security-center/snippets/management_api/simulateSecurityHealthAnalyticsCustomModule.js @@ -0,0 +1,105 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +'use strict'; + +/** + * Simulate security health analytics custom module + */ +function main(organizationId, locationId = 'global') { + // [START securitycenter_simulate_security_health_analytics_custom_module] + // npm install '@google-cloud/securitycentermanagement' + const { + SecurityCenterManagementClient, + protos, + } = require('@google-cloud/securitycentermanagement'); + + const client = new SecurityCenterManagementClient(); + + const Severity = + protos.google.cloud.securitycentermanagement.v1.CustomConfig.Severity; + + /* + * Required. The name of the parent resource of security health analytics module + * Its format is + * `organizations/[organization_id]/locations/[location_id]` + * `folders/[folder_id]/locations/[location_id]` + * `projects/[project_id]/locations/[location_id]` + */ + const parent = `organizations/${organizationId}/locations/${locationId}`; + + // define the CEL expression here and this will scans for keys that have not been rotated in + // the last 30 days, change it according to the your requirements + const expr = { + expression: `has(resource.rotationPeriod) && (resource.rotationPeriod > duration('2592000s'))`, + }; + + // define the resource selector + const resourceSelector = { + resourceTypes: ['cloudkms.googleapis.com/CryptoKey'], + }; + + // define the custom module configuration, update the severity, description, + // recommendation below + const customConfig = { + predicate: expr, + resourceSelector: resourceSelector, + severity: Severity.MEDIUM, + description: 'add your description here', + recommendation: 'add your recommendation here', + }; + + // define the simulated resource data + const resourceData = { + fields: { + resourceId: {stringValue: 'test-resource-id'}, + name: {stringValue: 'test-resource-name'}, + }, + }; + + // define the policy + const policy = { + bindings: [ + { + role: 'roles/owner', + members: ['user:test-user@gmail.com'], + }, + ], + }; + + // replace with the correct resource type + const simulatedResource = { + resourceType: 'cloudkms.googleapis.com/CryptoKey', + resourceData: resourceData, + iamPolicyData: policy, + }; + + async function simulateSecurityHealthAnalyticsCustomModule() { + const [response] = await client.simulateSecurityHealthAnalyticsCustomModule( + { + parent: parent, + customConfig: customConfig, + resource: simulatedResource, + } + ); + console.log( + 'Security Health Analytics Custom Module simulate succeeded: ', + response + ); + } + + simulateSecurityHealthAnalyticsCustomModule(); + // [END securitycenter_simulate_security_health_analytics_custom_module] +} + +main(...process.argv.slice(2)); diff --git a/security-center/snippets/system-test/management_api/securityHealthAnalyticsCustomModule.test.js b/security-center/snippets/system-test/management_api/securityHealthAnalyticsCustomModule.test.js index 826d4ba032..d60b072df7 100644 --- a/security-center/snippets/system-test/management_api/securityHealthAnalyticsCustomModule.test.js +++ b/security-center/snippets/system-test/management_api/securityHealthAnalyticsCustomModule.test.js @@ -78,7 +78,6 @@ describe('security health analytics custom module', async () => { customModuleId: customModuleId, customModuleName: createResponse.displayName, }; - sharedModuleIds.push(customModuleId); console.log( 'SecurityHealthAnalyticsCustomModule created : %j', createResponse @@ -170,4 +169,67 @@ describe('security health analytics custom module', async () => { assert.notMatch(output, /undefined/); done(); }); + + it('list security health analytics custom module', done => { + const output = exec( + `node management_api/listSecurityHealthAnalyticsCustomModule.js ${data.orgId} ${locationId}` + ); + assert.include(output, data.customModuleName); + assert.match( + output, + /Security Health Analytics Custom Module list succeeded/ + ); + assert.notMatch(output, /undefined/); + done(); + }); + + it('list descendant security health analytics custom module', done => { + const output = exec( + `node management_api/listDescendantSecurityHealthAnalyticsCustomModule.js ${data.orgId} ${locationId}` + ); + assert.include(output, data.customModuleName); + assert.match( + output, + /Security Health Analytics Custom Module list descendant succeeded/ + ); + assert.notMatch(output, /undefined/); + done(); + }); + + it('list effective security health analytics custom module', done => { + const output = exec( + `node management_api/listEffectiveSecurityHealthAnalyticsCustomModule.js ${data.orgId} ${locationId}` + ); + assert.include(output, data.customModuleName); + assert.match( + output, + /Security Health Analytics Custom Module list effective succeeded/ + ); + assert.notMatch(output, /undefined/); + done(); + }); + + it('delete security health analytics custom module', done => { + const output = exec( + `node management_api/deleteSecurityHealthAnalyticsCustomModule.js ${data.orgId} ${data.customModuleId} ${locationId}` + ); + assert.match( + output, + /Security Health Analytics Custom Module delete succeeded/ + ); + assert.notMatch(output, /undefined/); + done(); + }); + + it('simulate security health analytics custom module', done => { + const output = exec( + `node management_api/simulateSecurityHealthAnalyticsCustomModule.js ${data.orgId} ${locationId}` + ); + assert.match( + output, + /Security Health Analytics Custom Module simulate succeeded/ + ); + assert.notMatch(output, /undefined/); + done(); + }); });