-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Resource Organization, folder and project Mute Config #10772
Closed
thokalavinod
wants to merge
68
commits into
GoogleCloudPlatform:main
from
thokalavinod:SCC-Management-API
Closed
Changes from all commits
Commits
Show all changes
68 commits
Select commit
Hold shift + click to select a range
ab2df03
securitycenterv2 changes
thokalavinod 7b4dda8
V2 changes
thokalavinod abf1168
fix the build issues
thokalavinod 4526193
Addressed the review comments
thokalavinod 778ec3e
changes based on comments
thokalavinod 4f649a1
changed default value
thokalavinod ad1a7fc
Changes on yaml files
thokalavinod 001fec7
code changes based on PR errors
thokalavinod a85efb1
PR comments addressed
thokalavinod b9a9ff5
fixed the issues in test cases
thokalavinod 78a719a
Services added
thokalavinod 7607454
name changed on product file
thokalavinod 90e178b
fixed a test case
thokalavinod db9de8e
Comments addressed
thokalavinod d6cfd8d
fixed the errors
thokalavinod cc229c5
name changes
thokalavinod 8f8f3ff
address the issues
thokalavinod 6af7992
yaml changes
thokalavinod fb3efad
yaml file errors fixed
thokalavinod bdae90e
lint check fixed
thokalavinod 5bf5760
test files fixed
thokalavinod fd5657d
added import file
thokalavinod f17aa1f
transport file added
thokalavinod 4eb984a
made changes in import files
thokalavinod 9aa1f3f
test cases errors fixed
thokalavinod bbfb1d0
removed unwanted import files
thokalavinod 4010782
lint changes
thokalavinod 4a26a96
test files import
thokalavinod 6a37681
Added destroy function
thokalavinod 2c3127a
added transport import file
thokalavinod 9573d9a
unit test errors fixed
thokalavinod e5542ef
removed unused imports
thokalavinod 32c7ee9
added changes required
thokalavinod 320b0ca
changes in examples
thokalavinod d90ecaf
added resource folder
thokalavinod dc0f536
added resource folder
thokalavinod d1ad972
added enum type
thokalavinod 790fe46
changes in naming
thokalavinod 3eae539
lint errors fixed
thokalavinod 701cca0
fixed the test erros
thokalavinod 842293f
comments addressed
thokalavinod 3a56a16
errors logs fixed
thokalavinod 0cd1e3e
addressed comment
thokalavinod 66066df
changes in examples
thokalavinod 454aa91
removed the error
thokalavinod 11a5846
lint changes fixed
thokalavinod 46428c0
lint changes fixed
thokalavinod 5f7bb8b
resolved basic example errors
thokalavinod 31d1346
fixed build and lint errors
thokalavinod f9690f3
addressed the cooment
thokalavinod 4bee56e
Lint changes
thokalavinod cdfaf05
addressed the comments
thokalavinod 1223fdd
lint check errors
thokalavinod 6e51a34
modifications in test and example files
thokalavinod 2ea48eb
lint check errors
thokalavinod af1d43e
changes in yaml files
thokalavinod d551817
changed the parent name
thokalavinod b580677
comments addressed
thokalavinod 17c4f41
Merge branch 'main' into SCC-Management-API
thokalavinod 831be14
comments addressed
thokalavinod 4e4a83e
deleted files
thokalavinod 10fd1ac
Merge remote-tracking branch 'upstream/main' into SCC-Management-API
thokalavinod 24407b6
added notification files
thokalavinod e210f8c
comments addresed
thokalavinod a87c6e3
fixed a missing comment
thokalavinod 0d5b494
fixed errors
thokalavinod ed35c4c
fixed lint erros and unit errors
thokalavinod 79066bf
Merge branch 'main' into SCC-Management-API
thokalavinod File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
# Copyright 2024 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- !ruby/object:Api::Resource | ||
name: 'FolderMuteConfig' | ||
base_url: 'folders/{{folder}}/locations/{{location}}/muteConfigs' | ||
self_link: '{{name}}' | ||
create_url: 'folders/{{folder}}/locations/{{location}}/muteConfigs?muteConfigId={{mute_config_id}}' | ||
update_verb: :PATCH | ||
update_mask: true | ||
description: | | ||
Mute Findings is a volume management feature in Security Command Center | ||
that lets you manually or programmatically hide irrelevant findings, | ||
and create filters to automatically silence existing and future | ||
findings based on criteria you specify. | ||
references: !ruby/object:Api::Resource::ReferenceLinks | ||
api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.locations.muteConfigs' | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: 'scc_v2_folder_mute_config_basic' | ||
primary_resource_id: 'default' | ||
vars: | ||
mute_config_id: 'my-config' | ||
test_env_vars: | ||
org_id: :ORG_ID | ||
# Skipping sweeper since this is a child resource | ||
skip_sweeper: true | ||
import_format: ['{{name}}'] | ||
custom_code: !ruby/object:Provider::Terraform::CustomCode | ||
custom_import: templates/terraform/custom_import/scc_mute_config.go.erb | ||
parameters: | ||
- !ruby/object:Api::Type::String | ||
name: muteConfigId | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
Unique identifier provided by the client within the parent scope. | ||
- !ruby/object:Api::Type::String | ||
name: location | ||
required: false | ||
immutable: true | ||
url_param_only: true | ||
default_value: global | ||
description: | | ||
location Id is provided by organization. If not provided, Use global as default. | ||
- !ruby/object:Api::Type::String | ||
name: folder | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
Resource name of the new organization mute configs's parent. Its format is | ||
"[folder_id]" | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
output: true | ||
description: | | ||
Name of the mute config. Its format is | ||
organizations/{organization}/muteConfigs/{configId}, | ||
folders/{folder}/muteConfigs/{configId}, | ||
or projects/{project}/muteConfigs/{configId} | ||
- !ruby/object:Api::Type::String | ||
name: 'description' | ||
description: A description of the mute config. | ||
- !ruby/object:Api::Type::String | ||
name: 'filter' | ||
description: | | ||
An expression that defines the filter to apply across create/update | ||
events of findings. While creating a filter string, be mindful of | ||
the scope in which the mute configuration is being created. E.g., | ||
If a filter contains project = X but is created under the | ||
project = Y scope, it might not match any findings. | ||
required: true | ||
- !ruby/object:Api::Type::String | ||
name: 'createTime' | ||
description: | | ||
The time at which the mute config was created. This field is set by | ||
the server and will be ignored if provided on config creation. | ||
output: true | ||
- !ruby/object:Api::Type::String | ||
name: 'updateTime' | ||
description: | | ||
Output only. The most recent time at which the mute config was | ||
updated. This field is set by the server and will be ignored if | ||
provided on config creation or update. | ||
output: true | ||
- !ruby/object:Api::Type::String | ||
name: 'mostRecentEditor' | ||
description: | | ||
Email address of the user who last edited the mute config. This | ||
field is set by the server and will be ignored if provided on | ||
config creation or update. | ||
output: true | ||
- !ruby/object:Api::Type::Enum | ||
name: 'type' | ||
required: true | ||
description: | | ||
Required. The type of the mute config, | ||
which determines what type of mute state the config affects. Immutable after creation. | ||
values: | ||
- :MUTE_CONFIG_TYPE_UNSPECIFIED | ||
- :STATIC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
# Copyright 2023 Google Inc. | ||
# Copyright 2024 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
|
@@ -51,13 +51,6 @@ parameters: | |
default_value: global | ||
description: | | ||
location Id is provided by organization. If not provided, Use global as default. | ||
- !ruby/object:Api::Type::String | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why is this field being removed? |
||
name: mute_config_id | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
Unique identifier provided by the client within the parent scope. | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
# Copyright 2024 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- !ruby/object:Api::Resource | ||
name: 'projectMuteConfig' | ||
base_url: '{{project}}/locations/{{location}}/muteConfigs' | ||
self_link: '{{name}}' | ||
create_url: '{{project}}/locations/{{location}}/muteConfigs?muteConfigId={{mute_config_id}}' | ||
update_verb: :PATCH | ||
update_mask: true | ||
description: | | ||
Mute Findings is a volume management feature in Security Command Center | ||
that lets you manually or programmatically hide irrelevant findings, | ||
and create filters to automatically silence existing and future | ||
findings based on criteria you specify. | ||
references: !ruby/object:Api::Resource::ReferenceLinks | ||
api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.muteConfigs' | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: 'scc_v2_project_mute_config_basic' | ||
primary_resource_id: 'default' | ||
vars: | ||
mute_config_id: 'my-config' | ||
test_env_vars: | ||
org_id: :ORG_ID | ||
# Skipping sweeper since this is a child resource | ||
skip_sweeper: true | ||
import_format: ['{{name}}'] | ||
custom_code: !ruby/object:Provider::Terraform::CustomCode | ||
custom_import: templates/terraform/custom_import/scc_mute_config.go.erb | ||
parameters: | ||
- !ruby/object:Api::Type::String | ||
name: muteConfigId | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
Unique identifier provided by the client within the parent scope. | ||
- !ruby/object:Api::Type::String | ||
name: location | ||
required: false | ||
immutable: true | ||
url_param_only: true | ||
default_value: global | ||
description: | | ||
location Id is provided by organization. If not provided, Use global as default. | ||
- !ruby/object:Api::Type::String | ||
name: project_parent | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
Resource name of the new mute configs's parent. Its format is | ||
"organizations/[organization_id]", "folders/[folder_id]", or | ||
"projects/[project_id]". | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
output: true | ||
description: | | ||
Name of the mute config. Its format is | ||
organizations/{organization}/muteConfigs/{configId}, | ||
folders/{folder}/muteConfigs/{configId}, | ||
or projects/{project}/muteConfigs/{configId} | ||
- !ruby/object:Api::Type::String | ||
name: 'description' | ||
description: A description of the mute config. | ||
- !ruby/object:Api::Type::String | ||
name: 'filter' | ||
description: | | ||
An expression that defines the filter to apply across create/update | ||
events of findings. While creating a filter string, be mindful of | ||
the scope in which the mute configuration is being created. E.g., | ||
If a filter contains project = X but is created under the | ||
project = Y scope, it might not match any findings. | ||
required: true | ||
- !ruby/object:Api::Type::String | ||
name: 'createTime' | ||
description: | | ||
The time at which the mute config was created. This field is set by | ||
the server and will be ignored if provided on config creation. | ||
output: true | ||
- !ruby/object:Api::Type::String | ||
name: 'updateTime' | ||
description: | | ||
Output only. The most recent time at which the mute config was | ||
updated. This field is set by the server and will be ignored if | ||
provided on config creation or update. | ||
output: true | ||
- !ruby/object:Api::Type::String | ||
name: 'mostRecentEditor' | ||
description: | | ||
Email address of the user who last edited the mute config. This | ||
field is set by the server and will be ignored if provided on | ||
config creation or update. | ||
output: true | ||
- !ruby/object:Api::Type::Enum | ||
name: 'type' | ||
required: true | ||
description: | | ||
Required. The type of the mute config, | ||
which determines what type of mute state the config affects. Immutable after creation. | ||
values: | ||
- :MUTE_CONFIG_TYPE_UNSPECIFIED | ||
- :STATIC |
19 changes: 19 additions & 0 deletions
19
mmv1/templates/terraform/examples/scc_v2_folder_mute_config_basic.tf.erb
thokalavinod marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
resource "google_folder" "folder" { | ||
display_name = "A test folder mute config" | ||
parent = "organizations/<%= ctx[:vars]['org_id'] %>" | ||
} | ||
|
||
resource "google_folder_iam_member" "scc_folder_mute_config" { | ||
folder = google_folder.folder.id | ||
role = "roles/securitycenter.admin" | ||
member = "serviceAccount:<%= ctx[:vars]['service_account_email'] %>" | ||
} | ||
|
||
thokalavinod marked this conversation as resolved.
Show resolved
Hide resolved
|
||
resource "google_scc_v2_folder_mute_config" "<%= ctx[:primary_resource_id] %>" { | ||
trodge marked this conversation as resolved.
Show resolved
Hide resolved
|
||
mute_config_id = "<%= ctx[:vars]['mute_config_id'] %>" | ||
folder = google_folder.folder.folder_id | ||
description = "My custom Cloud Security Command Center Mute Configuration" | ||
filter = "severity = \"HIGH\"" | ||
type = "STATIC" | ||
thokalavinod marked this conversation as resolved.
Show resolved
Hide resolved
|
||
depends_on = [google_folder_iam_member.scc_folder_mute_config] | ||
} |
20 changes: 20 additions & 0 deletions
20
mmv1/templates/terraform/examples/scc_v2_project_mute_config_basic.tf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
resource "google_project" "project" { | ||
name = "My Test Project" | ||
thokalavinod marked this conversation as resolved.
Show resolved
Hide resolved
|
||
project_id = "<%= ctx[:vars]['project_id'] %>" | ||
parent = "<%= ctx[:vars]['org_id'] %>" | ||
} | ||
|
||
resource "google_project_iam_member" "scc_project_mute_config" { | ||
project = google_project.project.project_id | ||
role = "roles/securitycenter.admin" | ||
member = "serviceAccount:<%= ctx[:vars]['service_account_email'] %>" | ||
} | ||
|
||
thokalavinod marked this conversation as resolved.
Show resolved
Hide resolved
|
||
resource "google_scc_v2_project_mute_config" "<%= ctx[:primary_resource_id] %>" { | ||
mute_config_id = "<%= ctx[:vars]['mute_config_id'] %>" | ||
project = google_project.project.project_id | ||
description = "My custom Cloud Security Command Center Project Mute Configuration" | ||
filter = "severity = \"HIGH\"" | ||
type = "STATIC" | ||
thokalavinod marked this conversation as resolved.
Show resolved
Hide resolved
|
||
depends_on = [google_project_iam_member.scc_project_mute_config] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would probably be simpler to add the
folders/
part to the url and remove it from this field. That way the field doesn't need to preserve a forward slash in its value.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
addressed