This repository has been archived by the owner on Sep 16, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(samples): added samples for Mute config (#719)
* docs(scc-samples): init add CRUD mute config samples * added bulk mute and mute/unmute samples * refactor(samples): modified class name * refactor(samples): added muteConfigId and refactored class name * test(samples): added tests for mute config samples * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): updated samples and test files * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): lint fix * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): applied documentation review comments * docs(samples): applied review comments * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): added test env variables * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): added test env variables * updated config typo * test: try changing the env var name * Update samples.cfg * Update samples.cfg * updated samples.cfg * docs(samples): updated acc to review comments * lint fix * lint fix * lint fix Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Neenu Shaji <Neenu1995@users.noreply.github.com>
- Loading branch information
1 parent
7b83366
commit 05018a5
Showing
11 changed files
with
718 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 71 additions & 0 deletions
71
...n/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/BulkMuteFindings.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
||
// [START securitycenter_bulk_mute] | ||
|
||
import com.google.cloud.securitycenter.v1.BulkMuteFindingsRequest; | ||
import com.google.cloud.securitycenter.v1.BulkMuteFindingsResponse; | ||
import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
import java.io.IOException; | ||
import java.util.concurrent.ExecutionException; | ||
|
||
public class BulkMuteFindings { | ||
|
||
public static void main(String[] args) { | ||
// TODO: Replace the variables within {} | ||
|
||
// parentPath: Use any one of the following options: | ||
// - organizations/{organization_id} | ||
// - folders/{folder_id} | ||
// - projects/{project_id} | ||
String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
||
// muteRule: Expression that identifies findings that should be muted. | ||
// eg: "resource.project_display_name=\"PROJECT_ID\"" | ||
String muteRule = "{filter-condition}"; | ||
|
||
bulkMute(parentPath, muteRule); | ||
} | ||
|
||
// Kicks off a long-running operation (LRO) to bulk mute findings for a parent based on a filter. | ||
// The parent can be either an organization, folder, or project. The findings | ||
// matched by the filter will be muted after the LRO is done. | ||
public static void bulkMute(String parentPath, String muteRule) { | ||
// Initialize client that will be used to send requests. This client only needs to be created | ||
// once, and can be reused for multiple requests. After completing all of your requests, call | ||
// the "close" method on the client to safely clean up any remaining background resources. | ||
try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
|
||
BulkMuteFindingsRequest bulkMuteFindingsRequest = | ||
BulkMuteFindingsRequest.newBuilder() | ||
.setParent(parentPath) | ||
// To create mute rules, see: | ||
// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules | ||
.setFilter(muteRule) | ||
.build(); | ||
|
||
// ExecutionException is thrown if the below call fails. | ||
BulkMuteFindingsResponse response = | ||
client.bulkMuteFindingsAsync(bulkMuteFindingsRequest).get(); | ||
System.out.println("Bulk mute findings completed successfully! " + response); | ||
} catch (IOException | InterruptedException | ExecutionException e) { | ||
System.out.println("Bulk mute findings failed! \n Exception: " + e); | ||
} | ||
} | ||
} | ||
// [END securitycenter_bulk_mute] |
79 changes: 79 additions & 0 deletions
79
...ain/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/CreateMuteRule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
||
// [START securitycenter_create_mute_config] | ||
|
||
import com.google.cloud.securitycenter.v1.CreateMuteConfigRequest; | ||
import com.google.cloud.securitycenter.v1.MuteConfig; | ||
import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
import java.io.IOException; | ||
import java.util.UUID; | ||
|
||
public class CreateMuteRule { | ||
|
||
public static void main(String[] args) { | ||
// TODO: Replace the variables within {} | ||
|
||
// parentPath: Use any one of the following options: | ||
// - organizations/{organization_id} | ||
// - folders/{folder_id} | ||
// - projects/{project_id} | ||
String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
||
// muteConfigId: Set a random id; max of 63 chars. | ||
String muteConfigId = "random-mute-id-" + UUID.randomUUID(); | ||
createMuteRule(parentPath, muteConfigId); | ||
} | ||
|
||
// Creates a mute configuration under a given scope that will mute | ||
// all new findings that match a given filter. | ||
// Existing findings will not be muted. | ||
public static void createMuteRule(String parentPath, String muteConfigId) { | ||
// Initialize client that will be used to send requests. This client only needs to be created | ||
// once, and can be reused for multiple requests. After completing all of your requests, call | ||
// the "close" method on the client to safely clean up any remaining background resources. | ||
try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
|
||
MuteConfig muteConfig = | ||
MuteConfig.newBuilder() | ||
.setDescription("Mute low-medium IAM grants excluding 'compute' ") | ||
// Set mute rule(s). | ||
// To construct mute rules and for supported properties, see: | ||
// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules | ||
.setFilter( | ||
"severity=\"LOW\" OR severity=\"MEDIUM\" AND " | ||
+ "category=\"Persistence: IAM Anomalous Grant\" AND " | ||
+ "-resource.type:\"compute\"") | ||
.build(); | ||
|
||
CreateMuteConfigRequest request = | ||
CreateMuteConfigRequest.newBuilder() | ||
.setParent(parentPath) | ||
.setMuteConfigId(muteConfigId) | ||
.setMuteConfig(muteConfig) | ||
.build(); | ||
|
||
// ExecutionException is thrown if the below call fails. | ||
MuteConfig response = client.createMuteConfig(request); | ||
System.out.println("Mute rule created successfully: " + response.getName()); | ||
} catch (IOException e) { | ||
System.out.println("Mute rule creation failed! \n Exception: " + e); | ||
} | ||
} | ||
} | ||
// [END securitycenter_create_mute_config] |
60 changes: 60 additions & 0 deletions
60
...ain/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/DeleteMuteRule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
/* | ||
* Copyright 2022 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
||
// [START securitycenter_delete_mute_config] | ||
|
||
import com.google.cloud.securitycenter.v1.MuteConfigName; | ||
import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
import java.io.IOException; | ||
|
||
public class DeleteMuteRule { | ||
|
||
public static void main(String[] args) { | ||
// TODO(Developer): Replace the following variables | ||
// parentPath: Use any one of the following options: | ||
// - organizations/{organization_id} | ||
// - folders/{folder_id} | ||
// - projects/{project_id} | ||
String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
||
// muteConfigId: Specify the name of the mute config to delete. | ||
String muteConfigId = "mute-config-id"; | ||
|
||
deleteMuteRule(parentPath, muteConfigId); | ||
} | ||
|
||
// Deletes a mute configuration given its resource name. | ||
// Note: Previously muted findings are not affected when a mute config is deleted. | ||
public static void deleteMuteRule(String projectId, String muteConfigId) { | ||
// Initialize client that will be used to send requests. This client only needs to be created | ||
// once, and can be reused for multiple requests. After completing all of your requests, call | ||
// the "close" method on the client to safely clean up any remaining background resources. | ||
try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
// Use appropriate MuteConfigName methods depending on the type of parent. | ||
// org -> MuteConfigName.ofOrganizationMuteConfigName() | ||
// folder -> MuteConfigName.ofFolderMuteConfigName() | ||
// project -> MuteConfigName.ofProjectMuteConfigName) | ||
client.deleteMuteConfig(MuteConfigName.ofProjectMuteConfigName(projectId, muteConfigId)); | ||
|
||
System.out.println("Mute rule deleted successfully: " + muteConfigId); | ||
} catch (IOException e) { | ||
System.out.println("Mute rule deletion failed! \n Exception: " + e); | ||
} | ||
} | ||
} | ||
// [END securitycenter_delete_mute_config] |
62 changes: 62 additions & 0 deletions
62
...c/main/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/GetMuteRule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
/* | ||
* Copyright 2022 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
||
// [START securitycenter_get_mute_config] | ||
|
||
import com.google.cloud.securitycenter.v1.MuteConfig; | ||
import com.google.cloud.securitycenter.v1.MuteConfigName; | ||
import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
import java.io.IOException; | ||
|
||
public class GetMuteRule { | ||
|
||
public static void main(String[] args) { | ||
// TODO(Developer): Replace the following variables | ||
|
||
// parentPath: Use any one of the following options: | ||
// - organizations/{organization_id} | ||
// - folders/{folder_id} | ||
// - projects/{project_id} | ||
String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
||
// muteConfigId: Name of the mute config to retrieve. | ||
String muteConfigId = "mute-config-id"; | ||
|
||
getMuteRule(parentPath, muteConfigId); | ||
} | ||
|
||
// Retrieves a mute configuration given its resource name. | ||
public static void getMuteRule(String projectId, String muteConfigId) { | ||
// Initialize client that will be used to send requests. This client only needs to be created | ||
// once, and can be reused for multiple requests. After completing all of your requests, call | ||
// the "close" method on the client to safely clean up any remaining background resources. | ||
try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
// Use appropriate MuteConfigName methods depending on the type of parent. | ||
// (org -> MuteConfigName.ofOrganizationMuteConfigName() | ||
// folder -> MuteConfigName.ofFolderMuteConfigName() | ||
// project -> MuteConfigName.ofProjectMuteConfigName) | ||
MuteConfig muteConfig = | ||
client.getMuteConfig(MuteConfigName.ofProjectMuteConfigName(projectId, muteConfigId)); | ||
|
||
System.out.println("Retrieved the mute config: " + muteConfig); | ||
} catch (IOException e) { | ||
System.out.println("Mute rule retrieval failed! \n Exception: " + e); | ||
} | ||
} | ||
} | ||
// [END securitycenter_get_mute_config] |
Oops, something went wrong.