From 0de725a28892e776c1b45682578387663a19aa22 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Wed, 13 Mar 2019 10:54:02 -0700 Subject: [PATCH 01/13] Add Snippets for working with Assets in Cloud Security Command Center. - I missed instruction for how to add a new key, but I believe a new account is needed, so prestaged assets can be queried. --- .kokoro/presubmit/securitycenter-it.cfg | 27 +++ google-cloud-examples/pom.xml | 4 + .../snippets/AssetSnippets.java | 178 ++++++++++++++++++ .../snippets/ITAssetSnippets.java | 87 +++++++++ 4 files changed, 296 insertions(+) create mode 100644 .kokoro/presubmit/securitycenter-it.cfg create mode 100644 google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java create mode 100644 google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java diff --git a/.kokoro/presubmit/securitycenter-it.cfg b/.kokoro/presubmit/securitycenter-it.cfg new file mode 100644 index 000000000000..3afa1962288e --- /dev/null +++ b/.kokoro/presubmit/securitycenter-it.cfg @@ -0,0 +1,27 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Configure the docker image for kokoro-trampoline. +env_vars: { + key: "TRAMPOLINE_IMAGE" + value: "gcr.io/cloud-devrel-kokoro-resources/java8" +} + +env_vars: { + key: "INTEGRATION_TEST_ARGS" + value: "google-cloud-clients/google-cloud-pubsub" +} + +env_vars: { + key: "JOB_TYPE" + value: "integration" +} + +env_vars: { + key: "GCLOUD_ORGANIZATION" + value: "1081635000895" +} + +env_vars: { + key: "GOOGLE_APPLICATION_CREDENTIALS" + value: "keystore/73713_cscc_it_service_account" +} \ No newline at end of file diff --git a/google-cloud-examples/pom.xml b/google-cloud-examples/pom.xml index ed63603f2c51..6e0fcc5bffe9 100644 --- a/google-cloud-examples/pom.xml +++ b/google-cloud-examples/pom.xml @@ -69,6 +69,10 @@ com.google.cloud google-cloud-spanner + + com.google.cloud + google-cloud-securitycenter + com.google.cloud google-cloud-speech diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java new file mode 100644 index 000000000000..f6c2fce0dd3d --- /dev/null +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -0,0 +1,178 @@ +package com.google.cloud.examples.securitycenter.snippets; + + +import static com.google.cloud.ServiceOptions.getDefaultProjectId; + +import com.google.cloud.securitycenter.v1beta1.ListAssetsRequest; +import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; +import com.google.cloud.securitycenter.v1beta1.OrganizationName; +import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient.ListAssetsPagedResponse; +import com.google.common.base.Preconditions; +import com.google.common.collect.ImmutableList; +import java.io.IOException; +import org.threeten.bp.Duration; +import org.threeten.bp.Instant; +import org.threeten.bp.LocalDateTime; +import org.threeten.bp.ZoneId; +import org.threeten.bp.temporal.ChronoUnit; + +/** + * Snippets for how to work with Assets in Cloud Security Command Center. + */ +public class AssetSnippets { + + private final SecurityCenterClient securityCenterClient; + private final OrganizationName organizationName; + + /** + * Filter that returns all projects in the organization + */ + // [START asset_resource_project_filter] + public static final String PROJECT_ASSET_FILTERS = + "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""; + // [END asset_resource_project_filter] + + + /** + * Create a new AssetSnippets object. + * + * @param client The client to use for contacting the service. + * @param organizationId The organization ID (this should be a numeric value, not the display name + * of the organization). + */ + public AssetSnippets(SecurityCenterClient client, String organizationId) { + this.securityCenterClient = client; + // [START name_from_id] + this.organizationName = OrganizationName.of(organizationId); + // [END name_from_id] + } + + /** + * Lists assets for an organization given meeting filter as of a specific instant in + * time. + * + * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, + * all assets in the organization are returned. + * @param asOf The instant in time to query for. If null, current time is assumed + */ + + // [TARGET list_assets + // [VARIABLE "filter"] + // [VARIABLE "as_of"] + // [START list_assets ] + public ImmutableList listAssets(String filter, + Instant asOf) { + ListAssetsRequest.Builder request = + ListAssetsRequest.newBuilder().setParent(organizationName.toString()); + // + if (filter != null) { + request.setFilter(filter); + } + // Limits assets returned to a particular point in time. + if (asOf != null) { + request.getReadTimeBuilder().setSeconds(asOf.getEpochSecond()).setNanos(asOf.getNano()); + } + ListAssetsPagedResponse response = securityCenterClient.listAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + return ImmutableList.copyOf(response.iterateAll()); + } + // [END list_assets ] + + /** + * Run and print results from common queries. + */ + void demoListAssets() { + // [ START demo_list_assets ] ] + // This takes care of formatting the resource name appropriately from the id.. + + // Query for all currently existing assets + System.out.println("All Assets: " + listAssets(null, null)); + // Query for all firewall rules with open HTTP ports as of now. + System.out.println("Project Assets (now): " + listAssets( + PROJECT_ASSET_FILTERS, null)); + // Query for all firewall rules with open HTTP open HTTP ports as of a day ago. + System.out.println("Open HTTP Firewall Rules (1 day ago): " + listAssets( + PROJECT_ASSET_FILTERS, + Instant.now().minus(Duration.ofDays(1)))); + // [ END demo_list_assets ] ] + } + + /** + * Returns Assets and metadata about assets activity (e.g. added, removed, no change) between + * between + * asOf.minus(timespan) and asOf. + * + * @param timeSpan The time-range to compare assets over. + * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, + * all assets in the organization are returned. + * @param asOf The instant in time to query for. If null, current time is assumed. + */ + public ImmutableList listAssetAndStatusChanges(Duration timeSpan, String filter, + Instant asOf) { + // [ START list_asset_changes ] ] + ListAssetsRequest.Builder request = + ListAssetsRequest.newBuilder().setParent(organizationName.toString()); + request.getCompareDurationBuilder().setSeconds(timeSpan.getSeconds()) + .setNanos(timeSpan.getNano()); + // + if (filter != null) { + request.setFilter(filter); + } + // Limits assets returned to a particular point in time. + if (asOf != null) { + request.getReadTimeBuilder().setSeconds(asOf.getEpochSecond()).setNanos(asOf.getNano()); + } + + ListAssetsPagedResponse response = securityCenterClient.listAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + return ImmutableList.copyOf(response.iterateAll()); + // [ END list_asset_changes ] ] + } + + /** + * Run and print demo outputs of different parameters for {@link #listAssetAndStatusChanges(Duration, + * String, Instant)}. + */ + void demoListAssetAndStatusChanges() { + // [ START demo_list_asset_changes ] ] + // List assets that are GCP Projects and their changes over the last day. + System.out.println(listAssetAndStatusChanges(Duration.ofDays(1), PROJECT_ASSET_FILTERS, null)); + + final LocalDateTime jan1 = LocalDateTime.of(2019, 1, 1, 0, 0); + final LocalDateTime dec1 = LocalDateTime.of(2018, 12, 1, 0, 0); + final Duration lastMonth = Duration.ofDays(ChronoUnit.DAYS.between(dec1, jan1)); + // Query for GCE instances with the name including "Debia" and there changes over between Dec 1, 2019 and Jan 1, 2019 . + System.out.println( + "Project Changes between (between Dec 2019 and Jan 2019): " + listAssetAndStatusChanges( + lastMonth, /* filter (no filter applied) = */null, + jan1.atZone(ZoneId.of("Europe/Paris")).toInstant())); + // [ END demo_list_asset_changes ] ] + } + + public static void main(String... args) throws IOException { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + String org_id = System.getenv("ORGANIZATION_ID"); + if (args.length > 0) { + org_id = args[0]; + } + if (org_id == null) { + Preconditions.checkNotNull(org_id, + "Organization ID must either be set in the environment variable \"ORGANIZATION_ID\" or passed" + + " as the first parameter to the program."); + } + AssetSnippets snippets = new AssetSnippets(client, org_id); + System.out.println("Project Assets:" + snippets.listAssets(PROJECT_ASSET_FILTERS, null)); + System.out.println("Project Assets (changes as of a day ago): " + snippets + .listAssetAndStatusChanges(Duration.ofDays(1), + PROJECT_ASSET_FILTERS, null)); + } + } + +} diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java new file mode 100644 index 000000000000..b96659d3d23c --- /dev/null +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -0,0 +1,87 @@ +package com.google.cloud.examples.securitycenter.snippets; + +import static com.google.cloud.ServiceOptions.getDefaultProjectId; +import static junit.framework.TestCase.assertEquals; +import static junit.framework.TestCase.assertTrue; +import static org.hamcrest.MatcherAssert.assertThat; + + +import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; +import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient; +import com.google.common.collect.ImmutableList; +import java.io.IOException; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.threeten.bp.Duration; +import org.threeten.bp.Instant; +import org.threeten.bp.LocalDateTime; +import org.threeten.bp.ZoneOffset; + +/** Smoke tests for {@link com.google.cloud.examples.securitycenter.snippets.AssetSnippets} */ +public class ITAssetSnippets { + + static SecurityCenterClient client; + static AssetSnippets snippets; + + public static final Instant NOTHING_INSTANCE = LocalDateTime.of(2019, 1, 1, 0, 0).toInstant(ZoneOffset.UTC); + public static final Instant SOMETHING_INSTANCE = LocalDateTime.of(2019, 3, 14, 8, 0).toInstant(ZoneOffset.ofHours((-8))); + + @BeforeClass + public static void beforeClass() throws IOException { + client = SecurityCenterClient.create(); + snippets = new AssetSnippets(client, getOrganizationId()); + } + + @Test + public void mainRuns() throws IOException { + AssetSnippets.main(getOrganizationId()); + } + + @Test + public void demosRun() throws IOException { + snippets.demoListAssets(); + snippets.demoListAssetAndStatusChanges(); + } + + @Test + public void testAllAssetsReturned() { + assertTrue(0 < snippets.listAssets(null, null).size() ); + } + + @Test + public void testBeforeDateNoAssetsReturned() { + assertTrue( + snippets.listAssets(null, NOTHING_INSTANCE) + .isEmpty()); + } + + @Test + public void testListAssetsNoFilterOrDate() { + assertTrue(59 >= snippets.listAssets(null, null).size()); + } + + @Test + public void testListAssetsWithFilterAndInstance() { + assertTrue(3 >= snippets.listAssets(AssetSnippets.PROJECT_ASSET_FILTERS, SOMETHING_INSTANCE).size()); + } + + @Test + public void testChangesReturnsValues() { + ImmutableList result = snippets.listAssetAndStatusChanges(Duration.ofDays(3), AssetSnippets.PROJECT_ASSET_FILTERS, + SOMETHING_INSTANCE); + assertTrue("Result: " + result.toString(), result.toString().contains("ADDED")); + assertTrue(3 >= result.size()); + } + + @AfterClass + public static void tearDown() { + client.close(); + } + + private static String getOrganizationId() { + return System.getenv("GCLOUD_ORGANIZATION"); + } + + +} From d1d7faaed39659c13622d8be8279436fbf48ac61 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Tue, 19 Mar 2019 13:24:21 -0700 Subject: [PATCH 02/13] Address code review comments. --- .../snippets/AssetSnippets.java | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index f6c2fce0dd3d..833781757177 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -28,10 +28,10 @@ public class AssetSnippets { /** * Filter that returns all projects in the organization */ - // [START asset_resource_project_filter] + // [START asset_resource_project_filter] public static final String PROJECT_ASSET_FILTERS = "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""; - // [END asset_resource_project_filter] + // [END asset_resource_project_filter] /** @@ -57,15 +57,15 @@ public AssetSnippets(SecurityCenterClient client, String organizationId) { * @param asOf The instant in time to query for. If null, current time is assumed */ - // [TARGET list_assets + // [TARGET list_assets] // [VARIABLE "filter"] // [VARIABLE "as_of"] - // [START list_assets ] + // [START list_assets] public ImmutableList listAssets(String filter, Instant asOf) { ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); - // + // Default for API is to return all assets. if (filter != null) { request.setFilter(filter); } @@ -80,13 +80,13 @@ public ImmutableList listAssets(String filter, // the Iterable returned response.iterateAll() directly. return ImmutableList.copyOf(response.iterateAll()); } - // [END list_assets ] + // [END list_assets] /** * Run and print results from common queries. */ void demoListAssets() { - // [ START demo_list_assets ] ] + // [START demo_list_assets] // This takes care of formatting the resource name appropriately from the id.. // Query for all currently existing assets @@ -98,7 +98,7 @@ void demoListAssets() { System.out.println("Open HTTP Firewall Rules (1 day ago): " + listAssets( PROJECT_ASSET_FILTERS, Instant.now().minus(Duration.ofDays(1)))); - // [ END demo_list_assets ] ] + // [END demo_list_assets] } /** @@ -113,7 +113,7 @@ void demoListAssets() { */ public ImmutableList listAssetAndStatusChanges(Duration timeSpan, String filter, Instant asOf) { - // [ START list_asset_changes ] ] + // [START list_asset_changes] ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); request.getCompareDurationBuilder().setSeconds(timeSpan.getSeconds()) @@ -133,7 +133,7 @@ public ImmutableList listAssetAndStatusChanges(Duration timeSp // this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. return ImmutableList.copyOf(response.iterateAll()); - // [ END list_asset_changes ] ] + // [END list_asset_changes] } /** @@ -141,7 +141,7 @@ public ImmutableList listAssetAndStatusChanges(Duration timeSp * String, Instant)}. */ void demoListAssetAndStatusChanges() { - // [ START demo_list_asset_changes ] ] + // [START demo_list_asset_changes] // List assets that are GCP Projects and their changes over the last day. System.out.println(listAssetAndStatusChanges(Duration.ofDays(1), PROJECT_ASSET_FILTERS, null)); @@ -153,7 +153,7 @@ void demoListAssetAndStatusChanges() { "Project Changes between (between Dec 2019 and Jan 2019): " + listAssetAndStatusChanges( lastMonth, /* filter (no filter applied) = */null, jan1.atZone(ZoneId.of("Europe/Paris")).toInstant())); - // [ END demo_list_asset_changes ] ] + // [END demo_list_asset_changes] } public static void main(String... args) throws IOException { From 870f1006848f6f68e2e4f1b4d6501da1c1439c85 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Tue, 19 Mar 2019 13:28:47 -0700 Subject: [PATCH 03/13] remove securitycenter-it.cfg --- .kokoro/presubmit/securitycenter-it.cfg | 27 ------------------------- 1 file changed, 27 deletions(-) delete mode 100644 .kokoro/presubmit/securitycenter-it.cfg diff --git a/.kokoro/presubmit/securitycenter-it.cfg b/.kokoro/presubmit/securitycenter-it.cfg deleted file mode 100644 index 3afa1962288e..000000000000 --- a/.kokoro/presubmit/securitycenter-it.cfg +++ /dev/null @@ -1,27 +0,0 @@ -# Format: //devtools/kokoro/config/proto/build.proto - -# Configure the docker image for kokoro-trampoline. -env_vars: { - key: "TRAMPOLINE_IMAGE" - value: "gcr.io/cloud-devrel-kokoro-resources/java8" -} - -env_vars: { - key: "INTEGRATION_TEST_ARGS" - value: "google-cloud-clients/google-cloud-pubsub" -} - -env_vars: { - key: "JOB_TYPE" - value: "integration" -} - -env_vars: { - key: "GCLOUD_ORGANIZATION" - value: "1081635000895" -} - -env_vars: { - key: "GOOGLE_APPLICATION_CREDENTIALS" - value: "keystore/73713_cscc_it_service_account" -} \ No newline at end of file From 1f2106c62a8235f0ea55843ca4bafab20036c74f Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Tue, 19 Mar 2019 17:09:27 -0700 Subject: [PATCH 04/13] update comments --- .../cloud/examples/securitycenter/snippets/AssetSnippets.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 833781757177..fa2c6c10e28c 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -91,10 +91,10 @@ void demoListAssets() { // Query for all currently existing assets System.out.println("All Assets: " + listAssets(null, null)); - // Query for all firewall rules with open HTTP ports as of now. + // Query for all projects as of now. System.out.println("Project Assets (now): " + listAssets( PROJECT_ASSET_FILTERS, null)); - // Query for all firewall rules with open HTTP open HTTP ports as of a day ago. + // Query for all projects as of a day ago. System.out.println("Open HTTP Firewall Rules (1 day ago): " + listAssets( PROJECT_ASSET_FILTERS, Instant.now().minus(Duration.ofDays(1)))); From c88e4cd07fedb3314e14fe006094bb60ff799d96 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Tue, 19 Mar 2019 17:10:17 -0700 Subject: [PATCH 05/13] fix string remove firewall reference --- .../cloud/examples/securitycenter/snippets/AssetSnippets.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index fa2c6c10e28c..d51d77704043 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -95,7 +95,7 @@ void demoListAssets() { System.out.println("Project Assets (now): " + listAssets( PROJECT_ASSET_FILTERS, null)); // Query for all projects as of a day ago. - System.out.println("Open HTTP Firewall Rules (1 day ago): " + listAssets( + System.out.println("Project Assets (1 day ago): " + listAssets( PROJECT_ASSET_FILTERS, Instant.now().minus(Duration.ofDays(1)))); // [END demo_list_assets] From 70eed969d68ea9f3d0992432ec1d4e6eec698f27 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Wed, 20 Mar 2019 14:10:14 -0700 Subject: [PATCH 06/13] Fix format --- .../snippets/AssetSnippets.java | 78 +++++++++---------- .../snippets/ITAssetSnippets.java | 26 +++---- 2 files changed, 47 insertions(+), 57 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index d51d77704043..d7da95c4d9c3 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -1,8 +1,6 @@ package com.google.cloud.examples.securitycenter.snippets; -import static com.google.cloud.ServiceOptions.getDefaultProjectId; - import com.google.cloud.securitycenter.v1beta1.ListAssetsRequest; import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1beta1.OrganizationName; @@ -17,29 +15,24 @@ import org.threeten.bp.ZoneId; import org.threeten.bp.temporal.ChronoUnit; -/** - * Snippets for how to work with Assets in Cloud Security Command Center. - */ +/** Snippets for how to work with Assets in Cloud Security Command Center. */ public class AssetSnippets { private final SecurityCenterClient securityCenterClient; private final OrganizationName organizationName; - /** - * Filter that returns all projects in the organization - */ + /** Filter that returns all projects in the organization */ // [START asset_resource_project_filter] public static final String PROJECT_ASSET_FILTERS = "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""; // [END asset_resource_project_filter] - /** * Create a new AssetSnippets object. * * @param client The client to use for contacting the service. * @param organizationId The organization ID (this should be a numeric value, not the display name - * of the organization). + * of the organization). */ public AssetSnippets(SecurityCenterClient client, String organizationId) { this.securityCenterClient = client; @@ -52,17 +45,16 @@ public AssetSnippets(SecurityCenterClient client, String organizationId) { * Lists assets for an organization given meeting filter as of a specific instant in * time. * - * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, - * all assets in the organization are returned. - * @param asOf The instant in time to query for. If null, current time is assumed + * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, + * all assets in the organization are returned. + * @param asOf The instant in time to query for. If null, current time is assumed */ // [TARGET list_assets] // [VARIABLE "filter"] // [VARIABLE "as_of"] // [START list_assets] - public ImmutableList listAssets(String filter, - Instant asOf) { + public ImmutableList listAssets(String filter, Instant asOf) { ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); // Default for API is to return all assets. @@ -82,9 +74,7 @@ public ImmutableList listAssets(String filter, } // [END list_assets] - /** - * Run and print results from common queries. - */ + /** Run and print results from common queries. */ void demoListAssets() { // [START demo_list_assets] // This takes care of formatting the resource name appropriately from the id.. @@ -92,31 +82,31 @@ void demoListAssets() { // Query for all currently existing assets System.out.println("All Assets: " + listAssets(null, null)); // Query for all projects as of now. - System.out.println("Project Assets (now): " + listAssets( - PROJECT_ASSET_FILTERS, null)); + System.out.println("Project Assets (now): " + listAssets(PROJECT_ASSET_FILTERS, null)); // Query for all projects as of a day ago. - System.out.println("Project Assets (1 day ago): " + listAssets( - PROJECT_ASSET_FILTERS, - Instant.now().minus(Duration.ofDays(1)))); + System.out.println( + "Project Assets (1 day ago): " + + listAssets(PROJECT_ASSET_FILTERS, Instant.now().minus(Duration.ofDays(1)))); // [END demo_list_assets] } /** * Returns Assets and metadata about assets activity (e.g. added, removed, no change) between - * between - * asOf.minus(timespan) and asOf. + * between asOf.minus(timespan) and asOf. * * @param timeSpan The time-range to compare assets over. - * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, - * all assets in the organization are returned. - * @param asOf The instant in time to query for. If null, current time is assumed. + * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, + * all assets in the organization are returned. + * @param asOf The instant in time to query for. If null, current time is assumed. */ - public ImmutableList listAssetAndStatusChanges(Duration timeSpan, String filter, - Instant asOf) { + public ImmutableList listAssetAndStatusChanges( + Duration timeSpan, String filter, Instant asOf) { // [START list_asset_changes] ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); - request.getCompareDurationBuilder().setSeconds(timeSpan.getSeconds()) + request + .getCompareDurationBuilder() + .setSeconds(timeSpan.getSeconds()) .setNanos(timeSpan.getNano()); // if (filter != null) { @@ -137,8 +127,8 @@ public ImmutableList listAssetAndStatusChanges(Duration timeSp } /** - * Run and print demo outputs of different parameters for {@link #listAssetAndStatusChanges(Duration, - * String, Instant)}. + * Run and print demo outputs of different parameters for {@link + * #listAssetAndStatusChanges(Duration, String, Instant)}. */ void demoListAssetAndStatusChanges() { // [START demo_list_asset_changes] @@ -148,11 +138,14 @@ void demoListAssetAndStatusChanges() { final LocalDateTime jan1 = LocalDateTime.of(2019, 1, 1, 0, 0); final LocalDateTime dec1 = LocalDateTime.of(2018, 12, 1, 0, 0); final Duration lastMonth = Duration.ofDays(ChronoUnit.DAYS.between(dec1, jan1)); - // Query for GCE instances with the name including "Debia" and there changes over between Dec 1, 2019 and Jan 1, 2019 . + // Query for GCE instances with the name including "Debia" and there changes over between Dec 1, + // 2019 and Jan 1, 2019 . System.out.println( - "Project Changes between (between Dec 2019 and Jan 2019): " + listAssetAndStatusChanges( - lastMonth, /* filter (no filter applied) = */null, - jan1.atZone(ZoneId.of("Europe/Paris")).toInstant())); + "Project Changes between (between Dec 2019 and Jan 2019): " + + listAssetAndStatusChanges( + lastMonth, /* filter (no filter applied) = */ + null, + jan1.atZone(ZoneId.of("Europe/Paris")).toInstant())); // [END demo_list_asset_changes] } @@ -163,16 +156,17 @@ public static void main(String... args) throws IOException { org_id = args[0]; } if (org_id == null) { - Preconditions.checkNotNull(org_id, + Preconditions.checkNotNull( + org_id, "Organization ID must either be set in the environment variable \"ORGANIZATION_ID\" or passed" + " as the first parameter to the program."); } AssetSnippets snippets = new AssetSnippets(client, org_id); System.out.println("Project Assets:" + snippets.listAssets(PROJECT_ASSET_FILTERS, null)); - System.out.println("Project Assets (changes as of a day ago): " + snippets - .listAssetAndStatusChanges(Duration.ofDays(1), - PROJECT_ASSET_FILTERS, null)); + System.out.println( + "Project Assets (changes as of a day ago): " + + snippets.listAssetAndStatusChanges( + Duration.ofDays(1), PROJECT_ASSET_FILTERS, null)); } } - } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index b96659d3d23c..a34e22aff633 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -1,10 +1,6 @@ package com.google.cloud.examples.securitycenter.snippets; -import static com.google.cloud.ServiceOptions.getDefaultProjectId; -import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertTrue; -import static org.hamcrest.MatcherAssert.assertThat; - import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient; @@ -24,8 +20,10 @@ public class ITAssetSnippets { static SecurityCenterClient client; static AssetSnippets snippets; - public static final Instant NOTHING_INSTANCE = LocalDateTime.of(2019, 1, 1, 0, 0).toInstant(ZoneOffset.UTC); - public static final Instant SOMETHING_INSTANCE = LocalDateTime.of(2019, 3, 14, 8, 0).toInstant(ZoneOffset.ofHours((-8))); + public static final Instant NOTHING_INSTANCE = + LocalDateTime.of(2019, 1, 1, 0, 0).toInstant(ZoneOffset.UTC); + public static final Instant SOMETHING_INSTANCE = + LocalDateTime.of(2019, 3, 14, 8, 0).toInstant(ZoneOffset.ofHours((-8))); @BeforeClass public static void beforeClass() throws IOException { @@ -46,14 +44,12 @@ public void demosRun() throws IOException { @Test public void testAllAssetsReturned() { - assertTrue(0 < snippets.listAssets(null, null).size() ); + assertTrue(0 < snippets.listAssets(null, null).size()); } @Test public void testBeforeDateNoAssetsReturned() { - assertTrue( - snippets.listAssets(null, NOTHING_INSTANCE) - .isEmpty()); + assertTrue(snippets.listAssets(null, NOTHING_INSTANCE).isEmpty()); } @Test @@ -63,13 +59,15 @@ public void testListAssetsNoFilterOrDate() { @Test public void testListAssetsWithFilterAndInstance() { - assertTrue(3 >= snippets.listAssets(AssetSnippets.PROJECT_ASSET_FILTERS, SOMETHING_INSTANCE).size()); + assertTrue( + 3 >= snippets.listAssets(AssetSnippets.PROJECT_ASSET_FILTERS, SOMETHING_INSTANCE).size()); } @Test public void testChangesReturnsValues() { - ImmutableList result = snippets.listAssetAndStatusChanges(Duration.ofDays(3), AssetSnippets.PROJECT_ASSET_FILTERS, - SOMETHING_INSTANCE); + ImmutableList result = + snippets.listAssetAndStatusChanges( + Duration.ofDays(3), AssetSnippets.PROJECT_ASSET_FILTERS, SOMETHING_INSTANCE); assertTrue("Result: " + result.toString(), result.toString().contains("ADDED")); assertTrue(3 >= result.size()); } @@ -82,6 +80,4 @@ public static void tearDown() { private static String getOrganizationId() { return System.getenv("GCLOUD_ORGANIZATION"); } - - } From 4cac4338308acf2afdff82d8399329c016811b7e Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Thu, 21 Mar 2019 09:28:52 -0700 Subject: [PATCH 07/13] fix format --- .../cloud/examples/securitycenter/snippets/AssetSnippets.java | 1 - 1 file changed, 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index d7da95c4d9c3..c8334ca2a9a5 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -1,6 +1,5 @@ package com.google.cloud.examples.securitycenter.snippets; - import com.google.cloud.securitycenter.v1beta1.ListAssetsRequest; import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; import com.google.cloud.securitycenter.v1beta1.OrganizationName; From d1007610afbe566648d2bedbd7a7a173db4913c4 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Thu, 21 Mar 2019 13:36:27 -0700 Subject: [PATCH 08/13] Address comments and fix bad docs/alignment with python example --- .../snippets/AssetSnippets.java | 39 ++++++++++--------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index c8334ca2a9a5..72495ab3b04d 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -49,11 +49,10 @@ public AssetSnippets(SecurityCenterClient client, String organizationId) { * @param asOf The instant in time to query for. If null, current time is assumed */ - // [TARGET list_assets] - // [VARIABLE "filter"] - // [VARIABLE "as_of"] // [START list_assets] public ImmutableList listAssets(String filter, Instant asOf) { + // Start setting up a request for to search for all assets in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); // Default for API is to return all assets. @@ -75,18 +74,21 @@ public ImmutableList listAssets(String filter, Instant asOf) { /** Run and print results from common queries. */ void demoListAssets() { - // [START demo_list_assets] - // This takes care of formatting the resource name appropriately from the id.. // Query for all currently existing assets + // [START demo_list_all_assets] System.out.println("All Assets: " + listAssets(null, null)); + // [END demo_list_all_assets] // Query for all projects as of now. + // [START demo_list_assets_with_filter] System.out.println("Project Assets (now): " + listAssets(PROJECT_ASSET_FILTERS, null)); + // [END demo_list_assets_with_filter] // Query for all projects as of a day ago. + // [START demo_list_assets_with_filter_and_time] System.out.println( "Project Assets (1 day ago): " + listAssets(PROJECT_ASSET_FILTERS, Instant.now().minus(Duration.ofDays(1)))); - // [END demo_list_assets] + // [END demo_list_assets_with_filter_and_time] } /** @@ -98,16 +100,19 @@ void demoListAssets() { * all assets in the organization are returned. * @param asOf The instant in time to query for. If null, current time is assumed. */ + // [START list_asset_changes] public ImmutableList listAssetAndStatusChanges( Duration timeSpan, String filter, Instant asOf) { - // [START list_asset_changes] + + // Start setting up a request for to search for all assets in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); ListAssetsRequest.Builder request = ListAssetsRequest.newBuilder().setParent(organizationName.toString()); request .getCompareDurationBuilder() .setSeconds(timeSpan.getSeconds()) .setNanos(timeSpan.getNano()); - // + // Default for API is to return all assets. if (filter != null) { request.setFilter(filter); } @@ -122,8 +127,8 @@ public ImmutableList listAssetAndStatusChanges( // this can cause out of memory issues. You can process them batches by returning // the Iterable returned response.iterateAll() directly. return ImmutableList.copyOf(response.iterateAll()); - // [END list_asset_changes] } + // [END list_asset_changes] /** * Run and print demo outputs of different parameters for {@link @@ -131,19 +136,15 @@ public ImmutableList listAssetAndStatusChanges( */ void demoListAssetAndStatusChanges() { // [START demo_list_asset_changes] - // List assets that are GCP Projects and their changes over the last day. - System.out.println(listAssetAndStatusChanges(Duration.ofDays(1), PROJECT_ASSET_FILTERS, null)); - - final LocalDateTime jan1 = LocalDateTime.of(2019, 1, 1, 0, 0); - final LocalDateTime dec1 = LocalDateTime.of(2018, 12, 1, 0, 0); - final Duration lastMonth = Duration.ofDays(ChronoUnit.DAYS.between(dec1, jan1)); - // Query for GCE instances with the name including "Debia" and there changes over between Dec 1, - // 2019 and Jan 1, 2019 . + final LocalDateTime march = LocalDateTime.of(2019, 3, 18, 0, 0); + final LocalDateTime feb = LocalDateTime.of(2019, 2, 18, 0, 0); + final Duration lastMonth = Duration.ofDays(ChronoUnit.DAYS.between(feb, march)); + // Query projects and their state changes over between February 18, 2019 and March 18, 2019. System.out.println( "Project Changes between (between Dec 2019 and Jan 2019): " + listAssetAndStatusChanges( - lastMonth, /* filter (no filter applied) = */ - null, + lastMonth, + PROJECT_ASSET_FILTERS, jan1.atZone(ZoneId.of("Europe/Paris")).toInstant())); // [END demo_list_asset_changes] } From dc01b855fddce542183b35e851bcdd1ddf8ecf68 Mon Sep 17 00:00:00 2001 From: emkornfield Date: Thu, 21 Mar 2019 13:54:19 -0700 Subject: [PATCH 09/13] Fix print description --- .../cloud/examples/securitycenter/snippets/AssetSnippets.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 72495ab3b04d..8e2464f297ec 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -141,7 +141,7 @@ void demoListAssetAndStatusChanges() { final Duration lastMonth = Duration.ofDays(ChronoUnit.DAYS.between(feb, march)); // Query projects and their state changes over between February 18, 2019 and March 18, 2019. System.out.println( - "Project Changes between (between Dec 2019 and Jan 2019): " + "Project Changes over a month: " + listAssetAndStatusChanges( lastMonth, PROJECT_ASSET_FILTERS, From 670380953bc37e2b637b54fe503bbb624ef5d44a Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Fri, 22 Mar 2019 14:01:03 -0700 Subject: [PATCH 10/13] Updates per rubrics --- .../snippets/AssetSnippets.java | 241 +++++++++--------- .../snippets/ITAssetSnippets.java | 53 ++-- 2 files changed, 141 insertions(+), 153 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 8e2464f297ec..f1d21c9909a6 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -5,149 +5,164 @@ import com.google.cloud.securitycenter.v1beta1.OrganizationName; import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient; import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient.ListAssetsPagedResponse; +import com.google.common.base.MoreObjects; import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; import java.io.IOException; import org.threeten.bp.Duration; import org.threeten.bp.Instant; -import org.threeten.bp.LocalDateTime; -import org.threeten.bp.ZoneId; -import org.threeten.bp.temporal.ChronoUnit; /** Snippets for how to work with Assets in Cloud Security Command Center. */ public class AssetSnippets { + private AssetSnippets() {} - private final SecurityCenterClient securityCenterClient; - private final OrganizationName organizationName; - - /** Filter that returns all projects in the organization */ - // [START asset_resource_project_filter] - public static final String PROJECT_ASSET_FILTERS = - "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""; // [END asset_resource_project_filter] /** - * Create a new AssetSnippets object. + * Lists all assets for an organization. * - * @param client The client to use for contacting the service. - * @param organizationId The organization ID (this should be a numeric value, not the display name - * of the organization). + * @param organizationName The organization to list assets for. */ - public AssetSnippets(SecurityCenterClient client, String organizationId) { - this.securityCenterClient = client; - // [START name_from_id] - this.organizationName = OrganizationName.of(organizationId); - // [END name_from_id] + // [START list_all_assets] + static ImmutableList listAssets(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to search for all assets in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + ListAssetsRequest.Builder request = + ListAssetsRequest.newBuilder().setParent(organizationName.toString()); + + // Call the API. + ListAssetsPagedResponse response = client.listAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("All assets:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } } + // [END list_all_assets] /** - * Lists assets for an organization given meeting filter as of a specific instant in - * time. + * Lists all project assets for an organization. * - * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, - * all assets in the organization are returned. - * @param asOf The instant in time to query for. If null, current time is assumed + * @param organizationName The organization to list assets for. */ - - // [START list_assets] - public ImmutableList listAssets(String filter, Instant asOf) { - // Start setting up a request for to search for all assets in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); - ListAssetsRequest.Builder request = - ListAssetsRequest.newBuilder().setParent(organizationName.toString()); - // Default for API is to return all assets. - if (filter != null) { - request.setFilter(filter); + // [START list_assets_with_filter] + static ImmutableList listAssetsWithFilter(OrganizationName organizationName) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to search for all assets in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + ListAssetsRequest request = + ListAssetsRequest.newBuilder() + .setParent(organizationName.toString()) + .setFilter( + "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"") + .build(); + + // Call the API. + ListAssetsPagedResponse response = client.listAssets(request); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Projects:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); } - // Limits assets returned to a particular point in time. - if (asOf != null) { + } + // [END list_assets_with_filter] + + /** + * Lists all project assets for an organization at a given point in time. + * + * @param organizationName The organization to list assets for. + * @param asOf The snapshot time to query for assets. If null defaults to one day ago. + */ + // [START list_assets_as_of_time] + static ImmutableList listAssetsAsOfYesterday( + OrganizationName organizationName, Instant asOf) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { + // Start setting up a request for to search for all assets in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + + // Initialize the builder with the organization and filter + ListAssetsRequest.Builder request = + ListAssetsRequest.newBuilder() + .setParent(organizationName.toString()) + .setFilter( + "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""); + + // Set read time to either the instant passed in or one day ago. + asOf = MoreObjects.firstNonNull(asOf, Instant.now().minus(Duration.ofDays(1))); request.getReadTimeBuilder().setSeconds(asOf.getEpochSecond()).setNanos(asOf.getNano()); - } - ListAssetsPagedResponse response = securityCenterClient.listAssets(request.build()); - // This creates one list for all assets. If your organization has a large number of assets - // this can cause out of memory issues. You can process them batches by returning - // the Iterable returned response.iterateAll() directly. - return ImmutableList.copyOf(response.iterateAll()); - } - // [END list_assets] - - /** Run and print results from common queries. */ - void demoListAssets() { - - // Query for all currently existing assets - // [START demo_list_all_assets] - System.out.println("All Assets: " + listAssets(null, null)); - // [END demo_list_all_assets] - // Query for all projects as of now. - // [START demo_list_assets_with_filter] - System.out.println("Project Assets (now): " + listAssets(PROJECT_ASSET_FILTERS, null)); - // [END demo_list_assets_with_filter] - // Query for all projects as of a day ago. - // [START demo_list_assets_with_filter_and_time] - System.out.println( - "Project Assets (1 day ago): " - + listAssets(PROJECT_ASSET_FILTERS, Instant.now().minus(Duration.ofDays(1)))); - // [END demo_list_assets_with_filter_and_time] + // Call the API. + ListAssetsPagedResponse response = client.listAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Projects:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } } + // [END list_assets_as_of_time] /** * Returns Assets and metadata about assets activity (e.g. added, removed, no change) between * between asOf.minus(timespan) and asOf. * * @param timeSpan The time-range to compare assets over. - * @param filter The filter that assets must meet (e.g. {@link #PROJECT_ASSET_FILTERS}). If null, - * all assets in the organization are returned. * @param asOf The instant in time to query for. If null, current time is assumed. */ - // [START list_asset_changes] - public ImmutableList listAssetAndStatusChanges( - Duration timeSpan, String filter, Instant asOf) { - - // Start setting up a request for to search for all assets in an organization. - // OrganizationName organizationName = OrganizationName.of("123234324"); - ListAssetsRequest.Builder request = - ListAssetsRequest.newBuilder().setParent(organizationName.toString()); - request - .getCompareDurationBuilder() - .setSeconds(timeSpan.getSeconds()) - .setNanos(timeSpan.getNano()); - // Default for API is to return all assets. - if (filter != null) { - request.setFilter(filter); - } - // Limits assets returned to a particular point in time. - if (asOf != null) { - request.getReadTimeBuilder().setSeconds(asOf.getEpochSecond()).setNanos(asOf.getNano()); - } - - ListAssetsPagedResponse response = securityCenterClient.listAssets(request.build()); + // [START list_asset_changes_status_changes] + static ImmutableList listAssetAndStatusChanges( + OrganizationName organizationName, Duration timeSpan, Instant asOf) { + try (SecurityCenterClient client = SecurityCenterClient.create()) { - // This creates one list for all assets. If your organization has a large number of assets - // this can cause out of memory issues. You can process them batches by returning - // the Iterable returned response.iterateAll() directly. - return ImmutableList.copyOf(response.iterateAll()); - } - // [END list_asset_changes] + // Start setting up a request for to search for all assets in an organization. + // OrganizationName organizationName = OrganizationName.of("123234324"); + ListAssetsRequest.Builder request = + ListAssetsRequest.newBuilder() + .setParent(organizationName.toString()) + .setFilter( + "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\""); + request + .getCompareDurationBuilder() + .setSeconds(timeSpan.getSeconds()) + .setNanos(timeSpan.getNano()); + + // Set read time to either the instant passed in or now. + asOf = MoreObjects.firstNonNull(asOf, Instant.now()); + request.getReadTimeBuilder().setSeconds(asOf.getEpochSecond()).setNanos(asOf.getNano()); - /** - * Run and print demo outputs of different parameters for {@link - * #listAssetAndStatusChanges(Duration, String, Instant)}. - */ - void demoListAssetAndStatusChanges() { - // [START demo_list_asset_changes] - final LocalDateTime march = LocalDateTime.of(2019, 3, 18, 0, 0); - final LocalDateTime feb = LocalDateTime.of(2019, 2, 18, 0, 0); - final Duration lastMonth = Duration.ofDays(ChronoUnit.DAYS.between(feb, march)); - // Query projects and their state changes over between February 18, 2019 and March 18, 2019. - System.out.println( - "Project Changes over a month: " - + listAssetAndStatusChanges( - lastMonth, - PROJECT_ASSET_FILTERS, - jan1.atZone(ZoneId.of("Europe/Paris")).toInstant())); - // [END demo_list_asset_changes] + // Call the API. + ListAssetsPagedResponse response = client.listAssets(request.build()); + + // This creates one list for all assets. If your organization has a large number of assets + // this can cause out of memory issues. You can process them batches by returning + // the Iterable returned response.iterateAll() directly. + ImmutableList results = ImmutableList.copyOf(response.iterateAll()); + System.out.println("Projects:"); + System.out.println(results); + return results; + } catch (IOException e) { + throw new RuntimeException("Couldn't create client.", e); + } } + // [END list_asset_changes_status_changes] public static void main(String... args) throws IOException { try (SecurityCenterClient client = SecurityCenterClient.create()) { @@ -161,12 +176,8 @@ public static void main(String... args) throws IOException { "Organization ID must either be set in the environment variable \"ORGANIZATION_ID\" or passed" + " as the first parameter to the program."); } - AssetSnippets snippets = new AssetSnippets(client, org_id); - System.out.println("Project Assets:" + snippets.listAssets(PROJECT_ASSET_FILTERS, null)); - System.out.println( - "Project Assets (changes as of a day ago): " - + snippets.listAssetAndStatusChanges( - Duration.ofDays(1), PROJECT_ASSET_FILTERS, null)); + + listAssetsWithFilter(OrganizationName.of(org_id)); } } } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index a34e22aff633..03aa02a87f7f 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -1,13 +1,13 @@ package com.google.cloud.examples.securitycenter.snippets; import static junit.framework.TestCase.assertTrue; +import static org.junit.Assert.assertEquals; import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult; -import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient; +import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult.State; +import com.google.cloud.securitycenter.v1beta1.OrganizationName; import com.google.common.collect.ImmutableList; import java.io.IOException; -import org.junit.AfterClass; -import org.junit.BeforeClass; import org.junit.Test; import org.threeten.bp.Duration; import org.threeten.bp.Instant; @@ -17,67 +17,44 @@ /** Smoke tests for {@link com.google.cloud.examples.securitycenter.snippets.AssetSnippets} */ public class ITAssetSnippets { - static SecurityCenterClient client; - static AssetSnippets snippets; - - public static final Instant NOTHING_INSTANCE = + private static final Instant NOTHING_INSTANCE = LocalDateTime.of(2019, 1, 1, 0, 0).toInstant(ZoneOffset.UTC); - public static final Instant SOMETHING_INSTANCE = + private static final Instant SOMETHING_INSTANCE = LocalDateTime.of(2019, 3, 14, 8, 0).toInstant(ZoneOffset.ofHours((-8))); - @BeforeClass - public static void beforeClass() throws IOException { - client = SecurityCenterClient.create(); - snippets = new AssetSnippets(client, getOrganizationId()); - } - @Test public void mainRuns() throws IOException { - AssetSnippets.main(getOrganizationId()); - } - - @Test - public void demosRun() throws IOException { - snippets.demoListAssets(); - snippets.demoListAssetAndStatusChanges(); - } - - @Test - public void testAllAssetsReturned() { - assertTrue(0 < snippets.listAssets(null, null).size()); + AssetSnippets.main(getOrganizationId().getOrganization()); } @Test public void testBeforeDateNoAssetsReturned() { - assertTrue(snippets.listAssets(null, NOTHING_INSTANCE).isEmpty()); + assertTrue( + AssetSnippets.listAssetsAsOfYesterday(getOrganizationId(), NOTHING_INSTANCE).isEmpty()); } @Test public void testListAssetsNoFilterOrDate() { - assertTrue(59 >= snippets.listAssets(null, null).size()); + assertTrue(59 >= AssetSnippets.listAssets(getOrganizationId()).size()); } @Test public void testListAssetsWithFilterAndInstance() { assertTrue( - 3 >= snippets.listAssets(AssetSnippets.PROJECT_ASSET_FILTERS, SOMETHING_INSTANCE).size()); + 3 >= AssetSnippets.listAssetsAsOfYesterday(getOrganizationId(), SOMETHING_INSTANCE).size()); } @Test public void testChangesReturnsValues() { ImmutableList result = - snippets.listAssetAndStatusChanges( - Duration.ofDays(3), AssetSnippets.PROJECT_ASSET_FILTERS, SOMETHING_INSTANCE); + AssetSnippets.listAssetAndStatusChanges( + getOrganizationId(), Duration.ofDays(3), SOMETHING_INSTANCE); assertTrue("Result: " + result.toString(), result.toString().contains("ADDED")); assertTrue(3 >= result.size()); + assertEquals(result.get(0).getState(), State.ADDED); } - @AfterClass - public static void tearDown() { - client.close(); - } - - private static String getOrganizationId() { - return System.getenv("GCLOUD_ORGANIZATION"); + private static OrganizationName getOrganizationId() { + return OrganizationName.of(System.getenv("GCLOUD_ORGANIZATION")); } } From ca3af5cabba5f6e57c6717fd56807c3d18d3c085 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Fri, 22 Mar 2019 14:08:13 -0700 Subject: [PATCH 11/13] fix warnings --- .../snippets/AssetSnippets.java | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index f1d21c9909a6..eb6b3762dcf6 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -164,20 +164,17 @@ static ImmutableList listAssetAndStatusChanges( } // [END list_asset_changes_status_changes] - public static void main(String... args) throws IOException { - try (SecurityCenterClient client = SecurityCenterClient.create()) { - String org_id = System.getenv("ORGANIZATION_ID"); - if (args.length > 0) { - org_id = args[0]; - } - if (org_id == null) { - Preconditions.checkNotNull( - org_id, - "Organization ID must either be set in the environment variable \"ORGANIZATION_ID\" or passed" - + " as the first parameter to the program."); - } - - listAssetsWithFilter(OrganizationName.of(org_id)); + public static void main(String... args) { + String org_id = System.getenv("ORGANIZATION_ID"); + if (args.length > 0) { + org_id = args[0]; } + + Preconditions.checkNotNull( + org_id, + "Organization ID must either be set in the environment variable \"ORGANIZATION_ID\" or passed" + + " as the first parameter to the program."); + + listAssetsWithFilter(OrganizationName.of(org_id)); } } From 4096ed2d341f4cb1d4299d0c3788a4dea353371d Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Mon, 25 Mar 2019 15:45:22 -0700 Subject: [PATCH 12/13] Add Apache Headers --- .../securitycenter/snippets/AssetSnippets.java | 15 +++++++++++++++ .../securitycenter/snippets/ITAssetSnippets.java | 16 ++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index eb6b3762dcf6..39829a17c14b 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -1,3 +1,18 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.google.cloud.examples.securitycenter.snippets; import com.google.cloud.securitycenter.v1beta1.ListAssetsRequest; diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java index 03aa02a87f7f..b3198b52075f 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/securitycenter/snippets/ITAssetSnippets.java @@ -1,3 +1,19 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package com.google.cloud.examples.securitycenter.snippets; import static junit.framework.TestCase.assertTrue; From 4bd510ca1af183f825b0387dd00eafb1352b15f2 Mon Sep 17 00:00:00 2001 From: Micah Kornfield Date: Mon, 25 Mar 2019 15:48:04 -0700 Subject: [PATCH 13/13] remove unused comment --- .../cloud/examples/securitycenter/snippets/AssetSnippets.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java index 39829a17c14b..349b295980dd 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/AssetSnippets.java @@ -31,8 +31,6 @@ public class AssetSnippets { private AssetSnippets() {} - // [END asset_resource_project_filter] - /** * Lists all assets for an organization. *