1414# See the License for the specific language governing permissions and
1515# limitations under the License.
1616
17- """ Examples of working with source and findings in Cloud Security Command Center."""
17+ """Examples of working with source and findings in Cloud Security Command Center."""
18+
19+ from itertools import chain
1820import os
1921import pytest
2022
@@ -43,7 +45,7 @@ def source_name(organization_id):
4345
4446
4547def test_create_source (organization_id ):
46- """ Create a new findings source. """
48+ """Create a new findings source. """
4749 # [START create_source]
4850 from google .cloud import securitycenter as securitycenter
4951
@@ -52,18 +54,87 @@ def test_create_source(organization_id):
5254 # organization_id = "111122222444"
5355 org_name = "organizations/{org_id}" .format (org_id = organization_id )
5456
55- client .create_source (
57+ created = client .create_source (
5658 org_name ,
5759 {
5860 "display_name" : "Customized Display Name" ,
5961 "description" : "A new custom source that does X" ,
6062 },
6163 )
64+ print ("Created Source: {}" .format (created .name ))
6265 # [END create_source]
6366
6467
68+ def test_update_source (source_name ):
69+ "Updates a sources display name."
70+ # [START update_source]
71+ from google .cloud import securitycenter as securitycenter
72+ from google .protobuf import field_mask_pb2
73+
74+ client = securitycenter .SecurityCenterClient ()
75+
76+ # Field mask to only update the display name.
77+ field_mask = field_mask_pb2 .FieldMask (paths = ["display_name" ])
78+
79+ # source_name is the resource path for a source that has been
80+ # created previously (you can use list_sources to find a specific one).
81+ # Its format is:
82+ # source_name = "organizations/{organization_id}/sources/{source_id}"
83+ # e.g.:
84+ # source_name = "organizations/111122222444/sources/1234"
85+ updated = client .update_source (
86+ {"name" : source_name , "display_name" : "Updated Display Name" },
87+ update_mask = field_mask ,
88+ )
89+ print ("Updated Source: {}" .format (updated ))
90+ # [END update_source]
91+ assert updated .display_name == "Updated Display Name"
92+
93+
94+ def test_add_user_to_source (source_name ):
95+ """Gives a user findingsEditor permission to the source."""
96+ user_email = "csccclienttest@gmail.com"
97+ # [START update_source_iam]
98+ from google .cloud import securitycenter as securitycenter
99+ from google .iam .v1 import policy_pb2
100+
101+ client = securitycenter .SecurityCenterClient ()
102+
103+ # source_name is the resource path for a source that has been
104+ # created previously (you can use list_sources to find a specific one).
105+ # Its format is:
106+ # source_name = "organizations/{organization_id}/sources/{source_id}"
107+ # e.g.:
108+ # source_name = "organizations/111122222444/sources/1234"
109+ # Get the old policy so we can do an incremental update.
110+ old_policy = client .get_iam_policy (source_name )
111+ print ("Old Policy: {}" .format (old_policy ))
112+
113+ # Setup a new IAM binding.
114+ binding = policy_pb2 .Binding ()
115+ binding .role = "roles/securitycenter.findingsEditor"
116+ # user_email is an e-mail address known to Cloud IAM (e.g. a gmail address).
117+ # user_mail = user@somedomain.com
118+ binding .members .append ("user:{}" .format (user_email ))
119+
120+ # Setting the e-tag avoids over-write existing policy
121+ updated = client .set_iam_policy (
122+ source_name , {"etag" : old_policy .etag , "bindings" : [binding ]}
123+ )
124+
125+ print ("Updated Policy: {}" .format (updated ))
126+
127+ # [END update_source_iam]
128+ assert any (
129+ member == "user:csccclienttest@gmail.com"
130+ for member in chain .from_iterable (
131+ binding .members for binding in updated .bindings
132+ )
133+ )
134+
135+
65136def test_list_source (organization_id ):
66- """ Create a new findings source. """
137+ """Lists finding sources. """
67138 i = - 1
68139 # [START list_sources]
69140 from google .cloud import securitycenter as securitycenter
@@ -82,7 +153,7 @@ def test_list_source(organization_id):
82153
83154
84155def test_create_finding (source_name ):
85- """Demonstrate listing and printing all assets ."""
156+ """Creates a new finding ."""
86157 # [START create_finding]
87158 from google .cloud import securitycenter as securitycenter
88159 from google .cloud .securitycenter_v1 .proto .finding_pb2 import Finding
0 commit comments