Skip to content

Commit 8d20324

Browse files
author
Micah Kornfield
committed
cleanup
1 parent a287607 commit 8d20324

2 files changed

Lines changed: 90 additions & 5 deletions

File tree

securitycenter/docs/snippets_findings.py

Lines changed: 76 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,9 @@
1414
# See the License for the specific language governing permissions and
1515
# limitations under the License.
1616

17-
""" Examples of working with source and findings in Cloud Security Command Center."""
17+
"""Examples of working with source and findings in Cloud Security Command Center."""
18+
19+
from itertools import chain
1820
import os
1921
import pytest
2022

@@ -43,7 +45,7 @@ def source_name(organization_id):
4345

4446

4547
def test_create_source(organization_id):
46-
""" Create a new findings source. """
48+
"""Create a new findings source. """
4749
# [START create_source]
4850
from google.cloud import securitycenter as securitycenter
4951

@@ -52,18 +54,87 @@ def test_create_source(organization_id):
5254
# organization_id = "111122222444"
5355
org_name = "organizations/{org_id}".format(org_id=organization_id)
5456

55-
client.create_source(
57+
created = client.create_source(
5658
org_name,
5759
{
5860
"display_name": "Customized Display Name",
5961
"description": "A new custom source that does X",
6062
},
6163
)
64+
print("Created Source: {}".format(created.name))
6265
# [END create_source]
6366

6467

68+
def test_update_source(source_name):
69+
"Updates a sources display name."
70+
# [START update_source]
71+
from google.cloud import securitycenter as securitycenter
72+
from google.protobuf import field_mask_pb2
73+
74+
client = securitycenter.SecurityCenterClient()
75+
76+
# Field mask to only update the display name.
77+
field_mask = field_mask_pb2.FieldMask(paths=["display_name"])
78+
79+
# source_name is the resource path for a source that has been
80+
# created previously (you can use list_sources to find a specific one).
81+
# Its format is:
82+
# source_name = "organizations/{organization_id}/sources/{source_id}"
83+
# e.g.:
84+
# source_name = "organizations/111122222444/sources/1234"
85+
updated = client.update_source(
86+
{"name": source_name, "display_name": "Updated Display Name"},
87+
update_mask=field_mask,
88+
)
89+
print("Updated Source: {}".format(updated))
90+
# [END update_source]
91+
assert updated.display_name == "Updated Display Name"
92+
93+
94+
def test_add_user_to_source(source_name):
95+
"""Gives a user findingsEditor permission to the source."""
96+
user_email = "csccclienttest@gmail.com"
97+
# [START update_source_iam]
98+
from google.cloud import securitycenter as securitycenter
99+
from google.iam.v1 import policy_pb2
100+
101+
client = securitycenter.SecurityCenterClient()
102+
103+
# source_name is the resource path for a source that has been
104+
# created previously (you can use list_sources to find a specific one).
105+
# Its format is:
106+
# source_name = "organizations/{organization_id}/sources/{source_id}"
107+
# e.g.:
108+
# source_name = "organizations/111122222444/sources/1234"
109+
# Get the old policy so we can do an incremental update.
110+
old_policy = client.get_iam_policy(source_name)
111+
print("Old Policy: {}".format(old_policy))
112+
113+
# Setup a new IAM binding.
114+
binding = policy_pb2.Binding()
115+
binding.role = "roles/securitycenter.findingsEditor"
116+
# user_email is an e-mail address known to Cloud IAM (e.g. a gmail address).
117+
# user_mail = user@somedomain.com
118+
binding.members.append("user:{}".format(user_email))
119+
120+
# Setting the e-tag avoids over-write existing policy
121+
updated = client.set_iam_policy(
122+
source_name, {"etag": old_policy.etag, "bindings": [binding]}
123+
)
124+
125+
print("Updated Policy: {}".format(updated))
126+
127+
# [END update_source_iam]
128+
assert any(
129+
member == "user:csccclienttest@gmail.com"
130+
for member in chain.from_iterable(
131+
binding.members for binding in updated.bindings
132+
)
133+
)
134+
135+
65136
def test_list_source(organization_id):
66-
""" Create a new findings source. """
137+
"""Lists finding sources."""
67138
i = -1
68139
# [START list_sources]
69140
from google.cloud import securitycenter as securitycenter
@@ -82,7 +153,7 @@ def test_list_source(organization_id):
82153

83154

84155
def test_create_finding(source_name):
85-
"""Demonstrate listing and printing all assets."""
156+
"""Creates a new finding."""
86157
# [START create_finding]
87158
from google.cloud import securitycenter as securitycenter
88159
from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding

securitycenter/docs/snippets_security_marks.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ def test_add_to_asset(asset_name):
131131

132132

133133
def test_clear_from_asset(asset_name):
134+
"""Removes security marks from an asset."""
134135
# Make sure they are there first
135136
test_add_to_asset(asset_name)
136137
# [START clear_marks_asset]
@@ -164,13 +165,18 @@ def test_clear_from_asset(asset_name):
164165

165166

166167
def test_delete_and_update_marks(asset_name):
168+
"""Updates and deletes security marks from an asset in the same call."""
167169
# Make sure they are there first
168170
test_add_to_asset(asset_name)
169171
# [START delete_and_update_marks]
170172
from google.cloud import securitycenter as securitycenter
171173
from google.protobuf import field_mask_pb2
172174

173175
client = securitycenter.SecurityCenterClient()
176+
# asset_name is the resource path for an asset that exists in CSCC.
177+
# Its format is "organization/{organization_id}/assets/{asset_id}
178+
# e.g.:
179+
# asset_name = organizations/123123342/assets/12312321
174180
marks_name = "{}/securityMarks".format(asset_name)
175181

176182
field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"])
@@ -185,11 +191,17 @@ def test_delete_and_update_marks(asset_name):
185191

186192

187193
def test_add_to_finding(finding_name):
194+
"""Adds security marks to a finding. """
188195
# [START add_marks_to_finding]
189196
from google.cloud import securitycenter as securitycenter
190197
from google.protobuf import field_mask_pb2
191198

192199
client = securitycenter.SecurityCenterClient()
200+
# finding_name is the resource path for a finding that exists in CSCC.
201+
# Its format is
202+
# "organizations/{org_id}/sources/{source_id}/findings/{finding_id}"
203+
# e.g.:
204+
# finding_name = "organizations/1112/sources/1234/findings/findingid"
193205
finding_marks_name = "{}/securityMarks".format(finding_name)
194206

195207
# Notice the suffix after "marks." in the field mask matches the keys
@@ -208,6 +220,7 @@ def test_add_to_finding(finding_name):
208220

209221

210222
def test_list_assets_with_query_marks(organization_id, asset_name):
223+
"""Lists assets with a filter on security marks. """
211224
test_add_to_asset(asset_name)
212225
# [START demo_list_assets_with_security_marks]
213226
from google.cloud import securitycenter as securitycenter
@@ -231,6 +244,7 @@ def test_list_assets_with_query_marks(organization_id, asset_name):
231244

232245

233246
def test_list_findings_with_query_marks(source_name, finding_name):
247+
"""Lists findings with a filter on security marks."""
234248
# ensure marks are set on finding.
235249
test_add_to_finding(finding_name)
236250
i = -1

0 commit comments

Comments
 (0)