This repository was archived by the owner on Sep 16, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 15
docs(samples): added samples for Mute config #719
Merged
Merged
Changes from all commits
Commits
Show all changes
34 commits
Select commit
Hold shift + click to select a range
a8fe3df
docs(scc-samples): init add CRUD mute config samples
Sita04 91c6e73
added bulk mute and mute/unmute samples
Sita04 65061cd
refactor(samples): modified class name
Sita04 9d106d7
refactor(samples): added muteConfigId and refactored class name
Sita04 035f6ed
test(samples): added tests for mute config samples
Sita04 78a1073
🦉 Updates from OwlBot
gcf-owl-bot[bot] be3f070
docs(samples): updated samples and test files
Sita04 3eae120
Merge remote-tracking branch 'origin/mute-config-samples' into mute-c…
Sita04 9b29a46
Merge branch 'main' into mute-config-samples
Sita04 a1eaeaf
🦉 Updates from OwlBot
gcf-owl-bot[bot] 458ea1c
Merge branch 'mute-config-samples' of https://github.com/googleapis/j…
gcf-owl-bot[bot] 0347a16
docs(samples): lint fix
Sita04 3983db0
🦉 Updates from OwlBot
gcf-owl-bot[bot] 44ef607
Merge branch 'mute-config-samples' of https://github.com/googleapis/j…
gcf-owl-bot[bot] 29b6519
Merge remote-tracking branch 'origin/mute-config-samples' into mute-c…
Sita04 66aec2b
Merge remote-tracking branch 'origin/mute-config-samples' into mute-c…
Sita04 b52adf5
docs(samples): applied documentation review comments
Sita04 5d0c7d4
docs(samples): applied review comments
Sita04 8a62abd
🦉 Updates from OwlBot post-processor
gcf-owl-bot[bot] 6ef35fd
docs(samples): added test env variables
Sita04 7d5ab5d
Merge remote-tracking branch 'origin/mute-config-samples' into mute-c…
Sita04 76c782d
🦉 Updates from OwlBot post-processor
gcf-owl-bot[bot] 75bc1da
docs(samples): added test env variables
Sita04 e514078
updated config typo
Sita04 9541362
Merge branch 'main' into mute-config-samples
Sita04 19b9e01
test: try changing the env var name
Neenu1995 3464ffc
Update samples.cfg
Neenu1995 6614822
Update samples.cfg
Neenu1995 34e0905
updated samples.cfg
Sita04 73d84f9
docs(samples): updated acc to review comments
Sita04 bb56253
Merge remote-tracking branch 'origin/mute-config-samples' into mute-c…
Sita04 f868418
lint fix
Sita04 cd906d4
lint fix
Sita04 0259064
lint fix
Sita04 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<
8000
/div>
View file
Open in desktop
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 71 additions & 0 deletions
71
...n/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/BulkMuteFindings.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| /* | ||
| * Copyright 2021 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
|
||
| // [START securitycenter_bulk_mute] | ||
|
|
||
| import com.google.cloud.securitycenter.v1.BulkMuteFindingsRequest; | ||
| import com.google.cloud.securitycenter.v1.BulkMuteFindingsResponse; | ||
| import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
| import java.io.IOException; | ||
| import java.util.concurrent.ExecutionException; | ||
|
|
||
| public class BulkMuteFindings { | ||
|
|
||
| public static void main(String[] args) { | ||
| // TODO: Replace the variables within {} | ||
|
|
||
| // parentPath: Use any one of the following options: | ||
| // - organizations/{organization_id} | ||
| // - folders/{folder_id} | ||
| // - projects/{project_id} | ||
| String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
|
||
| // muteRule: Expression that identifies findings that should be muted. | ||
| // eg: "resource.project_display_name=\"PROJECT_ID\"" | ||
| String muteRule = "{filter-condition}"; | ||
|
|
||
| bulkMute(parentPath, muteRule); | ||
| } | ||
|
|
||
| // Kicks off a long-running operation (LRO) to bulk mute findings for a parent based on a filter. | ||
| // The parent can be either an organization, folder, or project. The findings | ||
| // matched by the filter will be muted after the LRO is done. | ||
| public static void bulkMute(String parentPath, String muteRule) { | ||
| // Initialize client that will be used to send requests. This client only needs to be created | ||
| // once, and can be reused for multiple requests. After completing all of your requests, call | ||
| // the "close" method on the client to safely clean up any remaining background resources. | ||
| try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
|
|
||
| BulkMuteFindingsRequest bulkMuteFindingsRequest = | ||
| BulkMuteFindingsRequest.newBuilder() | ||
| .setParent(parentPath) | ||
| // To create mute rules, see: | ||
| // https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules | ||
| .setFilter(muteRule) | ||
| .build(); | ||
|
|
||
| // ExecutionException is thrown if the below call fails. | ||
| BulkMuteFindingsResponse response = | ||
| client.bulkMuteFindingsAsync(bulkMuteFindingsRequest).get(); | ||
| System.out.println("Bulk mute findings completed successfully! " + response); | ||
| } catch (IOException | InterruptedException | ExecutionException e) { | ||
| System.out.println("Bulk mute findings failed! \n Exception: " + e); | ||
| } | ||
| } | ||
| } | ||
| // [END securitycenter_bulk_mute] | ||
79 changes: 79 additions & 0 deletions
79
...ain/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/CreateMuteRule.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| /* | ||
| * Copyright 2021 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
|
||
| // [START securitycenter_create_mute_config] | ||
|
|
||
| import com.google.cloud.securitycenter.v1.CreateMuteConfigRequest; | ||
| import com.google.cloud.securitycenter.v1.MuteConfig; | ||
| import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
| import java.io.IOException; | ||
| import java.util.UUID; | ||
|
|
||
| public class CreateMuteRule { | ||
|
|
||
| public static void main(String[] args) { | ||
| // TODO: Replace the variables within {} | ||
|
|
||
| // parentPath: Use any one of the following options: | ||
| // - organizations/{organization_id} | ||
| // - folders/{folder_id} | ||
| // - projects/{project_id} | ||
| String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
|
||
| // muteConfigId: Set a random id; max of 63 chars. | ||
| String muteConfigId = "random-mute-id-" + UUID.randomUUID(); | ||
| createMuteRule(parentPath, muteConfigId); | ||
| } | ||
|
|
||
| // Creates a mute configuration under a given scope that will mute | ||
| // all new findings that match a given filter. | ||
| // Existing findings will not be muted. | ||
| public static void createMuteRule(String parentPath, String muteConfigId) { | ||
| // Initialize client that will be used to send requests. This client only needs to be created | ||
| // once, and can be reused for multiple requests. After completing all of your requests, call | ||
| // the "close" method on the client to safely clean up any remaining background resources. | ||
| try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
|
|
||
| MuteConfig muteConfig = | ||
| MuteConfig.newBuilder() | ||
| .setDescription("Mute low-medium IAM grants excluding 'compute' ") | ||
| // Set mute rule(s). | ||
| // To construct mute rules and for supported properties, see: | ||
| // https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules | ||
| .setFilter( | ||
| "severity=\"LOW\" OR severity=\"MEDIUM\" AND " | ||
| + "category=\"Persistence: IAM Anomalous Grant\" AND " | ||
| + "-resource.type:\"compute\"") | ||
| .build(); | ||
|
|
||
| CreateMuteConfigRequest request = | ||
| CreateMuteConfigRequest.newBuilder() | ||
| .setParent(parentPath) | ||
| .setMuteConfigId(muteConfigId) | ||
| .setMuteConfig(muteConfig) | ||
| .build(); | ||
|
|
||
| // ExecutionException is thrown if the below call fails. | ||
| MuteConfig response = client.createMuteConfig(request); | ||
Sita04 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| System.out.println("Mute rule created successfully: " + response.getName()); | ||
| } catch (IOException e) { | ||
| System.out.println("Mute rule creation failed! \n Exception: " + e); | ||
| } | ||
| } | ||
| } | ||
| // [END securitycenter_create_mute_config] | ||
60 changes: 60 additions & 0 deletions
60
...ain/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/DeleteMuteRule.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| /* | ||
| * Copyright 2022 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
|
||
| // [START securitycenter_delete_mute_config] | ||
|
|
||
| import com.google.cloud.securitycenter.v1.MuteConfigName; | ||
| import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
| import java.io.IOException; | ||
|
|
||
| public class DeleteMuteRule { | ||
|
|
||
| public static void main(String[] args) { | ||
| // TODO(Developer): Replace the following variables | ||
| // parentPath: Use any one of the following options: | ||
| // - organizations/{organization_id} | ||
| // - folders/{folder_id} | ||
| // - projects/{project_id} | ||
| String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
|
||
| // muteConfigId: Specify the name of the mute config to delete. | ||
| String muteConfigId = "mute-config-id"; | ||
|
|
||
| deleteMuteRule(parentPath, muteConfigId); | ||
| } | ||
|
|
||
| // Deletes a mute configuration given its resource name. | ||
| // Note: Previously muted findings are not affected when a mute config is deleted. | ||
| public static void deleteMuteRule(String projectId, String muteConfigId) { | ||
| // Initialize client that will be used to send requests. This client only needs to be created | ||
| // once, and can be reused for multiple requests. After completing all of your requests, call | ||
| // the "close" method on the client to safely clean up any remaining background resources. | ||
| try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
| // Use appropriate MuteConfigName methods depending on the type of parent. | ||
| // org -> MuteConfigName.ofOrganizationMuteConfigName() | ||
| // folder -> MuteConfigName.ofFolderMuteConfigName() | ||
| // project -> MuteConfigName.ofProjectMuteConfigName) | ||
| client.deleteMuteConfig(MuteConfigName.ofProjectMuteConfigName(projectId, muteConfigId)); | ||
Sita04 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| System.out.println("Mute rule deleted successfully: " + muteConfigId); | ||
| } catch (IOException e) { | ||
| System.out.println("Mute rule deletion failed! \n Exception: " + e); | ||
| } | ||
| } | ||
| } | ||
| // [END securitycenter_delete_mute_config] | ||
62 changes: 62 additions & 0 deletions
62
...c/main/java/com/google/cloud/examples/securitycenter/snippets/muteconfig/GetMuteRule.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| /* | ||
| * Copyright 2022 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.google.cloud.examples.securitycenter.snippets.muteconfig; | ||
|
|
||
| // [START securitycenter_get_mute_config] | ||
|
|
||
| import com.google.cloud.securitycenter.v1.MuteConfig; | ||
| import com.google.cloud.securitycenter.v1.MuteConfigName; | ||
| import com.google.cloud.securitycenter.v1.SecurityCenterClient; | ||
| import java.io.IOException; | ||
|
|
||
| public class GetMuteRule { | ||
|
|
||
| public static void main(String[] args) { | ||
| // TODO(Developer): Replace the following variables | ||
|
|
||
| // parentPath: Use any one of the following options: | ||
| // - organizations/{organization_id} | ||
| // - folders/{folder_id} | ||
| // - projects/{project_id} | ||
| String parentPath = String.format("projects/%s", "your-google-cloud-project-id"); | ||
|
|
||
| // muteConfigId: Name of the mute config to retrieve. | ||
| String muteConfigId = "mute-config-id"; | ||
|
|
||
| getMuteRule(parentPath, muteConfigId); | ||
| } | ||
|
|
||
| // Retrieves a mute configuration given its resource name. | ||
| public static void getMuteRule(String projectId, String muteConfigId) { | ||
| // Initialize client that will be used to send requests. This client only needs to be created | ||
| // once, and can be reused for multiple requests. After completing all of your requests, call | ||
| // the "close" method on the client to safely clean up any remaining background resources. | ||
| try (SecurityCenterClient client = SecurityCenterClient.create()) { | ||
| // Use appropriate MuteConfigName methods depending on the type of parent. | ||
| // (org -> MuteConfigName.ofOrganizationMuteConfigName() | ||
| // folder -> MuteConfigName.ofFolderMuteConfigName() | ||
| // project -> MuteConfigName.ofProjectMuteConfigName) | ||
| MuteConfig muteConfig = | ||
| client.getMuteConfig(MuteConfigName.ofProjectMuteConfigName(projectId, muteConfigId)); | ||
Sita04 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| System.out.println("Retrieved the mute config: " + muteConfig); | ||
| } catch (IOException e) { | ||
| System.out.println("Mute rule retrieval failed! \n Exception: " + e); | ||
| } | ||
| } | ||
| } | ||
| // [END securitycenter_get_mute_config] | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.