From 160aff4a6a9d0e957319d32270dd505190acf894 Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Tue, 14 Jul 2020 15:26:47 -0700 Subject: [PATCH 01/95] chore(samples): move samples and use standard templates for testing (#41) --- securitycenter/AUTHORING_GUIDE.md | 1 + securitycenter/CONTRIBUTING.md | 1 + securitycenter/snippets/noxfile.py | 222 +++++++ securitycenter/snippets/noxfile_config.py | 39 ++ securitycenter/snippets/requirements-test.txt | 1 + securitycenter/snippets/requirements.txt | 2 + securitycenter/snippets/snippets_findings.py | 572 ++++++++++++++++++ .../snippets/snippets_findings_test.py | 133 ++++ .../snippets/snippets_list_assets.py | 205 +++++++ .../snippets/snippets_list_assets_test.py | 64 ++ .../snippets/snippets_notification_configs.py | 138 +++++ .../snippets_notification_receiver.py | 60 ++ .../snippets/snippets_notification_test.py | 144 +++++ securitycenter/snippets/snippets_orgs.py | 58 ++ securitycenter/snippets/snippets_orgs_test.py | 36 ++ .../snippets/snippets_security_marks.py | 187 ++++++ .../snippets/snippets_security_marks_test.py | 137 +++++ 17 files changed, 2000 insertions(+) create mode 100644 securitycenter/AUTHORING_GUIDE.md create mode 100644 securitycenter/CONTRIBUTING.md create mode 100644 securitycenter/snippets/noxfile.py create mode 100644 securitycenter/snippets/noxfile_config.py create mode 100644 securitycenter/snippets/requirements-test.txt create mode 100644 securitycenter/snippets/requirements.txt create mode 100644 securitycenter/snippets/snippets_findings.py create mode 100644 securitycenter/snippets/snippets_findings_test.py create mode 100644 securitycenter/snippets/snippets_list_assets.py create mode 100644 securitycenter/snippets/snippets_list_assets_test.py create mode 100644 securitycenter/snippets/snippets_notification_configs.py create mode 100644 securitycenter/snippets/snippets_notification_receiver.py create mode 100644 securitycenter/snippets/snippets_notification_test.py create mode 100644 securitycenter/snippets/snippets_orgs.py create mode 100644 securitycenter/snippets/snippets_orgs_test.py create mode 100644 securitycenter/snippets/snippets_security_marks.py create mode 100644 securitycenter/snippets/snippets_security_marks_test.py diff --git a/securitycenter/AUTHORING_GUIDE.md b/securitycenter/AUTHORING_GUIDE.md new file mode 100644 index 000000000000..55c97b32f4c1 --- /dev/null +++ b/securitycenter/AUTHORING_GUIDE.md @@ -0,0 +1 @@ +See https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/AUTHORING_GUIDE.md \ No newline at end of file diff --git a/securitycenter/CONTRIBUTING.md b/securitycenter/CONTRIBUTING.md new file mode 100644 index 000000000000..34c882b6f1a3 --- /dev/null +++ b/securitycenter/CONTRIBUTING.md @@ -0,0 +1 @@ +See https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/CONTRIBUTING.md \ No newline at end of file diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py new file mode 100644 index 000000000000..5660f08be441 --- /dev/null +++ b/securitycenter/snippets/noxfile.py @@ -0,0 +1,222 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import print_function + +import os +from pathlib import Path +import sys + +import nox + + +# WARNING - WARNING - WARNING - WARNING - WARNING +# WARNING - WARNING - WARNING - WARNING - WARNING +# DO NOT EDIT THIS FILE EVER! +# WARNING - WARNING - WARNING - WARNING - WARNING +# WARNING - WARNING - WARNING - WARNING - WARNING + +# Copy `noxfile_config.py` to your directory and modify it instead. + + +# `TEST_CONFIG` dict is a configuration hook that allows users to +# modify the test configurations. The values here should be in sync +# with `noxfile_config.py`. Users will copy `noxfile_config.py` into +# their directory and modify it. + +TEST_CONFIG = { + # You can opt out from the test for specific Python versions. + "ignored_versions": ["2.7"], + # An envvar key for determining the project id to use. Change it + # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a + # build specific Cloud project. You can also use your own string + # to use your own Cloud project. + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', + # A dictionary you want to inject into your test. Don't put any + # secrets here. These values will override predefined values. + "envs": {}, +} + + +try: + # Ensure we can import noxfile_config in the project's directory. + sys.path.append(".") + from noxfile_config import TEST_CONFIG_OVERRIDE +except ImportError as e: + print("No user noxfile_config found: detail: {}".format(e)) + TEST_CONFIG_OVERRIDE = {} + +# Update the TEST_CONFIG with the user supplied values. +TEST_CONFIG.update(TEST_CONFIG_OVERRIDE) + + +def get_pytest_env_vars(): + """Returns a dict for pytest invocation.""" + ret = {} + + # Override the GCLOUD_PROJECT and the alias. + env_key = TEST_CONFIG["gcloud_project_env"] + # This should error out if not set. + ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] + + # Apply user supplied envs. + ret.update(TEST_CONFIG["envs"]) + return ret + + +# DO NOT EDIT - automatically generated. +# All versions used to tested samples. +ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8"] + +# Any default versions that should be ignored. +IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] + +TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) + +INSTALL_LIBRARY_FROM_SOURCE = bool(os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False)) +# +# Style Checks +# + + +def _determine_local_import_names(start_dir): + """Determines all import names that should be considered "local". + + This is used when running the linter to insure that import order is + properly checked. + """ + file_ext_pairs = [os.path.splitext(path) for path in os.listdir(start_dir)] + return [ + basename + for basename, extension in file_ext_pairs + if extension == ".py" + or os.path.isdir(os.path.join(start_dir, basename)) + and basename not in ("__pycache__") + ] + + +# Linting with flake8. +# +# We ignore the following rules: +# E203: whitespace before ‘:’ +# E266: too many leading ‘#’ for block comment +# E501: line too long +# I202: Additional newline in a section of imports +# +# We also need to specify the rules which are ignored by default: +# ['E226', 'W504', 'E126', 'E123', 'W503', 'E24', 'E704', 'E121'] +FLAKE8_COMMON_ARGS = [ + "--show-source", + "--builtin=gettext", + "--max-complexity=20", + "--import-order-style=google", + "--exclude=.nox,.cache,env,lib,generated_pb2,*_pb2.py,*_pb2_grpc.py", + "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", + "--max-line-length=88", +] + + +@nox.session +def lint(session): + session.install("flake8", "flake8-import-order") + + local_names = _determine_local_import_names(".") + args = FLAKE8_COMMON_ARGS + [ + "--application-import-names", + ",".join(local_names), + ".", + ] + session.run("flake8", *args) + + +# +# Sample Tests +# + + +PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] + + +def _session_tests(session, post_install=None): + """Runs py.test for a particular project.""" + if os.path.exists("requirements.txt"): + session.install("-r", "requirements.txt") + + if os.path.exists("requirements-test.txt"): + session.install("-r", "requirements-test.txt") + + if INSTALL_LIBRARY_FROM_SOURCE: + session.install("-e", _get_repo_root()) + + if post_install: + post_install(session) + + session.run( + "pytest", + *(PYTEST_COMMON_ARGS + session.posargs), + # Pytest will return 5 when no tests are collected. This can happen + # on travis where slow and flaky tests are excluded. + # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html + success_codes=[0, 5], + env=get_pytest_env_vars() + ) + + +@nox.session(python=ALL_VERSIONS) +def py(session): + """Runs py.test for a sample using the specified version of Python.""" + if session.python in TESTED_VERSIONS: + _session_tests(session) + else: + session.skip( + "SKIPPED: {} tests are disabled for this sample.".format(session.python) + ) + + +# +# Readmegen +# + + +def _get_repo_root(): + """ Returns the root folder of the project. """ + # Get root of this repository. Assume we don't have directories nested deeper than 10 items. + p = Path(os.getcwd()) + for i in range(10): + if p is None: + break + if Path(p / ".git").exists(): + return str(p) + p = p.parent + raise Exception("Unable to detect repository root.") + + +GENERATED_READMES = sorted([x for x in Path(".").rglob("*.rst.in")]) + + +@nox.session +@nox.parametrize("path", GENERATED_READMES) +def readmegen(session, path): + """(Re-)generates the readme for a sample.""" + session.install("jinja2", "pyyaml") + dir_ = os.path.dirname(path) + + if os.path.exists(os.path.join(dir_, "requirements.txt")): + session.install("-r", os.path.join(dir_, "requirements.txt")) + + in_file = os.path.join(dir_, "README.rst.in") + session.run( + "python", _get_repo_root() + "/scripts/readme-gen/readme_gen.py", in_file + ) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py new file mode 100644 index 000000000000..8e6ed132d642 --- /dev/null +++ b/securitycenter/snippets/noxfile_config.py @@ -0,0 +1,39 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default TEST_CONFIG_OVERRIDE for python repos. + +# You can copy this file into your directory, then it will be inported from +# the noxfile.py. + +# The source of truth: +# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/noxfile_config.py + +TEST_CONFIG_OVERRIDE = { + # You can opt out from the test for specific Python versions. + "ignored_versions": ["2.7"], + # An envvar key for determining the project id to use. Change it + # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a + # build specific Cloud project. You can also use your own string + # to use your own Cloud project. + # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', + # A dictionary you want to inject into your test. Don't put any + # secrets here. These values will override predefined values. + "envs": { + "GCLOUD_ORGANIZATION": "1081635000895", + "GCLOUD_PROJECT": "project-a-id", + "GCLOUD_PUBSUB_TOPIC": "projects/project-a-id/topics/notifications-sample-topic", + "GCLOUD_PUBSUB_SUBSCRIPTION": "notification-sample-subscription", + }, +} diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt new file mode 100644 index 000000000000..55b033e901cd --- /dev/null +++ b/securitycenter/snippets/requirements-test.txt @@ -0,0 +1 @@ +pytest \ No newline at end of file diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt new file mode 100644 index 000000000000..4b59ce29cc1a --- /dev/null +++ b/securitycenter/snippets/requirements.txt @@ -0,0 +1,2 @@ +google-cloud-pubsub==1.6.0 +google-cloud-securitycenter==0.6.0 \ No newline at end of file diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py new file mode 100644 index 000000000000..ec465f20e02d --- /dev/null +++ b/securitycenter/snippets/snippets_findings.py @@ -0,0 +1,572 @@ +#!/usr/bin/env python +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Examples of working with source and findings in Cloud Security Command Center.""" + + +def create_source(organization_id): + """Create a new findings source. """ + # [START create_source] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + # organization_id is the numeric ID of the organization. e.g.: + # organization_id = "111122222444" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + created = client.create_source( + org_name, + { + "display_name": "Customized Display Name", + "description": "A new custom source that does X", + }, + ) + print("Created Source: {}".format(created.name)) + # [END create_source] + + +def get_source(source_name): + """Gets an existing source.""" + # [START get_source] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + source = client.get_source(source_name) + + print("Source: {}".format(source)) + # [END get_source] + return source + + +def update_source(source_name): + """Updates a source's display name.""" + # [START update_source] + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + client = securitycenter.SecurityCenterClient() + + # Field mask to only update the display name. + field_mask = field_mask_pb2.FieldMask(paths=["display_name"]) + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + updated = client.update_source( + {"name": source_name, "display_name": "Updated Display Name"}, + update_mask=field_mask, + ) + print("Updated Source: {}".format(updated)) + # [END update_source] + return updated + + +def add_user_to_source(source_name): + """Gives a user findingsEditor permission to the source.""" + user_email = "csccclienttest@gmail.com" + # [START update_source_iam] + from google.cloud import securitycenter + from google.iam.v1 import policy_pb2 + + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + # Get the old policy so we can do an incremental update. + old_policy = client.get_iam_policy(source_name) + print("Old Policy: {}".format(old_policy)) + + # Setup a new IAM binding. + binding = policy_pb2.Binding() + binding.role = "roles/securitycenter.findingsEditor" + # user_email is an e-mail address known to Cloud IAM (e.g. a gmail address). + # user_mail = user@somedomain.com + binding.members.append("user:{}".format(user_email)) + + # Setting the e-tag avoids over-write existing policy + updated = client.set_iam_policy( + source_name, {"etag": old_policy.etag, "bindings": [binding]} + ) + + print("Updated Policy: {}".format(updated)) + + # [END update_source_iam] + return binding, updated + + +def list_source(organization_id): + """Lists finding sources.""" + i = -1 + # [START list_sources] + from google.cloud import securitycenter + + # Create a new client. + client = securitycenter.SecurityCenterClient() + # organization_id is the numeric ID of the organization. e.g.: + # organization_id = "111122222444" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + # Call the API and print out each existing source. + for i, source in enumerate(client.list_sources(org_name)): + print(i, source) + # [END list_sources] + return i + + +def create_finding(source_name): + """Creates a new finding.""" + # [START create_finding] + from google.cloud import securitycenter + from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding + from google.protobuf.timestamp_pb2 import Timestamp + + # Create a new client. + client = securitycenter.SecurityCenterClient() + + # Use the current time as the finding "event time". + now_proto = Timestamp() + now_proto.GetCurrentTime() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + + # Controlled by caller. + finding_id = "samplefindingid" + + # The resource this finding applies to. The CSCC UI can link + # the findings for a resource to the corresponding Asset of a resource + # if there are matches. + resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" + + # Call The API. + created_finding = client.create_finding( + source_name, + finding_id, + { + "state": Finding.ACTIVE, + "resource_name": resource_name, + "category": "MEDIUM_RISK_ONE", + "event_time": now_proto, + }, + ) + print(created_finding) + # [END create_finding] + return created_finding + + +def create_finding_with_source_properties(source_name): + """Demonstrate creating a new finding with source properties. """ + # [START create_finding_with_properties] + from google.cloud import securitycenter + from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding + from google.protobuf.timestamp_pb2 import Timestamp + from google.protobuf.struct_pb2 import Value + + # Create a new client. + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + + # Controlled by caller. + finding_id = "samplefindingid2" + + # The resource this finding applies to. The CSCC UI can link + # the findings for a resource to the corresponding Asset of a resource + # if there are matches. + resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" + + # Define source properties values as protobuf "Value" objects. + str_value = Value() + str_value.string_value = "string_example" + num_value = Value() + num_value.number_value = 1234 + + # Use the current time as the finding "event time". + now_proto = Timestamp() + now_proto.GetCurrentTime() + + created_finding = client.create_finding( + source_name, + finding_id, + { + "state": Finding.ACTIVE, + "resource_name": resource_name, + "category": "MEDIUM_RISK_ONE", + "source_properties": {"s_value": str_value, "n_value": num_value}, + "event_time": now_proto, + }, + ) + print(created_finding) + # [END create_finding_with_properties] + + +def update_finding(source_name): + # [START update_finding] + from google.cloud import securitycenter + from google.protobuf.struct_pb2 import Value + from google.protobuf import field_mask_pb2 + from google.protobuf.timestamp_pb2 import Timestamp + + client = securitycenter.SecurityCenterClient() + # Only update the specific source property and event_time. event_time + # is required for updates. + field_mask = field_mask_pb2.FieldMask( + paths=["source_properties.s_value", "event_time"] + ) + value = Value() + value.string_value = "new_string" + + # Set the update time to Now. This must be some time greater then the + # event_time on the original finding. + now_proto = Timestamp() + now_proto.GetCurrentTime() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + finding_name = "{}/findings/samplefindingid2".format(source_name) + updated_finding = client.update_finding( + { + "name": finding_name, + "source_properties": {"s_value": value}, + "event_time": now_proto, + }, + update_mask=field_mask, + ) + + print( + "New Source properties: {}, Event Time {}".format( + updated_finding.source_properties, updated_finding.event_time.ToDatetime() + ) + ) + # [END update_finding] + + +def update_finding_state(source_name): + """Demonstrate updating only a finding state.""" + # [START update_finding_state] + from google.cloud import securitycenter + from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding + from google.protobuf.timestamp_pb2 import Timestamp + + # Create a client. + client = securitycenter.SecurityCenterClient() + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + finding_name = "{}/findings/samplefindingid2".format(source_name) + + now_proto = Timestamp() + now_proto.GetCurrentTime() + + # Call the API to change the finding state to inactive as of now. + new_finding = client.set_finding_state( + finding_name, Finding.INACTIVE, start_time=now_proto + ) + print("New state: {}".format(Finding.State.Name(new_finding.state))) + # [END update_finding_state] + + +def trouble_shoot(source_name): + """Demonstrate calling test_iam_permissions to determine if the + service account has the correct permisions.""" + # [START test_iam_permissions] + from google.cloud import securitycenter + + # Create a client. + client = securitycenter.SecurityCenterClient() + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + + # Check for permssions to call create_finding or update_finding. + permission_response = client.test_iam_permissions( + source_name, ["securitycenter.findings.update"] + ) + + print( + "Permision to create or update findings? {}".format( + len(permission_response.permissions) > 0 + ) + ) + # [END test_iam_permissions] + assert len(permission_response.permissions) > 0 + # [START test_iam_permissions] + # Check for permissions necessary to call set_finding_state. + permission_response = client.test_iam_permissions( + source_name, ["securitycenter.findings.setState"] + ) + print( + "Permision to update state? {}".format(len(permission_response.permissions) > 0) + ) + # [END test_iam_permissions] + return permission_response + assert len(permission_response.permissions) > 0 + + +def list_all_findings(organization_id): + # [START list_all_findings] + from google.cloud import securitycenter + + # Create a client. + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. e.g.: + # organization_id = "111122222444" + org_name = "organizations/{org_id}".format(org_id=organization_id) + # The "sources/-" suffix lists findings across all sources. You + # also use a specific source_name instead. + all_sources = "{org_name}/sources/-".format(org_name=org_name) + finding_result_iterator = client.list_findings(all_sources) + for i, finding_result in enumerate(finding_result_iterator): + print( + "{}: name: {} resource: {}".format( + i, finding_result.finding.name, finding_result.finding.resource_name + ) + ) + # [END list_all_findings] + return i + + +def list_filtered_findings(source_name): + # [START list_filtered_findings] + from google.cloud import securitycenter + + # Create a new client. + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + # You an also use a wild-card "-" for all sources: + # source_name = "organizations/111122222444/sources/-" + finding_result_iterator = client.list_findings( + source_name, filter_='category="MEDIUM_RISK_ONE"' + ) + # Iterate an print all finding names and the resource they are + # in reference to. + for i, finding_result in enumerate(finding_result_iterator): + print( + "{}: name: {} resource: {}".format( + i, finding_result.finding.name, finding_result.finding.resource_name + ) + ) + # [END list_filtered_findings] + return i + + +def list_findings_at_time(source_name): + # [START list_findings_at_a_time] + from google.cloud import securitycenter + from google.protobuf.timestamp_pb2 import Timestamp + from datetime import timedelta, datetime + + # Create a new client. + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + # You an also use a wild-card "-" for all sources: + # source_name = "organizations/111122222444/sources/-" + five_days_ago = Timestamp() + five_days_ago.FromDatetime(datetime.now() - timedelta(days=5)) + # [END list_findings_at_a_time] + i = -1 + five_days_ago.FromDatetime(datetime(2019, 3, 5, 0, 0, 0)) + # [START list_findings_at_a_time] + + finding_result_iterator = client.list_findings(source_name, read_time=five_days_ago) + for i, finding_result in enumerate(finding_result_iterator): + print( + "{}: name: {} resource: {}".format( + i, finding_result.finding.name, finding_result.finding.resource_name + ) + ) + # [END list_findings_at_a_time] + return i + + +def get_iam_policy(source_name): + """Gives a user findingsEditor permission to the source.""" + # [START get_source_iam] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + # Get the old policy so we can do an incremental update. + policy = client.get_iam_policy(source_name) + print("Policy: {}".format(policy)) + # [END get_source_iam] + + +def group_all_findings(organization_id): + """Demonstrates grouping all findings across an organization.""" + i = 0 + # [START group_all_findings] + from google.cloud import securitycenter + + # Create a client. + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. e.g.: + # organization_id = "111122222444" + org_name = "organizations/{org_id}".format(org_id=organization_id) + # The "sources/-" suffix lists findings across all sources. You + # also use a specific source_name instead. + all_sources = "{org_name}/sources/-".format(org_name=org_name) + group_result_iterator = client.group_findings(all_sources, group_by="category") + for i, group_result in enumerate(group_result_iterator): + print((i + 1), group_result) + # [END group_all_findings] + return i + + +def group_filtered_findings(source_name): + """Demonstrates grouping all findings across an organization.""" + i = 0 + # [START group_filtered_findings] + from google.cloud import securitycenter + + # Create a client. + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + + group_result_iterator = client.group_findings( + source_name, group_by="category", filter_='state="ACTIVE"' + ) + for i, group_result in enumerate(group_result_iterator): + print((i + 1), group_result) + # [END group_filtered_findings] + return i + + +def group_findings_at_time(source_name): + """Demonstrates grouping all findings across an organization as of + a specific time.""" + i = -1 + # [START group_findings_at_time] + from datetime import datetime, timedelta + from google.cloud import securitycenter + from google.protobuf.timestamp_pb2 import Timestamp + + # Create a client. + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + + # Group findings as of yesterday. + read_time = datetime.utcnow() - timedelta(days=1) + timestamp_proto = Timestamp() + timestamp_proto.FromDatetime(read_time) + + group_result_iterator = client.group_findings( + source_name, group_by="category", read_time=timestamp_proto + ) + for i, group_result in enumerate(group_result_iterator): + print((i + 1), group_result) + # [END group_filtered_findings_at_time] + return i + + +def group_findings_and_changes(source_name): + """Demonstrates grouping all findings across an organization and + associated changes.""" + i = 0 + # [START group_filtered_findings_with_changes] + from datetime import timedelta + + from google.cloud import securitycenter + from google.protobuf.duration_pb2 import Duration + + # Create a client. + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + + # List assets and their state change the last 30 days + compare_delta = timedelta(days=30) + # Convert the timedelta to a Duration + duration_proto = Duration() + duration_proto.FromTimedelta(compare_delta) + + group_result_iterator = client.group_findings( + source_name, group_by="state_change", compare_duration=duration_proto + ) + for i, group_result in enumerate(group_result_iterator): + print((i + 1), group_result) + # [END group_findings_with_changes] + return i diff --git a/securitycenter/snippets/snippets_findings_test.py b/securitycenter/snippets/snippets_findings_test.py new file mode 100644 index 000000000000..8ac01d8c13c4 --- /dev/null +++ b/securitycenter/snippets/snippets_findings_test.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +from itertools import chain +import os + +import pytest + +import snippets_findings + + +@pytest.fixture(scope="module") +def organization_id(): + """Get Organization ID from the environment variable """ + return os.environ["GCLOUD_ORGANIZATION"] + + +@pytest.fixture(scope="module") +def source_name(organization_id): + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + org_name = "organizations/{org_id}".format(org_id=organization_id) + + source = client.create_source( + org_name, + { + "display_name": "Unit test source", + "description": "A new custom source that does X", + }, + ) + return source.name + + +def test_create_source(organization_id): + snippets_findings.create_source(organization_id) + + +def test_get_source(source_name): + source = snippets_findings.get_source(source_name) + assert source.name == source_name + + +def test_update_source(source_name): + updated = snippets_findings.update_source(source_name) + assert updated.display_name == "Updated Display Name" + + +def test_add_user_to_source(source_name): + binding, updated = snippets_findings.add_user_to_source(source_name) + assert any( + member == "user:csccclienttest@gmail.com" + for member in chain.from_iterable( + binding.members for binding in updated.bindings + ) + ) + + +def test_list_source(organization_id): + count = snippets_findings.list_source(organization_id) + assert count >= 0 + + +def test_create_finding(source_name): + created_finding = snippets_findings.create_finding(source_name) + assert len(created_finding.name) > 0 + + +def test_create_finding_with_source_properties(source_name): + snippets_findings.create_finding_with_source_properties(source_name) + + +def test_update_finding(source_name): + snippets_findings.update_finding(source_name) + + +def test_update_finding_state(source_name): + snippets_findings.update_finding_state(source_name) + + +def test_trouble_shoot(source_name): + snippets_findings.trouble_shoot(source_name) + + +def test_list_all_findings(organization_id): + count = snippets_findings.list_all_findings(organization_id) + assert count > 0 + + +def test_list_filtered_findings(source_name): + count = snippets_findings.list_filtered_findings(source_name) + assert count > 0 + + +def list_findings_at_time(source_name): + count = snippets_findings.list_findings_at_time(source_name) + assert count == -1 + + +def test_get_iam_policy(source_name): + snippets_findings.get_iam_policy(source_name) + + +def test_group_all_findings(organization_id): + count = snippets_findings.group_all_findings(organization_id) + assert count > 0 + + +def test_group_filtered_findings(source_name): + count = snippets_findings.group_filtered_findings(source_name) + assert count == 0 + + +def test_group_findings_at_time(source_name): + count = snippets_findings.group_findings_at_time(source_name) + assert count == -1 + + +def test_group_findings_and_changes(source_name): + count = snippets_findings.group_findings_and_changes(source_name) + assert count == 0 diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py new file mode 100644 index 000000000000..f88638023c16 --- /dev/null +++ b/securitycenter/snippets/snippets_list_assets.py @@ -0,0 +1,205 @@ +#!/usr/bin/env python +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" Examples of listing assets in Cloud Security Command Center.""" + + +def list_all_assets(organization_id): + """Demonstrate listing and printing all assets.""" + i = 0 + # [START demo_list_all_assets] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + # Call the API and print results. + asset_iterator = client.list_assets(org_name) + for i, asset_result in enumerate(asset_iterator): + print(i, asset_result) + # [END demo_list_all_assets] + return i + + +def list_assets_with_filters(organization_id): + """Demonstrate listing assets with a filter.""" + i = 0 + # [START demo_list_assets_with_filter] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + project_filter = ( + "security_center_properties.resource_type=" + + '"google.cloud.resourcemanager.Project"' + ) + # Call the API and print results. + asset_iterator = client.list_assets(org_name, filter_=project_filter) + for i, asset_result in enumerate(asset_iterator): + print(i, asset_result) + # [END demo_list_assets_with_filter] + return i + + +def list_assets_with_filters_and_read_time(organization_id): + """Demonstrate listing assets with a filter.""" + i = 0 + # [START demo_list_assets_with_filter_and_time] + from datetime import datetime, timedelta + + from google.protobuf.timestamp_pb2 import Timestamp + + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + project_filter = ( + "security_center_properties.resource_type=" + + '"google.cloud.resourcemanager.Project"' + ) + + # Lists assets as of yesterday. + read_time = datetime.utcnow() - timedelta(days=1) + timestamp_proto = Timestamp() + timestamp_proto.FromDatetime(read_time) + + # Call the API and print results. + asset_iterator = client.list_assets( + org_name, filter_=project_filter, read_time=timestamp_proto + ) + for i, asset_result in enumerate(asset_iterator): + print(i, asset_result) + # [END demo_list_assets_with_filter_and_time] + return i + + +def list_point_in_time_changes(organization_id): + """Demonstrate listing assets along with their state changes.""" + i = 0 + # [START demo_list_assets_changes] + from datetime import timedelta + + from google.protobuf.duration_pb2 import Duration + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + project_filter = ( + "security_center_properties.resource_type=" + + '"google.cloud.resourcemanager.Project"' + ) + + # List assets and their state change the last 30 days + compare_delta = timedelta(days=30) + # Convert the timedelta to a Duration + duration_proto = Duration() + duration_proto.FromTimedelta(compare_delta) + # Call the API and print results. + asset_iterator = client.list_assets( + org_name, filter_=project_filter, compare_duration=duration_proto + ) + for i, asset in enumerate(asset_iterator): + print(i, asset) + + # [END demo_list_assets_changes] + return i + + +def group_assets(organization_id): + """Demonstrates grouping all assets by type. """ + i = 0 + # [START group_all_assets] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + group_by_type = "security_center_properties.resource_type" + + result_iterator = client.group_assets(org_name, group_by=group_by_type) + for i, result in enumerate(result_iterator): + print((i + 1), result) + # [END group_all_assets] + return i + + +def group_filtered_assets(organization_id): + """Demonstrates grouping assets by type with a filter. """ + i = 0 + # [START group_all_assets] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + group_by_type = "security_center_properties.resource_type" + only_projects = ( + "security_center_properties.resource_type=" + + '"google.cloud.resourcemanager.Project"' + ) + result_iterator = client.group_assets( + org_name, group_by=group_by_type, filter_=only_projects + ) + for i, result in enumerate(result_iterator): + print((i + 1), result) + # [END group_all_assets] + # only one asset type is a project + return i + + +def group_assets_by_changes(organization_id): + """Demonstrates grouping assets by there changes over a period of time.""" + i = 0 + # [START group_all_assets_by_change] + from datetime import timedelta + + from google.cloud import securitycenter + from google.protobuf.duration_pb2 import Duration + + client = securitycenter.SecurityCenterClient() + + duration_proto = Duration() + duration_proto.FromTimedelta(timedelta(days=5)) + + # organization_id is the numeric ID of the organization. + # organization_id = "1234567777" + org_name = "organizations/{org_id}".format(org_id=organization_id) + result_iterator = client.group_assets( + org_name, group_by="state_change", compare_duration=duration_proto + ) + for i, result in enumerate(result_iterator): + print((i + 1), result) + # [END group_all_assets_by_change] + return i diff --git a/securitycenter/snippets/snippets_list_assets_test.py b/securitycenter/snippets/snippets_list_assets_test.py new file mode 100644 index 000000000000..a2646844262c --- /dev/null +++ b/securitycenter/snippets/snippets_list_assets_test.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Tests for snippets.""" + +import os + +import pytest + +import snippets_list_assets + + +@pytest.fixture(scope="module") +def organization_id(): + """Get Organization ID from the environment variable """ + return os.environ["GCLOUD_ORGANIZATION"] + + +def test_list_all_assets(organization_id): + """Demonstrate listing and printing all assets.""" + count = snippets_list_assets.list_all_assets(organization_id) + assert count > 0 + + +def list_assets_with_filters(organization_id): + count = snippets_list_assets.list_all_assets(organization_id) + assert count > 0 + + +def test_list_assets_with_filters_and_read_time(organization_id): + count = snippets_list_assets.list_assets_with_filters_and_read_time(organization_id) + assert count > 0 + + +def test_list_point_in_time_changes(organization_id): + count = snippets_list_assets.list_point_in_time_changes(organization_id) + assert count > 0 + + +def test_group_assets(organization_id): + count = snippets_list_assets.group_assets(organization_id) + assert count >= 8 # 8 different asset types. + + +def test_group_filtered_assets(organization_id): + count = snippets_list_assets.group_filtered_assets(organization_id) + assert count == 0 + + +def test_group_assets_by_changes(organization_id): + count = snippets_list_assets.group_assets_by_changes(organization_id) + assert count >= 0 # only one asset type is a project diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py new file mode 100644 index 000000000000..acc4b8ba13c0 --- /dev/null +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Demos for working with notification configs.""" + + +def create_notification_config(organization_id, notification_config_id, pubsub_topic): + + # [START scc_create_notification_config] + from google.cloud import securitycenter as securitycenter + + client = securitycenter.SecurityCenterClient() + + # TODO: organization_id = "your-org-id" + # TODO: notification_config_id = "your-config-id" + # TODO: pubsub_topic = "projects/{your-project-id}/topics/{your-topic-ic}" + # Ensure this ServiceAccount has the "pubsub.topics.setIamPolicy" permission on the new topic. + + org_name = "organizations/{org_id}".format(org_id=organization_id) + + created_notification_config = client.create_notification_config( + org_name, + notification_config_id, + { + "description": "Notification for active findings", + "pubsub_topic": pubsub_topic, + "streaming_config": {"filter": 'state = "ACTIVE"'}, + }, + ) + + print(created_notification_config) + # [END scc_create_notification_config] + return created_notification_config + + +def delete_notification_config(organization_id, notification_config_id): + + # [START scc_delete_notification_config] + from google.cloud import securitycenter as securitycenter + + client = securitycenter.SecurityCenterClient() + + # TODO: organization_id = "your-org-id" + # TODO: notification_config_id = "your-config-id" + + notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=organization_id, config_id=notification_config_id + ) + + client.delete_notification_config(notification_config_name) + print("Deleted notification config: {}".format(notification_config_name)) + # [END scc_delete_notification_config] + return True + + +def get_notification_config(organization_id, notification_config_id): + + # [START scc_get_notification_config] + from google.cloud import securitycenter as securitycenter + + client = securitycenter.SecurityCenterClient() + + # TODO: organization_id = "your-org-id" + # TODO: notification_config_id = "your-config-id" + + notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=organization_id, config_id=notification_config_id + ) + + notification_config = client.get_notification_config(notification_config_name) + print("Got notification config: {}".format(notification_config)) + # [END scc_get_notification_config] + return notification_config + + +def list_notification_configs(organization_id): + + # [START scc_list_notification_configs] + from google.cloud import securitycenter as securitycenter + + client = securitycenter.SecurityCenterClient() + + # TODO: organization_id = "your-org-id" + org_name = "organizations/{org_id}".format(org_id=organization_id) + + notification_configs_iterator = client.list_notification_configs(org_name) + for i, config in enumerate(notification_configs_iterator): + print("{}: notification_config: {}".format(i, config)) + # [END scc_list_notification_configs] + return notification_configs_iterator + + +def update_notification_config(organization_id, notification_config_id, pubsub_topic): + # [START scc_update_notification_config] + from google.cloud import securitycenter as securitycenter + from google.protobuf import field_mask_pb2 + + client = securitycenter.SecurityCenterClient() + + # TODO organization_id = "your-org-id" + # TODO notification_config_id = "config-id-to-update" + # TODO pubsub_topic = "projects/{new-project}/topics/{new-topic}" + # If updating a pubsub_topic, ensure this ServiceAccount has the + # "pubsub.topics.setIamPolicy" permission on the new topic. + + notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=organization_id, config_id=notification_config_id + ) + + updated_description = "New updated description" + + # Only description and pubsub_topic can be updated. + field_mask = field_mask_pb2.FieldMask(paths=["description", "pubsub_topic"]) + + updated_notification_config = client.update_notification_config( + { + "name": notification_config_name, + "description": updated_description, + "pubsub_topic": pubsub_topic, + }, + update_mask=field_mask, + ) + + print(updated_notification_config) + # [END scc_update_notification_config] + return updated_notification_config diff --git a/securitycenter/snippets/snippets_notification_receiver.py b/securitycenter/snippets/snippets_notification_receiver.py new file mode 100644 index 000000000000..aad6ba797bbd --- /dev/null +++ b/securitycenter/snippets/snippets_notification_receiver.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Demo for receiving notifications.""" + + +def receive_notifications(project_id, subscription_name): + # [START scc_receive_notifications] + # Requires https://cloud.google.com/pubsub/docs/quickstart-client-libraries#pubsub-client-libraries-python + import concurrent + + from google.cloud import pubsub_v1 + from google.cloud.securitycenter_v1.proto.notification_message_pb2 import ( + NotificationMessage, + ) + from google.protobuf import json_format + + # TODO: project_id = "your-project-id" + # TODO: subscription_name = "your-subscription-name" + + def callback(message): + print("Received message") + + notification_msg = NotificationMessage() + json_format.Parse(message.data, notification_msg) + + print( + "Notification config name: {}".format( + notification_msg.notification_config_name + ) + ) + print("Finding: {}".format(notification_msg.finding)) + + # Ack the message to prevent it from being pulled again + message.ack() + + subscriber = pubsub_v1.SubscriberClient() + subscription_path = subscriber.subscription_path(project_id, subscription_name) + + streaming_pull_future = subscriber.subscribe(subscription_path, callback=callback) + + print("Listening for messages on {}...\n".format(subscription_path)) + try: + streaming_pull_future.result(timeout=1) # Block for 1 second + except concurrent.futures.TimeoutError: + streaming_pull_future.cancel() + # [END scc_receive_notifications] + return True diff --git a/securitycenter/snippets/snippets_notification_test.py b/securitycenter/snippets/snippets_notification_test.py new file mode 100644 index 000000000000..73ad00602bc7 --- /dev/null +++ b/securitycenter/snippets/snippets_notification_test.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Tests for snippets.""" + +import os +import uuid + +from google.cloud import securitycenter as securitycenter +import pytest + +import snippets_notification_configs +import snippets_notification_receiver + +ORG_ID = os.environ["GCLOUD_ORGANIZATION"] +PROJECT_ID = os.environ["GCLOUD_PROJECT"] +PUBSUB_TOPIC = os.environ["GCLOUD_PUBSUB_TOPIC"] +PUBSUB_SUBSCRIPTION = os.environ["GCLOUD_PUBSUB_SUBSCRIPTION"] + +CREATE_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) +DELETE_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) +GET_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) +UPDATE_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) + + +def cleanup_notification_config(notification_config_id): + client = securitycenter.SecurityCenterClient() + + notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=ORG_ID, config_id=notification_config_id + ) + client.delete_notification_config(notification_config_name) + + +@pytest.fixture +def new_notification_config_for_update(): + client = securitycenter.SecurityCenterClient() + + org_name = "organizations/{org_id}".format(org_id=ORG_ID) + + created_notification_config = client.create_notification_config( + org_name, + UPDATE_CONFIG_ID, + { + "description": "Notification for active findings", + "pubsub_topic": PUBSUB_TOPIC, + "streaming_config": {"filter": ""}, + }, + ) + yield created_notification_config + cleanup_notification_config(UPDATE_CONFIG_ID) + + +@pytest.fixture +def new_notification_config_for_get(): + client = securitycenter.SecurityCenterClient() + + org_name = "organizations/{org_id}".format(org_id=ORG_ID) + + created_notification_config = client.create_notification_config( + org_name, + GET_CONFIG_ID, + { + "description": "Notification for active findings", + "pubsub_topic": PUBSUB_TOPIC, + "streaming_config": {"filter": ""}, + }, + ) + yield created_notification_config + cleanup_notification_config(GET_CONFIG_ID) + + +@pytest.fixture +def deleted_notification_config(): + client = securitycenter.SecurityCenterClient() + + org_name = "organizations/{org_id}".format(org_id=ORG_ID) + + created_notification_config = client.create_notification_config( + org_name, + DELETE_CONFIG_ID, + { + "description": "Notification for active findings", + "pubsub_topic": PUBSUB_TOPIC, + "streaming_config": {"filter": ""}, + }, + ) + return created_notification_config + + +def test_create_notification_config(): + created_notification_config = snippets_notification_configs.create_notification_config( + ORG_ID, CREATE_CONFIG_ID, PUBSUB_TOPIC + ) + assert created_notification_config is not None + + cleanup_notification_config(CREATE_CONFIG_ID) + + +def test_delete_notification_config(deleted_notification_config): + assert ( + snippets_notification_configs.delete_notification_config( + ORG_ID, DELETE_CONFIG_ID + ) + ) + + +def test_get_notification_config(new_notification_config_for_get): + retrieved_config = snippets_notification_configs.get_notification_config( + ORG_ID, GET_CONFIG_ID + ) + assert retrieved_config is not None + + +def test_list_notification_configs(): + iterator = snippets_notification_configs.list_notification_configs(ORG_ID) + assert iterator is not None + + +def test_update_notification_config(new_notification_config_for_update): + updated_config = snippets_notification_configs.update_notification_config( + ORG_ID, UPDATE_CONFIG_ID, PUBSUB_TOPIC + ) + assert updated_config is not None + + +def test_receive_notifications(): + assert ( + snippets_notification_receiver.receive_notifications( + PROJECT_ID, PUBSUB_SUBSCRIPTION + ) + ) diff --git a/securitycenter/snippets/snippets_orgs.py b/securitycenter/snippets/snippets_orgs.py new file mode 100644 index 000000000000..6b95e49e8601 --- /dev/null +++ b/securitycenter/snippets/snippets_orgs.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Examples for working with organization settings. """ + + +def get_settings(organization_id): + """Example showing how to retreive current organization settings.""" + # [START get_org_settings] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + # organization_id is numeric ID for the organization. e.g. + # organization_id = "111112223333" + + org_settings_name = client.organization_settings_path(organization_id) + + org_settings = client.get_organization_settings(org_settings_name) + print(org_settings) + # [END get_org_settings] + + +def update_asset_discovery_org_settings(organization_id): + """Example showing how to update the asset discovery configuration + for an organization.""" + # [START update_org_settings] + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + # Create the client + client = securitycenter.SecurityCenterClient() + # organization_id is numeric ID for the organization. e.g. + # organization_id = "111112223333" + org_settings_name = "organizations/{org_id}/organizationSettings".format( + org_id=organization_id + ) + # Only update the enable_asset_discovery_value (leave others untouched). + field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"]) + # Call the service. + updated = client.update_organization_settings( + {"name": org_settings_name, "enable_asset_discovery": True}, + update_mask=field_mask, + ) + print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) + # [END update_org_settings] + return updated diff --git a/securitycenter/snippets/snippets_orgs_test.py b/securitycenter/snippets/snippets_orgs_test.py new file mode 100644 index 000000000000..fc9a3a90663d --- /dev/null +++ b/securitycenter/snippets/snippets_orgs_test.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Examples for working with organization settings. """ +import os + +import pytest + +import snippets_orgs + + +@pytest.fixture(scope="module") +def organization_id(): + """Get Organization ID from the environment variable """ + return os.environ["GCLOUD_ORGANIZATION"] + + +def test_get_settings(organization_id): + snippets_orgs.get_settings(organization_id) + + +def test_update_asset_discovery_org_settings(organization_id): + updated = snippets_orgs.update_asset_discovery_org_settings(organization_id) + assert updated.enable_asset_discovery diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py new file mode 100644 index 000000000000..885323410c40 --- /dev/null +++ b/securitycenter/snippets/snippets_security_marks.py @@ -0,0 +1,187 @@ +#!/usr/bin/env python +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Demos for working with security marks.""" + + +def add_to_asset(asset_name): + """Add new security marks to an asset.""" + # [START add_marks_to_asset] + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + # Create a new client. + client = securitycenter.SecurityCenterClient() + + # asset_name is the resource path for an asset that exists in CSCC. + # Its format is "organization/{organization_id}/assets/{asset_id} + # e.g.: + # asset_name = organizations/123123342/assets/12312321 + marks_name = "{}/securityMarks".format(asset_name) + + # Notice the suffix after "marks." in the field mask matches the keys + # in marks. + field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) + marks = {"key_a": "value_a", "key_b": "value_b"} + + updated_marks = client.update_security_marks( + {"name": marks_name, "marks": marks}, + # If this field was left empty, all marks would be cleared before adding + # the new values. + update_mask=field_mask, + ) + print(updated_marks) + # [END add_marks_to_asset] + return updated_marks, marks + + +def clear_from_asset(asset_name): + """Removes security marks from an asset.""" + # Make sure they are there first + add_to_asset(asset_name) + # [START clear_marks_asset] + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + # Create a new client. + client = securitycenter.SecurityCenterClient() + + # asset_name is the resource path for an asset that exists in CSCC. + # Its format is "organization/{organization_id}/assets/{asset_id} + # e.g.: + # asset_name = organizations/123123342/assets/12312321 + marks_name = "{}/securityMarks".format(asset_name) + + field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) + + updated_marks = client.update_security_marks( + { + "name": marks_name + # Note, no marks specified, so the specified values in + # the fields masks will be deleted. + }, + # If this field was left empty, all marks would be cleared. + update_mask=field_mask, + ) + print(updated_marks) + # [END clear_marks_asset] + return updated_marks + + +def delete_and_update_marks(asset_name): + """Updates and deletes security marks from an asset in the same call.""" + # Make sure they are there first + add_to_asset(asset_name) + # [START delete_and_update_marks] + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + client = securitycenter.SecurityCenterClient() + # asset_name is the resource path for an asset that exists in CSCC. + # Its format is "organization/{organization_id}/assets/{asset_id} + # e.g.: + # asset_name = organizations/123123342/assets/12312321 + marks_name = "{}/securityMarks".format(asset_name) + + field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) + marks = {"key_a": "new_value_for_a"} + + updated_marks = client.update_security_marks( + {"name": marks_name, "marks": marks}, update_mask=field_mask + ) + print(updated_marks) + # [END delete_and_update_marks] + return updated_marks + + +def add_to_finding(finding_name): + """Adds security marks to a finding. """ + # [START add_marks_to_finding] + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + client = securitycenter.SecurityCenterClient() + # finding_name is the resource path for a finding that exists in CSCC. + # Its format is + # "organizations/{org_id}/sources/{source_id}/findings/{finding_id}" + # e.g.: + # finding_name = "organizations/1112/sources/1234/findings/findingid" + finding_marks_name = "{}/securityMarks".format(finding_name) + + # Notice the suffix after "marks." in the field mask matches the keys + # in marks. + field_mask = field_mask_pb2.FieldMask( + paths=["marks.finding_key_a", "marks.finding_key_b"] + ) + marks = {"finding_key_a": "value_a", "finding_key_b": "value_b"} + + updated_marks = client.update_security_marks( + {"name": finding_marks_name, "marks": marks}, update_mask=field_mask + ) + # [END add_marks_to_finding] + return updated_marks, marks + + +def list_assets_with_query_marks(organization_id, asset_name): + """Lists assets with a filter on security marks. """ + add_to_asset(asset_name) + i = -1 + # [START demo_list_assets_with_security_marks] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # organization_id is the numeric ID of the organization. + # organization_id=1234567777 + org_name = "organizations/{org_id}".format(org_id=organization_id) + + marks_filter = 'security_marks.marks.key_a = "value_a"' + # Call the API and print results. + asset_iterator = client.list_assets(org_name, filter_=marks_filter) + + # Call the API and print results. + asset_iterator = client.list_assets(org_name, filter_=marks_filter) + for i, asset_result in enumerate(asset_iterator): + print(i, asset_result) + # [END demo_list_assets_with_security_marks] + return i + + +def list_findings_with_query_marks(source_name, finding_name): + """Lists findings with a filter on security marks.""" + # ensure marks are set on finding. + add_to_finding(finding_name) + i = -1 + # [START demo_list_findings_with_security_marks] + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + # source_name is the resource path for a source that has been + # created previously (you can use list_sources to find a specific one). + # Its format is: + # source_name = "organizations/{organization_id}/sources/{source_id}" + # e.g.: + # source_name = "organizations/111122222444/sources/1234" + marks_filter = 'NOT security_marks.marks.finding_key_a="value_a"' + + # Call the API and print results. + finding_iterator = client.list_findings(source_name, filter_=marks_filter) + for i, finding_result in enumerate(finding_iterator): + print(i, finding_result) + # [END demo_list_findings_with_security_marks] + # one finding should have been updated with keys, and one should be + # untouched. + return i diff --git a/securitycenter/snippets/snippets_security_marks_test.py b/securitycenter/snippets/snippets_security_marks_test.py new file mode 100644 index 000000000000..18950f86bbfd --- /dev/null +++ b/securitycenter/snippets/snippets_security_marks_test.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Demos for working with security marks.""" +import os +import random + +import pytest + +import snippets_security_marks + + +@pytest.fixture(scope="module") +def organization_id(): + """Gets Organization ID from the environment variable """ + return os.environ["GCLOUD_ORGANIZATION"] + + +@pytest.fixture(scope="module") +def asset_name(organization_id): + """Returns a random asset name from existing assets.""" + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + # organization_id is the numeric ID of the organization. + # organization_id=1234567777 + org_name = "organizations/{org_id}".format(org_id=organization_id) + assets = list(client.list_assets(org_name)) + # Select a random asset to avoid collision between integration tests. + asset = (random.sample(assets, 1)[0]).asset.name + + # Set fresh marks. + update = client.update_security_marks( + {"name": "{}/securityMarks".format(asset), "marks": {"other": "other_val"}} + ) + assert update.marks == {"other": "other_val"} + return asset + + +@pytest.fixture(scope="module") +def source_name(organization_id): + """Creates a new source in the organization.""" + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + org_name = "organizations/{org_id}".format(org_id=organization_id) + source = client.create_source( + org_name, + { + "display_name": "Security marks Unit test source", + "description": "A new custom source that does X", + }, + ) + return source.name + + +@pytest.fixture(scope="module") +def finding_name(source_name): + """Creates a new finding and returns it name.""" + from google.cloud import securitycenter + from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding + from google.protobuf.timestamp_pb2 import Timestamp + + client = securitycenter.SecurityCenterClient() + + now_proto = Timestamp() + now_proto.GetCurrentTime() + + finding = client.create_finding( + source_name, + "scfinding", + { + "state": Finding.ACTIVE, + "category": "C1", + "event_time": now_proto, + "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", + }, + ) + client.create_finding( + source_name, + "untouched", + { + "state": Finding.ACTIVE, + "category": "MEDIUM_RISK_ONE", + "event_time": now_proto, + "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", + }, + ) + + return finding.name + + +def test_add_to_asset(asset_name): + updated_marks, marks = snippets_security_marks.add_to_asset(asset_name) + assert updated_marks.marks.keys() >= marks.keys() + + +def test_clear_from_asset(asset_name): + updated_marks = snippets_security_marks.clear_from_asset(asset_name) + assert "other" in updated_marks.marks + assert len(updated_marks.marks) == 1 + + +def test_delete_and_update_marks(asset_name): + updated_marks = snippets_security_marks.delete_and_update_marks(asset_name) + assert updated_marks.marks == {"key_a": "new_value_for_a", "other": "other_val"} + + +def test_add_to_finding(finding_name): + updated_marks, marks = snippets_security_marks.add_to_finding(finding_name) + assert updated_marks.marks == marks + + +def test_list_assets_with_query_marks(organization_id, asset_name): + count = snippets_security_marks.list_assets_with_query_marks( + organization_id, asset_name + ) + assert count >= 0 + + +def test_list_findings_with_query_marks(source_name, finding_name): + count = snippets_security_marks.list_findings_with_query_marks( + source_name, finding_name + ) + assert count == 0 From 288e035aeb9759b6c8c3c53c30f317223f1cec96 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 15 Jul 2020 02:44:31 +0200 Subject: [PATCH 02/95] chore(deps): update dependency google-cloud-pubsub to v1.7.0 (#42) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 4b59ce29cc1a..3d83981d8bc9 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==1.6.0 +google-cloud-pubsub==1.7.0 google-cloud-securitycenter==0.6.0 \ No newline at end of file From fb71400cd238a573de14225c97cd85f319f3baff Mon Sep 17 00:00:00 2001 From: hannah-tsai <64800225+hannah-tsai@users.noreply.github.com> Date: Wed, 22 Jul 2020 23:08:03 -0700 Subject: [PATCH 03/95] docs: Update Security Command Center UpdateNotificationConfig sample, adding filter to mutable field (#39) Fixes b/155346619 Add "filter" to mutable fields for UpdateNotificationConfig. --- securitycenter/snippets/snippets_notification_configs.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index acc4b8ba13c0..09d284e996fd 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -120,15 +120,19 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t ) updated_description = "New updated description" + updated_filter = 'state = "INACTIVE"' # Only description and pubsub_topic can be updated. - field_mask = field_mask_pb2.FieldMask(paths=["description", "pubsub_topic"]) + field_mask = field_mask_pb2.FieldMask( + paths=["description", "pubsub_topic", "streaming_config.fitler"] + ) updated_notification_config = client.update_notification_config( { "name": notification_config_name, "description": updated_description, "pubsub_topic": pubsub_topic, + "streaming_config": {"filter": updated_filter}, }, update_mask=field_mask, ) From 9127d9c1d0a624c1938796e471a693c8fee44268 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Thu, 10 Sep 2020 10:06:02 -0700 Subject: [PATCH 04/95] feat: add field severity to findings; update retry configs (#53) This PR was generated using Autosynth. :rainbow: Synth log will be available here: https://source.cloud.google.com/results/invocations/d5a3b809-9df8-4d37-93b2-9714b500d6ce/targets - [ ] To automatically regenerate this PR, check this box. PiperOrigin-RevId: 324294521 Source-Link: https://github.com/googleapis/googleapis/commit/868615a5c1c1059c636bb3d82a555edb1d5a251e PiperOrigin-RevId: 324035013 Source-Link: https://github.com/googleapis/googleapis/commit/8cda089accaead072caea33c5081be8a4b8f9ea7 PiperOrigin-RevId: 323803770 Source-Link: https://github.com/googleapis/googleapis/commit/706053bbfb3f16ef752e513c2898a1f26cdd8e41 PiperOrigin-RevId: 323795963 Source-Link: https://github.com/googleapis/googleapis/commit/c1b9289be1be876ef494f31c9662bc49b4f906e0 PiperOrigin-RevId: 323657371 Source-Link: https://github.com/googleapis/googleapis/commit/1907f0fdbd1c51e62d8452a4007bf2134a8bd4c2 PiperOrigin-RevId: 323630732 Source-Link: https://github.com/googleapis/googleapis/commit/74e8cf85f23d3cef04fcc75b4f59a21a2b41886c PiperOrigin-RevId: 323605868 Source-Link: https://github.com/googleapis/googleapis/commit/0c6a73081373ff3ff3d470efe554f2f1efd64041 PiperOrigin-RevId: 323472217 Source-Link: https://github.com/googleapis/googleapis/commit/6a813acf535e4746fa4a135ce23547bb6425c26d PiperOrigin-RevId: 323062460 Source-Link: https://github.com/googleapis/googleapis/commit/599ede9ebdeb33a91be48748f5f83ec13e7e692c PiperOrigin-RevId: 322867095 Source-Link: https://github.com/googleapis/googleapis/commit/e26e1839a45445d13cd45b1be3b1523defb72fee PiperOrigin-RevId: 321179885 Source-Link: https://github.com/googleapis/googleapis/commit/9362f58401cfe3b463b75a18d134bb818ad4dcb2 PiperOrigin-RevId: 321179822 Source-Link: https://github.com/googleapis/googleapis/commit/afa7f44f57e6ac33cf060d1764c9940dd404f725 --- securitycenter/snippets/noxfile.py | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 5660f08be441..ba55d7ce53ca 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -37,22 +37,24 @@ TEST_CONFIG = { # You can opt out from the test for specific Python versions. - "ignored_versions": ["2.7"], + 'ignored_versions': ["2.7"], + # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', + # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. - "envs": {}, + 'envs': {}, } try: # Ensure we can import noxfile_config in the project's directory. - sys.path.append(".") + sys.path.append('.') from noxfile_config import TEST_CONFIG_OVERRIDE except ImportError as e: print("No user noxfile_config found: detail: {}".format(e)) @@ -67,12 +69,12 @@ def get_pytest_env_vars(): ret = {} # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG["gcloud_project_env"] + env_key = TEST_CONFIG['gcloud_project_env'] # This should error out if not set. - ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] + ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] # Apply user supplied envs. - ret.update(TEST_CONFIG["envs"]) + ret.update(TEST_CONFIG['envs']) return ret @@ -81,7 +83,7 @@ def get_pytest_env_vars(): ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8"] # Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] +IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) @@ -136,7 +138,7 @@ def lint(session): args = FLAKE8_COMMON_ARGS + [ "--application-import-names", ",".join(local_names), - ".", + "." ] session.run("flake8", *args) @@ -180,9 +182,9 @@ def py(session): if session.python in TESTED_VERSIONS: _session_tests(session) else: - session.skip( - "SKIPPED: {} tests are disabled for this sample.".format(session.python) - ) + session.skip("SKIPPED: {} tests are disabled for this sample.".format( + session.python + )) # From 0c27bf862028416b897b463365246e8d6dddd590 Mon Sep 17 00:00:00 2001 From: Takashi Matsuo Date: Fri, 18 Sep 2020 22:33:11 +0000 Subject: [PATCH 05/95] fix(sample): fix a broken test (#63) * fix(sample): fix a broken test fixes #59 --- securitycenter/snippets/snippets_notification_configs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index 09d284e996fd..f0a4a6dfdfd3 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -124,7 +124,7 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t # Only description and pubsub_topic can be updated. field_mask = field_mask_pb2.FieldMask( - paths=["description", "pubsub_topic", "streaming_config.fitler"] + paths=["description", "pubsub_topic", "streaming_config.filter"] ) updated_notification_config = client.update_notification_config( From 02def848145e43ba669d89d338842d97996e8c4f Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 29 Sep 2020 19:04:04 +0200 Subject: [PATCH 06/95] chore(deps): update dependency google-cloud-securitycenter to v0.7.1 (#58) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [google-cloud-securitycenter](https://togithub.com/googleapis/python-securitycenter) | minor | `==0.6.0` -> `==0.7.1` | --- ### Release Notes
googleapis/python-securitycenter ### [`v0.7.1`](https://togithub.com/googleapis/python-securitycenter/blob/master/CHANGELOG.md#​071-httpswwwgithubcomgoogleapispython-securitycentercomparev070v071-2020-09-18) [Compare Source](https://togithub.com/googleapis/python-securitycenter/compare/v0.7.0...v0.7.1) ### [`v0.7.0`](https://togithub.com/googleapis/python-securitycenter/blob/master/CHANGELOG.md#​070-httpswwwgithubcomgoogleapispython-securitycentercomparev060v070-2020-09-10) [Compare Source](https://togithub.com/googleapis/python-securitycenter/compare/v0.6.0...v0.7.0) ##### Features - add field severity to findings; update retry configs ([#​53](https://www.github.com/googleapis/python-securitycenter/issues/53)) ([80494a9](https://www.github.com/googleapis/python-securitycenter/commit/80494a915ca33d260862694be889b817869ff01a)) ##### Documentation - Update Security Command Center UpdateNotificationConfig sample, adding filter to mutable field ([#​39](https://www.github.com/googleapis/python-securitycenter/issues/39)) ([c70d790](https://www.github.com/googleapis/python-securitycenter/commit/c70d7904425ae5ac252ffa7317ec6d08234a6c27))
--- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-securitycenter). --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 3d83981d8bc9..50d1d6a3a96a 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==1.7.0 -google-cloud-securitycenter==0.6.0 \ No newline at end of file +google-cloud-securitycenter==0.7.1 \ No newline at end of file From 52b30405e77270f9bb673c06ffc49645293db3bf Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 2 Oct 2020 18:46:25 +0200 Subject: [PATCH 07/95] chore(deps): update dependency google-cloud-pubsub to v2 (#61) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 50d1d6a3a96a..e8325a9a1c72 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==1.7.0 +google-cloud-pubsub==2.1.0 google-cloud-securitycenter==0.7.1 \ No newline at end of file From 21e6a58ae405fe40f78656ae5c072aceba31b369 Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Thu, 8 Oct 2020 09:30:10 -0600 Subject: [PATCH 08/95] feat!: generate with microgenerator (#49) See UPGRADING.md for details. --- securitycenter/snippets/snippets_findings.py | 185 ++++++++++-------- .../snippets/snippets_findings_test.py | 12 +- .../snippets/snippets_list_assets.py | 43 ++-- .../snippets/snippets_notification_configs.py | 42 ++-- .../snippets_notification_receiver.py | 8 +- .../snippets/snippets_notification_test.py | 62 +++--- securitycenter/snippets/snippets_orgs.py | 11 +- .../snippets/snippets_security_marks.py | 45 +++-- .../snippets/snippets_security_marks_test.py | 59 +++--- 9 files changed, 270 insertions(+), 197 deletions(-) diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index ec465f20e02d..a47dbacde385 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -28,11 +28,13 @@ def create_source(organization_id): org_name = "organizations/{org_id}".format(org_id=organization_id) created = client.create_source( - org_name, - { - "display_name": "Customized Display Name", - "description": "A new custom source that does X", - }, + request={ + "parent": org_name, + "source": { + "display_name": "Customized Display Name", + "description": "A new custom source that does X", + }, + } ) print("Created Source: {}".format(created.name)) # [END create_source] @@ -51,7 +53,7 @@ def get_source(source_name): # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" - source = client.get_source(source_name) + source = client.get_source(request={"name": source_name}) print("Source: {}".format(source)) # [END get_source] @@ -76,8 +78,10 @@ def update_source(source_name): # e.g.: # source_name = "organizations/111122222444/sources/1234" updated = client.update_source( - {"name": source_name, "display_name": "Updated Display Name"}, - update_mask=field_mask, + request={ + "source": {"name": source_name, "display_name": "Updated Display Name"}, + "update_mask": field_mask, + } ) print("Updated Source: {}".format(updated)) # [END update_source] @@ -100,7 +104,7 @@ def add_user_to_source(source_name): # e.g.: # source_name = "organizations/111122222444/sources/1234" # Get the old policy so we can do an incremental update. - old_policy = client.get_iam_policy(source_name) + old_policy = client.get_iam_policy(request={"resource": source_name}) print("Old Policy: {}".format(old_policy)) # Setup a new IAM binding. @@ -112,7 +116,10 @@ def add_user_to_source(source_name): # Setting the e-tag avoids over-write existing policy updated = client.set_iam_policy( - source_name, {"etag": old_policy.etag, "bindings": [binding]} + request={ + "resource": source_name, + "policy": {"etag": old_policy.etag, "bindings": [binding]}, + } ) print("Updated Policy: {}".format(updated)) @@ -134,7 +141,7 @@ def list_source(organization_id): org_name = "organizations/{org_id}".format(org_id=organization_id) # Call the API and print out each existing source. - for i, source in enumerate(client.list_sources(org_name)): + for i, source in enumerate(client.list_sources(request={"parent": org_name})): print(i, source) # [END list_sources] return i @@ -144,15 +151,14 @@ def create_finding(source_name): """Creates a new finding.""" # [START create_finding] from google.cloud import securitycenter - from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding - from google.protobuf.timestamp_pb2 import Timestamp + from google.cloud.securitycenter_v1 import CreateFindingRequest, Finding + import datetime # Create a new client. client = securitycenter.SecurityCenterClient() # Use the current time as the finding "event time". - now_proto = Timestamp() - now_proto.GetCurrentTime() + event_time = datetime.datetime.now() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). @@ -169,16 +175,21 @@ def create_finding(source_name): # if there are matches. resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" + finding = Finding( + state=Finding.State.ACTIVE, + resource_name=resource_name, + category="MEDIUM_RISK_ONE", + event_time=event_time, + ) + + request = CreateFindingRequest( + parent=source_name, + finding_id=finding_id, + finding=finding, + ) # Call The API. created_finding = client.create_finding( - source_name, - finding_id, - { - "state": Finding.ACTIVE, - "resource_name": resource_name, - "category": "MEDIUM_RISK_ONE", - "event_time": now_proto, - }, + request=request ) print(created_finding) # [END create_finding] @@ -188,9 +199,10 @@ def create_finding(source_name): def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ # [START create_finding_with_properties] + import datetime + from google.cloud import securitycenter - from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding - from google.protobuf.timestamp_pb2 import Timestamp + from google.cloud.securitycenter_v1 import Finding from google.protobuf.struct_pb2 import Value # Create a new client. @@ -218,19 +230,22 @@ def create_finding_with_source_properties(source_name): num_value.number_value = 1234 # Use the current time as the finding "event time". - now_proto = Timestamp() - now_proto.GetCurrentTime() + event_time = datetime.datetime.now() + + finding = Finding( + state=Finding.State.ACTIVE, + resource_name=resource_name, + category="MEDIUM_RISK_ONE", + source_properties={"s_value": "string_example", "n_value": 1234}, + event_time=event_time, + ) created_finding = client.create_finding( - source_name, - finding_id, - { - "state": Finding.ACTIVE, - "resource_name": resource_name, - "category": "MEDIUM_RISK_ONE", - "source_properties": {"s_value": str_value, "n_value": num_value}, - "event_time": now_proto, - }, + request={ + "parent": source_name, + "finding_id": finding_id, + "finding": finding + } ) print(created_finding) # [END create_finding_with_properties] @@ -238,10 +253,11 @@ def create_finding_with_source_properties(source_name): def update_finding(source_name): # [START update_finding] + import datetime + from google.cloud import securitycenter - from google.protobuf.struct_pb2 import Value + from google.cloud.securitycenter_v1 import Finding from google.protobuf import field_mask_pb2 - from google.protobuf.timestamp_pb2 import Timestamp client = securitycenter.SecurityCenterClient() # Only update the specific source property and event_time. event_time @@ -249,13 +265,10 @@ def update_finding(source_name): field_mask = field_mask_pb2.FieldMask( paths=["source_properties.s_value", "event_time"] ) - value = Value() - value.string_value = "new_string" # Set the update time to Now. This must be some time greater then the # event_time on the original finding. - now_proto = Timestamp() - now_proto.GetCurrentTime() + event_time = datetime.datetime.now() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). @@ -264,18 +277,21 @@ def update_finding(source_name): # e.g.: # source_name = "organizations/111122222444/sources/1234" finding_name = "{}/findings/samplefindingid2".format(source_name) + finding = Finding( + name=finding_name, + source_properties={"s_value": "new_string"}, + event_time=event_time, + ) updated_finding = client.update_finding( - { - "name": finding_name, - "source_properties": {"s_value": value}, - "event_time": now_proto, - }, - update_mask=field_mask, + request={ + "finding": finding, + "update_mask": field_mask, + } ) print( "New Source properties: {}, Event Time {}".format( - updated_finding.source_properties, updated_finding.event_time.ToDatetime() + updated_finding.source_properties, updated_finding.event_time ) ) # [END update_finding] @@ -284,10 +300,10 @@ def update_finding(source_name): def update_finding_state(source_name): """Demonstrate updating only a finding state.""" # [START update_finding_state] - from google.cloud import securitycenter - from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding - from google.protobuf.timestamp_pb2 import Timestamp + import datetime + from google.cloud import securitycenter + from google.cloud.securitycenter_v1 import Finding # Create a client. client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been @@ -298,14 +314,15 @@ def update_finding_state(source_name): # source_name = "organizations/111122222444/sources/1234" finding_name = "{}/findings/samplefindingid2".format(source_name) - now_proto = Timestamp() - now_proto.GetCurrentTime() - # Call the API to change the finding state to inactive as of now. new_finding = client.set_finding_state( - finding_name, Finding.INACTIVE, start_time=now_proto + request={ + "name": finding_name, + "state": Finding.State.INACTIVE, + "start_time": datetime.datetime.now(), + } ) - print("New state: {}".format(Finding.State.Name(new_finding.state))) + print(f"New state: {new_finding.state}") # [END update_finding_state] @@ -326,7 +343,10 @@ def trouble_shoot(source_name): # Check for permssions to call create_finding or update_finding. permission_response = client.test_iam_permissions( - source_name, ["securitycenter.findings.update"] + request={ + "resource": source_name, + "permissions": ["securitycenter.findings.update"], + } ) print( @@ -339,7 +359,10 @@ def trouble_shoot(source_name): # [START test_iam_permissions] # Check for permissions necessary to call set_finding_state. permission_response = client.test_iam_permissions( - source_name, ["securitycenter.findings.setState"] + request={ + "resource": source_name, + "permissions": ["securitycenter.findings.setState"], + } ) print( "Permision to update state? {}".format(len(permission_response.permissions) > 0) @@ -362,7 +385,7 @@ def list_all_findings(organization_id): # The "sources/-" suffix lists findings across all sources. You # also use a specific source_name instead. all_sources = "{org_name}/sources/-".format(org_name=org_name) - finding_result_iterator = client.list_findings(all_sources) + finding_result_iterator = client.list_findings(request={"parent": all_sources}) for i, finding_result in enumerate(finding_result_iterator): print( "{}: name: {} resource: {}".format( @@ -389,7 +412,7 @@ def list_filtered_findings(source_name): # You an also use a wild-card "-" for all sources: # source_name = "organizations/111122222444/sources/-" finding_result_iterator = client.list_findings( - source_name, filter_='category="MEDIUM_RISK_ONE"' + request={"parent": source_name, "filter": 'category="MEDIUM_RISK_ONE"'} ) # Iterate an print all finding names and the resource they are # in reference to. @@ -406,7 +429,6 @@ def list_filtered_findings(source_name): def list_findings_at_time(source_name): # [START list_findings_at_a_time] from google.cloud import securitycenter - from google.protobuf.timestamp_pb2 import Timestamp from datetime import timedelta, datetime # Create a new client. @@ -420,14 +442,14 @@ def list_findings_at_time(source_name): # source_name = "organizations/111122222444/sources/1234" # You an also use a wild-card "-" for all sources: # source_name = "organizations/111122222444/sources/-" - five_days_ago = Timestamp() - five_days_ago.FromDatetime(datetime.now() - timedelta(days=5)) + five_days_ago = str(datetime.now() - timedelta(days=5)) # [END list_findings_at_a_time] i = -1 - five_days_ago.FromDatetime(datetime(2019, 3, 5, 0, 0, 0)) # [START list_findings_at_a_time] - finding_result_iterator = client.list_findings(source_name, read_time=five_days_ago) + finding_result_iterator = client.list_findings( + request={"parent": source_name, "filter": five_days_ago} + ) for i, finding_result in enumerate(finding_result_iterator): print( "{}: name: {} resource: {}".format( @@ -452,7 +474,7 @@ def get_iam_policy(source_name): # e.g.: # source_name = "organizations/111122222444/sources/1234" # Get the old policy so we can do an incremental update. - policy = client.get_iam_policy(source_name) + policy = client.get_iam_policy(request={"resource": source_name}) print("Policy: {}".format(policy)) # [END get_source_iam] @@ -472,7 +494,9 @@ def group_all_findings(organization_id): # The "sources/-" suffix lists findings across all sources. You # also use a specific source_name instead. all_sources = "{org_name}/sources/-".format(org_name=org_name) - group_result_iterator = client.group_findings(all_sources, group_by="category") + group_result_iterator = client.group_findings( + request={"parent": all_sources, "group_by": "category"} + ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) # [END group_all_findings] @@ -496,7 +520,11 @@ def group_filtered_findings(source_name): # source_name = "organizations/111122222444/sources/1234" group_result_iterator = client.group_findings( - source_name, group_by="category", filter_='state="ACTIVE"' + request={ + "parent": source_name, + "group_by": "category", + "filter": 'state="ACTIVE"', + } ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) @@ -511,7 +539,6 @@ def group_findings_at_time(source_name): # [START group_findings_at_time] from datetime import datetime, timedelta from google.cloud import securitycenter - from google.protobuf.timestamp_pb2 import Timestamp # Create a client. client = securitycenter.SecurityCenterClient() @@ -525,11 +552,13 @@ def group_findings_at_time(source_name): # Group findings as of yesterday. read_time = datetime.utcnow() - timedelta(days=1) - timestamp_proto = Timestamp() - timestamp_proto.FromDatetime(read_time) group_result_iterator = client.group_findings( - source_name, group_by="category", read_time=timestamp_proto + request={ + "parent": source_name, + "group_by": "category", + "read_time": read_time, + } ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) @@ -545,7 +574,6 @@ def group_findings_and_changes(source_name): from datetime import timedelta from google.cloud import securitycenter - from google.protobuf.duration_pb2 import Duration # Create a client. client = securitycenter.SecurityCenterClient() @@ -559,12 +587,13 @@ def group_findings_and_changes(source_name): # List assets and their state change the last 30 days compare_delta = timedelta(days=30) - # Convert the timedelta to a Duration - duration_proto = Duration() - duration_proto.FromTimedelta(compare_delta) group_result_iterator = client.group_findings( - source_name, group_by="state_change", compare_duration=duration_proto + request={ + "parent": source_name, + "group_by": "state_change", + "compare_duration": compare_delta, + } ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) diff --git a/securitycenter/snippets/snippets_findings_test.py b/securitycenter/snippets/snippets_findings_test.py index 8ac01d8c13c4..8a68117aeb19 100644 --- a/securitycenter/snippets/snippets_findings_test.py +++ b/securitycenter/snippets/snippets_findings_test.py @@ -35,11 +35,13 @@ def source_name(organization_id): org_name = "organizations/{org_id}".format(org_id=organization_id) source = client.create_source( - org_name, - { - "display_name": "Unit test source", - "description": "A new custom source that does X", - }, + request={ + "parent": org_name, + "source": { + "display_name": "Unit test source", + "description": "A new custom source that does X", + }, + } ) return source.name diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index f88638023c16..7eb85932e315 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -29,7 +29,7 @@ def list_all_assets(organization_id): org_name = "organizations/{org_id}".format(org_id=organization_id) # Call the API and print results. - asset_iterator = client.list_assets(org_name) + asset_iterator = client.list_assets(request={"parent": org_name}) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_all_assets] @@ -53,7 +53,9 @@ def list_assets_with_filters(organization_id): + '"google.cloud.resourcemanager.Project"' ) # Call the API and print results. - asset_iterator = client.list_assets(org_name, filter_=project_filter) + asset_iterator = client.list_assets( + request={"parent": org_name, "filter": project_filter} + ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_filter] @@ -66,8 +68,6 @@ def list_assets_with_filters_and_read_time(organization_id): # [START demo_list_assets_with_filter_and_time] from datetime import datetime, timedelta - from google.protobuf.timestamp_pb2 import Timestamp - from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -83,12 +83,14 @@ def list_assets_with_filters_and_read_time(organization_id): # Lists assets as of yesterday. read_time = datetime.utcnow() - timedelta(days=1) - timestamp_proto = Timestamp() - timestamp_proto.FromDatetime(read_time) # Call the API and print results. asset_iterator = client.list_assets( - org_name, filter_=project_filter, read_time=timestamp_proto + request={ + "parent": org_name, + "filter": project_filter, + "read_time": read_time, + } ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) @@ -102,7 +104,6 @@ def list_point_in_time_changes(organization_id): # [START demo_list_assets_changes] from datetime import timedelta - from google.protobuf.duration_pb2 import Duration from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -117,12 +118,14 @@ def list_point_in_time_changes(organization_id): # List assets and their state change the last 30 days compare_delta = timedelta(days=30) - # Convert the timedelta to a Duration - duration_proto = Duration() - duration_proto.FromTimedelta(compare_delta) + # Call the API and print results. asset_iterator = client.list_assets( - org_name, filter_=project_filter, compare_duration=duration_proto + request={ + "parent": org_name, + "filter": project_filter, + "compare_duration": compare_delta, + } ) for i, asset in enumerate(asset_iterator): print(i, asset) @@ -145,7 +148,9 @@ def group_assets(organization_id): group_by_type = "security_center_properties.resource_type" - result_iterator = client.group_assets(org_name, group_by=group_by_type) + result_iterator = client.group_assets( + request={"parent": org_name, "group_by": group_by_type} + ) for i, result in enumerate(result_iterator): print((i + 1), result) # [END group_all_assets] @@ -170,7 +175,7 @@ def group_filtered_assets(organization_id): + '"google.cloud.resourcemanager.Project"' ) result_iterator = client.group_assets( - org_name, group_by=group_by_type, filter_=only_projects + request={"parent": org_name, "group_by": group_by_type, "filter": only_projects} ) for i, result in enumerate(result_iterator): print((i + 1), result) @@ -186,18 +191,20 @@ def group_assets_by_changes(organization_id): from datetime import timedelta from google.cloud import securitycenter - from google.protobuf.duration_pb2 import Duration client = securitycenter.SecurityCenterClient() - duration_proto = Duration() - duration_proto.FromTimedelta(timedelta(days=5)) + duration = timedelta(days=5) # organization_id is the numeric ID of the organization. # organization_id = "1234567777" org_name = "organizations/{org_id}".format(org_id=organization_id) result_iterator = client.group_assets( - org_name, group_by="state_change", compare_duration=duration_proto + request={ + "parent": org_name, + "group_by": "state_change", + "compare_duration": duration, + } ) for i, result in enumerate(result_iterator): print((i + 1), result) diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index f0a4a6dfdfd3..cadbd8e0b85b 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -31,13 +31,15 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t org_name = "organizations/{org_id}".format(org_id=organization_id) created_notification_config = client.create_notification_config( - org_name, - notification_config_id, - { - "description": "Notification for active findings", - "pubsub_topic": pubsub_topic, - "streaming_config": {"filter": 'state = "ACTIVE"'}, - }, + request={ + "parent": org_name, + "config_id": notification_config_id, + "notification_config": { + "description": "Notification for active findings", + "pubsub_topic": pubsub_topic, + "streaming_config": {"filter": 'state = "ACTIVE"'}, + }, + } ) print(created_notification_config) @@ -59,7 +61,7 @@ def delete_notification_config(organization_id, notification_config_id): org_id=organization_id, config_id=notification_config_id ) - client.delete_notification_config(notification_config_name) + client.delete_notification_config(request={"name": notification_config_name}) print("Deleted notification config: {}".format(notification_config_name)) # [END scc_delete_notification_config] return True @@ -79,7 +81,9 @@ def get_notification_config(organization_id, notification_config_id): org_id=organization_id, config_id=notification_config_id ) - notification_config = client.get_notification_config(notification_config_name) + notification_config = client.get_notification_config( + request={"name": notification_config_name} + ) print("Got notification config: {}".format(notification_config)) # [END scc_get_notification_config] return notification_config @@ -95,7 +99,9 @@ def list_notification_configs(organization_id): # TODO: organization_id = "your-org-id" org_name = "organizations/{org_id}".format(org_id=organization_id) - notification_configs_iterator = client.list_notification_configs(org_name) + notification_configs_iterator = client.list_notification_configs( + request={"parent": org_name} + ) for i, config in enumerate(notification_configs_iterator): print("{}: notification_config: {}".format(i, config)) # [END scc_list_notification_configs] @@ -128,13 +134,15 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t ) updated_notification_config = client.update_notification_config( - { - "name": notification_config_name, - "description": updated_description, - "pubsub_topic": pubsub_topic, - "streaming_config": {"filter": updated_filter}, - }, - update_mask=field_mask, + request={ + "notification_config": { + "name": notification_config_name, + "description": updated_description, + "pubsub_topic": pubsub_topic, + "streaming_config": {"filter": updated_filter}, + }, + "update_mask": field_mask, + } ) print(updated_notification_config) diff --git a/securitycenter/snippets/snippets_notification_receiver.py b/securitycenter/snippets/snippets_notification_receiver.py index aad6ba797bbd..9fb9f8e4101d 100644 --- a/securitycenter/snippets/snippets_notification_receiver.py +++ b/securitycenter/snippets/snippets_notification_receiver.py @@ -22,10 +22,7 @@ def receive_notifications(project_id, subscription_name): import concurrent from google.cloud import pubsub_v1 - from google.cloud.securitycenter_v1.proto.notification_message_pb2 import ( - NotificationMessage, - ) - from google.protobuf import json_format + from google.cloud.securitycenter_v1 import NotificationMessage # TODO: project_id = "your-project-id" # TODO: subscription_name = "your-subscription-name" @@ -33,8 +30,7 @@ def receive_notifications(project_id, subscription_name): def callback(message): print("Received message") - notification_msg = NotificationMessage() - json_format.Parse(message.data, notification_msg) + notification_msg = NotificationMessage.from_json(message.data) print( "Notification config name: {}".format( diff --git a/securitycenter/snippets/snippets_notification_test.py b/securitycenter/snippets/snippets_notification_test.py index 73ad00602bc7..fc129ab64b86 100644 --- a/securitycenter/snippets/snippets_notification_test.py +++ b/securitycenter/snippets/snippets_notification_test.py @@ -41,7 +41,7 @@ def cleanup_notification_config(notification_config_id): notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( org_id=ORG_ID, config_id=notification_config_id ) - client.delete_notification_config(notification_config_name) + client.delete_notification_config(request={"name": notification_config_name}) @pytest.fixture @@ -51,13 +51,15 @@ def new_notification_config_for_update(): org_name = "organizations/{org_id}".format(org_id=ORG_ID) created_notification_config = client.create_notification_config( - org_name, - UPDATE_CONFIG_ID, - { - "description": "Notification for active findings", - "pubsub_topic": PUBSUB_TOPIC, - "streaming_config": {"filter": ""}, - }, + request={ + "parent": org_name, + "config_id": UPDATE_CONFIG_ID, + "notification_config": { + "description": "Notification for active findings", + "pubsub_topic": PUBSUB_TOPIC, + "streaming_config": {"filter": ""}, + }, + } ) yield created_notification_config cleanup_notification_config(UPDATE_CONFIG_ID) @@ -70,13 +72,15 @@ def new_notification_config_for_get(): org_name = "organizations/{org_id}".format(org_id=ORG_ID) created_notification_config = client.create_notification_config( - org_name, - GET_CONFIG_ID, - { - "description": "Notification for active findings", - "pubsub_topic": PUBSUB_TOPIC, - "streaming_config": {"filter": ""}, - }, + request={ + "parent": org_name, + "config_id": GET_CONFIG_ID, + "notification_config": { + "description": "Notification for active findings", + "pubsub_topic": PUBSUB_TOPIC, + "streaming_config": {"filter": ""}, + }, + } ) yield created_notification_config cleanup_notification_config(GET_CONFIG_ID) @@ -89,13 +93,15 @@ def deleted_notification_config(): org_name = "organizations/{org_id}".format(org_id=ORG_ID) created_notification_config = client.create_notification_config( - org_name, - DELETE_CONFIG_ID, - { - "description": "Notification for active findings", - "pubsub_topic": PUBSUB_TOPIC, - "streaming_config": {"filter": ""}, - }, + request={ + "parent": org_name, + "config_id": DELETE_CONFIG_ID, + "notification_config": { + "description": "Notification for active findings", + "pubsub_topic": PUBSUB_TOPIC, + "streaming_config": {"filter": ""}, + }, + } ) return created_notification_config @@ -110,10 +116,8 @@ def test_create_notification_config(): def test_delete_notification_config(deleted_notification_config): - assert ( - snippets_notification_configs.delete_notification_config( - ORG_ID, DELETE_CONFIG_ID - ) + assert snippets_notification_configs.delete_notification_config( + ORG_ID, DELETE_CONFIG_ID ) @@ -137,8 +141,6 @@ def test_update_notification_config(new_notification_config_for_update): def test_receive_notifications(): - assert ( - snippets_notification_receiver.receive_notifications( - PROJECT_ID, PUBSUB_SUBSCRIPTION - ) + assert snippets_notification_receiver.receive_notifications( + PROJECT_ID, PUBSUB_SUBSCRIPTION ) diff --git a/securitycenter/snippets/snippets_orgs.py b/securitycenter/snippets/snippets_orgs.py index 6b95e49e8601..057173455cc1 100644 --- a/securitycenter/snippets/snippets_orgs.py +++ b/securitycenter/snippets/snippets_orgs.py @@ -27,7 +27,7 @@ def get_settings(organization_id): org_settings_name = client.organization_settings_path(organization_id) - org_settings = client.get_organization_settings(org_settings_name) + org_settings = client.get_organization_settings(request={"name": org_settings_name}) print(org_settings) # [END get_org_settings] @@ -50,8 +50,13 @@ def update_asset_discovery_org_settings(organization_id): field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"]) # Call the service. updated = client.update_organization_settings( - {"name": org_settings_name, "enable_asset_discovery": True}, - update_mask=field_mask, + request={ + "organization_settings": { + "name": org_settings_name, + "enable_asset_discovery": True, + }, + "update_mask": field_mask, + } ) print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) # [END update_org_settings] diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py index 885323410c40..96491a070b2a 100644 --- a/securitycenter/snippets/snippets_security_marks.py +++ b/securitycenter/snippets/snippets_security_marks.py @@ -37,10 +37,10 @@ def add_to_asset(asset_name): marks = {"key_a": "value_a", "key_b": "value_b"} updated_marks = client.update_security_marks( - {"name": marks_name, "marks": marks}, - # If this field was left empty, all marks would be cleared before adding - # the new values. - update_mask=field_mask, + request={ + "security_marks": {"name": marks_name, "marks": marks}, + "update_mask": field_mask, + } ) print(updated_marks) # [END add_marks_to_asset] @@ -67,13 +67,14 @@ def clear_from_asset(asset_name): field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) updated_marks = client.update_security_marks( - { - "name": marks_name - # Note, no marks specified, so the specified values in - # the fields masks will be deleted. - }, - # If this field was left empty, all marks would be cleared. - update_mask=field_mask, + request={ + "security_marks": { + "name": marks_name + # Note, no marks specified, so the specified values in + # the fields masks will be deleted. + }, + "update_mask": field_mask, + } ) print(updated_marks) # [END clear_marks_asset] @@ -99,7 +100,10 @@ def delete_and_update_marks(asset_name): marks = {"key_a": "new_value_for_a"} updated_marks = client.update_security_marks( - {"name": marks_name, "marks": marks}, update_mask=field_mask + request={ + "security_marks": {"name": marks_name, "marks": marks}, + "update_mask": field_mask, + } ) print(updated_marks) # [END delete_and_update_marks] @@ -128,7 +132,10 @@ def add_to_finding(finding_name): marks = {"finding_key_a": "value_a", "finding_key_b": "value_b"} updated_marks = client.update_security_marks( - {"name": finding_marks_name, "marks": marks}, update_mask=field_mask + request={ + "security_marks": {"name": finding_marks_name, "marks": marks}, + "update_mask": field_mask, + } ) # [END add_marks_to_finding] return updated_marks, marks @@ -149,10 +156,14 @@ def list_assets_with_query_marks(organization_id, asset_name): marks_filter = 'security_marks.marks.key_a = "value_a"' # Call the API and print results. - asset_iterator = client.list_assets(org_name, filter_=marks_filter) + asset_iterator = client.list_assets( + request={"parent": org_name, "filter": marks_filter} + ) # Call the API and print results. - asset_iterator = client.list_assets(org_name, filter_=marks_filter) + asset_iterator = client.list_assets( + request={"parent": org_name, "filter": marks_filter} + ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_security_marks] @@ -178,7 +189,9 @@ def list_findings_with_query_marks(source_name, finding_name): marks_filter = 'NOT security_marks.marks.finding_key_a="value_a"' # Call the API and print results. - finding_iterator = client.list_findings(source_name, filter_=marks_filter) + finding_iterator = client.list_findings( + request={"parent": source_name, "filter": marks_filter} + ) for i, finding_result in enumerate(finding_iterator): print(i, finding_result) # [END demo_list_findings_with_security_marks] diff --git a/securitycenter/snippets/snippets_security_marks_test.py b/securitycenter/snippets/snippets_security_marks_test.py index 18950f86bbfd..10182416c05e 100644 --- a/securitycenter/snippets/snippets_security_marks_test.py +++ b/securitycenter/snippets/snippets_security_marks_test.py @@ -37,13 +37,18 @@ def asset_name(organization_id): # organization_id is the numeric ID of the organization. # organization_id=1234567777 org_name = "organizations/{org_id}".format(org_id=organization_id) - assets = list(client.list_assets(org_name)) + assets = list(client.list_assets(request={"parent": org_name})) # Select a random asset to avoid collision between integration tests. asset = (random.sample(assets, 1)[0]).asset.name # Set fresh marks. update = client.update_security_marks( - {"name": "{}/securityMarks".format(asset), "marks": {"other": "other_val"}} + request={ + "security_marks": { + "name": "{}/securityMarks".format(asset), + "marks": {"other": "other_val"}, + } + } ) assert update.marks == {"other": "other_val"} return asset @@ -57,11 +62,13 @@ def source_name(organization_id): client = securitycenter.SecurityCenterClient() org_name = "organizations/{org_id}".format(org_id=organization_id) source = client.create_source( - org_name, - { - "display_name": "Security marks Unit test source", - "description": "A new custom source that does X", - }, + request={ + "parent": org_name, + "source": { + "display_name": "Security marks Unit test source", + "description": "A new custom source that does X", + }, + } ) return source.name @@ -70,7 +77,7 @@ def source_name(organization_id): def finding_name(source_name): """Creates a new finding and returns it name.""" from google.cloud import securitycenter - from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding + from google.cloud.securitycenter_v1 import Finding from google.protobuf.timestamp_pb2 import Timestamp client = securitycenter.SecurityCenterClient() @@ -79,24 +86,28 @@ def finding_name(source_name): now_proto.GetCurrentTime() finding = client.create_finding( - source_name, - "scfinding", - { - "state": Finding.ACTIVE, - "category": "C1", - "event_time": now_proto, - "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", - }, + request={ + "parent": source_name, + "finding_id": "scfinding", + "finding": { + "state": Finding.State.ACTIVE, + "category": "C1", + "event_time": now_proto, + "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", + }, + } ) client.create_finding( - source_name, - "untouched", - { - "state": Finding.ACTIVE, - "category": "MEDIUM_RISK_ONE", - "event_time": now_proto, - "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", - }, + request={ + "parent": source_name, + "finding_id": "untouched", + "finding": { + "state": Finding.State.ACTIVE, + "category": "MEDIUM_RISK_ONE", + "event_time": now_proto, + "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", + }, + } ) return finding.name From fdd8f94f7ed7cd895aa14ac336a1fe759b9feed9 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 8 Oct 2020 22:21:53 +0200 Subject: [PATCH 09/95] chore(deps): update dependency google-cloud-securitycenter to v1 (#70) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index e8325a9a1c72..c788df88b84a 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.1.0 -google-cloud-securitycenter==0.7.1 \ No newline at end of file +google-cloud-securitycenter==1.0.0 \ No newline at end of file From 15815bbb5be6b3c77ccc6664deb2db57410db902 Mon Sep 17 00:00:00 2001 From: Pglinsman Date: Fri, 30 Oct 2020 16:22:58 -0700 Subject: [PATCH 10/95] docs: update snippets_findings tags (#78) --- securitycenter/snippets/snippets_findings.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index a47dbacde385..a6d79e8392f4 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -562,7 +562,7 @@ def group_findings_at_time(source_name): ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) - # [END group_filtered_findings_at_time] + # [END group_findings_at_time] return i @@ -570,7 +570,7 @@ def group_findings_and_changes(source_name): """Demonstrates grouping all findings across an organization and associated changes.""" i = 0 - # [START group_filtered_findings_with_changes] + # [START group_findings_with_changes] from datetime import timedelta from google.cloud import securitycenter From 802442382c7769d6fbd5820f76f92b1064369e98 Mon Sep 17 00:00:00 2001 From: Pglinsman Date: Fri, 30 Oct 2020 16:36:03 -0700 Subject: [PATCH 11/95] docs: update snippets_list_assets tags (#77) --- securitycenter/snippets/snippets_list_assets.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index 7eb85932e315..01b957645844 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -160,7 +160,7 @@ def group_assets(organization_id): def group_filtered_assets(organization_id): """Demonstrates grouping assets by type with a filter. """ i = 0 - # [START group_all_assets] + # [START group_all_assets_with_filter] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -179,13 +179,13 @@ def group_filtered_assets(organization_id): ) for i, result in enumerate(result_iterator): print((i + 1), result) - # [END group_all_assets] + # [END group_all_assets_with_filter] # only one asset type is a project return i def group_assets_by_changes(organization_id): - """Demonstrates grouping assets by there changes over a period of time.""" + """Demonstrates grouping assets by their changes over a period of time.""" i = 0 # [START group_all_assets_by_change] from datetime import timedelta From 21a7879c07f82f0fc2a89bb499daade4ab580f1c Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 5 Dec 2020 06:32:15 +0100 Subject: [PATCH 12/95] chore(deps): update dependency google-cloud-pubsub to v2.2.0 (#84) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index c788df88b84a..e5ab9c9d5a11 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.1.0 +google-cloud-pubsub==2.2.0 google-cloud-securitycenter==1.0.0 \ No newline at end of file From 8bce8425d3eab4adaa2f17a896f9a345a3b37c83 Mon Sep 17 00:00:00 2001 From: Anthony Date: Mon, 14 Dec 2020 16:22:05 -0800 Subject: [PATCH 13/95] =?UTF-8?q?docs:=20add=20securitycenter=20prefix=20t?= =?UTF-8?q?o=20samples,=20wrap=20published=20samples=20and=20repl=E2=80=A6?= =?UTF-8?q?=20(#85)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Standardizing Security Command Center samples to use 'securitycenter' prefixing. Wrapped existing samples to keep published doclinks unbroken, and fully replaced the ones that aren't published. Once this PR is through, published sample inclusions will be updated to use the new prefix, then I'll come through again and remove the unused block wraps. --- securitycenter/snippets/snippets_findings.py | 46 ++++++++++++++++--- .../snippets/snippets_list_assets.py | 20 +++++--- .../snippets/snippets_notification_configs.py | 10 ++++ .../snippets_notification_receiver.py | 2 + securitycenter/snippets/snippets_orgs.py | 4 ++ .../snippets/snippets_security_marks.py | 12 +++++ 6 files changed, 82 insertions(+), 12 deletions(-) diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index a6d79e8392f4..eba61f59f4eb 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -19,6 +19,7 @@ def create_source(organization_id): """Create a new findings source. """ + # [START securitycenter_create_source] # [START create_source] from google.cloud import securitycenter @@ -38,10 +39,12 @@ def create_source(organization_id): ) print("Created Source: {}".format(created.name)) # [END create_source] + # [END securitycenter_create_source] def get_source(source_name): """Gets an existing source.""" + # [START securitycenter_get_source] # [START get_source] from google.cloud import securitycenter @@ -57,11 +60,13 @@ def get_source(source_name): print("Source: {}".format(source)) # [END get_source] + # [END securitycenter_get_source] return source def update_source(source_name): """Updates a source's display name.""" + # [START securitycenter_update_source] # [START update_source] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -85,12 +90,14 @@ def update_source(source_name): ) print("Updated Source: {}".format(updated)) # [END update_source] + # [END securitycenter_update_source] return updated def add_user_to_source(source_name): """Gives a user findingsEditor permission to the source.""" user_email = "csccclienttest@gmail.com" + # [START securitycenter_update_source_iam] # [START update_source_iam] from google.cloud import securitycenter from google.iam.v1 import policy_pb2 @@ -125,12 +132,14 @@ def add_user_to_source(source_name): print("Updated Policy: {}".format(updated)) # [END update_source_iam] + # [END securitycenter_update_source_iam] return binding, updated def list_source(organization_id): """Lists finding sources.""" i = -1 + # [START securitycenter_list_sources] # [START list_sources] from google.cloud import securitycenter @@ -144,11 +153,13 @@ def list_source(organization_id): for i, source in enumerate(client.list_sources(request={"parent": org_name})): print(i, source) # [END list_sources] + # [END securitycenter_list_sources] return i def create_finding(source_name): """Creates a new finding.""" + # [START securitycenter_create_finding] # [START create_finding] from google.cloud import securitycenter from google.cloud.securitycenter_v1 import CreateFindingRequest, Finding @@ -193,11 +204,13 @@ def create_finding(source_name): ) print(created_finding) # [END create_finding] + # [END securitycenter_create_finding] return created_finding def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ + # [START securitycenter_create_finding_with_properties] # [START create_finding_with_properties] import datetime @@ -249,9 +262,11 @@ def create_finding_with_source_properties(source_name): ) print(created_finding) # [END create_finding_with_properties] + # [END securitycenter_create_finding_with_properties] def update_finding(source_name): + # [START securitycenter_update_finding] # [START update_finding] import datetime @@ -295,10 +310,12 @@ def update_finding(source_name): ) ) # [END update_finding] + # [END securitycenter_update_finding] def update_finding_state(source_name): """Demonstrate updating only a finding state.""" + # [START securitycenter_update_finding_state] # [START update_finding_state] import datetime @@ -324,11 +341,13 @@ def update_finding_state(source_name): ) print(f"New state: {new_finding.state}") # [END update_finding_state] + # [END securitycenter_update_finding_state] def trouble_shoot(source_name): """Demonstrate calling test_iam_permissions to determine if the service account has the correct permisions.""" + # [START securitycenter_test_iam_permissions] # [START test_iam_permissions] from google.cloud import securitycenter @@ -355,7 +374,9 @@ def trouble_shoot(source_name): ) ) # [END test_iam_permissions] + # [END securitycenter_test_iam_permissions] assert len(permission_response.permissions) > 0 + # [START securitycenter_test_iam_permissions] # [START test_iam_permissions] # Check for permissions necessary to call set_finding_state. permission_response = client.test_iam_permissions( @@ -368,11 +389,13 @@ def trouble_shoot(source_name): "Permision to update state? {}".format(len(permission_response.permissions) > 0) ) # [END test_iam_permissions] + # [END securitycenter_test_iam_permissions] return permission_response assert len(permission_response.permissions) > 0 def list_all_findings(organization_id): + # [START securitycenter_list_all_findings] # [START list_all_findings] from google.cloud import securitycenter @@ -393,10 +416,12 @@ def list_all_findings(organization_id): ) ) # [END list_all_findings] + # [END securitycenter_list_all_findings] return i def list_filtered_findings(source_name): + # [START securitycenter_list_filtered_findings] # [START list_filtered_findings] from google.cloud import securitycenter @@ -423,10 +448,12 @@ def list_filtered_findings(source_name): ) ) # [END list_filtered_findings] + # [END securitycenter_list_filtered_findings] return i def list_findings_at_time(source_name): + # [START securitycenter_list_findings_at_a_time] # [START list_findings_at_a_time] from google.cloud import securitycenter from datetime import timedelta, datetime @@ -444,7 +471,9 @@ def list_findings_at_time(source_name): # source_name = "organizations/111122222444/sources/-" five_days_ago = str(datetime.now() - timedelta(days=5)) # [END list_findings_at_a_time] + # [END securitycenter_list_findings_at_a_time] i = -1 + # [START securitycenter_list_findings_at_a_time] # [START list_findings_at_a_time] finding_result_iterator = client.list_findings( @@ -457,11 +486,13 @@ def list_findings_at_time(source_name): ) ) # [END list_findings_at_a_time] + # [END securitycenter_list_findings_at_a_time] return i def get_iam_policy(source_name): """Gives a user findingsEditor permission to the source.""" + # [START securitycenter_get_source_iam] # [START get_source_iam] from google.cloud import securitycenter @@ -477,11 +508,13 @@ def get_iam_policy(source_name): policy = client.get_iam_policy(request={"resource": source_name}) print("Policy: {}".format(policy)) # [END get_source_iam] + # [END securitycenter_get_source_iam] def group_all_findings(organization_id): """Demonstrates grouping all findings across an organization.""" i = 0 + # [START securitycenter_group_all_findings] # [START group_all_findings] from google.cloud import securitycenter @@ -500,13 +533,14 @@ def group_all_findings(organization_id): for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) # [END group_all_findings] + # [END securitycenter_group_all_findings] return i def group_filtered_findings(source_name): """Demonstrates grouping all findings across an organization.""" i = 0 - # [START group_filtered_findings] + # [START securitycenter_group_filtered_findings] from google.cloud import securitycenter # Create a client. @@ -528,7 +562,7 @@ def group_filtered_findings(source_name): ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) - # [END group_filtered_findings] + # [END securitycenter_group_filtered_findings] return i @@ -536,7 +570,7 @@ def group_findings_at_time(source_name): """Demonstrates grouping all findings across an organization as of a specific time.""" i = -1 - # [START group_findings_at_time] + # [START securitycenter_group_findings_at_time] from datetime import datetime, timedelta from google.cloud import securitycenter @@ -562,7 +596,7 @@ def group_findings_at_time(source_name): ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) - # [END group_findings_at_time] + # [END securitycenter_group_findings_at_time] return i @@ -570,7 +604,7 @@ def group_findings_and_changes(source_name): """Demonstrates grouping all findings across an organization and associated changes.""" i = 0 - # [START group_findings_with_changes] + # [START securitycenter_group_findings_with_changes] from datetime import timedelta from google.cloud import securitycenter @@ -597,5 +631,5 @@ def group_findings_and_changes(source_name): ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) - # [END group_findings_with_changes] + # [END securitycenter_group_findings_with_changes]] return i diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index 01b957645844..f4cac878156e 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -20,6 +20,7 @@ def list_all_assets(organization_id): """Demonstrate listing and printing all assets.""" i = 0 + # [START securitycenter_demo_list_all_assets] # [START demo_list_all_assets] from google.cloud import securitycenter @@ -33,12 +34,14 @@ def list_all_assets(organization_id): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_all_assets] + # [END securitycenter_demo_list_all_assets] return i def list_assets_with_filters(organization_id): """Demonstrate listing assets with a filter.""" i = 0 + # [START securitycenter_demo_list_assets_with_filter] # [START demo_list_assets_with_filter] from google.cloud import securitycenter @@ -59,12 +62,14 @@ def list_assets_with_filters(organization_id): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_filter] + # [END securitycenter_demo_list_assets_with_filter] return i def list_assets_with_filters_and_read_time(organization_id): """Demonstrate listing assets with a filter.""" i = 0 + # [START securitycenter_demo_list_assets_with_filter_and_time] # [START demo_list_assets_with_filter_and_time] from datetime import datetime, timedelta @@ -95,12 +100,14 @@ def list_assets_with_filters_and_read_time(organization_id): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_filter_and_time] + # [END securitycenter_demo_list_assets_with_filter_and_time] return i def list_point_in_time_changes(organization_id): """Demonstrate listing assets along with their state changes.""" i = 0 + # [START securitycenter_demo_list_assets_changes] # [START demo_list_assets_changes] from datetime import timedelta @@ -131,13 +138,14 @@ def list_point_in_time_changes(organization_id): print(i, asset) # [END demo_list_assets_changes] + # [END securitycenter_demo_list_assets_changes] return i def group_assets(organization_id): """Demonstrates grouping all assets by type. """ i = 0 - # [START group_all_assets] + # [START securitycenter_group_all_assets] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -153,14 +161,14 @@ def group_assets(organization_id): ) for i, result in enumerate(result_iterator): print((i + 1), result) - # [END group_all_assets] + # [END securitycenter_group_all_assets] return i def group_filtered_assets(organization_id): """Demonstrates grouping assets by type with a filter. """ i = 0 - # [START group_all_assets_with_filter] + # [START securitycenter_group_all_assets_with_filter] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -179,7 +187,7 @@ def group_filtered_assets(organization_id): ) for i, result in enumerate(result_iterator): print((i + 1), result) - # [END group_all_assets_with_filter] + # [END securitycenter_group_all_assets_with_filter] # only one asset type is a project return i @@ -187,7 +195,7 @@ def group_filtered_assets(organization_id): def group_assets_by_changes(organization_id): """Demonstrates grouping assets by their changes over a period of time.""" i = 0 - # [START group_all_assets_by_change] + # [START securitycenter_group_all_assets_by_change] from datetime import timedelta from google.cloud import securitycenter @@ -208,5 +216,5 @@ def group_assets_by_changes(organization_id): ) for i, result in enumerate(result_iterator): print((i + 1), result) - # [END group_all_assets_by_change] + # [END securitycenter_group_all_assets_by_change] return i diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index cadbd8e0b85b..c03f927ca737 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -18,6 +18,7 @@ def create_notification_config(organization_id, notification_config_id, pubsub_topic): + # [START securitycenter_create_notification_config] # [START scc_create_notification_config] from google.cloud import securitycenter as securitycenter @@ -44,11 +45,13 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t print(created_notification_config) # [END scc_create_notification_config] + # [END securitycenter_create_notification_config] return created_notification_config def delete_notification_config(organization_id, notification_config_id): + # [START securitycenter_delete_notification_config] # [START scc_delete_notification_config] from google.cloud import securitycenter as securitycenter @@ -64,11 +67,13 @@ def delete_notification_config(organization_id, notification_config_id): client.delete_notification_config(request={"name": notification_config_name}) print("Deleted notification config: {}".format(notification_config_name)) # [END scc_delete_notification_config] + # [END securitycenter_delete_notification_config] return True def get_notification_config(organization_id, notification_config_id): + # [START securitycenter_get_notification_config] # [START scc_get_notification_config] from google.cloud import securitycenter as securitycenter @@ -86,11 +91,13 @@ def get_notification_config(organization_id, notification_config_id): ) print("Got notification config: {}".format(notification_config)) # [END scc_get_notification_config] + # [END securitycenter_get_notification_config] return notification_config def list_notification_configs(organization_id): + # [START securitycenter_list_notification_configs] # [START scc_list_notification_configs] from google.cloud import securitycenter as securitycenter @@ -105,10 +112,12 @@ def list_notification_configs(organization_id): for i, config in enumerate(notification_configs_iterator): print("{}: notification_config: {}".format(i, config)) # [END scc_list_notification_configs] + # [END securitycenter_list_notification_configs]] return notification_configs_iterator def update_notification_config(organization_id, notification_config_id, pubsub_topic): + # [START securitycenter_update_notification_config] # [START scc_update_notification_config] from google.cloud import securitycenter as securitycenter from google.protobuf import field_mask_pb2 @@ -147,4 +156,5 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t print(updated_notification_config) # [END scc_update_notification_config] + # [END securitycenter_update_notification_config] return updated_notification_config diff --git a/securitycenter/snippets/snippets_notification_receiver.py b/securitycenter/snippets/snippets_notification_receiver.py index 9fb9f8e4101d..ec0d947d565d 100644 --- a/securitycenter/snippets/snippets_notification_receiver.py +++ b/securitycenter/snippets/snippets_notification_receiver.py @@ -17,6 +17,7 @@ def receive_notifications(project_id, subscription_name): + # [START securitycenter_receive_notifications] # [START scc_receive_notifications] # Requires https://cloud.google.com/pubsub/docs/quickstart-client-libraries#pubsub-client-libraries-python import concurrent @@ -53,4 +54,5 @@ def callback(message): except concurrent.futures.TimeoutError: streaming_pull_future.cancel() # [END scc_receive_notifications] + # [END securitycenter_receive_notifications] return True diff --git a/securitycenter/snippets/snippets_orgs.py b/securitycenter/snippets/snippets_orgs.py index 057173455cc1..e66b6f52266d 100644 --- a/securitycenter/snippets/snippets_orgs.py +++ b/securitycenter/snippets/snippets_orgs.py @@ -18,6 +18,7 @@ def get_settings(organization_id): """Example showing how to retreive current organization settings.""" + # [START securitycenter_get_org_settings] # [START get_org_settings] from google.cloud import securitycenter @@ -30,11 +31,13 @@ def get_settings(organization_id): org_settings = client.get_organization_settings(request={"name": org_settings_name}) print(org_settings) # [END get_org_settings] + # [END securitycenter_get_org_settings] def update_asset_discovery_org_settings(organization_id): """Example showing how to update the asset discovery configuration for an organization.""" + # [START securitycenter_update_org_settings] # [START update_org_settings] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -60,4 +63,5 @@ def update_asset_discovery_org_settings(organization_id): ) print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) # [END update_org_settings] + # [END securitycenter_update_org_settings] return updated diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py index 96491a070b2a..1009eb02fe55 100644 --- a/securitycenter/snippets/snippets_security_marks.py +++ b/securitycenter/snippets/snippets_security_marks.py @@ -18,6 +18,7 @@ def add_to_asset(asset_name): """Add new security marks to an asset.""" + # [START securitycenter_add_marks_to_asset] # [START add_marks_to_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -44,6 +45,7 @@ def add_to_asset(asset_name): ) print(updated_marks) # [END add_marks_to_asset] + # [END securitycenter_add_marks_to_asset] return updated_marks, marks @@ -51,6 +53,7 @@ def clear_from_asset(asset_name): """Removes security marks from an asset.""" # Make sure they are there first add_to_asset(asset_name) + # [START securitycenter_clear_marks_asset] # [START clear_marks_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -78,6 +81,7 @@ def clear_from_asset(asset_name): ) print(updated_marks) # [END clear_marks_asset] + # [END securitycenter_clear_marks_asset] return updated_marks @@ -85,6 +89,7 @@ def delete_and_update_marks(asset_name): """Updates and deletes security marks from an asset in the same call.""" # Make sure they are there first add_to_asset(asset_name) + # [START securitycenter_delete_and_update_marks] # [START delete_and_update_marks] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -107,11 +112,13 @@ def delete_and_update_marks(asset_name): ) print(updated_marks) # [END delete_and_update_marks] + # [END securitycenter_delete_and_update_marks] return updated_marks def add_to_finding(finding_name): """Adds security marks to a finding. """ + # [START securitycenter_add_marks_to_finding] # [START add_marks_to_finding] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -138,6 +145,7 @@ def add_to_finding(finding_name): } ) # [END add_marks_to_finding] + # [END securitycenter_add_marks_to_finding] return updated_marks, marks @@ -145,6 +153,7 @@ def list_assets_with_query_marks(organization_id, asset_name): """Lists assets with a filter on security marks. """ add_to_asset(asset_name) i = -1 + # [START securitycenter_demo_list_assets_with_security_marks] # [START demo_list_assets_with_security_marks] from google.cloud import securitycenter @@ -167,6 +176,7 @@ def list_assets_with_query_marks(organization_id, asset_name): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_security_marks] + # [END securitycenter_demo_list_assets_with_security_marks] return i @@ -175,6 +185,7 @@ def list_findings_with_query_marks(source_name, finding_name): # ensure marks are set on finding. add_to_finding(finding_name) i = -1 + # [START securitycenter_demo_list_findings_with_security_marks] # [START demo_list_findings_with_security_marks] from google.cloud import securitycenter @@ -195,6 +206,7 @@ def list_findings_with_query_marks(source_name, finding_name): for i, finding_result in enumerate(finding_iterator): print(i, finding_result) # [END demo_list_findings_with_security_marks] + # [END securitycenter_demo_list_findings_with_security_marks] # one finding should have been updated with keys, and one should be # untouched. return i From 43154412c574ddcb9262f52f5d3297605120be3c Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 23 Dec 2020 00:18:53 +0100 Subject: [PATCH 14/95] chore(deps): update dependency google-cloud-securitycenter to v1.1.0 (#90) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index e5ab9c9d5a11..fcb6d25dbcbe 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.2.0 -google-cloud-securitycenter==1.0.0 \ No newline at end of file +google-cloud-securitycenter==1.1.0 \ No newline at end of file From 7523bbbb965b1d5cca0a4d31135d3f941f661ab0 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Tue, 22 Dec 2020 15:28:04 -0800 Subject: [PATCH 15/95] chore: update templates (#88) This PR was generated using Autosynth. :rainbow: Synth log will be available here: https://source.cloud.google.com/results/invocations/f632d5d1-d20c-4ae6-90f5-18e53f0f588a/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: https://github.com/googleapis/synthtool/commit/18c5dbdb4ac8cf75d4d8174e7b4558f48e76f8a1 Source-Link: https://github.com/googleapis/synthtool/commit/f94318521f63085b9ccb43d42af89f153fb39f15 Source-Link: https://github.com/googleapis/synthtool/commit/69629b64b83c6421d616be2b8e11795738ec8a6c Source-Link: https://github.com/googleapis/synthtool/commit/32af6da519a6b042e3da62008e2a75e991efb6b4 Source-Link: https://github.com/googleapis/synthtool/commit/a073c873f3928c561bdf87fdfbf1d081d1998984 Source-Link: https://github.com/googleapis/synthtool/commit/9a7d9fbb7045c34c9d3d22c1ff766eeae51f04c9 Source-Link: https://github.com/googleapis/synthtool/commit/e89175cf074dccc4babb4eca66ae913696e47a71 Source-Link: https://github.com/googleapis/synthtool/commit/1f1148d3c7a7a52f0c98077f976bd9b3c948ee2b Source-Link: https://github.com/googleapis/synthtool/commit/3d3e94c4e02370f307a9a200b0c743c3d8d19f29 Source-Link: https://github.com/googleapis/synthtool/commit/6542bd723403513626f61642fc02ddca528409aa Source-Link: https://github.com/googleapis/synthtool/commit/ea52b8a0bd560f72f376efcf45197fb7c8869120 Source-Link: https://github.com/googleapis/synthtool/commit/5f6ef0ec5501d33c4667885b37a7685a30d41a76 Source-Link: https://github.com/googleapis/synthtool/commit/da5c6050d13b4950c82666a81d8acd25157664ae Source-Link: https://github.com/googleapis/synthtool/commit/477764cc4ee6db346d3febef2bb1ea0abf27de52 Source-Link: https://github.com/googleapis/synthtool/commit/e0ae456852bf22f38796deb79cff30b516fde244 Source-Link: https://github.com/googleapis/synthtool/commit/9b0da5204ab90bcc36f8cd4e5689eff1a54cc3e4 --- securitycenter/snippets/noxfile.py | 39 ++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index ba55d7ce53ca..bca0522ec4d9 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -17,6 +17,7 @@ import os from pathlib import Path import sys +from typing import Callable, Dict, List, Optional import nox @@ -39,6 +40,10 @@ # You can opt out from the test for specific Python versions. 'ignored_versions': ["2.7"], + # Old samples are opted out of enforcing Python type hints + # All new samples should feature them + 'enforce_type_hints': False, + # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string @@ -64,7 +69,7 @@ TEST_CONFIG.update(TEST_CONFIG_OVERRIDE) -def get_pytest_env_vars(): +def get_pytest_env_vars() -> Dict[str, str]: """Returns a dict for pytest invocation.""" ret = {} @@ -93,7 +98,7 @@ def get_pytest_env_vars(): # -def _determine_local_import_names(start_dir): +def _determine_local_import_names(start_dir: str) -> List[str]: """Determines all import names that should be considered "local". This is used when running the linter to insure that import order is @@ -131,8 +136,11 @@ def _determine_local_import_names(start_dir): @nox.session -def lint(session): - session.install("flake8", "flake8-import-order") +def lint(session: nox.sessions.Session) -> None: + if not TEST_CONFIG['enforce_type_hints']: + session.install("flake8", "flake8-import-order") + else: + session.install("flake8", "flake8-import-order", "flake8-annotations") local_names = _determine_local_import_names(".") args = FLAKE8_COMMON_ARGS + [ @@ -141,8 +149,18 @@ def lint(session): "." ] session.run("flake8", *args) +# +# Black +# +@nox.session +def blacken(session: nox.sessions.Session) -> None: + session.install("black") + python_files = [path for path in os.listdir(".") if path.endswith(".py")] + + session.run("black", *python_files) + # # Sample Tests # @@ -151,7 +169,7 @@ def lint(session): PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] -def _session_tests(session, post_install=None): +def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: """Runs py.test for a particular project.""" if os.path.exists("requirements.txt"): session.install("-r", "requirements.txt") @@ -177,7 +195,7 @@ def _session_tests(session, post_install=None): @nox.session(python=ALL_VERSIONS) -def py(session): +def py(session: nox.sessions.Session) -> None: """Runs py.test for a sample using the specified version of Python.""" if session.python in TESTED_VERSIONS: _session_tests(session) @@ -192,7 +210,7 @@ def py(session): # -def _get_repo_root(): +def _get_repo_root() -> Optional[str]: """ Returns the root folder of the project. """ # Get root of this repository. Assume we don't have directories nested deeper than 10 items. p = Path(os.getcwd()) @@ -201,6 +219,11 @@ def _get_repo_root(): break if Path(p / ".git").exists(): return str(p) + # .git is not available in repos cloned via Cloud Build + # setup.py is always in the library's root, so use that instead + # https://github.com/googleapis/synthtool/issues/792 + if Path(p / "setup.py").exists(): + return str(p) p = p.parent raise Exception("Unable to detect repository root.") @@ -210,7 +233,7 @@ def _get_repo_root(): @nox.session @nox.parametrize("path", GENERATED_READMES) -def readmegen(session, path): +def readmegen(session: nox.sessions.Session, path: str) -> None: """(Re-)generates the readme for a sample.""" session.install("jinja2", "pyyaml") dir_ = os.path.dirname(path) From dce59da757e1d4b55163ae80cc00c326d615451e Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 9 Feb 2021 17:54:53 +0100 Subject: [PATCH 16/95] chore(deps): update dependency google-cloud-pubsub to v2.3.0 (#102) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index fcb6d25dbcbe..6bc8372b08dd 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.2.0 +google-cloud-pubsub==2.3.0 google-cloud-securitycenter==1.1.0 \ No newline at end of file From 40fee094b12e0a27283a8e212787b0cb842f1fdc Mon Sep 17 00:00:00 2001 From: Anthony Date: Thu, 18 Feb 2021 10:38:04 -0800 Subject: [PATCH 17/95] docs: standardize new tag with existing tags from other languages (#104) Updates the tags to be identical to the tag most-used in other language-repos. This is the final step in wrangling all the cats into logical groupings of identical tags. Cleans up and finalizes work started in PR #85. --- securitycenter/snippets/snippets_findings.py | 28 +++++++++---------- .../snippets/snippets_list_assets.py | 16 +++++------ securitycenter/snippets/snippets_orgs.py | 4 +-- .../snippets/snippets_security_marks.py | 24 ++++++++-------- 4 files changed, 36 insertions(+), 36 deletions(-) diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index eba61f59f4eb..92175b053c6d 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -97,7 +97,7 @@ def update_source(source_name): def add_user_to_source(source_name): """Gives a user findingsEditor permission to the source.""" user_email = "csccclienttest@gmail.com" - # [START securitycenter_update_source_iam] + # [START securitycenter_set_source_iam] # [START update_source_iam] from google.cloud import securitycenter from google.iam.v1 import policy_pb2 @@ -132,7 +132,7 @@ def add_user_to_source(source_name): print("Updated Policy: {}".format(updated)) # [END update_source_iam] - # [END securitycenter_update_source_iam] + # [END securitycenter_set_source_iam] return binding, updated @@ -210,7 +210,7 @@ def create_finding(source_name): def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ - # [START securitycenter_create_finding_with_properties] + # [START securitycenter_create_finding_with_source_properties] # [START create_finding_with_properties] import datetime @@ -262,11 +262,11 @@ def create_finding_with_source_properties(source_name): ) print(created_finding) # [END create_finding_with_properties] - # [END securitycenter_create_finding_with_properties] + # [END securitycenter_create_finding_with_source_properties] def update_finding(source_name): - # [START securitycenter_update_finding] + # [START securitycenter_update_finding_source_properties] # [START update_finding] import datetime @@ -310,7 +310,7 @@ def update_finding(source_name): ) ) # [END update_finding] - # [END securitycenter_update_finding] + # [END securitycenter_update_finding_source_properties] def update_finding_state(source_name): @@ -347,7 +347,7 @@ def update_finding_state(source_name): def trouble_shoot(source_name): """Demonstrate calling test_iam_permissions to determine if the service account has the correct permisions.""" - # [START securitycenter_test_iam_permissions] + # [START securitycenter_test_iam] # [START test_iam_permissions] from google.cloud import securitycenter @@ -374,9 +374,9 @@ def trouble_shoot(source_name): ) ) # [END test_iam_permissions] - # [END securitycenter_test_iam_permissions] + # [END securitycenter_test_iam] assert len(permission_response.permissions) > 0 - # [START securitycenter_test_iam_permissions] + # [START securitycenter_test_iam] # [START test_iam_permissions] # Check for permissions necessary to call set_finding_state. permission_response = client.test_iam_permissions( @@ -389,7 +389,7 @@ def trouble_shoot(source_name): "Permision to update state? {}".format(len(permission_response.permissions) > 0) ) # [END test_iam_permissions] - # [END securitycenter_test_iam_permissions] + # [END securitycenter_test_iam] return permission_response assert len(permission_response.permissions) > 0 @@ -453,7 +453,7 @@ def list_filtered_findings(source_name): def list_findings_at_time(source_name): - # [START securitycenter_list_findings_at_a_time] + # [START securitycenter_list_findings_at_time] # [START list_findings_at_a_time] from google.cloud import securitycenter from datetime import timedelta, datetime @@ -471,9 +471,9 @@ def list_findings_at_time(source_name): # source_name = "organizations/111122222444/sources/-" five_days_ago = str(datetime.now() - timedelta(days=5)) # [END list_findings_at_a_time] - # [END securitycenter_list_findings_at_a_time] + # [END securitycenter_list_findings_at_time] i = -1 - # [START securitycenter_list_findings_at_a_time] + # [START securitycenter_list_findings_at_time] # [START list_findings_at_a_time] finding_result_iterator = client.list_findings( @@ -486,7 +486,7 @@ def list_findings_at_time(source_name): ) ) # [END list_findings_at_a_time] - # [END securitycenter_list_findings_at_a_time] + # [END securitycenter_list_findings_at_time] return i diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index f4cac878156e..7665ea011c19 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -20,7 +20,7 @@ def list_all_assets(organization_id): """Demonstrate listing and printing all assets.""" i = 0 - # [START securitycenter_demo_list_all_assets] + # [START securitycenter_list_all_assets] # [START demo_list_all_assets] from google.cloud import securitycenter @@ -34,14 +34,14 @@ def list_all_assets(organization_id): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_all_assets] - # [END securitycenter_demo_list_all_assets] + # [END securitycenter_list_all_assets] return i def list_assets_with_filters(organization_id): """Demonstrate listing assets with a filter.""" i = 0 - # [START securitycenter_demo_list_assets_with_filter] + # [START securitycenter_list_assets_with_filter] # [START demo_list_assets_with_filter] from google.cloud import securitycenter @@ -62,14 +62,14 @@ def list_assets_with_filters(organization_id): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_filter] - # [END securitycenter_demo_list_assets_with_filter] + # [END securitycenter_list_assets_with_filter] return i def list_assets_with_filters_and_read_time(organization_id): """Demonstrate listing assets with a filter.""" i = 0 - # [START securitycenter_demo_list_assets_with_filter_and_time] + # [START securitycenter_list_assets_at_time] # [START demo_list_assets_with_filter_and_time] from datetime import datetime, timedelta @@ -100,14 +100,14 @@ def list_assets_with_filters_and_read_time(organization_id): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_filter_and_time] - # [END securitycenter_demo_list_assets_with_filter_and_time] + # [END securitycenter_list_assets_at_time] return i def list_point_in_time_changes(organization_id): """Demonstrate listing assets along with their state changes.""" i = 0 - # [START securitycenter_demo_list_assets_changes] + # [START securitycenter_list_assets_and_changes] # [START demo_list_assets_changes] from datetime import timedelta @@ -138,7 +138,7 @@ def list_point_in_time_changes(organization_id): print(i, asset) # [END demo_list_assets_changes] - # [END securitycenter_demo_list_assets_changes] + # [END securitycenter_list_assets_and_changes] return i diff --git a/securitycenter/snippets/snippets_orgs.py b/securitycenter/snippets/snippets_orgs.py index e66b6f52266d..b155d7682b2f 100644 --- a/securitycenter/snippets/snippets_orgs.py +++ b/securitycenter/snippets/snippets_orgs.py @@ -37,7 +37,7 @@ def get_settings(organization_id): def update_asset_discovery_org_settings(organization_id): """Example showing how to update the asset discovery configuration for an organization.""" - # [START securitycenter_update_org_settings] + # [START securitycenter_enable_asset_discovery] # [START update_org_settings] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -63,5 +63,5 @@ def update_asset_discovery_org_settings(organization_id): ) print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) # [END update_org_settings] - # [END securitycenter_update_org_settings] + # [END securitycenter_enable_asset_discovery] return updated diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py index 1009eb02fe55..ab1a1bd923ae 100644 --- a/securitycenter/snippets/snippets_security_marks.py +++ b/securitycenter/snippets/snippets_security_marks.py @@ -18,7 +18,7 @@ def add_to_asset(asset_name): """Add new security marks to an asset.""" - # [START securitycenter_add_marks_to_asset] + # [START securitycenter_add_security_marks] # [START add_marks_to_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -45,7 +45,7 @@ def add_to_asset(asset_name): ) print(updated_marks) # [END add_marks_to_asset] - # [END securitycenter_add_marks_to_asset] + # [END securitycenter_add_security_marks] return updated_marks, marks @@ -53,7 +53,7 @@ def clear_from_asset(asset_name): """Removes security marks from an asset.""" # Make sure they are there first add_to_asset(asset_name) - # [START securitycenter_clear_marks_asset] + # [START securitycenter_delete_security_marks] # [START clear_marks_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -81,7 +81,7 @@ def clear_from_asset(asset_name): ) print(updated_marks) # [END clear_marks_asset] - # [END securitycenter_clear_marks_asset] + # [END securitycenter_delete_security_marks] return updated_marks @@ -89,7 +89,7 @@ def delete_and_update_marks(asset_name): """Updates and deletes security marks from an asset in the same call.""" # Make sure they are there first add_to_asset(asset_name) - # [START securitycenter_delete_and_update_marks] + # [START securitycenter_add_delete_security_marks] # [START delete_and_update_marks] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -112,13 +112,13 @@ def delete_and_update_marks(asset_name): ) print(updated_marks) # [END delete_and_update_marks] - # [END securitycenter_delete_and_update_marks] + # [END securitycenter_add_delete_security_marks] return updated_marks def add_to_finding(finding_name): """Adds security marks to a finding. """ - # [START securitycenter_add_marks_to_finding] + # [START securitycenter_add_security_marks] # [START add_marks_to_finding] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -145,7 +145,7 @@ def add_to_finding(finding_name): } ) # [END add_marks_to_finding] - # [END securitycenter_add_marks_to_finding] + # [END securitycenter_add_security_marks] return updated_marks, marks @@ -153,7 +153,7 @@ def list_assets_with_query_marks(organization_id, asset_name): """Lists assets with a filter on security marks. """ add_to_asset(asset_name) i = -1 - # [START securitycenter_demo_list_assets_with_security_marks] + # [START securitycenter_list_assets_with_security_marks] # [START demo_list_assets_with_security_marks] from google.cloud import securitycenter @@ -176,7 +176,7 @@ def list_assets_with_query_marks(organization_id, asset_name): for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_security_marks] - # [END securitycenter_demo_list_assets_with_security_marks] + # [END securitycenter_list_assets_with_security_marks] return i @@ -185,7 +185,7 @@ def list_findings_with_query_marks(source_name, finding_name): # ensure marks are set on finding. add_to_finding(finding_name) i = -1 - # [START securitycenter_demo_list_findings_with_security_marks] + # [START securitycenter_list_findings_with_security_marks] # [START demo_list_findings_with_security_marks] from google.cloud import securitycenter @@ -206,7 +206,7 @@ def list_findings_with_query_marks(source_name, finding_name): for i, finding_result in enumerate(finding_iterator): print(i, finding_result) # [END demo_list_findings_with_security_marks] - # [END securitycenter_demo_list_findings_with_security_marks] + # [END securitycenter_list_findings_with_security_marks] # one finding should have been updated with keys, and one should be # untouched. return i From 5f50a2d034a676b2c63e9a92fe0f9388b4f19833 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 24 Feb 2021 05:41:24 +0100 Subject: [PATCH 18/95] chore(deps): update dependency google-cloud-pubsub to v2.4.0 (#107) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 6bc8372b08dd..7a1ca63fe842 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.3.0 +google-cloud-pubsub==2.4.0 google-cloud-securitycenter==1.1.0 \ No newline at end of file From 98165b9de04432c64a46aeeed71942b4d8b1709e Mon Sep 17 00:00:00 2001 From: Anthony Date: Wed, 24 Feb 2021 12:25:30 -0800 Subject: [PATCH 19/95] docs: Fix conflict tag introduced in PR 104 (#106) * add securitycenter prefix to samples, wrap published samples and replace unpublished entirely. * Fix unmatched region tags * Fix more unmatched region tags * fix lint issue with function antipattern * docs: standardize new tags with most-used tag from other languages * fix conflicting tag by making more explicit to the contained function --- securitycenter/snippets/snippets_security_marks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py index ab1a1bd923ae..7a3de4093d21 100644 --- a/securitycenter/snippets/snippets_security_marks.py +++ b/securitycenter/snippets/snippets_security_marks.py @@ -118,7 +118,7 @@ def delete_and_update_marks(asset_name): def add_to_finding(finding_name): """Adds security marks to a finding. """ - # [START securitycenter_add_security_marks] + # [START securitycenter_add_finding_security_marks] # [START add_marks_to_finding] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -145,7 +145,7 @@ def add_to_finding(finding_name): } ) # [END add_marks_to_finding] - # [END securitycenter_add_security_marks] + # [END securitycenter_add_finding_security_marks] return updated_marks, marks From b568a8697a7a3c1666532a4208b0786a9d27bb7b Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Tue, 30 Mar 2021 12:19:49 -0700 Subject: [PATCH 20/95] fix: fix retry deadlines (#116) * changes without context autosynth cannot find the source of changes triggered by earlier changes in this repository, or by version upgrades to tools such as linters. * chore: upgrade gapic-generator-python to 0.39.1 feat: add 'from_service_account_info' factory to clients fix: fix sphinx identifiers PiperOrigin-RevId: 350246057 Source-Author: Google APIs Source-Date: Tue Jan 5 16:44:11 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 520682435235d9c503983a360a2090025aa47cd1 Source-Link: https://github.com/googleapis/googleapis/commit/520682435235d9c503983a360a2090025aa47cd1 * chore: update Go generator, rules_go, and protobuf PiperOrigin-RevId: 352816749 Source-Author: Google APIs Source-Date: Wed Jan 20 10:06:23 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: ceaaf31b3d13badab7cf9d3b570f5639db5593d9 Source-Link: https://github.com/googleapis/googleapis/commit/ceaaf31b3d13badab7cf9d3b570f5639db5593d9 * chore: upgrade gapic-generator-python to 0.40.5 PiperOrigin-RevId: 354996675 Source-Author: Google APIs Source-Date: Mon Feb 1 12:11:49 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 20712b8fe95001b312f62c6c5f33e3e3ec92cfaf Source-Link: https://github.com/googleapis/googleapis/commit/20712b8fe95001b312f62c6c5f33e3e3ec92cfaf * chore: update gapic-generator-python PiperOrigin-RevId: 355923884 Source-Author: Google APIs Source-Date: Fri Feb 5 14:04:52 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 5e3dacee19405529b841b53797df799c2383536c Source-Link: https://github.com/googleapis/googleapis/commit/5e3dacee19405529b841b53797df799c2383536c * chore: update gapic-generator-python to 0.40.11 PiperOrigin-RevId: 359562873 Source-Author: Google APIs Source-Date: Thu Feb 25 10:52:32 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 07932bb995e7dc91b43620ea8402c6668c7d102c Source-Link: https://github.com/googleapis/googleapis/commit/07932bb995e7dc91b43620ea8402c6668c7d102c * chore: upgrade gapic-generator-python to 0.42.2 PiperOrigin-RevId: 361662015 Source-Author: Google APIs Source-Date: Mon Mar 8 14:47:18 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 28a591963253d52ce3a25a918cafbdd9928de8cf Source-Link: https://github.com/googleapis/googleapis/commit/28a591963253d52ce3a25a918cafbdd9928de8cf * chore: upgrade gapic-generator-python to 0.43.1 PiperOrigin-RevId: 364411656 Source-Author: Google APIs Source-Date: Mon Mar 22 14:40:22 2021 -0700 Source-Repo: googleapis/googleapis Source-Sha: 149a3a84c29c9b8189576c7442ccb6dcf6a8f95b Source-Link: https://github.com/googleapis/googleapis/commit/149a3a84c29c9b8189576c7442ccb6dcf6a8f95b * fix: fix dependencies Co-authored-by: Bu Sun Kim --- securitycenter/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index bca0522ec4d9..97bf7da80e39 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -85,7 +85,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to tested samples. -ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8"] +ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8", "3.9"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] From aabac32fdb6f341b85ce7146a23d578d27c0f171 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 1 Apr 2021 01:10:59 +0200 Subject: [PATCH 21/95] chore(deps): update dependency google-cloud-pubsub to v2.4.1 (#119) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 7a1ca63fe842..52dd0a4e9ccb 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.4.0 +google-cloud-pubsub==2.4.1 google-cloud-securitycenter==1.1.0 \ No newline at end of file From a2a3061a281ae720dc4f1b89b99abe1ccfef01f3 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Tue, 27 Apr 2021 12:14:05 -0400 Subject: [PATCH 22/95] chore: migrate to owlbot (#129) --- securitycenter/snippets/noxfile.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 97bf7da80e39..956cdf4f9250 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -172,10 +172,16 @@ def blacken(session: nox.sessions.Session) -> None: def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: """Runs py.test for a particular project.""" if os.path.exists("requirements.txt"): - session.install("-r", "requirements.txt") + if os.path.exists("constraints.txt"): + session.install("-r", "requirements.txt", "-c", "constraints.txt") + else: + session.install("-r", "requirements.txt") if os.path.exists("requirements-test.txt"): - session.install("-r", "requirements-test.txt") + if os.path.exists("constraints-test.txt"): + session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") + else: + session.install("-r", "requirements-test.txt") if INSTALL_LIBRARY_FROM_SOURCE: session.install("-e", _get_repo_root()) From 6a3b70612f3ab5f5eac4eb612238e7088e6e07c3 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 20 May 2021 02:52:23 +0200 Subject: [PATCH 23/95] chore(deps): update dependency google-cloud-securitycenter to v1.2.0 (#149) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 52dd0a4e9ccb..7671171e37b6 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.4.1 -google-cloud-securitycenter==1.1.0 \ No newline at end of file +google-cloud-securitycenter==1.2.0 \ No newline at end of file From 1f25195b1a4fedb8d228fdc6607884c5d45a7395 Mon Sep 17 00:00:00 2001 From: Dan Lee <71398022+dandhlee@users.noreply.github.com> Date: Wed, 19 May 2021 20:58:00 -0400 Subject: [PATCH 24/95] test: log message.data for debugging (#126) * test: log message.data for debugging Flaky test from #124 suggests that `message.data` might have been deformed somehow. Adding a logging for the data passed to help debug next time something goes wrong. * chore: update for lint * chore: update message formatting * chore: remove extra print * chore: making lint happy --- securitycenter/snippets/snippets_notification_receiver.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/securitycenter/snippets/snippets_notification_receiver.py b/securitycenter/snippets/snippets_notification_receiver.py index ec0d947d565d..5e291c658d89 100644 --- a/securitycenter/snippets/snippets_notification_receiver.py +++ b/securitycenter/snippets/snippets_notification_receiver.py @@ -29,7 +29,9 @@ def receive_notifications(project_id, subscription_name): # TODO: subscription_name = "your-subscription-name" def callback(message): - print("Received message") + + # Print the data received for debugging purpose if needed + print(f"Received message: {message.data}") notification_msg = NotificationMessage.from_json(message.data) From 3d88ea63d11fc008a1f3a5a57ea10cef197b8a99 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 20 May 2021 03:11:54 +0200 Subject: [PATCH 25/95] chore(deps): update dependency google-cloud-pubsub to v2.5.0 (#138) Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com> --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 7671171e37b6..61ca467149e6 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.4.1 +google-cloud-pubsub==2.5.0 google-cloud-securitycenter==1.2.0 \ No newline at end of file From 264fc191c18a1b8b6423cfed4dd7e6717d3cdb46 Mon Sep 17 00:00:00 2001 From: Anthony Date: Wed, 19 May 2021 18:18:43 -0700 Subject: [PATCH 26/95] docs: remove unused region tags (#108) * add securitycenter prefix to samples, wrap published samples and replace unpublished entirely. * Fix unmatched region tags * Fix more unmatched region tags * fix lint issue with function antipattern * docs: standardize new tags with most-used tag from other languages * fix conflicting tag by making more explicit to the contained function * remove obviated region tags * more Co-authored-by: gcf-merge-on-green[bot] <60162190+gcf-merge-on-green[bot]@users.noreply.github.com> --- securitycenter/snippets/snippets_findings.py | 34 ------------------- .../snippets/snippets_list_assets.py | 8 ----- .../snippets/snippets_notification_configs.py | 10 ------ .../snippets_notification_receiver.py | 2 -- securitycenter/snippets/snippets_orgs.py | 4 --- .../snippets/snippets_security_marks.py | 12 ------- 6 files changed, 70 deletions(-) diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index 92175b053c6d..a94846534bfe 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -20,7 +20,6 @@ def create_source(organization_id): """Create a new findings source. """ # [START securitycenter_create_source] - # [START create_source] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -38,14 +37,12 @@ def create_source(organization_id): } ) print("Created Source: {}".format(created.name)) - # [END create_source] # [END securitycenter_create_source] def get_source(source_name): """Gets an existing source.""" # [START securitycenter_get_source] - # [START get_source] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -59,7 +56,6 @@ def get_source(source_name): source = client.get_source(request={"name": source_name}) print("Source: {}".format(source)) - # [END get_source] # [END securitycenter_get_source] return source @@ -67,7 +63,6 @@ def get_source(source_name): def update_source(source_name): """Updates a source's display name.""" # [START securitycenter_update_source] - # [START update_source] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -89,7 +84,6 @@ def update_source(source_name): } ) print("Updated Source: {}".format(updated)) - # [END update_source] # [END securitycenter_update_source] return updated @@ -98,7 +92,6 @@ def add_user_to_source(source_name): """Gives a user findingsEditor permission to the source.""" user_email = "csccclienttest@gmail.com" # [START securitycenter_set_source_iam] - # [START update_source_iam] from google.cloud import securitycenter from google.iam.v1 import policy_pb2 @@ -131,7 +124,6 @@ def add_user_to_source(source_name): print("Updated Policy: {}".format(updated)) - # [END update_source_iam] # [END securitycenter_set_source_iam] return binding, updated @@ -140,7 +132,6 @@ def list_source(organization_id): """Lists finding sources.""" i = -1 # [START securitycenter_list_sources] - # [START list_sources] from google.cloud import securitycenter # Create a new client. @@ -152,7 +143,6 @@ def list_source(organization_id): # Call the API and print out each existing source. for i, source in enumerate(client.list_sources(request={"parent": org_name})): print(i, source) - # [END list_sources] # [END securitycenter_list_sources] return i @@ -160,7 +150,6 @@ def list_source(organization_id): def create_finding(source_name): """Creates a new finding.""" # [START securitycenter_create_finding] - # [START create_finding] from google.cloud import securitycenter from google.cloud.securitycenter_v1 import CreateFindingRequest, Finding import datetime @@ -203,7 +192,6 @@ def create_finding(source_name): request=request ) print(created_finding) - # [END create_finding] # [END securitycenter_create_finding] return created_finding @@ -211,7 +199,6 @@ def create_finding(source_name): def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ # [START securitycenter_create_finding_with_source_properties] - # [START create_finding_with_properties] import datetime from google.cloud import securitycenter @@ -261,13 +248,11 @@ def create_finding_with_source_properties(source_name): } ) print(created_finding) - # [END create_finding_with_properties] # [END securitycenter_create_finding_with_source_properties] def update_finding(source_name): # [START securitycenter_update_finding_source_properties] - # [START update_finding] import datetime from google.cloud import securitycenter @@ -309,14 +294,12 @@ def update_finding(source_name): updated_finding.source_properties, updated_finding.event_time ) ) - # [END update_finding] # [END securitycenter_update_finding_source_properties] def update_finding_state(source_name): """Demonstrate updating only a finding state.""" # [START securitycenter_update_finding_state] - # [START update_finding_state] import datetime from google.cloud import securitycenter @@ -340,7 +323,6 @@ def update_finding_state(source_name): } ) print(f"New state: {new_finding.state}") - # [END update_finding_state] # [END securitycenter_update_finding_state] @@ -348,7 +330,6 @@ def trouble_shoot(source_name): """Demonstrate calling test_iam_permissions to determine if the service account has the correct permisions.""" # [START securitycenter_test_iam] - # [START test_iam_permissions] from google.cloud import securitycenter # Create a client. @@ -373,11 +354,9 @@ def trouble_shoot(source_name): len(permission_response.permissions) > 0 ) ) - # [END test_iam_permissions] # [END securitycenter_test_iam] assert len(permission_response.permissions) > 0 # [START securitycenter_test_iam] - # [START test_iam_permissions] # Check for permissions necessary to call set_finding_state. permission_response = client.test_iam_permissions( request={ @@ -388,7 +367,6 @@ def trouble_shoot(source_name): print( "Permision to update state? {}".format(len(permission_response.permissions) > 0) ) - # [END test_iam_permissions] # [END securitycenter_test_iam] return permission_response assert len(permission_response.permissions) > 0 @@ -396,7 +374,6 @@ def trouble_shoot(source_name): def list_all_findings(organization_id): # [START securitycenter_list_all_findings] - # [START list_all_findings] from google.cloud import securitycenter # Create a client. @@ -415,14 +392,12 @@ def list_all_findings(organization_id): i, finding_result.finding.name, finding_result.finding.resource_name ) ) - # [END list_all_findings] # [END securitycenter_list_all_findings] return i def list_filtered_findings(source_name): # [START securitycenter_list_filtered_findings] - # [START list_filtered_findings] from google.cloud import securitycenter # Create a new client. @@ -447,14 +422,12 @@ def list_filtered_findings(source_name): i, finding_result.finding.name, finding_result.finding.resource_name ) ) - # [END list_filtered_findings] # [END securitycenter_list_filtered_findings] return i def list_findings_at_time(source_name): # [START securitycenter_list_findings_at_time] - # [START list_findings_at_a_time] from google.cloud import securitycenter from datetime import timedelta, datetime @@ -470,11 +443,9 @@ def list_findings_at_time(source_name): # You an also use a wild-card "-" for all sources: # source_name = "organizations/111122222444/sources/-" five_days_ago = str(datetime.now() - timedelta(days=5)) - # [END list_findings_at_a_time] # [END securitycenter_list_findings_at_time] i = -1 # [START securitycenter_list_findings_at_time] - # [START list_findings_at_a_time] finding_result_iterator = client.list_findings( request={"parent": source_name, "filter": five_days_ago} @@ -485,7 +456,6 @@ def list_findings_at_time(source_name): i, finding_result.finding.name, finding_result.finding.resource_name ) ) - # [END list_findings_at_a_time] # [END securitycenter_list_findings_at_time] return i @@ -493,7 +463,6 @@ def list_findings_at_time(source_name): def get_iam_policy(source_name): """Gives a user findingsEditor permission to the source.""" # [START securitycenter_get_source_iam] - # [START get_source_iam] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -507,7 +476,6 @@ def get_iam_policy(source_name): # Get the old policy so we can do an incremental update. policy = client.get_iam_policy(request={"resource": source_name}) print("Policy: {}".format(policy)) - # [END get_source_iam] # [END securitycenter_get_source_iam] @@ -515,7 +483,6 @@ def group_all_findings(organization_id): """Demonstrates grouping all findings across an organization.""" i = 0 # [START securitycenter_group_all_findings] - # [START group_all_findings] from google.cloud import securitycenter # Create a client. @@ -532,7 +499,6 @@ def group_all_findings(organization_id): ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) - # [END group_all_findings] # [END securitycenter_group_all_findings] return i diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index 7665ea011c19..e0099e541506 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -21,7 +21,6 @@ def list_all_assets(organization_id): """Demonstrate listing and printing all assets.""" i = 0 # [START securitycenter_list_all_assets] - # [START demo_list_all_assets] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -33,7 +32,6 @@ def list_all_assets(organization_id): asset_iterator = client.list_assets(request={"parent": org_name}) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_all_assets] # [END securitycenter_list_all_assets] return i @@ -42,7 +40,6 @@ def list_assets_with_filters(organization_id): """Demonstrate listing assets with a filter.""" i = 0 # [START securitycenter_list_assets_with_filter] - # [START demo_list_assets_with_filter] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -61,7 +58,6 @@ def list_assets_with_filters(organization_id): ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_assets_with_filter] # [END securitycenter_list_assets_with_filter] return i @@ -70,7 +66,6 @@ def list_assets_with_filters_and_read_time(organization_id): """Demonstrate listing assets with a filter.""" i = 0 # [START securitycenter_list_assets_at_time] - # [START demo_list_assets_with_filter_and_time] from datetime import datetime, timedelta from google.cloud import securitycenter @@ -99,7 +94,6 @@ def list_assets_with_filters_and_read_time(organization_id): ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_assets_with_filter_and_time] # [END securitycenter_list_assets_at_time] return i @@ -108,7 +102,6 @@ def list_point_in_time_changes(organization_id): """Demonstrate listing assets along with their state changes.""" i = 0 # [START securitycenter_list_assets_and_changes] - # [START demo_list_assets_changes] from datetime import timedelta from google.cloud import securitycenter @@ -137,7 +130,6 @@ def list_point_in_time_changes(organization_id): for i, asset in enumerate(asset_iterator): print(i, asset) - # [END demo_list_assets_changes] # [END securitycenter_list_assets_and_changes] return i diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index c03f927ca737..a0cb94135195 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -19,7 +19,6 @@ def create_notification_config(organization_id, notification_config_id, pubsub_topic): # [START securitycenter_create_notification_config] - # [START scc_create_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -44,7 +43,6 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t ) print(created_notification_config) - # [END scc_create_notification_config] # [END securitycenter_create_notification_config] return created_notification_config @@ -52,7 +50,6 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t def delete_notification_config(organization_id, notification_config_id): # [START securitycenter_delete_notification_config] - # [START scc_delete_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -66,7 +63,6 @@ def delete_notification_config(organization_id, notification_config_id): client.delete_notification_config(request={"name": notification_config_name}) print("Deleted notification config: {}".format(notification_config_name)) - # [END scc_delete_notification_config] # [END securitycenter_delete_notification_config] return True @@ -74,7 +70,6 @@ def delete_notification_config(organization_id, notification_config_id): def get_notification_config(organization_id, notification_config_id): # [START securitycenter_get_notification_config] - # [START scc_get_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -90,7 +85,6 @@ def get_notification_config(organization_id, notification_config_id): request={"name": notification_config_name} ) print("Got notification config: {}".format(notification_config)) - # [END scc_get_notification_config] # [END securitycenter_get_notification_config] return notification_config @@ -98,7 +92,6 @@ def get_notification_config(organization_id, notification_config_id): def list_notification_configs(organization_id): # [START securitycenter_list_notification_configs] - # [START scc_list_notification_configs] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -111,14 +104,12 @@ def list_notification_configs(organization_id): ) for i, config in enumerate(notification_configs_iterator): print("{}: notification_config: {}".format(i, config)) - # [END scc_list_notification_configs] # [END securitycenter_list_notification_configs]] return notification_configs_iterator def update_notification_config(organization_id, notification_config_id, pubsub_topic): # [START securitycenter_update_notification_config] - # [START scc_update_notification_config] from google.cloud import securitycenter as securitycenter from google.protobuf import field_mask_pb2 @@ -155,6 +146,5 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t ) print(updated_notification_config) - # [END scc_update_notification_config] # [END securitycenter_update_notification_config] return updated_notification_config diff --git a/securitycenter/snippets/snippets_notification_receiver.py b/securitycenter/snippets/snippets_notification_receiver.py index 5e291c658d89..9c4368a04722 100644 --- a/securitycenter/snippets/snippets_notification_receiver.py +++ b/securitycenter/snippets/snippets_notification_receiver.py @@ -18,7 +18,6 @@ def receive_notifications(project_id, subscription_name): # [START securitycenter_receive_notifications] - # [START scc_receive_notifications] # Requires https://cloud.google.com/pubsub/docs/quickstart-client-libraries#pubsub-client-libraries-python import concurrent @@ -55,6 +54,5 @@ def callback(message): streaming_pull_future.result(timeout=1) # Block for 1 second except concurrent.futures.TimeoutError: streaming_pull_future.cancel() - # [END scc_receive_notifications] # [END securitycenter_receive_notifications] return True diff --git a/securitycenter/snippets/snippets_orgs.py b/securitycenter/snippets/snippets_orgs.py index b155d7682b2f..1164b63969c9 100644 --- a/securitycenter/snippets/snippets_orgs.py +++ b/securitycenter/snippets/snippets_orgs.py @@ -19,7 +19,6 @@ def get_settings(organization_id): """Example showing how to retreive current organization settings.""" # [START securitycenter_get_org_settings] - # [START get_org_settings] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -30,7 +29,6 @@ def get_settings(organization_id): org_settings = client.get_organization_settings(request={"name": org_settings_name}) print(org_settings) - # [END get_org_settings] # [END securitycenter_get_org_settings] @@ -38,7 +36,6 @@ def update_asset_discovery_org_settings(organization_id): """Example showing how to update the asset discovery configuration for an organization.""" # [START securitycenter_enable_asset_discovery] - # [START update_org_settings] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -62,6 +59,5 @@ def update_asset_discovery_org_settings(organization_id): } ) print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) - # [END update_org_settings] # [END securitycenter_enable_asset_discovery] return updated diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py index 7a3de4093d21..3107f948848f 100644 --- a/securitycenter/snippets/snippets_security_marks.py +++ b/securitycenter/snippets/snippets_security_marks.py @@ -19,7 +19,6 @@ def add_to_asset(asset_name): """Add new security marks to an asset.""" # [START securitycenter_add_security_marks] - # [START add_marks_to_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -44,7 +43,6 @@ def add_to_asset(asset_name): } ) print(updated_marks) - # [END add_marks_to_asset] # [END securitycenter_add_security_marks] return updated_marks, marks @@ -54,7 +52,6 @@ def clear_from_asset(asset_name): # Make sure they are there first add_to_asset(asset_name) # [START securitycenter_delete_security_marks] - # [START clear_marks_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -80,7 +77,6 @@ def clear_from_asset(asset_name): } ) print(updated_marks) - # [END clear_marks_asset] # [END securitycenter_delete_security_marks] return updated_marks @@ -90,7 +86,6 @@ def delete_and_update_marks(asset_name): # Make sure they are there first add_to_asset(asset_name) # [START securitycenter_add_delete_security_marks] - # [START delete_and_update_marks] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -111,7 +106,6 @@ def delete_and_update_marks(asset_name): } ) print(updated_marks) - # [END delete_and_update_marks] # [END securitycenter_add_delete_security_marks] return updated_marks @@ -119,7 +113,6 @@ def delete_and_update_marks(asset_name): def add_to_finding(finding_name): """Adds security marks to a finding. """ # [START securitycenter_add_finding_security_marks] - # [START add_marks_to_finding] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -144,7 +137,6 @@ def add_to_finding(finding_name): "update_mask": field_mask, } ) - # [END add_marks_to_finding] # [END securitycenter_add_finding_security_marks] return updated_marks, marks @@ -154,7 +146,6 @@ def list_assets_with_query_marks(organization_id, asset_name): add_to_asset(asset_name) i = -1 # [START securitycenter_list_assets_with_security_marks] - # [START demo_list_assets_with_security_marks] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -175,7 +166,6 @@ def list_assets_with_query_marks(organization_id, asset_name): ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_assets_with_security_marks] # [END securitycenter_list_assets_with_security_marks] return i @@ -186,7 +176,6 @@ def list_findings_with_query_marks(source_name, finding_name): add_to_finding(finding_name) i = -1 # [START securitycenter_list_findings_with_security_marks] - # [START demo_list_findings_with_security_marks] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -205,7 +194,6 @@ def list_findings_with_query_marks(source_name, finding_name): ) for i, finding_result in enumerate(finding_iterator): print(i, finding_result) - # [END demo_list_findings_with_security_marks] # [END securitycenter_list_findings_with_security_marks] # one finding should have been updated with keys, and one should be # untouched. From 5e74c01aebf34c9fc0449fe9dcc00aadd0c74efb Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sat, 22 May 2021 09:18:21 +0000 Subject: [PATCH 27/95] chore: new owl bot post processor docker image (#155) gcr.io/repo-automation-bots/owlbot-python:latest@sha256:3c3a445b3ddc99ccd5d31edc4b4519729635d20693900db32c4f587ed51f7479 --- securitycenter/snippets/noxfile.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 956cdf4f9250..5ff9e1db5808 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -50,7 +50,10 @@ # to use your own Cloud project. 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', - + # If you need to use a specific version of pip, + # change pip_version_override to the string representation + # of the version number, for example, "20.2.4" + "pip_version_override": None, # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. 'envs': {}, @@ -170,6 +173,9 @@ def blacken(session: nox.sessions.Session) -> None: def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") """Runs py.test for a particular project.""" if os.path.exists("requirements.txt"): if os.path.exists("constraints.txt"): From 21da4bc5b779367cafe7bdd0fd064439289c42ef Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 4 Jun 2021 20:11:50 +0200 Subject: [PATCH 28/95] chore(deps): update dependency google-cloud-securitycenter to v1.3.0 (#158) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 61ca467149e6..946995ab0ba4 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.5.0 -google-cloud-securitycenter==1.2.0 \ No newline at end of file +google-cloud-securitycenter==1.3.0 \ No newline at end of file From ee6df167d7a96308921165b304b3628adb056cb4 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 18 Jun 2021 20:19:08 +0200 Subject: [PATCH 29/95] chore(deps): update dependency google-cloud-securitycenter to v1.3.1 (#163) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 946995ab0ba4..df446a64f2a9 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.5.0 -google-cloud-securitycenter==1.3.0 \ No newline at end of file +google-cloud-securitycenter==1.3.1 \ No newline at end of file From 552a6a1903aa28b22ec50b0318586883314f35ec Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 26 Jun 2021 14:06:11 +0200 Subject: [PATCH 30/95] chore(deps): update dependency google-cloud-pubsub to v2.6.0 (#168) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-pubsub](https://togithub.com/googleapis/python-pubsub) | `==2.5.0` -> `==2.6.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/compatibility-slim/2.5.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.0/confidence-slim/2.5.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-pubsub ### [`v2.6.0`](https://togithub.com/googleapis/python-pubsub/blob/master/CHANGELOG.md#​260-httpswwwgithubcomgoogleapispython-pubsubcomparev250v260-2021-06-17) [Compare Source](https://togithub.com/googleapis/python-pubsub/compare/v2.5.0...v2.6.0) ##### Features - support customizable retry and timeout settings on the publisher client ([#​299](https://www.github.com/googleapis/python-pubsub/issues/299)) ([7597604](https://www.github.com/googleapis/python-pubsub/commit/7597604b41fa3a1e9bf34addc35c8647dde007cc)) ##### Bug Fixes - ACK deadline set for received messages can be too low ([#​416](https://www.github.com/googleapis/python-pubsub/issues/416)) ([e907f6e](https://www.github.com/googleapis/python-pubsub/commit/e907f6e05f59f64a3b08df3304e92ec960997be6)) - threads can skip the line in publisher flow controller ([#​422](https://www.github.com/googleapis/python-pubsub/issues/422)) ([ef89f55](https://www.github.com/googleapis/python-pubsub/commit/ef89f55a41044e9ad26b91132b4b1be9c7b2c127)) ##### Documentation - block until the streaming pull shuts down ([#​424](https://www.github.com/googleapis/python-pubsub/issues/424)) ([d0d0b70](https://www.github.com/googleapis/python-pubsub/commit/d0d0b704642df8dee893d3f585aeb666e19696fb)) - explain that future.cancel() is non-blocking ([#​420](https://www.github.com/googleapis/python-pubsub/issues/420)) ([c825789](https://www.github.com/googleapis/python-pubsub/commit/c825789bdff310f44cbb132a723e99d1e6331d8f))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-securitycenter). --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index df446a64f2a9..a2f5f8a0deb0 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.5.0 +google-cloud-pubsub==2.6.0 google-cloud-securitycenter==1.3.1 \ No newline at end of file From 8202aeae31d57daad216d4cc0fb10e0fe39723d8 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 13 Jul 2021 01:16:18 +0200 Subject: [PATCH 31/95] chore(deps): update dependency google-cloud-pubsub to v2.6.1 (#175) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-pubsub](https://togithub.com/googleapis/python-pubsub) | `==2.6.0` -> `==2.6.1` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.1/compatibility-slim/2.6.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-pubsub/2.6.1/confidence-slim/2.6.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-pubsub ### [`v2.6.1`](https://togithub.com/googleapis/python-pubsub/blob/master/CHANGELOG.md#​261) [Compare Source](https://togithub.com/googleapis/python-pubsub/compare/v2.6.0...v2.6.1) 07-05-2021 10:33 PDT ##### Dependencies - Fix possible crash by requiring `grpcio >= 1.38.1`. ([#​414](https://togithub.com/googleapis/python-pubsub/issues/414)) ([7037a28](https://togithub.com/googleapis/python-pubsub/pull/435/commits/7037a28090aa4efa01808231721716bca80bb0b7)) ##### Documentation - Adjust samples for publishing with error handler and flow control. ([#​433](https://togithub.com/googleapis/python-pubsub/pull/433)) ##### Internal / Testing Changes - Fix flaky sync pull sample test. ([#​434](https://togithub.com/googleapis/python-pubsub/pull/434)) - Mitigate flaky snippets tests. ([#​432](https://togithub.com/googleapis/python-pubsub/pull/432))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-securitycenter). --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index a2f5f8a0deb0..38d301814640 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.6.0 +google-cloud-pubsub==2.6.1 google-cloud-securitycenter==1.3.1 \ No newline at end of file From 2683324847084444d07f63fcce39860be52cd468 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 16 Jul 2021 01:06:36 +0200 Subject: [PATCH 32/95] chore(deps): update dependency google-cloud-securitycenter to v1.4.0 (#176) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 38d301814640..90f11a281bfd 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.6.1 -google-cloud-securitycenter==1.3.1 \ No newline at end of file +google-cloud-securitycenter==1.4.0 \ No newline at end of file From f1ac85058b30e7c9a54fb8632ede562213f25ae7 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 22 Jul 2021 13:48:20 +0000 Subject: [PATCH 33/95] feat: add Samples section to CONTRIBUTING.rst (#195) Source-Link: https://github.com/googleapis/synthtool/commit/52e4e46eff2a0b70e3ff5506a02929d089d077d4 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:6186535cbdbf6b9fe61f00294929221d060634dae4a0795c1cefdbc995b2d605 --- securitycenter/snippets/noxfile.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 5ff9e1db5808..6a8ccdae22c9 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -28,8 +28,9 @@ # WARNING - WARNING - WARNING - WARNING - WARNING # WARNING - WARNING - WARNING - WARNING - WARNING -# Copy `noxfile_config.py` to your directory and modify it instead. +BLACK_VERSION = "black==19.10b0" +# Copy `noxfile_config.py` to your directory and modify it instead. # `TEST_CONFIG` dict is a configuration hook that allows users to # modify the test configurations. The values here should be in sync @@ -159,7 +160,7 @@ def lint(session: nox.sessions.Session) -> None: @nox.session def blacken(session: nox.sessions.Session) -> None: - session.install("black") + session.install(BLACK_VERSION) python_files = [path for path in os.listdir(".") if path.endswith(".py")] session.run("black", *python_files) From 8396af5a74739f3d95cc684f0244c58fce75dd6f Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 28 Jul 2021 16:27:15 +0200 Subject: [PATCH 34/95] chore(deps): update dependency google-cloud-securitycenter to v1.5.0 (#202) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 90f11a281bfd..7252c73f1519 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.6.1 -google-cloud-securitycenter==1.4.0 \ No newline at end of file +google-cloud-securitycenter==1.5.0 \ No newline at end of file From 0fcc028f7716d3d090702766cdaac27582d4e2c8 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 29 Jul 2021 13:06:31 +0200 Subject: [PATCH 35/95] chore(deps): update dependency google-cloud-pubsub to v2.7.0 (#203) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 7252c73f1519..0d9dd9835d41 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.6.1 +google-cloud-pubsub==2.7.0 google-cloud-securitycenter==1.5.0 \ No newline at end of file From eac0296764a461b87b90f8d9d28e84d5ffa2d977 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 12 Aug 2021 15:38:27 +0000 Subject: [PATCH 36/95] chore: fix INSTALL_LIBRARY_FROM_SOURCE in noxfile.py (#205) Source-Link: https://github.com/googleapis/synthtool/commit/6252f2cd074c38f37b44abe5e96d128733eb1b61 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:50e35228649c47b6ca82aa0be3ff9eb2afce51c82b66c4a03fe4afeb5ff6c0fc --- securitycenter/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 6a8ccdae22c9..125bb619cc49 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -96,7 +96,7 @@ def get_pytest_env_vars() -> Dict[str, str]: TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) -INSTALL_LIBRARY_FROM_SOURCE = bool(os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False)) +INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ("True", "true") # # Style Checks # From 1c668cb8530dc85f4d952ec0c77c7c19657542a1 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 13 Aug 2021 11:54:57 -0400 Subject: [PATCH 37/95] chore: drop mention of Python 2.7 from templates (#207) Source-Link: https://github.com/googleapis/synthtool/commit/facee4cc1ea096cd8bcc008bb85929daa7c414c0 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:9743664022bd63a8084be67f144898314c7ca12f0a03e422ac17c733c129d803 Co-authored-by: Owl Bot --- securitycenter/snippets/noxfile.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 125bb619cc49..e73436a15626 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -39,7 +39,7 @@ TEST_CONFIG = { # You can opt out from the test for specific Python versions. - 'ignored_versions': ["2.7"], + 'ignored_versions': [], # Old samples are opted out of enforcing Python type hints # All new samples should feature them @@ -88,8 +88,8 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. -# All versions used to tested samples. -ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8", "3.9"] +# All versions used to test samples. +ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] From d11c7c2df3bab76441d36e9b857a9d21677ab17a Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Fri, 27 Aug 2021 12:44:46 -0600 Subject: [PATCH 38/95] chore(samples): use timezone aware datetimes (#208) - Use timezone aware datetimes - Update pubsub --- securitycenter/snippets/requirements.txt | 2 +- securitycenter/snippets/snippets_findings.py | 8 ++++---- securitycenter/snippets/snippets_list_assets.py | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 0d9dd9835d41..23b4d165ac3e 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.7.0 +google-cloud-pubsub==2.7.1 google-cloud-securitycenter==1.5.0 \ No newline at end of file diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index a94846534bfe..39aa8f65cfad 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -158,7 +158,7 @@ def create_finding(source_name): client = securitycenter.SecurityCenterClient() # Use the current time as the finding "event time". - event_time = datetime.datetime.now() + event_time = datetime.datetime.now(tz=datetime.timezone.utc) # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). @@ -230,7 +230,7 @@ def create_finding_with_source_properties(source_name): num_value.number_value = 1234 # Use the current time as the finding "event time". - event_time = datetime.datetime.now() + event_time = datetime.datetime.now(tz=datetime.timezone.utc) finding = Finding( state=Finding.State.ACTIVE, @@ -268,7 +268,7 @@ def update_finding(source_name): # Set the update time to Now. This must be some time greater then the # event_time on the original finding. - event_time = datetime.datetime.now() + event_time = datetime.datetime.now(tz=datetime.timezone.utc) # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). @@ -319,7 +319,7 @@ def update_finding_state(source_name): request={ "name": finding_name, "state": Finding.State.INACTIVE, - "start_time": datetime.datetime.now(), + "start_time": datetime.datetime.now(tz=datetime.timezone.utc), } ) print(f"New state: {new_finding.state}") diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index e0099e541506..64180acc7c44 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -66,7 +66,7 @@ def list_assets_with_filters_and_read_time(organization_id): """Demonstrate listing assets with a filter.""" i = 0 # [START securitycenter_list_assets_at_time] - from datetime import datetime, timedelta + from datetime import datetime, timedelta, timezone from google.cloud import securitycenter @@ -82,7 +82,7 @@ def list_assets_with_filters_and_read_time(organization_id): ) # Lists assets as of yesterday. - read_time = datetime.utcnow() - timedelta(days=1) + read_time = datetime.now(tz=timezone.utc) - timedelta(days=1) # Call the API and print results. asset_iterator = client.list_assets( From 8bec4dc8593372295f6195aa51380b5f6b6bc59f Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 7 Sep 2021 17:38:55 +0200 Subject: [PATCH 39/95] chore(deps): update dependency google-cloud-pubsub to v2.8.0 (#216) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 23b4d165ac3e..56269517cb57 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.7.1 +google-cloud-pubsub==2.8.0 google-cloud-securitycenter==1.5.0 \ No newline at end of file From e1590d7c49cb05c4c8a8477fbb1ee28df26b6229 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 17 Sep 2021 10:00:31 -0600 Subject: [PATCH 40/95] chore: blacken samples noxfile template (#218) Source-Link: https://github.com/googleapis/synthtool/commit/8b781e190b09590992733a214863f770425f5ab3 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:0ccd9f4d714d36e311f60f407199dd460e43a99a125b5ca64b1d75f6e5f8581b Co-authored-by: Owl Bot --- securitycenter/snippets/noxfile.py | 44 +++++++++++++++++------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index e73436a15626..b008613f03ff 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -39,17 +39,15 @@ TEST_CONFIG = { # You can opt out from the test for specific Python versions. - 'ignored_versions': [], - + "ignored_versions": [], # Old samples are opted out of enforcing Python type hints # All new samples should feature them - 'enforce_type_hints': False, - + "enforce_type_hints": False, # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # If you need to use a specific version of pip, # change pip_version_override to the string representation @@ -57,13 +55,13 @@ "pip_version_override": None, # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. - 'envs': {}, + "envs": {}, } try: # Ensure we can import noxfile_config in the project's directory. - sys.path.append('.') + sys.path.append(".") from noxfile_config import TEST_CONFIG_OVERRIDE except ImportError as e: print("No user noxfile_config found: detail: {}".format(e)) @@ -78,12 +76,12 @@ def get_pytest_env_vars() -> Dict[str, str]: ret = {} # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG['gcloud_project_env'] + env_key = TEST_CONFIG["gcloud_project_env"] # This should error out if not set. - ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] + ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] # Apply user supplied envs. - ret.update(TEST_CONFIG['envs']) + ret.update(TEST_CONFIG["envs"]) return ret @@ -92,11 +90,14 @@ def get_pytest_env_vars() -> Dict[str, str]: ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] # Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] +IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) -INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ("True", "true") +INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ( + "True", + "true", +) # # Style Checks # @@ -141,7 +142,7 @@ def _determine_local_import_names(start_dir: str) -> List[str]: @nox.session def lint(session: nox.sessions.Session) -> None: - if not TEST_CONFIG['enforce_type_hints']: + if not TEST_CONFIG["enforce_type_hints"]: session.install("flake8", "flake8-import-order") else: session.install("flake8", "flake8-import-order", "flake8-annotations") @@ -150,9 +151,11 @@ def lint(session: nox.sessions.Session) -> None: args = FLAKE8_COMMON_ARGS + [ "--application-import-names", ",".join(local_names), - "." + ".", ] session.run("flake8", *args) + + # # Black # @@ -165,6 +168,7 @@ def blacken(session: nox.sessions.Session) -> None: session.run("black", *python_files) + # # Sample Tests # @@ -173,7 +177,9 @@ def blacken(session: nox.sessions.Session) -> None: PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] -def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: +def _session_tests( + session: nox.sessions.Session, post_install: Callable = None +) -> None: if TEST_CONFIG["pip_version_override"]: pip_version = TEST_CONFIG["pip_version_override"] session.install(f"pip=={pip_version}") @@ -203,7 +209,7 @@ def _session_tests(session: nox.sessions.Session, post_install: Callable = None) # on travis where slow and flaky tests are excluded. # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html success_codes=[0, 5], - env=get_pytest_env_vars() + env=get_pytest_env_vars(), ) @@ -213,9 +219,9 @@ def py(session: nox.sessions.Session) -> None: if session.python in TESTED_VERSIONS: _session_tests(session) else: - session.skip("SKIPPED: {} tests are disabled for this sample.".format( - session.python - )) + session.skip( + "SKIPPED: {} tests are disabled for this sample.".format(session.python) + ) # From a2271a77b4c94ac08e30668aeb0a5e40c33e96bf Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 27 Sep 2021 19:50:40 +0200 Subject: [PATCH 41/95] chore(deps): update dependency google-cloud-securitycenter to v1.5.1 (#223) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 56269517cb57..00af42b94be9 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.8.0 -google-cloud-securitycenter==1.5.0 \ No newline at end of file +google-cloud-securitycenter==1.5.1 \ No newline at end of file From 0afba93fd15e7c0370e9028403e3e5bdf150fcf1 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 30 Sep 2021 15:54:14 +0000 Subject: [PATCH 42/95] chore: fail samples nox session if python version is missing (#226) --- securitycenter/snippets/noxfile.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index b008613f03ff..1fd8956fbf01 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -98,6 +98,10 @@ def get_pytest_env_vars() -> Dict[str, str]: "True", "true", ) + +# Error if a python version is missing +nox.options.error_on_missing_interpreters = True + # # Style Checks # From bcaa465eac6608cf4bd2e73a6f711361fe8d7f4c Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 1 Oct 2021 01:21:00 +0200 Subject: [PATCH 43/95] chore(deps): update dependency google-cloud-securitycenter to v1.5.2 (#227) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 00af42b94be9..1220d5a9dd26 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.8.0 -google-cloud-securitycenter==1.5.1 \ No newline at end of file +google-cloud-securitycenter==1.5.2 \ No newline at end of file From ba98724423bbd72541de9bbf732561bda26d432e Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 7 Oct 2021 14:13:50 +0200 Subject: [PATCH 44/95] chore(deps): update dependency google-cloud-securitycenter to v1.6.0 (#232) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 1220d5a9dd26..0f2be554ca65 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.8.0 -google-cloud-securitycenter==1.5.2 \ No newline at end of file +google-cloud-securitycenter==1.6.0 \ No newline at end of file From 86213ab7a69c95052e6fd7df41e184d530d94703 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 8 Oct 2021 17:16:38 +0000 Subject: [PATCH 45/95] chore(python): Add kokoro configs for python 3.10 samples testing (#234) --- securitycenter/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 1fd8956fbf01..93a9122cc457 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -87,7 +87,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to test samples. -ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] +ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9", "3.10"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] From c45994ae762f398d667abfe80c0ae680e92707cb Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 11 Oct 2021 21:42:11 +0200 Subject: [PATCH 46/95] chore(deps): update dependency google-cloud-securitycenter to v1.7.0 (#237) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-securitycenter](https://togithub.com/googleapis/python-securitycenter) | `==1.6.0` -> `==1.7.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-securitycenter/1.7.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-securitycenter/1.7.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-securitycenter/1.7.0/compatibility-slim/1.6.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-securitycenter/1.7.0/confidence-slim/1.6.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-securitycenter ### [`v1.7.0`](https://togithub.com/googleapis/python-securitycenter/blob/master/CHANGELOG.md#​170-httpswwwgithubcomgoogleapispython-securitycentercomparev160v170-2021-10-08) [Compare Source](https://togithub.com/googleapis/python-securitycenter/compare/v1.6.0...v1.7.0) ##### Features - Added type field to the resource which is surfaced in NotificationMessage ([a233f7a](https://www.github.com/googleapis/python-securitycenter/commit/a233f7a0d85ba1a2932a1ee8305e48eda5aafa75)) - Added vulnerability field to Finding ([#​235](https://www.togithub.com/googleapis/python-securitycenter/issues/235)) ([a233f7a](https://www.github.com/googleapis/python-securitycenter/commit/a233f7a0d85ba1a2932a1ee8305e48eda5aafa75))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-securitycenter). --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 0f2be554ca65..994b0b5fc4e6 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.8.0 -google-cloud-securitycenter==1.6.0 \ No newline at end of file +google-cloud-securitycenter==1.7.0 \ No newline at end of file From bf7a61f40a604924e27efce3e6b88096ef06dbe1 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Fri, 5 Nov 2021 07:21:03 -0400 Subject: [PATCH 47/95] feat: add support for python 3.10 (#238) * feat: add support for python 3.10 * ci: opt in to use multiple projects --- securitycenter/snippets/noxfile_config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index 8e6ed132d642..daf5c43ae22d 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -28,6 +28,7 @@ # build specific Cloud project. You can also use your own string # to use your own Cloud project. # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', + "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": { From 3801f2f4b6de108bd2e5e9293e3de1507e6414df Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 12 Nov 2021 04:51:05 +0100 Subject: [PATCH 48/95] chore(deps): update dependency google-cloud-pubsub to v2.9.0 (#251) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 994b0b5fc4e6..e89ff56ac0a4 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.8.0 +google-cloud-pubsub==2.9.0 google-cloud-securitycenter==1.7.0 \ No newline at end of file From 5881049f20e287fa9479bb87d4a327c1b4d1924e Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 11 Nov 2021 23:23:57 -0500 Subject: [PATCH 49/95] chore(python): add .github/CODEOWNERS as a templated file (#252) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(python): add .github/CODEOWNERS as a templated file Source-Link: https://github.com/googleapis/synthtool/commit/c5026b3217973a8db55db8ee85feee0e9a65e295 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:0e18b9475fbeb12d9ad4302283171edebb6baf2dfca1bd215ee3b34ed79d95d7 * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * lint Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/snippets_findings.py | 26 +++++-------------- .../snippets/snippets_list_assets.py | 6 +---- 2 files changed, 7 insertions(+), 25 deletions(-) diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index 39aa8f65cfad..20d82ca6acf3 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -183,14 +183,10 @@ def create_finding(source_name): ) request = CreateFindingRequest( - parent=source_name, - finding_id=finding_id, - finding=finding, + parent=source_name, finding_id=finding_id, finding=finding, ) # Call The API. - created_finding = client.create_finding( - request=request - ) + created_finding = client.create_finding(request=request) print(created_finding) # [END securitycenter_create_finding] return created_finding @@ -241,11 +237,7 @@ def create_finding_with_source_properties(source_name): ) created_finding = client.create_finding( - request={ - "parent": source_name, - "finding_id": finding_id, - "finding": finding - } + request={"parent": source_name, "finding_id": finding_id, "finding": finding} ) print(created_finding) # [END securitycenter_create_finding_with_source_properties] @@ -283,10 +275,7 @@ def update_finding(source_name): event_time=event_time, ) updated_finding = client.update_finding( - request={ - "finding": finding, - "update_mask": field_mask, - } + request={"finding": finding, "update_mask": field_mask} ) print( @@ -304,6 +293,7 @@ def update_finding_state(source_name): from google.cloud import securitycenter from google.cloud.securitycenter_v1 import Finding + # Create a client. client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been @@ -554,11 +544,7 @@ def group_findings_at_time(source_name): read_time = datetime.utcnow() - timedelta(days=1) group_result_iterator = client.group_findings( - request={ - "parent": source_name, - "group_by": "category", - "read_time": read_time, - } + request={"parent": source_name, "group_by": "category", "read_time": read_time} ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index 64180acc7c44..7838339e2f4b 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -86,11 +86,7 @@ def list_assets_with_filters_and_read_time(organization_id): # Call the API and print results. asset_iterator = client.list_assets( - request={ - "parent": org_name, - "filter": project_filter, - "read_time": read_time, - } + request={"parent": org_name, "filter": project_filter, "read_time": read_time} ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) From 507817996b365309ff683689db8b521611766d0b Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 11 Jan 2022 10:59:57 -0500 Subject: [PATCH 50/95] chore(samples): Add check for tests in directory (#264) Source-Link: https://github.com/googleapis/synthtool/commit/52aef91f8d25223d9dbdb4aebd94ba8eea2101f3 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:36a95b8f494e4674dc9eee9af98961293b51b86b3649942aac800ae6c1f796d4 Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/noxfile.py | 70 +++++++++++++++++------------- 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 93a9122cc457..3bbef5d54f44 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -14,6 +14,7 @@ from __future__ import print_function +import glob import os from pathlib import Path import sys @@ -184,37 +185,44 @@ def blacken(session: nox.sessions.Session) -> None: def _session_tests( session: nox.sessions.Session, post_install: Callable = None ) -> None: - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") - else: - session.install("-r", "requirements-test.txt") - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) + # check for presence of tests + test_list = glob.glob("*_test.py") + glob.glob("test_*.py") + if len(test_list) == 0: + print("No tests found, skipping directory.") + else: + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") + """Runs py.test for a particular project.""" + if os.path.exists("requirements.txt"): + if os.path.exists("constraints.txt"): + session.install("-r", "requirements.txt", "-c", "constraints.txt") + else: + session.install("-r", "requirements.txt") + + if os.path.exists("requirements-test.txt"): + if os.path.exists("constraints-test.txt"): + session.install( + "-r", "requirements-test.txt", "-c", "constraints-test.txt" + ) + else: + session.install("-r", "requirements-test.txt") + + if INSTALL_LIBRARY_FROM_SOURCE: + session.install("-e", _get_repo_root()) + + if post_install: + post_install(session) + + session.run( + "pytest", + *(PYTEST_COMMON_ARGS + session.posargs), + # Pytest will return 5 when no tests are collected. This can happen + # on travis where slow and flaky tests are excluded. + # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html + success_codes=[0, 5], + env=get_pytest_env_vars(), + ) @nox.session(python=ALL_VERSIONS) From 15ee3c4b84bd50948c08853c0a28ce8a951a8c0b Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 19 Jan 2022 02:31:24 +0100 Subject: [PATCH 51/95] chore(deps): update dependency google-cloud-securitycenter to v1.8.0 (#269) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index e89ff56ac0a4..fa4eab7d9ec7 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.9.0 -google-cloud-securitycenter==1.7.0 \ No newline at end of file +google-cloud-securitycenter==1.8.0 \ No newline at end of file From c0c0b63326913fe5f21536ab5d760eb20cbc9726 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 18 Jan 2022 21:06:52 -0500 Subject: [PATCH 52/95] chore(python): Noxfile recognizes that tests can live in a folder (#270) Source-Link: https://github.com/googleapis/synthtool/commit/4760d8dce1351d93658cb11d02a1b7ceb23ae5d7 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:f0e4b51deef56bed74d3e2359c583fc104a8d6367da3984fc5c66938db738828 Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/noxfile.py | 1 + 1 file changed, 1 insertion(+) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 3bbef5d54f44..20cdfc620138 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -187,6 +187,7 @@ def _session_tests( ) -> None: # check for presence of tests test_list = glob.glob("*_test.py") + glob.glob("test_*.py") + test_list.extend(glob.glob("tests")) if len(test_list) == 0: print("No tests found, skipping directory.") else: From 681186406365a452a8fad303d64610bd2ec469c8 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 1 Mar 2022 16:16:44 +0100 Subject: [PATCH 53/95] chore(deps): update all dependencies (#286) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index fa4eab7d9ec7..e9e977ae635a 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.9.0 -google-cloud-securitycenter==1.8.0 \ No newline at end of file +google-cloud-securitycenter==1.9.0 \ No newline at end of file From 0186b1a6beb7bcee48208a0225b378b4bf63a404 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 4 Mar 2022 11:41:11 -0500 Subject: [PATCH 54/95] chore: Adding support for pytest-xdist and pytest-parallel (#295) Source-Link: https://github.com/googleapis/synthtool/commit/82f5cb283efffe96e1b6cd634738e0e7de2cd90a Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:5d8da01438ece4021d135433f2cf3227aa39ef0eaccc941d62aa35e6902832ae Co-authored-by: Owl Bot --- securitycenter/snippets/noxfile.py | 78 +++++++++++++++++------------- 1 file changed, 44 insertions(+), 34 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 20cdfc620138..85f5836dba3a 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -188,42 +188,52 @@ def _session_tests( # check for presence of tests test_list = glob.glob("*_test.py") + glob.glob("test_*.py") test_list.extend(glob.glob("tests")) + if len(test_list) == 0: print("No tests found, skipping directory.") - else: - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install( - "-r", "requirements-test.txt", "-c", "constraints-test.txt" - ) - else: - session.install("-r", "requirements-test.txt") - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) + return + + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") + """Runs py.test for a particular project.""" + concurrent_args = [] + if os.path.exists("requirements.txt"): + if os.path.exists("constraints.txt"): + session.install("-r", "requirements.txt", "-c", "constraints.txt") + else: + session.install("-r", "requirements.txt") + with open("requirements.txt") as rfile: + packages = rfile.read() + + if os.path.exists("requirements-test.txt"): + if os.path.exists("constraints-test.txt"): + session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") + else: + session.install("-r", "requirements-test.txt") + with open("requirements-test.txt") as rtfile: + packages += rtfile.read() + + if INSTALL_LIBRARY_FROM_SOURCE: + session.install("-e", _get_repo_root()) + + if post_install: + post_install(session) + + if "pytest-parallel" in packages: + concurrent_args.extend(["--workers", "auto", "--tests-per-worker", "auto"]) + elif "pytest-xdist" in packages: + concurrent_args.extend(["-n", "auto"]) + + session.run( + "pytest", + *(PYTEST_COMMON_ARGS + session.posargs + concurrent_args), + # Pytest will return 5 when no tests are collected. This can happen + # on travis where slow and flaky tests are excluded. + # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html + success_codes=[0, 5], + env=get_pytest_env_vars(), + ) @nox.session(python=ALL_VERSIONS) From af74c174eed9a852effec74604428149f0fcb7f7 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 5 Mar 2022 17:54:26 +0100 Subject: [PATCH 55/95] chore(deps): update dependency google-cloud-pubsub to v2.10.0 (#297) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index e9e977ae635a..366da9c3f841 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.9.0 +google-cloud-pubsub==2.10.0 google-cloud-securitycenter==1.9.0 \ No newline at end of file From a7e9b825298ce3c5d01bf2cf0289126a4420ca68 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 7 Mar 2022 22:04:50 +0100 Subject: [PATCH 56/95] chore(deps): update dependency google-cloud-securitycenter to v1.10.0 (#298) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 366da9c3f841..b47ac73087d4 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.10.0 -google-cloud-securitycenter==1.9.0 \ No newline at end of file +google-cloud-securitycenter==1.10.0 \ No newline at end of file From 324875927c89c6df3d205390d37ca6dfc0f7995f Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 10 Mar 2022 11:40:15 +0100 Subject: [PATCH 57/95] chore(deps): update dependency google-cloud-pubsub to v2.11.0 (#299) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index b47ac73087d4..3604adfbe35d 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.10.0 +google-cloud-pubsub==2.11.0 google-cloud-securitycenter==1.10.0 \ No newline at end of file From 01653f4b85b48990b51cc6b7371131e3c67875d2 Mon Sep 17 00:00:00 2001 From: Sita Lakshmi Sangameswaran Date: Sat, 26 Mar 2022 03:31:45 +0530 Subject: [PATCH 58/95] docs(samples): added mute config samples (#276) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs(samples): init add mute config samples * docs(samples): added test for mute config samples * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): lint fix * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs(samples): lint fix * docs(samples): applied documentation review comments * docs(samples): applied documentation review comments * lint fix * docs(samples): fixed syntax typo * docs(samples): modified create finding method * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * remove unused import * docs(samples): fixed finding path and return mismatch * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * fix: fix finding path * docs(samples): fix finding yield param * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * minor test output fix Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou Co-authored-by: Bu Sun Kim --- securitycenter/snippets/snippets_findings.py | 14 +- .../snippets/snippets_findings_test.py | 2 +- .../snippets/snippets_mute_config.py | 236 ++++++++++++++++++ .../snippets/snippets_mute_config_test.py | 126 ++++++++++ 4 files changed, 368 insertions(+), 10 deletions(-) create mode 100644 securitycenter/snippets/snippets_mute_config.py create mode 100644 securitycenter/snippets/snippets_mute_config_test.py diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index 20d82ca6acf3..4bb17d3ed075 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -147,11 +147,11 @@ def list_source(organization_id): return i -def create_finding(source_name): +def create_finding(source_name, finding_id): """Creates a new finding.""" # [START securitycenter_create_finding] from google.cloud import securitycenter - from google.cloud.securitycenter_v1 import CreateFindingRequest, Finding + from google.cloud.securitycenter_v1 import Finding import datetime # Create a new client. @@ -167,9 +167,6 @@ def create_finding(source_name): # e.g.: # source_name = "organizations/111122222444/sources/1234" - # Controlled by caller. - finding_id = "samplefindingid" - # The resource this finding applies to. The CSCC UI can link # the findings for a resource to the corresponding Asset of a resource # if there are matches. @@ -182,11 +179,10 @@ def create_finding(source_name): event_time=event_time, ) - request = CreateFindingRequest( - parent=source_name, finding_id=finding_id, finding=finding, - ) # Call The API. - created_finding = client.create_finding(request=request) + created_finding = client.create_finding( + request={"parent": source_name, "finding_id": finding_id, "finding": finding} + ) print(created_finding) # [END securitycenter_create_finding] return created_finding diff --git a/securitycenter/snippets/snippets_findings_test.py b/securitycenter/snippets/snippets_findings_test.py index 8a68117aeb19..cb7cb6a9a460 100644 --- a/securitycenter/snippets/snippets_findings_test.py +++ b/securitycenter/snippets/snippets_findings_test.py @@ -76,7 +76,7 @@ def test_list_source(organization_id): def test_create_finding(source_name): - created_finding = snippets_findings.create_finding(source_name) + created_finding = snippets_findings.create_finding(source_name, "samplefindingid") assert len(created_finding.name) > 0 diff --git a/securitycenter/snippets/snippets_mute_config.py b/securitycenter/snippets/snippets_mute_config.py new file mode 100644 index 000000000000..69fcae746273 --- /dev/null +++ b/securitycenter/snippets/snippets_mute_config.py @@ -0,0 +1,236 @@ +#!/usr/bin/env python +# +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# [START securitycenter_create_mute_config] + + +def create_mute_rule(parent_path: str, mute_config_id: str) -> None: + """ + Creates a mute configuration under a given scope that will mute + all new findings that match a given filter. + Existing findings will NOT BE muted. + Args: + parent_path: use any one of the following options: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + mute_config_id: Set a unique id; max of 63 chars. + """ + + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + mute_config = securitycenter.MuteConfig() + mute_config.description = "Mute low-medium IAM grants excluding 'compute' " + # Set mute rule(s). + # To construct mute rules and for supported properties, see: + # https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules + mute_config.filter = ( + 'severity="LOW" OR severity="MEDIUM" AND ' + 'category="Persistence: IAM Anomalous Grant" AND ' + '-resource.type:"compute"' + ) + + request = securitycenter.CreateMuteConfigRequest() + request.parent = parent_path + request.mute_config_id = mute_config_id + request.mute_config = mute_config + + mute_config = client.create_mute_config(request=request) + print(f"Mute rule created successfully: {mute_config.name}") + + +# [END securitycenter_create_mute_config] + + +# [START securitycenter_delete_mute_config] +def delete_mute_rule(mute_config_name: str) -> None: + """ + Deletes a mute configuration given its resource name. + Note: Previously muted findings are not affected when a mute config is deleted. + Args: + mute_config_name: Specify the name of the mute config to delete. + Use any one of the following formats: + - organizations/{organization}/muteConfigs/{config_id} + - folders/{folder}/muteConfigs/{config_id} or + - projects/{project}/muteConfigs/{config_id} + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.DeleteMuteConfigRequest() + request.name = mute_config_name + + client.delete_mute_config(request) + print(f"Mute rule deleted successfully: {mute_config_name}") + + +# [END securitycenter_delete_mute_config] + + +# [START securitycenter_get_mute_config] +def get_mute_rule(mute_config_name: str) -> None: + """ + Retrieves a mute configuration given its resource name. + Args: + mute_config_name: Name of the mute config to retrieve. + Use any one of the following formats: + - organizations/{organization}/muteConfigs/{config_id} + - folders/{folder}/muteConfigs/{config_id} + - projects/{project}/muteConfigs/{config_id} + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.GetMuteConfigRequest() + request.name = mute_config_name + + mute_config = client.get_mute_config(request) + print(f"Retrieved the mute rule: {mute_config.name}") + + +# [END securitycenter_get_mute_config] + + +# [START securitycenter_list_mute_configs] +def list_mute_rules(parent: str) -> None: + """ + Listing mute configs at organization level will return all the configs + at the org, folder and project levels. + Similarly, listing configs at folder level will list all the configs + at the folder and project levels. + Args: + parent: Use any one of the following resource paths to list mute configurations: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.ListMuteConfigsRequest() + request.parent = parent + + # List all Mute Configs present in the resource. + for mute_config in client.list_mute_configs(request): + print(mute_config.name) + + +# [END securitycenter_list_mute_configs] + + +# [START securitycenter_update_mute_config] +def update_mute_rule(mute_config_name: str) -> None: + """ + Updates an existing mute configuration. + The following can be updated in a mute config: description, and filter/ mute rule. + Args: + mute_config_name: Specify the name of the mute config to delete. + Use any one of the following formats: + - organizations/{organization}/muteConfigs/{config_id} + - folders/{folder}/muteConfigs/{config_id} + - projects/{project}/muteConfigs/{config_id} + """ + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + client = securitycenter.SecurityCenterClient() + + update_mute_config = securitycenter.MuteConfig() + update_mute_config.name = mute_config_name + update_mute_config.description = "Updated mute config description" + + field_mask = field_mask_pb2.FieldMask(paths=["description"]) + + request = securitycenter.UpdateMuteConfigRequest() + request.mute_config = update_mute_config + # Set the update mask to specify which properties of the Mute Config should be updated. + # If empty, all mutable fields will be updated. + # Make sure that the mask fields match the properties changed in 'update_mute_config'. + # For more info on constructing update mask path, see the proto or: + # https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.muteConfigs/patch?hl=en#query-parameters + request.update_mask = field_mask + + mute_config = client.update_mute_config(request) + print(f"Updated mute rule : {mute_config}") + + +# [END securitycenter_update_mute_config] + + +# [START securitycenter_set_mute_unmute] +def set_mute_unmute_finding(finding_path: str) -> None: + """ + Mute/unmute an individual finding. + If a finding is already muted, muting it again has no effect. + Similarly, unmuting a finding that isn't muted has no effect. + Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE. + Args: + finding_path: The relative resource name of the finding. See: + https://cloud.google.com/apis/design/resource_names#relative_resource_name + Use any one of the following formats: + - organizations/{organization_id}/sources/{source_id}/finding/{finding_id}, + - folders/{folder_id}/sources/{source_id}/finding/{finding_id}, + - projects/{project_id}/sources/{source_id}/finding/{finding_id}. + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.SetMuteRequest() + request.name = finding_path + request.mute = securitycenter.Finding.Mute.MUTED + + finding = client.set_mute(request) + print(f"Mute value for the finding: {finding.mute.name}") + + +# [END securitycenter_set_mute_unmute] + + +# [START securitycenter_bulk_mute] +def bulk_mute_findings(parent_path: str, mute_rule: str) -> None: + """ + Kicks off a long-running operation (LRO) to bulk mute findings for a parent based on a filter. + The parent can be either an organization, folder, or project. The findings + matched by the filter will be muted after the LRO is done. + Args: + parent_path: use any one of the following options: + - organizations/{organization} + - folders/{folder} + - projects/{project} + mute_rule: Expression that identifies findings that should be updated. + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.BulkMuteFindingsRequest() + request.parent = parent_path + # To create mute rules, see: + # https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules + request.filter = mute_rule + + response = client.bulk_mute_findings(request) + print(f"Bulk mute findings completed successfully! : {response}") + + +# [END securitycenter_bulk_mute] diff --git a/securitycenter/snippets/snippets_mute_config_test.py b/securitycenter/snippets/snippets_mute_config_test.py new file mode 100644 index 000000000000..fc38dcadfa0c --- /dev/null +++ b/securitycenter/snippets/snippets_mute_config_test.py @@ -0,0 +1,126 @@ +#!/usr/bin/env python +# +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import os +import re +import uuid + +from _pytest.capture import CaptureFixture + +from google.cloud import securitycenter +from google.cloud.securitycenter_v1.services.security_center.pagers import ( + ListFindingsPager, +) + +import pytest + +import snippets_mute_config + + +# TODO(developer): Replace these variables before running the sample. +PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] +ORGANIZATION_ID = os.environ["GCLOUD_ORGANIZATION"] +GOOGLE_APPLICATION_CREDENTIALS = os.environ["GOOGLE_APPLICATION_CREDENTIALS"] + + +@pytest.fixture +def mute_rule(): + mute_rule_create = f"random-mute-create-{uuid.uuid4()}" + mute_rule_update = f"random-mute-update-{uuid.uuid4()}" + snippets_mute_config.create_mute_rule(f"projects/{PROJECT_ID}", mute_rule_create) + snippets_mute_config.create_mute_rule(f"projects/{PROJECT_ID}", mute_rule_update) + + yield {"create": mute_rule_create, "update": mute_rule_update} + + snippets_mute_config.delete_mute_rule( + f"projects/{PROJECT_ID}/muteConfigs/{mute_rule_create}" + ) + snippets_mute_config.delete_mute_rule( + f"projects/{PROJECT_ID}/muteConfigs/{mute_rule_update}" + ) + + +@pytest.fixture +def finding(capsys: CaptureFixture): + import snippets_findings + + from snippets_findings import create_finding + + snippets_findings.create_source(ORGANIZATION_ID) + out, _ = capsys.readouterr() + # source_path is of the format: organizations/{ORGANIZATION_ID}/sources/{source_name} + source_path = out.split(":")[1].strip() + source_name = source_path.split("/")[3] + finding1_path = create_finding(source_path, "1testingscc").name + finding2_path = create_finding(source_path, "2testingscc").name + + yield { + "source": source_name, + "finding1": finding1_path, + "finding2": finding2_path, + } + + +def list_all_findings(source_name) -> ListFindingsPager: + client = securitycenter.SecurityCenterClient() + return client.list_findings(request={"parent": source_name}) + + +def test_get_mute_rule(capsys: CaptureFixture, mute_rule): + snippets_mute_config.get_mute_rule( + f"projects/{PROJECT_ID}/muteConfigs/{mute_rule.get('create')}" + ) + out, _ = capsys.readouterr() + assert re.search("Retrieved the mute rule: ", out) + assert re.search(mute_rule.get("create"), out) + + +def test_list_mute_rules(capsys: CaptureFixture, mute_rule): + snippets_mute_config.list_mute_rules(f"projects/{PROJECT_ID}") + out, _ = capsys.readouterr() + assert re.search(mute_rule.get("create"), out) + assert re.search(mute_rule.get("update"), out) + + +def test_update_mute_rule(capsys: CaptureFixture, mute_rule): + snippets_mute_config.update_mute_rule( + f"projects/{PROJECT_ID}/muteConfigs/{mute_rule.get('update')}" + ) + snippets_mute_config.get_mute_rule( + f"projects/{PROJECT_ID}/muteConfigs/{mute_rule.get('update')}" + ) + out, _ = capsys.readouterr() + assert re.search("Updated mute config description", out) + + +def test_set_mute_finding(capsys: CaptureFixture, finding): + finding_path = finding.get("finding1") + snippets_mute_config.set_mute_unmute_finding(finding_path) + out, _ = capsys.readouterr() + assert re.search("Mute value for the finding: MUTED", out) + + +def test_bulk_mute_findings(capsys: CaptureFixture, finding): + # Mute findings that belong to this project. + snippets_mute_config.bulk_mute_findings( + f"projects/{PROJECT_ID}", f'resource.project_display_name="{PROJECT_ID}"' + ) + + # Get all findings in the source to check if they are muted. + response = list_all_findings( + f"projects/{PROJECT_ID}/sources/{finding.get('source')}" + ) + for i, finding in enumerate(response): + assert finding.finding.mute == securitycenter.Finding.Mute.MUTED From 6444a153010ae63aa3eb3ad1e678376b242c3cab Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 29 Mar 2022 00:46:13 +0000 Subject: [PATCH 59/95] chore(python): use black==22.3.0 (#307) Source-Link: https://github.com/googleapis/synthtool/commit/6fab84af09f2cf89a031fd8671d1def6b2931b11 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:7cffbc10910c3ab1b852c05114a08d374c195a81cdec1d4a67a1d129331d0bfe --- securitycenter/snippets/noxfile.py | 4 ++-- securitycenter/snippets/snippets_findings.py | 4 ++-- .../snippets/snippets_findings_test.py | 2 +- .../snippets/snippets_list_assets.py | 4 ++-- .../snippets/snippets_list_assets_test.py | 2 +- .../snippets/snippets_notification_configs.py | 18 ++++++++++++------ .../snippets/snippets_notification_test.py | 12 ++++++++---- securitycenter/snippets/snippets_orgs_test.py | 2 +- .../snippets/snippets_security_marks.py | 4 ++-- .../snippets/snippets_security_marks_test.py | 2 +- 10 files changed, 32 insertions(+), 22 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 85f5836dba3a..25f87a215d4c 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -29,7 +29,7 @@ # WARNING - WARNING - WARNING - WARNING - WARNING # WARNING - WARNING - WARNING - WARNING - WARNING -BLACK_VERSION = "black==19.10b0" +BLACK_VERSION = "black==22.3.0" # Copy `noxfile_config.py` to your directory and modify it instead. @@ -253,7 +253,7 @@ def py(session: nox.sessions.Session) -> None: def _get_repo_root() -> Optional[str]: - """ Returns the root folder of the project. """ + """Returns the root folder of the project.""" # Get root of this repository. Assume we don't have directories nested deeper than 10 items. p = Path(os.getcwd()) for i in range(10): diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index 4bb17d3ed075..67f42242cac3 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -18,7 +18,7 @@ def create_source(organization_id): - """Create a new findings source. """ + """Create a new findings source.""" # [START securitycenter_create_source] from google.cloud import securitycenter @@ -189,7 +189,7 @@ def create_finding(source_name, finding_id): def create_finding_with_source_properties(source_name): - """Demonstrate creating a new finding with source properties. """ + """Demonstrate creating a new finding with source properties.""" # [START securitycenter_create_finding_with_source_properties] import datetime diff --git a/securitycenter/snippets/snippets_findings_test.py b/securitycenter/snippets/snippets_findings_test.py index cb7cb6a9a460..8cd6353f6e00 100644 --- a/securitycenter/snippets/snippets_findings_test.py +++ b/securitycenter/snippets/snippets_findings_test.py @@ -23,7 +23,7 @@ @pytest.fixture(scope="module") def organization_id(): - """Get Organization ID from the environment variable """ + """Get Organization ID from the environment variable""" return os.environ["GCLOUD_ORGANIZATION"] diff --git a/securitycenter/snippets/snippets_list_assets.py b/securitycenter/snippets/snippets_list_assets.py index 7838339e2f4b..42511b94b3e7 100644 --- a/securitycenter/snippets/snippets_list_assets.py +++ b/securitycenter/snippets/snippets_list_assets.py @@ -131,7 +131,7 @@ def list_point_in_time_changes(organization_id): def group_assets(organization_id): - """Demonstrates grouping all assets by type. """ + """Demonstrates grouping all assets by type.""" i = 0 # [START securitycenter_group_all_assets] from google.cloud import securitycenter @@ -154,7 +154,7 @@ def group_assets(organization_id): def group_filtered_assets(organization_id): - """Demonstrates grouping assets by type with a filter. """ + """Demonstrates grouping assets by type with a filter.""" i = 0 # [START securitycenter_group_all_assets_with_filter] from google.cloud import securitycenter diff --git a/securitycenter/snippets/snippets_list_assets_test.py b/securitycenter/snippets/snippets_list_assets_test.py index a2646844262c..4451423840c2 100644 --- a/securitycenter/snippets/snippets_list_assets_test.py +++ b/securitycenter/snippets/snippets_list_assets_test.py @@ -24,7 +24,7 @@ @pytest.fixture(scope="module") def organization_id(): - """Get Organization ID from the environment variable """ + """Get Organization ID from the environment variable""" return os.environ["GCLOUD_ORGANIZATION"] diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index a0cb94135195..4d615276cc5e 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -57,8 +57,10 @@ def delete_notification_config(organization_id, notification_config_id): # TODO: organization_id = "your-org-id" # TODO: notification_config_id = "your-config-id" - notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=organization_id, config_id=notification_config_id + notification_config_name = ( + "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=organization_id, config_id=notification_config_id + ) ) client.delete_notification_config(request={"name": notification_config_name}) @@ -77,8 +79,10 @@ def get_notification_config(organization_id, notification_config_id): # TODO: organization_id = "your-org-id" # TODO: notification_config_id = "your-config-id" - notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=organization_id, config_id=notification_config_id + notification_config_name = ( + "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=organization_id, config_id=notification_config_id + ) ) notification_config = client.get_notification_config( @@ -121,8 +125,10 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t # If updating a pubsub_topic, ensure this ServiceAccount has the # "pubsub.topics.setIamPolicy" permission on the new topic. - notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=organization_id, config_id=notification_config_id + notification_config_name = ( + "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=organization_id, config_id=notification_config_id + ) ) updated_description = "New updated description" diff --git a/securitycenter/snippets/snippets_notification_test.py b/securitycenter/snippets/snippets_notification_test.py index fc129ab64b86..93324e29e419 100644 --- a/securitycenter/snippets/snippets_notification_test.py +++ b/securitycenter/snippets/snippets_notification_test.py @@ -38,8 +38,10 @@ def cleanup_notification_config(notification_config_id): client = securitycenter.SecurityCenterClient() - notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=ORG_ID, config_id=notification_config_id + notification_config_name = ( + "organizations/{org_id}/notificationConfigs/{config_id}".format( + org_id=ORG_ID, config_id=notification_config_id + ) ) client.delete_notification_config(request={"name": notification_config_name}) @@ -107,8 +109,10 @@ def deleted_notification_config(): def test_create_notification_config(): - created_notification_config = snippets_notification_configs.create_notification_config( - ORG_ID, CREATE_CONFIG_ID, PUBSUB_TOPIC + created_notification_config = ( + snippets_notification_configs.create_notification_config( + ORG_ID, CREATE_CONFIG_ID, PUBSUB_TOPIC + ) ) assert created_notification_config is not None diff --git a/securitycenter/snippets/snippets_orgs_test.py b/securitycenter/snippets/snippets_orgs_test.py index fc9a3a90663d..4f2a7c7f7862 100644 --- a/securitycenter/snippets/snippets_orgs_test.py +++ b/securitycenter/snippets/snippets_orgs_test.py @@ -23,7 +23,7 @@ @pytest.fixture(scope="module") def organization_id(): - """Get Organization ID from the environment variable """ + """Get Organization ID from the environment variable""" return os.environ["GCLOUD_ORGANIZATION"] diff --git a/securitycenter/snippets/snippets_security_marks.py b/securitycenter/snippets/snippets_security_marks.py index 3107f948848f..457cc43352c1 100644 --- a/securitycenter/snippets/snippets_security_marks.py +++ b/securitycenter/snippets/snippets_security_marks.py @@ -111,7 +111,7 @@ def delete_and_update_marks(asset_name): def add_to_finding(finding_name): - """Adds security marks to a finding. """ + """Adds security marks to a finding.""" # [START securitycenter_add_finding_security_marks] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -142,7 +142,7 @@ def add_to_finding(finding_name): def list_assets_with_query_marks(organization_id, asset_name): - """Lists assets with a filter on security marks. """ + """Lists assets with a filter on security marks.""" add_to_asset(asset_name) i = -1 # [START securitycenter_list_assets_with_security_marks] diff --git a/securitycenter/snippets/snippets_security_marks_test.py b/securitycenter/snippets/snippets_security_marks_test.py index 10182416c05e..01666f59bb9a 100644 --- a/securitycenter/snippets/snippets_security_marks_test.py +++ b/securitycenter/snippets/snippets_security_marks_test.py @@ -24,7 +24,7 @@ @pytest.fixture(scope="module") def organization_id(): - """Gets Organization ID from the environment variable """ + """Gets Organization ID from the environment variable""" return os.environ["GCLOUD_ORGANIZATION"] From 952308af331fe950a7aa97af26bec5ba7bfd9607 Mon Sep 17 00:00:00 2001 From: Sita Lakshmi Sangameswaran Date: Wed, 30 Mar 2022 23:23:49 +0530 Subject: [PATCH 60/95] docs(samples): included snippet for unmute finding (#308) --- .../snippets/snippets_mute_config.py | 38 ++++++++++++++++--- .../snippets/snippets_mute_config_test.py | 9 ++++- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/securitycenter/snippets/snippets_mute_config.py b/securitycenter/snippets/snippets_mute_config.py index 69fcae746273..97de131216e1 100644 --- a/securitycenter/snippets/snippets_mute_config.py +++ b/securitycenter/snippets/snippets_mute_config.py @@ -176,12 +176,11 @@ def update_mute_rule(mute_config_name: str) -> None: # [END securitycenter_update_mute_config] -# [START securitycenter_set_mute_unmute] -def set_mute_unmute_finding(finding_path: str) -> None: +# [START securitycenter_set_mute] +def set_mute_finding(finding_path: str) -> None: """ - Mute/unmute an individual finding. + Mute an individual finding. If a finding is already muted, muting it again has no effect. - Similarly, unmuting a finding that isn't muted has no effect. Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE. Args: finding_path: The relative resource name of the finding. See: @@ -203,7 +202,36 @@ def set_mute_unmute_finding(finding_path: str) -> None: print(f"Mute value for the finding: {finding.mute.name}") -# [END securitycenter_set_mute_unmute] +# [END securitycenter_set_mute] + + +# [START securitycenter_set_unmute] +def set_unmute_finding(finding_path: str) -> None: + """ + Unmute an individual finding. + Unmuting a finding that isn't muted has no effect. + Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE. + Args: + finding_path: The relative resource name of the finding. See: + https://cloud.google.com/apis/design/resource_names#relative_resource_name + Use any one of the following formats: + - organizations/{organization_id}/sources/{source_id}/finding/{finding_id}, + - folders/{folder_id}/sources/{source_id}/finding/{finding_id}, + - projects/{project_id}/sources/{source_id}/finding/{finding_id}. + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.SetMuteRequest() + request.name = finding_path + request.mute = securitycenter.Finding.Mute.UNMUTED + + finding = client.set_mute(request) + print(f"Mute value for the finding: {finding.mute.name}") + + +# [END securitycenter_set_unmute] # [START securitycenter_bulk_mute] diff --git a/securitycenter/snippets/snippets_mute_config_test.py b/securitycenter/snippets/snippets_mute_config_test.py index fc38dcadfa0c..9900cd9c59ef 100644 --- a/securitycenter/snippets/snippets_mute_config_test.py +++ b/securitycenter/snippets/snippets_mute_config_test.py @@ -107,11 +107,18 @@ def test_update_mute_rule(capsys: CaptureFixture, mute_rule): def test_set_mute_finding(capsys: CaptureFixture, finding): finding_path = finding.get("finding1") - snippets_mute_config.set_mute_unmute_finding(finding_path) + snippets_mute_config.set_mute_finding(finding_path) out, _ = capsys.readouterr() assert re.search("Mute value for the finding: MUTED", out) +def test_set_unmute_finding(capsys: CaptureFixture, finding): + finding_path = finding.get("finding1") + snippets_mute_config.set_unmute_finding(finding_path) + out, _ = capsys.readouterr() + assert re.search("Mute value for the finding: UNMUTED", out) + + def test_bulk_mute_findings(capsys: CaptureFixture, finding): # Mute findings that belong to this project. snippets_mute_config.bulk_mute_findings( From 99a2a6f5df06eae060be2e65bd200ff92114c304 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 7 Apr 2022 13:14:10 +0200 Subject: [PATCH 61/95] chore(deps): update dependency google-cloud-pubsub to v2.12.0 (#318) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 3604adfbe35d..a4a56a9d1796 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.11.0 +google-cloud-pubsub==2.12.0 google-cloud-securitycenter==1.10.0 \ No newline at end of file From 9f8100f950dd8a10d46f52816f88dbdb43d7ea82 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 20 Apr 2022 20:58:20 -0400 Subject: [PATCH 62/95] chore(python): add nox session to sort python imports (#324) Source-Link: https://github.com/googleapis/synthtool/commit/1b71c10e20de7ed3f97f692f99a0e3399b67049f Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:00c9d764fd1cd56265f12a5ef4b99a0c9e87cf261018099141e2ca5158890416 Co-authored-by: Owl Bot --- securitycenter/snippets/noxfile.py | 23 ++++++++++++++++++- securitycenter/snippets/snippets_findings.py | 7 ++++-- .../snippets/snippets_mute_config_test.py | 4 ---- 3 files changed, 27 insertions(+), 7 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 25f87a215d4c..3b3ffa5d2b0f 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -22,7 +22,6 @@ import nox - # WARNING - WARNING - WARNING - WARNING - WARNING # WARNING - WARNING - WARNING - WARNING - WARNING # DO NOT EDIT THIS FILE EVER! @@ -30,6 +29,7 @@ # WARNING - WARNING - WARNING - WARNING - WARNING BLACK_VERSION = "black==22.3.0" +ISORT_VERSION = "isort==5.10.1" # Copy `noxfile_config.py` to your directory and modify it instead. @@ -168,12 +168,33 @@ def lint(session: nox.sessions.Session) -> None: @nox.session def blacken(session: nox.sessions.Session) -> None: + """Run black. Format code to uniform standard.""" session.install(BLACK_VERSION) python_files = [path for path in os.listdir(".") if path.endswith(".py")] session.run("black", *python_files) +# +# format = isort + black +# + + +@nox.session +def format(session: nox.sessions.Session) -> None: + """ + Run isort to sort imports. Then run black + to format code to uniform standard. + """ + session.install(BLACK_VERSION, ISORT_VERSION) + python_files = [path for path in os.listdir(".") if path.endswith(".py")] + + # Use the --fss option to sort imports using strict alphabetical order. + # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections + session.run("isort", "--fss", *python_files) + session.run("black", *python_files) + + # # Sample Tests # diff --git a/securitycenter/snippets/snippets_findings.py b/securitycenter/snippets/snippets_findings.py index 67f42242cac3..06cddc412f05 100644 --- a/securitycenter/snippets/snippets_findings.py +++ b/securitycenter/snippets/snippets_findings.py @@ -150,9 +150,10 @@ def list_source(organization_id): def create_finding(source_name, finding_id): """Creates a new finding.""" # [START securitycenter_create_finding] + import datetime + from google.cloud import securitycenter from google.cloud.securitycenter_v1 import Finding - import datetime # Create a new client. client = securitycenter.SecurityCenterClient() @@ -414,8 +415,9 @@ def list_filtered_findings(source_name): def list_findings_at_time(source_name): # [START securitycenter_list_findings_at_time] + from datetime import datetime, timedelta + from google.cloud import securitycenter - from datetime import timedelta, datetime # Create a new client. client = securitycenter.SecurityCenterClient() @@ -524,6 +526,7 @@ def group_findings_at_time(source_name): i = -1 # [START securitycenter_group_findings_at_time] from datetime import datetime, timedelta + from google.cloud import securitycenter # Create a client. diff --git a/securitycenter/snippets/snippets_mute_config_test.py b/securitycenter/snippets/snippets_mute_config_test.py index 9900cd9c59ef..5c531d10cda4 100644 --- a/securitycenter/snippets/snippets_mute_config_test.py +++ b/securitycenter/snippets/snippets_mute_config_test.py @@ -18,17 +18,14 @@ import uuid from _pytest.capture import CaptureFixture - from google.cloud import securitycenter from google.cloud.securitycenter_v1.services.security_center.pagers import ( ListFindingsPager, ) - import pytest import snippets_mute_config - # TODO(developer): Replace these variables before running the sample. PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] ORGANIZATION_ID = os.environ["GCLOUD_ORGANIZATION"] @@ -55,7 +52,6 @@ def mute_rule(): @pytest.fixture def finding(capsys: CaptureFixture): import snippets_findings - from snippets_findings import create_finding snippets_findings.create_source(ORGANIZATION_ID) From 517104d433ad5bb2374ae4568ad42e1fd41b4402 Mon Sep 17 00:00:00 2001 From: Sita Lakshmi Sangameswaran Date: Tue, 26 Apr 2022 15:31:00 +0530 Subject: [PATCH 63/95] docs(samples): add bigquery export samples (#315) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs(samples): init add bigquery export samples * minor var name change * minor var name change * added projectid to create bigquery dataset * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * updated project id var * updated dataset id * fixture scope change * lint fix * minor path syntax fix * added capsys to delete * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * removed capsys check * updated requirements with specific version * updated comments Co-authored-by: Anthonios Partheniou Co-authored-by: Owl Bot --- securitycenter/snippets/requirements-test.txt | 3 +- .../snippets/snippets_bigquery_export.py | 190 ++++++++++++++++++ .../snippets/snippets_bigquery_export_test.py | 96 +++++++++ 3 files changed, 288 insertions(+), 1 deletion(-) create mode 100644 securitycenter/snippets/snippets_bigquery_export.py create mode 100644 securitycenter/snippets/snippets_bigquery_export_test.py diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 55b033e901cd..3bcf2ecb30c2 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1 +1,2 @@ -pytest \ No newline at end of file +pytest==6.2.5 +google-cloud-bigquery==2.34.2 diff --git a/securitycenter/snippets/snippets_bigquery_export.py b/securitycenter/snippets/snippets_bigquery_export.py new file mode 100644 index 000000000000..591d9af91c4b --- /dev/null +++ b/securitycenter/snippets/snippets_bigquery_export.py @@ -0,0 +1,190 @@ +#!/usr/bin/env python +# +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Snippets on exporting findings from Security Command Center to BigQuery.""" + + +# [START securitycenter_create_bigquery_export] + + +def create_bigquery_export( + parent: str, export_filter: str, bigquery_dataset_id: str, bigquery_export_id: str +): + + from google.cloud import securitycenter + + """ + Create export configuration to export findings from a project to a BigQuery dataset. + Optionally specify filter to export certain findings only. + + Args: + parent: Use any one of the following resource paths: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + export_filter: Expression that defines the filter to apply across create/update events of findings. + bigquery_dataset_id: The BigQuery dataset to write findings' updates to. + bigquery_export_id: Unique identifier provided by the client. + - example id: f"default-{str(uuid.uuid4()).split('-')[0]}" + For more info, see: + https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query#export_findings_from_to + """ + client = securitycenter.SecurityCenterClient() + + # Create the BigQuery export configuration. + bigquery_export = securitycenter.BigQueryExport() + bigquery_export.description = "Export low and medium findings if the compute resource has an IAM anomalous grant" + bigquery_export.filter = export_filter + bigquery_export.dataset = f"{parent}/datasets/{bigquery_dataset_id}" + + request = securitycenter.CreateBigQueryExportRequest() + request.parent = parent + request.big_query_export = bigquery_export + request.big_query_export_id = bigquery_export_id + + # Create the export request. + response = client.create_big_query_export(request) + + print(f"BigQuery export request created successfully: {response.name}\n") + + +# [END securitycenter_create_bigquery_export] + + +# [START securitycenter_get_bigquery_export] +def get_bigquery_export(parent: str, bigquery_export_id: str): + from google.cloud import securitycenter + + """ + Retrieve an existing BigQuery export. + Args: + parent: Use any one of the following resource paths: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + bigquery_export_id: Unique identifier that is used to identify the export. + """ + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.GetBigQueryExportRequest() + request.name = f"{parent}/bigQueryExports/{bigquery_export_id}" + + response = client.get_big_query_export(request) + print(f"Retrieved the BigQuery export: {response.name}") + + +# [END securitycenter_get_bigquery_export] + + +# [START securitycenter_list_bigquery_export] +def list_bigquery_exports(parent: str): + from google.cloud import securitycenter + + """ + List BigQuery exports in the given parent. + Args: + parent: The parent which owns the collection of BigQuery exports. + Use any one of the following resource paths: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + """ + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.ListBigQueryExportsRequest() + request.parent = parent + + response = client.list_big_query_exports(request) + + print("Listing BigQuery exports:") + for bigquery_export in response: + print(bigquery_export.name) + + +# [END securitycenter_list_bigquery_export] + + +# [START securitycenter_update_bigquery_export] +def update_bigquery_export(parent: str, export_filter: str, bigquery_export_id: str): + """ + Updates an existing BigQuery export. + Args: + parent: Use any one of the following resource paths: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + export_filter: Expression that defines the filter to apply across create/update events of findings. + bigquery_export_id: Unique identifier provided by the client. + For more info, see: + https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query#export_findings_from_to + """ + from google.cloud import securitycenter + from google.protobuf import field_mask_pb2 + + client = securitycenter.SecurityCenterClient() + + # Set the new values for export configuration. + bigquery_export = securitycenter.BigQueryExport() + bigquery_export.name = f"{parent}/bigQueryExports/{bigquery_export_id}" + bigquery_export.filter = export_filter + + # Field mask to only update the export filter. + # Set the update mask to specify which properties should be updated. + # If empty, all mutable fields will be updated. + # For more info on constructing field mask path, see the proto or: + # https://googleapis.dev/python/protobuf/latest/google/protobuf/field_mask_pb2.html + field_mask = field_mask_pb2.FieldMask(paths=["filter"]) + + request = securitycenter.UpdateBigQueryExportRequest() + request.big_query_export = bigquery_export + request.update_mask = field_mask + + response = client.update_big_query_export(request) + + if response.filter != export_filter: + print("Failed to update BigQueryExport!") + return + print("BigQueryExport updated successfully!") + + +# [END securitycenter_update_bigquery_export] + + +# [START securitycenter_delete_bigquery_export] +def delete_bigquery_export(parent: str, bigquery_export_id: str): + """ + Delete an existing BigQuery export. + Args: + parent: Use any one of the following resource paths: + - organizations/{organization_id} + - folders/{folder_id} + - projects/{project_id} + bigquery_export_id: Unique identifier that is used to identify the export. + """ + from google.cloud import securitycenter + + client = securitycenter.SecurityCenterClient() + + request = securitycenter.DeleteBigQueryExportRequest() + request.name = f"{parent}/bigQueryExports/{bigquery_export_id}" + + client.delete_big_query_export(request) + print(f"BigQuery export request deleted successfully: {bigquery_export_id}") + + +# [END securitycenter_delete_bigquery_export] diff --git a/securitycenter/snippets/snippets_bigquery_export_test.py b/securitycenter/snippets/snippets_bigquery_export_test.py new file mode 100644 index 000000000000..197bd6f6b1b4 --- /dev/null +++ b/securitycenter/snippets/snippets_bigquery_export_test.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# TODO(developer): Replace these variables before running the sample. +import os +import re +import uuid + +from _pytest.capture import CaptureFixture +import pytest + +import snippets_bigquery_export + +PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] +GOOGLE_APPLICATION_CREDENTIALS = os.environ["GOOGLE_APPLICATION_CREDENTIALS"] +BIGQUERY_DATASET_ID = f"sampledataset{str(uuid.uuid4()).split('-')[0]}" + + +@pytest.fixture(scope="module") +def bigquery_export_id(): + bigquery_export_id = f"default-{str(uuid.uuid4()).split('-')[0]}" + + create_bigquery_dataset(BIGQUERY_DATASET_ID) + export_filter = 'severity="LOW" OR severity="MEDIUM"' + snippets_bigquery_export.create_bigquery_export( + f"projects/{PROJECT_ID}", export_filter, BIGQUERY_DATASET_ID, bigquery_export_id + ) + + yield bigquery_export_id + + snippets_bigquery_export.delete_bigquery_export( + f"projects/{PROJECT_ID}", bigquery_export_id + ) + delete_bigquery_dataset(BIGQUERY_DATASET_ID) + + +def create_bigquery_dataset(dataset_id: str): + from google.cloud import bigquery + + bigquery_client = bigquery.Client() + + dataset_id_full = "{}.{}".format(PROJECT_ID, dataset_id) + dataset = bigquery.Dataset(dataset_id_full) + + dataset = bigquery_client.create_dataset(dataset) + print("Dataset {} created.".format(dataset.dataset_id)) + + +def delete_bigquery_dataset(dataset_id: str): + from google.cloud import bigquery + + bigquery_client = bigquery.Client() + bigquery_client.delete_dataset(dataset_id) + print("Dataset {} deleted.".format(dataset_id)) + + +def test_get_bigquery_export(capsys: CaptureFixture, bigquery_export_id: str): + snippets_bigquery_export.get_bigquery_export( + f"projects/{PROJECT_ID}", bigquery_export_id + ) + out, _ = capsys.readouterr() + assert re.search( + "Retrieved the BigQuery export", + out, + ) + assert re.search(f"bigQueryExports/{bigquery_export_id}", out) + + +def test_list_bigquery_exports(capsys: CaptureFixture, bigquery_export_id: str): + snippets_bigquery_export.list_bigquery_exports(f"projects/{PROJECT_ID}") + out, _ = capsys.readouterr() + assert re.search("Listing BigQuery exports:", out) + assert re.search(bigquery_export_id, out) + + +def test_update_bigquery_exports(capsys: CaptureFixture, bigquery_export_id: str): + export_filter = 'severity="MEDIUM"' + snippets_bigquery_export.update_bigquery_export( + f"projects/{PROJECT_ID}", export_filter, bigquery_export_id + ) + out, _ = capsys.readouterr() + assert re.search("BigQueryExport updated successfully!", out) From 9629a04027bb035c0462803c0796f307cc4ad1b3 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 26 Apr 2022 16:01:13 +0200 Subject: [PATCH 64/95] chore(deps): update all dependencies (#327) --- securitycenter/snippets/requirements-test.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 3bcf2ecb30c2..0b774312c4e6 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ -pytest==6.2.5 -google-cloud-bigquery==2.34.2 +pytest==7.1.2 +google-cloud-bigquery==3.0.1 From a2f239ecad5125ff7f50b8d028132be6c43a1cfa Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 5 May 2022 21:38:32 +0200 Subject: [PATCH 65/95] chore(deps): update dependency google-cloud-securitycenter to v1.11.0 (#330) Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index a4a56a9d1796..91f8abe57cf2 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.12.0 -google-cloud-securitycenter==1.10.0 \ No newline at end of file +google-cloud-securitycenter==1.11.0 \ No newline at end of file From 2b03dd39b74e9c88250f94bf100ad1f53a4f8148 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 9 May 2022 22:56:33 +0200 Subject: [PATCH 66/95] chore(deps): update dependency google-cloud-bigquery to v3.1.0 (#332) --- securitycenter/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 0b774312c4e6..838e63f67c03 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==7.1.2 -google-cloud-bigquery==3.0.1 +google-cloud-bigquery==3.1.0 From c5e53a969b1ea91a3fa1a351224e0cbe6a2acf48 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 12 May 2022 20:24:37 +0200 Subject: [PATCH 67/95] chore(deps): update dependency google-cloud-pubsub to v2.12.1 (#333) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 91f8abe57cf2..5129b026cad9 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.12.0 +google-cloud-pubsub==2.12.1 google-cloud-securitycenter==1.11.0 \ No newline at end of file From ff62ae4c5113599ee1173725febaa1651b70ca06 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sun, 10 Jul 2022 06:39:10 -0400 Subject: [PATCH 68/95] fix: require python 3.7+ (#349) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(python): drop python 3.6 Source-Link: https://github.com/googleapis/synthtool/commit/4f89b13af10d086458f9b379e56a614f9d6dab7b Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:e7bb19d47c13839fe8c147e50e02e8b6cf5da8edd1af8b82208cd6f66cc2829c * add api_description to .repo-metadata.json * require python 3.7+ in setup.py * remove python 3.6 sample configs * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * trigger CI Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index 3b3ffa5d2b0f..e9eb1cbfa5db 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -88,7 +88,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to test samples. -ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9", "3.10"] +ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] From 89ab1ac04e53bb2ae5bf433af74844be48d14e51 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sun, 17 Jul 2022 14:02:23 +0200 Subject: [PATCH 69/95] chore(deps): update all dependencies (#342) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 5129b026cad9..ab256ebc6bfa 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.12.1 -google-cloud-securitycenter==1.11.0 \ No newline at end of file +google-cloud-pubsub==2.13.0 +google-cloud-securitycenter==1.11.1 \ No newline at end of file From 827589de226f54e67cc599a0c57a5397df6ed3de Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 2 Aug 2022 14:48:50 +0200 Subject: [PATCH 70/95] chore(deps): update all dependencies (#357) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements-test.txt | 2 +- securitycenter/snippets/requirements.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 838e63f67c03..2b7be5ae9d42 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==7.1.2 -google-cloud-bigquery==3.1.0 +google-cloud-bigquery==3.3.0 diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index ab256ebc6bfa..f7e0de3e618f 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.13.0 -google-cloud-securitycenter==1.11.1 \ No newline at end of file +google-cloud-pubsub==2.13.4 +google-cloud-securitycenter==1.12.0 \ No newline at end of file From 66264df88f2d18f78488a25b8f87a78cbad38caf Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 9 Aug 2022 17:29:43 +0200 Subject: [PATCH 71/95] chore(deps): update all dependencies (#359) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 2b7be5ae9d42..66b222a0018c 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==7.1.2 -google-cloud-bigquery==3.3.0 +google-cloud-bigquery==3.3.1 From 25c7217968ee9844721ffd93cfc606bc1ce3227b Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 12 Aug 2022 01:14:19 +0200 Subject: [PATCH 72/95] chore(deps): update dependency google-cloud-pubsub to v2.13.5 (#361) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index f7e0de3e618f..908f9a630d20 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.13.4 +google-cloud-pubsub==2.13.5 google-cloud-securitycenter==1.12.0 \ No newline at end of file From 8ba7e2f182efb9c5925d9d3872afc5e87b42b033 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 12 Aug 2022 13:11:58 +0200 Subject: [PATCH 73/95] chore(deps): update dependency google-cloud-pubsub to v2.13.6 (#363) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 908f9a630d20..ab1b66523881 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.13.5 +google-cloud-pubsub==2.13.6 google-cloud-securitycenter==1.12.0 \ No newline at end of file From bd51fdbfda7956ecfd2fa0fe3ce5f141e54b284e Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 16 Aug 2022 16:42:54 +0200 Subject: [PATCH 74/95] chore(deps): update dependency google-cloud-securitycenter to v1.13.0 (#365) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index ab1b66523881..d8f5cb4c7ea8 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.13.6 -google-cloud-securitycenter==1.12.0 \ No newline at end of file +google-cloud-securitycenter==1.13.0 \ No newline at end of file From 332b5c487682ba5dc49b2115a649e979878bb026 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 19 Aug 2022 18:32:44 +0200 Subject: [PATCH 75/95] chore(deps): update dependency google-cloud-bigquery to v3.3.2 (#366) --- securitycenter/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 66b222a0018c..e052954faae4 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==7.1.2 -google-cloud-bigquery==3.3.1 +google-cloud-bigquery==3.3.2 From 8d8a3d390004d3cf3214d976dc45eadc1c053be4 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 24 Aug 2022 17:17:27 +0200 Subject: [PATCH 76/95] chore(deps): update dependency google-cloud-securitycenter to v1.14.0 (#369) Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index d8f5cb4c7ea8..0d582307e0cb 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.13.6 -google-cloud-securitycenter==1.13.0 \ No newline at end of file +google-cloud-securitycenter==1.14.0 \ No newline at end of file From 476786f071daf711cc46ae31aa409a2306062280 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 2 Sep 2022 13:17:03 +0200 Subject: [PATCH 77/95] chore(deps): update dependency google-cloud-securitycenter to v1.15.0 (#379) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update dependency google-cloud-securitycenter to v1.15.0 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 0d582307e0cb..f834c18c8fe5 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.13.6 -google-cloud-securitycenter==1.14.0 \ No newline at end of file +google-cloud-securitycenter==1.15.0 \ No newline at end of file From 781b387ad4b9e7c88ab3b29e78233667efba653b Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 6 Sep 2022 18:14:40 +0200 Subject: [PATCH 78/95] chore(deps): update dependency pytest to v7.1.3 (#384) --- securitycenter/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index e052954faae4..5330057df0ca 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ -pytest==7.1.2 +pytest==7.1.3 google-cloud-bigquery==3.3.2 From 0ed25e1b7da4a1027c87987a121725878fc8a3ea Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 13 Sep 2022 16:46:12 +0000 Subject: [PATCH 79/95] chore: detect samples tests in nested directories (#389) Source-Link: https://github.com/googleapis/synthtool/commit/50db768f450a50d7c1fd62513c113c9bb96fd434 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:e09366bdf0fd9c8976592988390b24d53583dd9f002d476934da43725adbb978 --- securitycenter/snippets/noxfile.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py index e9eb1cbfa5db..c1715136d645 100644 --- a/securitycenter/snippets/noxfile.py +++ b/securitycenter/snippets/noxfile.py @@ -207,8 +207,10 @@ def _session_tests( session: nox.sessions.Session, post_install: Callable = None ) -> None: # check for presence of tests - test_list = glob.glob("*_test.py") + glob.glob("test_*.py") - test_list.extend(glob.glob("tests")) + test_list = glob.glob("**/*_test.py", recursive=True) + glob.glob( + "**/test_*.py", recursive=True + ) + test_list.extend(glob.glob("**/tests", recursive=True)) if len(test_list) == 0: print("No tests found, skipping directory.") From 1c4e4ec69ac313accab9244589ac5b810d5c6979 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 16 Sep 2022 17:55:15 +0200 Subject: [PATCH 80/95] chore(deps): update dependency google-cloud-securitycenter to v1.16.0 (#392) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index f834c18c8fe5..3ba9f41a72f9 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.13.6 -google-cloud-securitycenter==1.15.0 \ No newline at end of file +google-cloud-securitycenter==1.16.0 \ No newline at end of file From 4203f6000d4136dd7558c71f23b9fdf5b9178487 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 26 Sep 2022 16:53:48 +0200 Subject: [PATCH 81/95] chore(deps): update dependency google-cloud-pubsub to v2.13.7 (#393) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 3ba9f41a72f9..4cca0d53460a 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.13.6 +google-cloud-pubsub==2.13.7 google-cloud-securitycenter==1.16.0 \ No newline at end of file From 1f29105a3887f296f65068fcd65981df0274dbe6 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 4 Oct 2022 02:21:43 +0200 Subject: [PATCH 82/95] chore(deps): update dependency google-cloud-bigquery to v3.3.3 (#396) Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index 5330057df0ca..fc11ba8d21fb 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==7.1.3 -google-cloud-bigquery==3.3.2 +google-cloud-bigquery==3.3.3 From 49fa28a772d7a0713eccf0534e3ca37ce49ba5c2 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 4 Oct 2022 15:32:32 +0200 Subject: [PATCH 83/95] chore(deps): update dependency google-cloud-securitycenter to v1.16.1 (#398) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 4cca0d53460a..4724ca0070f5 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.13.7 -google-cloud-securitycenter==1.16.0 \ No newline at end of file +google-cloud-securitycenter==1.16.1 \ No newline at end of file From 839d305164e3ffea4389bf3e70814db50c1214b3 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 10 Oct 2022 20:14:51 +0200 Subject: [PATCH 84/95] chore(deps): update dependency google-cloud-securitycenter to v1.16.2 (#401) --- securitycenter/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index 4724ca0070f5..b6941917d490 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.13.7 -google-cloud-securitycenter==1.16.1 \ No newline at end of file +google-cloud-securitycenter==1.16.2 \ No newline at end of file From 20e5f3f8dc5387af2be7b0b281ffdaed2a80f3b2 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 18 Oct 2022 17:31:49 +0200 Subject: [PATCH 85/95] chore(deps): update all dependencies (#402) Co-authored-by: Anthonios Partheniou --- securitycenter/snippets/requirements-test.txt | 2 +- securitycenter/snippets/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index fc11ba8d21fb..a5b9f43c2466 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==7.1.3 -google-cloud-bigquery==3.3.3 +google-cloud-bigquery==3.3.5 diff --git a/securitycenter/snippets/requirements.txt b/securitycenter/snippets/requirements.txt index b6941917d490..9a8e73c3bda6 100644 --- a/securitycenter/snippets/requirements.txt +++ b/securitycenter/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.13.7 +google-cloud-pubsub==2.13.10 google-cloud-securitycenter==1.16.2 \ No newline at end of file From 22b343b18b43db5ac22d2d1dd0dd73dbfa0fbc5e Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 26 Oct 2022 12:50:25 +0200 Subject: [PATCH 86/95] chore(deps): update dependency pytest to v7.2.0 (#406) --- securitycenter/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/requirements-test.txt b/securitycenter/snippets/requirements-test.txt index a5b9f43c2466..e47a4859ff89 100644 --- a/securitycenter/snippets/requirements-test.txt +++ b/securitycenter/snippets/requirements-test.txt @@ -1,2 +1,2 @@ -pytest==7.1.3 +pytest==7.2.0 google-cloud-bigquery==3.3.5 From c451317571923a3d1f1bd079f55936ff44f3dcaf Mon Sep 17 00:00:00 2001 From: Sita Lakshmi Sangameswaran Date: Fri, 28 Oct 2022 04:24:32 +0530 Subject: [PATCH 87/95] docs(samples): update samples to include new parent levels (folder and project) (#405) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs(samples): update samples to include new parent levels (folder and project) * change parent_name to parent_id * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * updated acc to review comments * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- .../snippets/snippets_notification_configs.py | 114 ++++++++++-------- .../snippets/snippets_notification_test.py | 12 +- 2 files changed, 71 insertions(+), 55 deletions(-) diff --git a/securitycenter/snippets/snippets_notification_configs.py b/securitycenter/snippets/snippets_notification_configs.py index 4d615276cc5e..6cc82dd8f3ab 100644 --- a/securitycenter/snippets/snippets_notification_configs.py +++ b/securitycenter/snippets/snippets_notification_configs.py @@ -16,23 +16,26 @@ """Demos for working with notification configs.""" -def create_notification_config(organization_id, notification_config_id, pubsub_topic): - - # [START securitycenter_create_notification_config] +# [START securitycenter_create_notification_config] +def create_notification_config(parent_id, notification_config_id, pubsub_topic): + """ + Args: + parent_id: must be in one of the following formats: + "organizations/{organization_id}" + "projects/{project_id}" + "folders/{folder_id}" + notification_config_id: "your-config-id" + pubsub_topic: "projects/{your-project-id}/topics/{your-topic-ic}" + + Ensure this ServiceAccount has the "pubsub.topics.setIamPolicy" permission on the new topic. + """ from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() - # TODO: organization_id = "your-org-id" - # TODO: notification_config_id = "your-config-id" - # TODO: pubsub_topic = "projects/{your-project-id}/topics/{your-topic-ic}" - # Ensure this ServiceAccount has the "pubsub.topics.setIamPolicy" permission on the new topic. - - org_name = "organizations/{org_id}".format(org_id=organization_id) - created_notification_config = client.create_notification_config( request={ - "parent": org_name, + "parent": parent_id, "config_id": notification_config_id, "notification_config": { "description": "Notification for active findings", @@ -47,88 +50,99 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t return created_notification_config -def delete_notification_config(organization_id, notification_config_id): - - # [START securitycenter_delete_notification_config] +# [START securitycenter_delete_notification_config] +def delete_notification_config(parent_id, notification_config_id): + """ + Args: + parent_id: must be in one of the following formats: + "organizations/{organization_id}" + "projects/{project_id}" + "folders/{folder_id}" + notification_config_id: "your-config-id" + """ from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() - # TODO: organization_id = "your-org-id" - # TODO: notification_config_id = "your-config-id" - notification_config_name = ( - "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=organization_id, config_id=notification_config_id - ) + f"{parent_id}/notificationConfigs/{notification_config_id}" ) client.delete_notification_config(request={"name": notification_config_name}) - print("Deleted notification config: {}".format(notification_config_name)) + print(f"Deleted notification config: {notification_config_name}") # [END securitycenter_delete_notification_config] return True -def get_notification_config(organization_id, notification_config_id): - - # [START securitycenter_get_notification_config] +# [START securitycenter_get_notification_config] +def get_notification_config(parent_id, notification_config_id): + """ + Args: + parent_id: must be in one of the following formats: + "organizations/{organization_id}" + "projects/{project_id}" + "folders/{folder_id}" + notification_config_id: "your-config-id" + """ from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() - # TODO: organization_id = "your-org-id" - # TODO: notification_config_id = "your-config-id" - notification_config_name = ( - "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=organization_id, config_id=notification_config_id - ) + f"{parent_id}/notificationConfigs/{notification_config_id}" ) notification_config = client.get_notification_config( request={"name": notification_config_name} ) - print("Got notification config: {}".format(notification_config)) + print(f"Got notification config: {notification_config}") # [END securitycenter_get_notification_config] return notification_config -def list_notification_configs(organization_id): - - # [START securitycenter_list_notification_configs] +# [START securitycenter_list_notification_configs] +def list_notification_configs(parent_id): + """ + Args: + parent_id: must be in one of the following formats: + "organizations/{organization_id}" + "projects/{project_id}" + "folders/{folder_id}" + """ from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() - # TODO: organization_id = "your-org-id" - org_name = "organizations/{org_id}".format(org_id=organization_id) - notification_configs_iterator = client.list_notification_configs( - request={"parent": org_name} + request={"parent": parent_id} ) for i, config in enumerate(notification_configs_iterator): - print("{}: notification_config: {}".format(i, config)) + print(f"{i}: notification_config: {config}") # [END securitycenter_list_notification_configs]] return notification_configs_iterator -def update_notification_config(organization_id, notification_config_id, pubsub_topic): - # [START securitycenter_update_notification_config] +# [START securitycenter_update_notification_config] +def update_notification_config(parent_id, notification_config_id, pubsub_topic): + """ + Args: + parent_id: must be in one of the following formats: + "organizations/{organization_id}" + "projects/{project_id}" + "folders/{folder_id}" + notification_config_id: "config-id-to-update" + pubsub_topic: "projects/{new-project}/topics/{new-topic}" + + If updating a pubsub_topic, ensure this ServiceAccount has the + "pubsub.topics.setIamPolicy" permission on the new topic. + """ from google.cloud import securitycenter as securitycenter from google.protobuf import field_mask_pb2 client = securitycenter.SecurityCenterClient() - # TODO organization_id = "your-org-id" - # TODO notification_config_id = "config-id-to-update" - # TODO pubsub_topic = "projects/{new-project}/topics/{new-topic}" - # If updating a pubsub_topic, ensure this ServiceAccount has the - # "pubsub.topics.setIamPolicy" permission on the new topic. - notification_config_name = ( - "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=organization_id, config_id=notification_config_id - ) + f"{parent_id}/notificationConfigs/{notification_config_id}" ) updated_description = "New updated description" diff --git a/securitycenter/snippets/snippets_notification_test.py b/securitycenter/snippets/snippets_notification_test.py index 93324e29e419..2cc6d262de30 100644 --- a/securitycenter/snippets/snippets_notification_test.py +++ b/securitycenter/snippets/snippets_notification_test.py @@ -111,7 +111,7 @@ def deleted_notification_config(): def test_create_notification_config(): created_notification_config = ( snippets_notification_configs.create_notification_config( - ORG_ID, CREATE_CONFIG_ID, PUBSUB_TOPIC + f"organizations/{ORG_ID}", CREATE_CONFIG_ID, PUBSUB_TOPIC ) ) assert created_notification_config is not None @@ -121,25 +121,27 @@ def test_create_notification_config(): def test_delete_notification_config(deleted_notification_config): assert snippets_notification_configs.delete_notification_config( - ORG_ID, DELETE_CONFIG_ID + f"organizations/{ORG_ID}", DELETE_CONFIG_ID ) def test_get_notification_config(new_notification_config_for_get): retrieved_config = snippets_notification_configs.get_notification_config( - ORG_ID, GET_CONFIG_ID + f"organizations/{ORG_ID}", GET_CONFIG_ID ) assert retrieved_config is not None def test_list_notification_configs(): - iterator = snippets_notification_configs.list_notification_configs(ORG_ID) + iterator = snippets_notification_configs.list_notification_configs( + f"organizations/{ORG_ID}" + ) assert iterator is not None def test_update_notification_config(new_notification_config_for_update): updated_config = snippets_notification_configs.update_notification_config( - ORG_ID, UPDATE_CONFIG_ID, PUBSUB_TOPIC + f"organizations/{ORG_ID}", UPDATE_CONFIG_ID, PUBSUB_TOPIC ) assert updated_config is not None From c9196d80798a68528f677f40b9bdad07f69385d4 Mon Sep 17 00:00:00 2001 From: Don McCasland Date: Thu, 10 Nov 2022 16:43:43 -0800 Subject: [PATCH 88/95] removing noxfile.py --- securitycenter/snippets/noxfile.py | 312 ----------------------------- 1 file changed, 312 deletions(-) delete mode 100644 securitycenter/snippets/noxfile.py diff --git a/securitycenter/snippets/noxfile.py b/securitycenter/snippets/noxfile.py deleted file mode 100644 index c1715136d645..000000000000 --- a/securitycenter/snippets/noxfile.py +++ /dev/null @@ -1,312 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import print_function - -import glob -import os -from pathlib import Path -import sys -from typing import Callable, Dict, List, Optional - -import nox - -# WARNING - WARNING - WARNING - WARNING - WARNING -# WARNING - WARNING - WARNING - WARNING - WARNING -# DO NOT EDIT THIS FILE EVER! -# WARNING - WARNING - WARNING - WARNING - WARNING -# WARNING - WARNING - WARNING - WARNING - WARNING - -BLACK_VERSION = "black==22.3.0" -ISORT_VERSION = "isort==5.10.1" - -# Copy `noxfile_config.py` to your directory and modify it instead. - -# `TEST_CONFIG` dict is a configuration hook that allows users to -# modify the test configurations. The values here should be in sync -# with `noxfile_config.py`. Users will copy `noxfile_config.py` into -# their directory and modify it. - -TEST_CONFIG = { - # You can opt out from the test for specific Python versions. - "ignored_versions": [], - # Old samples are opted out of enforcing Python type hints - # All new samples should feature them - "enforce_type_hints": False, - # An envvar key for determining the project id to use. Change it - # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a - # build specific Cloud project. You can also use your own string - # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', - # If you need to use a specific version of pip, - # change pip_version_override to the string representation - # of the version number, for example, "20.2.4" - "pip_version_override": None, - # A dictionary you want to inject into your test. Don't put any - # secrets here. These values will override predefined values. - "envs": {}, -} - - -try: - # Ensure we can import noxfile_config in the project's directory. - sys.path.append(".") - from noxfile_config import TEST_CONFIG_OVERRIDE -except ImportError as e: - print("No user noxfile_config found: detail: {}".format(e)) - TEST_CONFIG_OVERRIDE = {} - -# Update the TEST_CONFIG with the user supplied values. -TEST_CONFIG.update(TEST_CONFIG_OVERRIDE) - - -def get_pytest_env_vars() -> Dict[str, str]: - """Returns a dict for pytest invocation.""" - ret = {} - - # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG["gcloud_project_env"] - # This should error out if not set. - ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] - - # Apply user supplied envs. - ret.update(TEST_CONFIG["envs"]) - return ret - - -# DO NOT EDIT - automatically generated. -# All versions used to test samples. -ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10"] - -# Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] - -TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) - -INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ( - "True", - "true", -) - -# Error if a python version is missing -nox.options.error_on_missing_interpreters = True - -# -# Style Checks -# - - -def _determine_local_import_names(start_dir: str) -> List[str]: - """Determines all import names that should be considered "local". - - This is used when running the linter to insure that import order is - properly checked. - """ - file_ext_pairs = [os.path.splitext(path) for path in os.listdir(start_dir)] - return [ - basename - for basename, extension in file_ext_pairs - if extension == ".py" - or os.path.isdir(os.path.join(start_dir, basename)) - and basename not in ("__pycache__") - ] - - -# Linting with flake8. -# -# We ignore the following rules: -# E203: whitespace before ‘:’ -# E266: too many leading ‘#’ for block comment -# E501: line too long -# I202: Additional newline in a section of imports -# -# We also need to specify the rules which are ignored by default: -# ['E226', 'W504', 'E126', 'E123', 'W503', 'E24', 'E704', 'E121'] -FLAKE8_COMMON_ARGS = [ - "--show-source", - "--builtin=gettext", - "--max-complexity=20", - "--import-order-style=google", - "--exclude=.nox,.cache,env,lib,generated_pb2,*_pb2.py,*_pb2_grpc.py", - "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", - "--max-line-length=88", -] - - -@nox.session -def lint(session: nox.sessions.Session) -> None: - if not TEST_CONFIG["enforce_type_hints"]: - session.install("flake8", "flake8-import-order") - else: - session.install("flake8", "flake8-import-order", "flake8-annotations") - - local_names = _determine_local_import_names(".") - args = FLAKE8_COMMON_ARGS + [ - "--application-import-names", - ",".join(local_names), - ".", - ] - session.run("flake8", *args) - - -# -# Black -# - - -@nox.session -def blacken(session: nox.sessions.Session) -> None: - """Run black. Format code to uniform standard.""" - session.install(BLACK_VERSION) - python_files = [path for path in os.listdir(".") if path.endswith(".py")] - - session.run("black", *python_files) - - -# -# format = isort + black -# - - -@nox.session -def format(session: nox.sessions.Session) -> None: - """ - Run isort to sort imports. Then run black - to format code to uniform standard. - """ - session.install(BLACK_VERSION, ISORT_VERSION) - python_files = [path for path in os.listdir(".") if path.endswith(".py")] - - # Use the --fss option to sort imports using strict alphabetical order. - # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections - session.run("isort", "--fss", *python_files) - session.run("black", *python_files) - - -# -# Sample Tests -# - - -PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] - - -def _session_tests( - session: nox.sessions.Session, post_install: Callable = None -) -> None: - # check for presence of tests - test_list = glob.glob("**/*_test.py", recursive=True) + glob.glob( - "**/test_*.py", recursive=True - ) - test_list.extend(glob.glob("**/tests", recursive=True)) - - if len(test_list) == 0: - print("No tests found, skipping directory.") - return - - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - concurrent_args = [] - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - with open("requirements.txt") as rfile: - packages = rfile.read() - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") - else: - session.install("-r", "requirements-test.txt") - with open("requirements-test.txt") as rtfile: - packages += rtfile.read() - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - if "pytest-parallel" in packages: - concurrent_args.extend(["--workers", "auto", "--tests-per-worker", "auto"]) - elif "pytest-xdist" in packages: - concurrent_args.extend(["-n", "auto"]) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs + concurrent_args), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) - - -@nox.session(python=ALL_VERSIONS) -def py(session: nox.sessions.Session) -> None: - """Runs py.test for a sample using the specified version of Python.""" - if session.python in TESTED_VERSIONS: - _session_tests(session) - else: - session.skip( - "SKIPPED: {} tests are disabled for this sample.".format(session.python) - ) - - -# -# Readmegen -# - - -def _get_repo_root() -> Optional[str]: - """Returns the root folder of the project.""" - # Get root of this repository. Assume we don't have directories nested deeper than 10 items. - p = Path(os.getcwd()) - for i in range(10): - if p is None: - break - if Path(p / ".git").exists(): - return str(p) - # .git is not available in repos cloned via Cloud Build - # setup.py is always in the library's root, so use that instead - # https://github.com/googleapis/synthtool/issues/792 - if Path(p / "setup.py").exists(): - return str(p) - p = p.parent - raise Exception("Unable to detect repository root.") - - -GENERATED_READMES = sorted([x for x in Path(".").rglob("*.rst.in")]) - - -@nox.session -@nox.parametrize("path", GENERATED_READMES) -def readmegen(session: nox.sessions.Session, path: str) -> None: - """(Re-)generates the readme for a sample.""" - session.install("jinja2", "pyyaml") - dir_ = os.path.dirname(path) - - if os.path.exists(os.path.join(dir_, "requirements.txt")): - session.install("-r", os.path.join(dir_, "requirements.txt")) - - in_file = os.path.join(dir_, "README.rst.in") - session.run( - "python", _get_repo_root() + "/scripts/readme-gen/readme_gen.py", in_file - ) From 7f903011ba25d9b17eef651e4ee4e3e50c5825b0 Mon Sep 17 00:00:00 2001 From: Dan Lee <71398022+dandhlee@users.noreply.github.com> Date: Thu, 10 Nov 2022 19:54:26 -0500 Subject: [PATCH 89/95] Update securitycenter/snippets/noxfile_config.py --- securitycenter/snippets/noxfile_config.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index daf5c43ae22d..0929c15f9472 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -27,14 +27,13 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', - "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', + # If you need to use a specific version of pip, + # change pip_version_override to the string representation + # of the version number, for example, "20.2.4" + "pip_version_override": None, # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. - "envs": { - "GCLOUD_ORGANIZATION": "1081635000895", - "GCLOUD_PROJECT": "project-a-id", - "GCLOUD_PUBSUB_TOPIC": "projects/project-a-id/topics/notifications-sample-topic", - "GCLOUD_PUBSUB_SUBSCRIPTION": "notification-sample-subscription", - }, + "envs": {}, } From 7e6cfc571f9ea270739e822461b9e04cc5ede580 Mon Sep 17 00:00:00 2001 From: Dan Lee <71398022+dandhlee@users.noreply.github.com> Date: Thu, 10 Nov 2022 20:01:02 -0500 Subject: [PATCH 90/95] revert noxfile config test --- securitycenter/snippets/noxfile_config.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index 0929c15f9472..daf5c43ae22d 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -27,13 +27,14 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', - # If you need to use a specific version of pip, - # change pip_version_override to the string representation - # of the version number, for example, "20.2.4" - "pip_version_override": None, + # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', + "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. - "envs": {}, + "envs": { + "GCLOUD_ORGANIZATION": "1081635000895", + "GCLOUD_PROJECT": "project-a-id", + "GCLOUD_PUBSUB_TOPIC": "projects/project-a-id/topics/notifications-sample-topic", + "GCLOUD_PUBSUB_SUBSCRIPTION": "notification-sample-subscription", + }, } From cccd33f56f03cac7ad1d73e9da091c7c16c9cb14 Mon Sep 17 00:00:00 2001 From: Don McCasland Date: Fri, 11 Nov 2022 09:17:55 -0800 Subject: [PATCH 91/95] Adding CODEOWNERS and blunderbuss config --- .github/CODEOWNERS | 1 + .github/blunderbuss.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 5cf115a2a35e..91e5d8dc4627 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -64,6 +64,7 @@ /run/**/* @GoogleCloudPlatform/aap-dpes @GoogleCloudPlatform/python-samples-reviewers /run/django/**/* @glasnt @GoogleCloudPlatform/aap-dpes @GoogleCloudPlatform/python-samples-reviewers /secretmanager/**/* @GoogleCloudPlatform/aap-dpes @GoogleCloudPlatform/python-samples-reviewers +/securitycenter/**/* @GoogleCloudPlatform/dee-infra @GoogleCloudPlatform/python-samples-reviewers /storage/**/* @GoogleCloudPlatform/cloud-storage-dpes @GoogleCloudPlatform/python-samples-reviewers /storagetransfer/**/* @GoogleCloudPlatform/cloud-storage-dpes @GoogleCloudPlatform/python-samples-reviewers /trace/**/* @ymotongpoo @GoogleCloudPlatform/python-samples-reviewers diff --git a/.github/blunderbuss.yml b/.github/blunderbuss.yml index 97e0b4b04893..8f6c98f4ba05 100644 --- a/.github/blunderbuss.yml +++ b/.github/blunderbuss.yml @@ -100,6 +100,10 @@ assign_issues_by: - 'api: pubsublite' to: - anguillanneuf +- labels: + - 'api: securitycenter' + to: + - GoogleCloudPlatform/dee-infra - labels: - 'api: spanner' to: From c6b218ce8b5b1a10a6f2ceb129e7132872d65eaf Mon Sep 17 00:00:00 2001 From: Don McCasland Date: Fri, 11 Nov 2022 10:29:25 -0800 Subject: [PATCH 92/95] updting noxfile to use old securitycenter test project --- securitycenter/snippets/noxfile_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index daf5c43ae22d..9321e4306a2a 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -28,7 +28,7 @@ # build specific Cloud project. You can also use your own string # to use your own Cloud project. # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', - "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", + "gcloud_project_env": "project-a-id", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": { From b15434c507f5a55446a7da8936c59b779d58a479 Mon Sep 17 00:00:00 2001 From: Don McCasland Date: Fri, 11 Nov 2022 10:34:42 -0800 Subject: [PATCH 93/95] fixing noxfile config --- securitycenter/snippets/noxfile_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index 9321e4306a2a..6232060c5a21 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -28,7 +28,7 @@ # build specific Cloud project. You can also use your own string # to use your own Cloud project. # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', - "gcloud_project_env": "project-a-id", + "gcloud_project_env": "GCLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": { From ed6f205c2c16ae3a4779103f104863b295b88b1a Mon Sep 17 00:00:00 2001 From: Don McCasland Date: Fri, 11 Nov 2022 10:39:31 -0800 Subject: [PATCH 94/95] fixing noxfile config --- securitycenter/snippets/noxfile_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index 6232060c5a21..9f78ae94d94b 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -28,7 +28,7 @@ # build specific Cloud project. You can also use your own string # to use your own Cloud project. # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', - "gcloud_project_env": "GCLOUD_PROJECT", + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": { From dd25c5ba79dca3db6cad5fe29e1d2eba7c435c64 Mon Sep 17 00:00:00 2001 From: "Leah E. Cole" <6719667+leahecole@users.noreply.github.com> Date: Fri, 11 Nov 2022 14:22:21 -0500 Subject: [PATCH 95/95] Update securitycenter/snippets/noxfile_config.py experiment - change back to build_specific --- securitycenter/snippets/noxfile_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securitycenter/snippets/noxfile_config.py b/securitycenter/snippets/noxfile_config.py index 9f78ae94d94b..daf5c43ae22d 100644 --- a/securitycenter/snippets/noxfile_config.py +++ b/securitycenter/snippets/noxfile_config.py @@ -28,7 +28,7 @@ # build specific Cloud project. You can also use your own string # to use your own Cloud project. # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": {