Skip to content

Commit ed25f95

Browse files
gcf-owl-bot[bot]sofisl
gcf-owl-bot[bot]
and
sofisl
authored
feat: [securitycenter] Add SimulateSecurityHealthAnalyticsCustomModule API for testing SHA custom module (#4749)
* feat: Add SimulateSecurityHealthAnalyticsCustomModule API for testing SHA custom module PiperOrigin-RevId: 574612611 Source-Link: googleapis/googleapis@c768e7a Source-Link: googleapis/googleapis-gen@e5502fc Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiJlNTUwMmZjMTdlY2VhY2ExYzIzNTJmZDJhNjE0Yzc2ZWM2M2VmOGU0In0= * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: sofisl <[email protected]>
1 parent 56d6889 commit ed25f95

12 files changed

Lines changed: 2115 additions & 0 deletions

packages/google-cloud-securitycenter/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,7 @@ Samples are in the [`samples/`](https://github.com/googleapis/google-cloud-node/
125125
| Security_center.set_finding_state | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.set_finding_state.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.set_finding_state.js,packages/google-cloud-securitycenter/samples/README.md) |
126126
| Security_center.set_iam_policy | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.set_iam_policy.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.set_iam_policy.js,packages/google-cloud-securitycenter/samples/README.md) |
127127
| Security_center.set_mute | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.set_mute.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.set_mute.js,packages/google-cloud-securitycenter/samples/README.md) |
128+
| Security_center.simulate_security_health_analytics_custom_module | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.simulate_security_health_analytics_custom_module.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.simulate_security_health_analytics_custom_module.js,packages/google-cloud-securitycenter/samples/README.md) |
128129
| Security_center.test_iam_permissions | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.test_iam_permissions.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.test_iam_permissions.js,packages/google-cloud-securitycenter/samples/README.md) |
129130
| Security_center.update_big_query_export | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.update_big_query_export.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.update_big_query_export.js,packages/google-cloud-securitycenter/samples/README.md) |
130131
| Security_center.update_external_system | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-securitycenter/samples/generated/v1/security_center.update_external_system.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-securitycenter/samples/generated/v1/security_center.update_external_system.js,packages/google-cloud-securitycenter/samples/README.md) |

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/securitycenter_service.proto

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ import "google/cloud/securitycenter/v1/mute_config.proto";
3030
import "google/cloud/securitycenter/v1/notification_config.proto";
3131
import "google/cloud/securitycenter/v1/organization_settings.proto";
3232
import "google/cloud/securitycenter/v1/run_asset_discovery_response.proto";
33+
import "google/cloud/securitycenter/v1/security_health_analytics_custom_config.proto";
3334
import "google/cloud/securitycenter/v1/security_health_analytics_custom_module.proto";
3435
import "google/cloud/securitycenter/v1/security_marks.proto";
3536
import "google/cloud/securitycenter/v1/source.proto";
@@ -41,6 +42,7 @@ import "google/protobuf/empty.proto";
4142
import "google/protobuf/field_mask.proto";
4243
import "google/protobuf/struct.proto";
4344
import "google/protobuf/timestamp.proto";
45+
import "google/rpc/status.proto";
4446

4547
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
4648
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
@@ -515,6 +517,25 @@ service SecurityCenter {
515517
option (google.api.method_signature) = "resource,permissions";
516518
}
517519

520+
// Simulates a given SecurityHealthAnalyticsCustomModule and Resource.
521+
rpc SimulateSecurityHealthAnalyticsCustomModule(
522+
SimulateSecurityHealthAnalyticsCustomModuleRequest)
523+
returns (SimulateSecurityHealthAnalyticsCustomModuleResponse) {
524+
option (google.api.http) = {
525+
post: "/v1/{parent=organizations/*/securityHealthAnalyticsSettings}/customModules:simulate"
526+
body: "*"
527+
additional_bindings {
528+
post: "/v1/{parent=folders/*/securityHealthAnalyticsSettings}/customModules:simulate"
529+
body: "*"
530+
}
531+
additional_bindings {
532+
post: "/v1/{parent=projects/*/securityHealthAnalyticsSettings}/customModules:simulate"
533+
body: "*"
534+
}
535+
};
536+
option (google.api.method_signature) = "parent,custom_config,resource";
537+
}
538+
518539
// Updates external system. This is for a given finding.
519540
rpc UpdateExternalSystem(UpdateExternalSystemRequest)
520541
returns (ExternalSystem) {
@@ -2030,6 +2051,62 @@ message RunAssetDiscoveryRequest {
20302051
];
20312052
}
20322053

2054+
// Request message to simulate a CustomConfig against a given test resource.
2055+
// Maximum size of the request is 4 MB by default.
2056+
message SimulateSecurityHealthAnalyticsCustomModuleRequest {
2057+
// Manually constructed resource. If the custom module only evaluates against
2058+
// the resource data, the iam_policy_data field can be omitted, and vice
2059+
// versa.
2060+
message SimulatedResource {
2061+
// Required. The type of the resource, e.g. `compute.googleapis.com/Disk`.
2062+
string resource_type = 1 [(google.api.field_behavior) = REQUIRED];
2063+
2064+
// Optional. A representation of the GCP resource. Should match the GCP
2065+
// resource JSON format.
2066+
google.protobuf.Struct resource_data = 2
2067+
[(google.api.field_behavior) = OPTIONAL];
2068+
2069+
// Optional. A representation of the IAM policy.
2070+
google.iam.v1.Policy iam_policy_data = 3
2071+
[(google.api.field_behavior) = OPTIONAL];
2072+
}
2073+
2074+
// Required. The relative resource name of the organization, project, or
2075+
// folder. See:
2076+
// https://cloud.google.com/apis/design/resource_names#relative_resource_name
2077+
// An example is:
2078+
// "organizations/{organization_id}".
2079+
string parent = 1 [(google.api.field_behavior) = REQUIRED];
2080+
2081+
// Required. The user specified custom configuration to test.
2082+
CustomConfig custom_config = 2 [(google.api.field_behavior) = REQUIRED];
2083+
2084+
// Required. Resource data to simulate custom module against.
2085+
SimulatedResource resource = 3 [(google.api.field_behavior) = REQUIRED];
2086+
}
2087+
2088+
// Response message for simulating a SecurityHealthAnalyticsCustomModule against
2089+
// a given resource.
2090+
message SimulateSecurityHealthAnalyticsCustomModuleResponse {
2091+
// Possible test result.
2092+
message SimulatedResult {
2093+
oneof result {
2094+
// Finding that would be published for the test case,
2095+
// if a violation is detected.
2096+
Finding finding = 1;
2097+
2098+
// Indicates that the test case does not trigger any violation.
2099+
google.protobuf.Empty no_violation = 2;
2100+
2101+
// Error encountered during the test.
2102+
google.rpc.Status error = 3;
2103+
}
2104+
}
2105+
2106+
// Result for test case in the corresponding request.
2107+
SimulatedResult result = 1;
2108+
}
2109+
20332110
// Request message for updating a ExternalSystem resource.
20342111
message UpdateExternalSystemRequest {
20352112
// Required. The external system resource to update.

0 commit comments

Comments
 (0)