feat(securitycenter): Add Resource SCC Mgmt API Org SHA Custom Modules (Create, Get, List, Delete, Update) #13004
Conversation
…Create, Get, Delete, List, Update)
product-auto-label
bot
added
the
api: securitycenter
There was a problem hiding this comment.
Hi @vijaykanthm and reviewers,
Gemini is currently reviewing this pull request and will post a full review in a few minutes. In the meantime, here's a quick summary to help everyone get up to speed:
This pull request adds Python sample code for interacting with the Security Health Analytics Custom Modules API. Specifically, it provides examples for creating, getting, listing, deleting, and updating custom modules within an organization. The intent is to improve the documentation and provide developers with readily available code snippets for common tasks related to Security Health Analytics Custom Modules. The changes include the addition of several new Python files (securitycenter/snippets_management_api/noxfile_config.py, securitycenter/snippets_management_api/requirements-test.txt, securitycenter/snippets_management_api/requirements.txt, securitycenter/snippets_management_api/security_health_analytics_custom_module_test.py, securitycenter/snippets_management_api/security_health_analytics_custom_modules.py) containing the sample code and associated test files, along with updates to the requirements.txt and requirements-test.txt files to include necessary dependencies.
The code is well-structured and includes comprehensive unit tests to ensure functionality. The noxfile_config.py file configures the testing environment, and the security_health_analytics_custom_modules.py file contains the core functions for interacting with the API. The tests in security_health_analytics_custom_module_test.py cover all the CRUD operations (Create, Read, Update, Delete).
Here's a little something to brighten your day:
Code flows like a stream,
Tests catch bugs, a helpful gleam,
Clean code, a joyful dream.
Thanks,
Gemini
product-auto-label
bot
added
the
samples
|
|
||
| TEST_CONFIG_OVERRIDE = { | ||
| # You can opt out from the test for specific Python versions. | ||
| "ignored_versions": ["2.7", "3.7", "3.9", "3.10", "3.11"], |
There was a problem hiding this comment.
Since this sample supports Python 3.8, consider removing 3.8 from the ignored_versions list to enable testing for this version. Per the authoring guide, samples should support Python 3.8 unless the API or service has specific requirements otherwise.
| import time | ||
| import random | ||
|
|
||
| #Replace these variables before running the sample. |
There was a problem hiding this comment.
Consider adding a comment explaining the purpose of each environment variable. This will improve readability and make it easier for others to understand how to configure the tests.
| #Replace these variables before running the sample. | |
| #Replace these variables before running the sample. | |
| # GCLOUD_ORGANIZATION: The organization ID. | |
| ORGANIZATION_ID = os.environ["GCLOUD_ORGANIZATION"] | |
| LOCATION = "global" | |
| PREFIX = "python_sample_sha_custom_module" # Prefix used for identifying test modules |
| "custom_config": { | ||
| "description": "Sample custom module for testing purpose. Please do not delete.", | ||
| "predicate": { | ||
| "expression": "has(resource.rotationPeriod) && (resource.rotationPeriod > duration('2592000s'))", |
There was a problem hiding this comment.
The predicate expression is quite generic. Could you clarify what resource.rotationPeriod refers to and why 2592000 seconds (30 days) is used as a threshold? A more specific example or a detailed explanation in the docstring would be helpful.
| "title": "GCE Instance High Severity", | ||
| "description": "Custom module to detect high severity issues on GCE instances.", | ||
| }, | ||
| "recommendation": "Ensure proper security configurations on GCE instances.", |
There was a problem hiding this comment.
The title and description in the predicate refer to "GCE Instance High Severity", but the resource selector targets cloudkms.googleapis.com/CryptoKey. This is a mismatch. Change the title and description to accurately reflect that the predicate applies to Cloud KMS CryptoKeys, not GCE instances.
| "title": "GCE Instance High Severity", | |
| "description": "Custom module to detect high severity issues on GCE instances.", | |
| }, | |
| "recommendation": "Ensure proper security configurations on GCE instances.", | |
| "title": "Cloud KMS CryptoKey Rotation Period", | |
| "description": "Custom module to check if the rotation period of a Cloud KMS CryptoKey exceeds 30 days.", | |
| }, | |
| "recommendation": "Review and adjust the rotation period for Cloud KMS CryptoKeys to align with your security policies.", |
| "description": "The name of the instance", | ||
| "expression": "resource.name", | ||
| "location": "global", | ||
| "title": "Instance Name", |
There was a problem hiding this comment.
The description, expression, and title in value_expression seem generic. Consider providing more context by relating them to the Cloud KMS CryptoKey example. For instance, instead of "The name of the instance", use "The resource name of the CryptoKey".
|
Here is the summary of changes. You are about to add 5 region tags.
This comment is generated by snippet-bot.
|
vijaykanthm
added
the
kokoro:force-run
kokoro-team
removed
the
kokoro:force-run
|
This PR conflicts with #13023 in it's current state. Discussing offline |
Merge remote to local.
Description
Fixes b/347347639, b/347347585, b/347347681, b/347347739, b/347347584
This PR adds SCC Managament API Org SHA Custom Module Samples to Create, Get, List, Delete & Update.
Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.
Checklist
nox -s py-3.9(see Test Environment Setup)nox -s lint(see Test Environment Setup)