diff --git a/samples/analyzeIamPolicy.js b/samples/analyzeIamPolicy.js new file mode 100644 index 00000000..44ea9f6a --- /dev/null +++ b/samples/analyzeIamPolicy.js @@ -0,0 +1,57 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +// sample-metadata: +// title: Analyze Iam Policy +// description: Analyzes accessible IAM policies that match a request. +// usage: node analyzeIamPolicy + +async function main() { + // [START asset_quickstart_analyze_iam_policy] + const util = require('util'); + const {AssetServiceClient} = require('@google-cloud/asset'); + + const client = new AssetServiceClient(); + const projectId = await client.getProjectId(); + + async function analyzeIamPolicy() { + const request = { + analysisQuery: { + scope: `projects/${projectId}`, + resourceSelector: { + fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`, + }, + options: { + expandGroups: true, + outputGroupEdges: true, + }, + }, + }; + + // Handle the operation using the promise pattern. + const result = await client.analyzeIamPolicy(request); + // Do things with with the response. + console.log(util.inspect(result, {depth: null})); + } + // [END asset_quickstart_analyze_iam_policy] + analyzeIamPolicy(); +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/analyzeIamPolicyLongrunningBigquery.js b/samples/analyzeIamPolicyLongrunningBigquery.js new file mode 100644 index 00000000..10eab93e --- /dev/null +++ b/samples/analyzeIamPolicyLongrunningBigquery.js @@ -0,0 +1,71 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +// sample-metadata: +// title: Analyze Iam Policy Longrunning and write results to Bigquery +// description: Analyzes accessible IAM policies that match a request. +// usage: node analyzeIamPolicyLongrunningBigquery + +async function main(datasetId, tablePrefix) { + // [START asset_quickstart_analyze_iam_policy_longrunning_bigquery] + const util = require('util'); + const {AssetServiceClient} = require('@google-cloud/asset'); + + const client = new AssetServiceClient(); + const projectId = await client.getProjectId(); + + async function analyzeIamPolicyLongrunningBigquery() { + // TODO(developer): choose the dataset and table prefix + // const datasetId = '' + // const tablePrefix = '' + + const request = { + analysisQuery: { + scope: `projects/${projectId}`, + resourceSelector: { + fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`, + }, + options: { + expandGroups: true, + outputGroupEdges: true, + }, + }, + outputConfig: { + bigqueryDestination: { + dataset: `projects/${projectId}/datasets/${datasetId}`, + tablePrefix: tablePrefix, + }, + }, + }; + + // Handle the operation using the promise pattern. + const [operation] = await client.analyzeIamPolicyLongrunning(request); + + // Operation#promise starts polling for the completion of the operation. + const [result] = await operation.promise(); + + // Do things with with the response. + console.log(util.inspect(result, {depth: null})); + } + // [END asset_quickstart_analyze_iam_policy_longrunning_bigquery] + analyzeIamPolicyLongrunningBigquery(); +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/analyzeIamPolicyLongrunningGcs.js b/samples/analyzeIamPolicyLongrunningGcs.js new file mode 100644 index 00000000..15a576d6 --- /dev/null +++ b/samples/analyzeIamPolicyLongrunningGcs.js @@ -0,0 +1,70 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +// sample-metadata: +// title: Analyze Iam Policy Longrunning and write results to GCS +// description: Analyzes accessible IAM policies that match a request. +// usage: node analyzeIamPolicyLongrunningGcs +// + +async function main(gcsUri) { + // [START asset_quickstart_analyze_iam_policy_longrunning_gcs] + const util = require('util'); + const {AssetServiceClient} = require('@google-cloud/asset'); + + const client = new AssetServiceClient(); + const projectId = await client.getProjectId(); + + async function analyzeIamPolicyLongrunningGcs() { + // TODO(developer): choose the gcs path uri + // const gcsUri = 'Gcs path uri, e.g.: gs:///' + + const request = { + analysisQuery: { + scope: `projects/${projectId}`, + resourceSelector: { + fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`, + }, + options: { + expandGroups: true, + outputGroupEdges: true, + }, + }, + outputConfig: { + gcsDestination: { + uri: gcsUri, + }, + }, + }; + + // Handle the operation using the promise pattern. + const [operation] = await client.analyzeIamPolicyLongrunning(request); + + // Operation#promise starts polling for the completion of the operation. + const [result] = await operation.promise(); + + // Do things with with the response. + console.log(util.inspect(result, {depth: null})); + } + // [END asset_quickstart_analyze_iam_policy_longrunning_gcs] + analyzeIamPolicyLongrunningGcs(); +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/package.json b/samples/package.json index f761e66f..4c6b84b3 100644 --- a/samples/package.json +++ b/samples/package.json @@ -16,6 +16,7 @@ }, "dependencies": { "@google-cloud/asset": "^3.11.0", + "@google-cloud/bigquery": "^5.5.0", "@google-cloud/compute": "^2.0.0", "@google-cloud/storage": "^5.0.0", "uuid": "^8.0.0", diff --git a/samples/test/sample.test.js b/samples/test/sample.test.js index 30be671a..141f2cb2 100644 --- a/samples/test/sample.test.js +++ b/samples/test/sample.test.js @@ -26,6 +26,13 @@ const storage = new Storage(); const bucketName = `asset-nodejs-${uuid.v4()}`; const bucket = storage.bucket(bucketName); +const {BigQuery} = require('@google-cloud/bigquery'); +const bigquery = new BigQuery(); +const options = { + location: 'US', +}; +const datasetId = `asset_nodejs_${uuid.v4()}`.replace(/-/gi, '_'); + const Compute = require('@google-cloud/compute'); const zone = new Compute().zone('us-central1-c'); const vmName = `asset-nodejs-${uuid.v4()}`; @@ -49,11 +56,14 @@ const delay = async test => { describe('quickstart sample tests', () => { before(async () => { await bucket.create(); + await bigquery.createDataset(datasetId, options); + await bigquery.dataset(datasetId).exists(); [vm] = await zone.createVM(vmName, {os: 'ubuntu'}); }); after(async () => { await bucket.delete(); + await bigquery.dataset(datasetId).delete({force: true}).catch(console.warn); await vm.delete(); }); @@ -99,4 +109,41 @@ describe('quickstart sample tests', () => { const stdout = execSync(`node listAssets ${assetType}`); assert.include(stdout, assetType); }); + + it('should analyze iam policy successfully', async () => { + const stdout = execSync('node analyzeIamPolicy'); + assert.include(stdout, '//cloudresourcemanager.googleapis.com/projects'); + }); + + it('should analyze iam policy and write analysis results to gcs successfully', async function () { + this.retries(2); + await delay(this.test); + const uri = `gs://${bucketName}/my-analysis.json`; + execSync(`node analyzeIamPolicyLongrunningGcs ${uri}`); + const file = await bucket.file('my-analysis.json'); + const exists = await file.exists(); + assert.ok(exists); + await file.delete(); + }); + + it('should analyze iam policy and write analysis results to bigquery successfully', async function () { + this.retries(2); + await delay(this.test); + const tablePrefix = 'analysis_nodejs'; + execSync( + `node analyzeIamPolicyLongrunningBigquery ${datasetId} ${tablePrefix}` + ); + const metadataTable = await bigquery + .dataset(datasetId) + .table('analysis_nodejs_analysis'); + const metadataTable_exists = await metadataTable.exists(); + assert.ok(metadataTable_exists); + const resultsTable = await bigquery + .dataset(datasetId) + .table('analysis_nodejs_analysis_result'); + const resultsTable_exists = await resultsTable.exists(); + assert.ok(resultsTable_exists); + await metadataTable.delete(); + await resultsTable.delete(); + }); });