googleapis · bcoe · Jan 28, 2021 · Nov 20, 2020 · Nov 20, 2020 · Nov 21, 2020
diff --git a/samples/analyzeIamPolicy.js b/samples/analyzeIamPolicy.js
@@ -0,0 +1,57 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicy
+
+async function main() {
+  // [START asset_quickstart_analyze_iam_policy]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicy() {
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName:
+              `//cloudresourcemanager.googleapis.com/projects/${projectId}`
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      }
+    };
+
+    // Handle the operation using the promise pattern.
+    const result = await client.analyzeIamPolicy(request);
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy]
+  analyzeIamPolicy();
+}
+
+main(...process.argv.slice(2)).catch(err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
diff --git a/samples/analyzeIamPolicyLongrunningBigquery.js b/samples/analyzeIamPolicyLongrunningBigquery.js
@@ -0,0 +1,73 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy Longrunning and write results to Bigquery
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicyLongrunningBigquery <dataset_id> <table_prefix>
+
+async function main(datasetId, tablePrefix) {
+  // [START asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicyLongrunningBigquery() {
+    // TODO(developer): choose the dataset and table prefix
+    // const datasetId = ''
+    // const tablePrefix = ''
+
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName:
+              `//cloudresourcemanager.googleapis.com/projects/${projectId}`
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+      outputConfig: {
+        bigqueryDestination: {
+          dataset: `projects/${projectId}/datasets/${datasetId}`,
+          tablePrefix: tablePrefix,
+        },
+      }
+    };
+
+    // Handle the operation using the promise pattern.
+    const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+    // Operation#promise starts polling for the completion of the operation.
+    const [result] = await operation.promise();
+
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+  analyzeIamPolicyLongrunningBigquery().catch(err => {
+    console.error(err.message);
+  });
+}
+
+main(...process.argv.slice(2)).catch(err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
diff --git a/samples/analyzeIamPolicyLongrunningGcs.js b/samples/analyzeIamPolicyLongrunningGcs.js
@@ -0,0 +1,72 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy Longrunning and write results to GCS
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicyLongrunningGcs
+//   <gs://my-bucket/my-analysis.json>
+
+async function main(gcsUri) {
+  // [START asset_quickstart_analyze_iam_policy_longrunning_gcs]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicyLongrunningGcs() {
+    // TODO(developer): choose the gcs path uri
+    // const gcsUri = 'Gcs path uri, e.g.: gs://<my_bucket>/<my_analysis_file>'
+
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName:
+              `//cloudresourcemanager.googleapis.com/projects/${projectId}`
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+      outputConfig: {
+        gcsDestination: {
+          uri: gcsUri,
+        },
+      }
+    };
+
+    // Handle the operation using the promise pattern.
+    const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+    // Operation#promise starts polling for the completion of the operation.
+    const [result] = await operation.promise();
+
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy_longrunning_gcs]
+  analyzeIamPolicyLongrunningGcs().catch(err => {
+    console.error(err.message);
+  });
+}
+
+main(...process.argv.slice(2)).catch(err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
diff --git a/samples/package.json b/samples/package.json
@@ -15,6 +15,7 @@
     "test": "mocha --timeout 180000"
   },
   "dependencies": {
+    "@google-cloud/bigquery": "^5.5.0",
     "@google-cloud/asset": "^3.11.0",
     "@google-cloud/compute": "^2.0.0",
     "@google-cloud/storage": "^5.0.0",

diff --git a/samples/test/sample.test.js b/samples/test/sample.test.js
@@ -26,6 +26,13 @@ const storage = new Storage();
 const bucketName = `asset-nodejs-${uuid.v4()}`;
 const bucket = storage.bucket(bucketName);
 
+const {BigQuery} = require('@google-cloud/bigquery');
+const bigquery = new BigQuery();
+const options = {
+  location: 'US',
+};
+const datasetId = `asset_nodejs_${uuid.v4()}`.replace(/-/gi, '_');
+
 const Compute = require('@google-cloud/compute');
 const zone = new Compute().zone('us-central1-c');
 const vmName = `asset-nodejs-${uuid.v4()}`;
@@ -37,7 +44,7 @@ let vm;
 // "Timeout of 180000ms exceeded. For async tests and hooks".
 const delay = async test => {
   const retries = test.currentRetry();
-  if (retries === 0) return; // no retry on the first failure.
+  if (retries === 0) return;  // no retry on the first failure.
   // see: https://cloud.google.com/storage/docs/exponential-backoff:
   const ms = Math.pow(2, retries) * 1000 + Math.random() * 2000;
   return new Promise(done => {
@@ -49,15 +56,18 @@ const delay = async test => {
 describe('quickstart sample tests', () => {
   before(async () => {
     await bucket.create();
+    await bigquery.createDataset(datasetId, options);
+    await bigquery.dataset(datasetId).exists();
     [vm] = await zone.createVM(vmName, {os: 'ubuntu'});
   });
 
   after(async () => {
     await bucket.delete();
+    await bigquery.dataset(datasetId).delete({force: true}).catch(console.warn);
     await vm.delete();
   });
 
-  it('should export assets to specified path', async function () {
+  it('should export assets to specified path', async function() {
     this.retries(2);
     await delay(this.test);
     const dumpFilePath = `gs://${bucketName}/my-assets.txt`;
@@ -99,4 +109,40 @@ describe('quickstart sample tests', () => {
     const stdout = execSync(`node listAssets ${assetType}`);
     assert.include(stdout, assetType);
   });
+
+  it('should analyze iam policy successfully', async () => {
+    const stdout = execSync('node analyzeIamPolicy');
+    assert.include(stdout, '//cloudresourcemanager.googleapis.com/projects');
+  });
+
+  it('should analyze iam policy and write analysis results to gcs successfully',
+     async function() {
+       this.retries(2);
+       await delay(this.test);
+       const uri = `gs://${bucketName}/my-analysis.json`;
+       execSync(`node analyzeIamPolicyLongrunningGcs ${uri}`);
+       const file = await bucket.file('my-analysis.json');
+       const exists = await file.exists();
+       assert.ok(exists);
+       await file.delete();
+     });
+
+  it('should analyze iam policy and write analysis results to bigquery successfully',
+     async function() {
+       this.retries(2);
+       await delay(this.test);
+       const tablePrefix = 'analysis_nodejs';
+       execSync(`node analyzeIamPolicyLongrunningBigquery ${datasetId} ${
+           tablePrefix}`);
+       const metadataTable =
+           await bigquery.dataset(datasetId).table('analysis_nodejs_analysis');
+       const metadataTable_exists = await metadataTable.exists();
+       assert.ok(metadataTable_exists);
+       const resultsTable = await bigquery.dataset(datasetId).table(
+           'analysis_nodejs_analysis_result');
+       const resultsTable_exists = await resultsTable.exists();
+       assert.ok(resultsTable_exists);
+       await metadataTable.delete();
+       await resultsTable.delete();
+     });
 });