From eb187217527e877435c1735e9b8fc7884474e91c Mon Sep 17 00:00:00 2001 From: donghez-google <74332020+donghez-google@users.noreply.github.com> Date: Tue, 8 Dec 2020 14:29:28 -0800 Subject: [PATCH] samples: Add samples for AnalyzerIamPolicy and AnalyzeIamPolicyLongrunning (#459) * Asset:Add samples for AnalyzerIamPolicy and AnalyzeIamPolicyLongrunning * samples:Add samples for AnalyzerIamPolicy and AnalyzeIamPolicyLongrunning * fixing reviewer's comments * fixing check errors * catching exceptions specificly --- .../asset/AnalyzeIamPolicyExample.java | 65 ++++++++++ ...zeIamPolicyLongrunningBigqueryExample.java | 88 +++++++++++++ ...AnalyzeIamPolicyLongrunningGcsExample.java | 86 +++++++++++++ .../test/java/com/example/asset/Analyze.java | 121 ++++++++++++++++++ 4 files changed, 360 insertions(+) create mode 100644 asset/src/main/java/com/example/asset/AnalyzeIamPolicyExample.java create mode 100644 asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningBigqueryExample.java create mode 100644 asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningGcsExample.java create mode 100644 asset/src/test/java/com/example/asset/Analyze.java diff --git a/asset/src/main/java/com/example/asset/AnalyzeIamPolicyExample.java b/asset/src/main/java/com/example/asset/AnalyzeIamPolicyExample.java new file mode 100644 index 00000000000..1b35d131507 --- /dev/null +++ b/asset/src/main/java/com/example/asset/AnalyzeIamPolicyExample.java @@ -0,0 +1,65 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example.asset; + +// [START asset_quickstart_analyze_iam_policy] +import com.google.api.gax.rpc.ApiException; +import com.google.cloud.asset.v1.AnalyzeIamPolicyRequest; +import com.google.cloud.asset.v1.AnalyzeIamPolicyResponse; +import com.google.cloud.asset.v1.AssetServiceClient; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery.Options; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector; +import java.io.IOException; + +public class AnalyzeIamPolicyExample { + + public static void main(String[] args) { + // TODO(developer): Replace these variables before running the sample. + String scope = "organizations/ORG_ID"; + String fullResourceName = "//cloudresourcemanager.googleapis.com/projects/PROJ_ID"; + analyzeIamPolicy(scope, fullResourceName); + } + + // Analyzes accessible IAM policies that match a request. + public static void analyzeIamPolicy(String scope, String fullResourceName) { + ResourceSelector resourceSelector = + ResourceSelector.newBuilder().setFullResourceName(fullResourceName).build(); + Options options = Options.newBuilder().setExpandGroups(true).setOutputGroupEdges(true).build(); + IamPolicyAnalysisQuery query = + IamPolicyAnalysisQuery.newBuilder() + .setScope(scope) + .setResourceSelector(resourceSelector) + .setOptions(options) + .build(); + AnalyzeIamPolicyRequest request = + AnalyzeIamPolicyRequest.newBuilder().setAnalysisQuery(query).build(); + + // Initialize client that will be used to send requests. This client only needs to be created + // once, and can be reused for multiple requests. After completing all of your requests, call + // the "close" method on the client to safely clean up any remaining background resources. + try (AssetServiceClient client = AssetServiceClient.create()) { + AnalyzeIamPolicyResponse response = client.analyzeIamPolicy(request); + System.out.println("Analyze completed successfully:\n" + response); + } catch (IOException e) { + System.out.println("Failed to create client:\n" + e.toString()); + } catch (ApiException e) { + System.out.println("Error during AnalyzeIamPolicy:\n" + e.toString()); + } + } +} +// [END asset_quickstart_analyze_iam_policy] diff --git a/asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningBigqueryExample.java b/asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningBigqueryExample.java new file mode 100644 index 00000000000..1876d1bfd6c --- /dev/null +++ b/asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningBigqueryExample.java @@ -0,0 +1,88 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example.asset; + +// [START asset_quickstart_analyze_iam_policy_longrunning_bigquery] +import com.google.api.gax.longrunning.OperationFuture; +import com.google.api.gax.rpc.ApiException; +import com.google.cloud.asset.v1.AnalyzeIamPolicyLongrunningRequest; +import com.google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse; +import com.google.cloud.asset.v1.AssetServiceClient; +import com.google.cloud.asset.v1.IamPolicyAnalysisOutputConfig; +import com.google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery.Options; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector; +import java.io.IOException; +import java.util.concurrent.ExecutionException; + +public class AnalyzeIamPolicyLongrunningBigqueryExample { + + public static void main(String[] args) { + // TODO(developer): Replace these variables before running the sample. + String scope = "organizations/ORG_ID"; + String fullResourceName = "//cloudresourcemanager.googleapis.com/projects/PROJ_ID"; + String dataset = "projects/PROJ_ID/datasets/DATASET_ID"; + String tablePrefix = "TABLE_PREFIX"; + analyzeIamPolicyLongrunning(scope, fullResourceName, dataset, tablePrefix); + } + + // Analyzes accessible IAM policies that match a request. + public static void analyzeIamPolicyLongrunning( + String scope, String fullResourceName, String dataset, String tablePrefix) { + ResourceSelector resourceSelector = + ResourceSelector.newBuilder().setFullResourceName(fullResourceName).build(); + Options options = Options.newBuilder().setExpandGroups(true).setOutputGroupEdges(true).build(); + IamPolicyAnalysisQuery query = + IamPolicyAnalysisQuery.newBuilder() + .setScope(scope) + .setResourceSelector(resourceSelector) + .setOptions(options) + .build(); + + BigQueryDestination bigQueryDestination = + BigQueryDestination.newBuilder().setDataset(dataset).setTablePrefix(tablePrefix).build(); + IamPolicyAnalysisOutputConfig outputConfig = + IamPolicyAnalysisOutputConfig.newBuilder() + .setBigqueryDestination(bigQueryDestination) + .build(); + + AnalyzeIamPolicyLongrunningRequest request = + AnalyzeIamPolicyLongrunningRequest.newBuilder() + .setAnalysisQuery(query) + .setOutputConfig(outputConfig) + .build(); + + // Initialize client that will be used to send requests. This client only needs to be created + // once, and can be reused for multiple requests. After completing all of your requests, call + // the "close" method on the client to safely clean up any remaining background resources. + try (AssetServiceClient client = AssetServiceClient.create()) { + OperationFuture + future = client.analyzeIamPolicyLongrunningAsync(request); + System.out.println("Analyze completed successfully:\n" + future.getMetadata().get()); + } catch (IOException e) { + System.out.println("Failed to create client:\n" + e.toString()); + } catch (InterruptedException e) { + System.out.println("Operation was interrupted:\n" + e.toString()); + } catch (ExecutionException e) { + System.out.println("Operation was aborted:\n" + e.toString()); + } catch (ApiException e) { + System.out.println("Error during AnalyzeIamPolicyLongrunning:\n" + e.toString()); + } + } +} +// [END asset_quickstart_analyze_iam_policy_longrunning_bigquery] diff --git a/asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningGcsExample.java b/asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningGcsExample.java new file mode 100644 index 00000000000..955b5fad6a2 --- /dev/null +++ b/asset/src/main/java/com/example/asset/AnalyzeIamPolicyLongrunningGcsExample.java @@ -0,0 +1,86 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example.asset; + +// [START asset_quickstart_analyze_iam_policy_longrunning_gcs] +import com.google.api.gax.longrunning.OperationFuture; +import com.google.api.gax.rpc.ApiException; +import com.google.cloud.asset.v1.AnalyzeIamPolicyLongrunningRequest; +import com.google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse; +import com.google.cloud.asset.v1.AssetServiceClient; +import com.google.cloud.asset.v1.IamPolicyAnalysisOutputConfig; +import com.google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery.Options; +import com.google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector; +import java.io.IOException; +import java.util.concurrent.ExecutionException; + +public class AnalyzeIamPolicyLongrunningGcsExample { + + public static void main(String[] args) { + // TODO(developer): Replace these variables before running the sample. + String scope = "organizations/ORG_ID"; + String fullResourceName = "//cloudresourcemanager.googleapis.com/projects/PROJ_ID"; + String uri = "gs://BUCKET_NAME/OBJECT_NAME"; + analyzeIamPolicyLongrunning(scope, fullResourceName, uri); + } + + // Analyzes accessible IAM policies that match a request. + public static void analyzeIamPolicyLongrunning( + String scope, String fullResourceName, String uri) { + ResourceSelector resourceSelector = + ResourceSelector.newBuilder().setFullResourceName(fullResourceName).build(); + Options options = Options.newBuilder().setExpandGroups(true).setOutputGroupEdges(true).build(); + IamPolicyAnalysisQuery query = + IamPolicyAnalysisQuery.newBuilder() + .setScope(scope) + .setResourceSelector(resourceSelector) + .setOptions(options) + .build(); + + GcsDestination gcsDestination = GcsDestination.newBuilder().setUri(uri).build(); + IamPolicyAnalysisOutputConfig outputConfig = + IamPolicyAnalysisOutputConfig.newBuilder() + .setGcsDestination(GcsDestination.newBuilder().setUri(uri).build()) + .build(); + + AnalyzeIamPolicyLongrunningRequest request = + AnalyzeIamPolicyLongrunningRequest.newBuilder() + .setAnalysisQuery(query) + .setOutputConfig(outputConfig) + .build(); + + // Initialize client that will be used to send requests. This client only needs to be created + // once, and can be reused for multiple requests. After completing all of your requests, call + // the "close" method on the client to safely clean up any remaining background resources. + try (AssetServiceClient client = AssetServiceClient.create()) { + OperationFuture + future = client.analyzeIamPolicyLongrunningAsync(request); + System.out.println("Analyze completed successfully:\n" + future.getMetadata().get()); + } catch (IOException e) { + System.out.println("Failed to create client:\n" + e.toString()); + } catch (InterruptedException e) { + System.out.println("Operation was interrupted:\n" + e.toString()); + } catch (ExecutionException e) { + System.out.println("Operation was aborted:\n" + e.toString()); + } catch (ApiException e) { + System.out.println("Error during AnalyzeIamPolicyLongrunning:\n" + e.toString()); + } + } +} +// [END asset_quickstart_analyze_iam_policy_longrunning_gcs] diff --git a/asset/src/test/java/com/example/asset/Analyze.java b/asset/src/test/java/com/example/asset/Analyze.java new file mode 100644 index 00000000000..9e54a8a64e4 --- /dev/null +++ b/asset/src/test/java/com/example/asset/Analyze.java @@ -0,0 +1,121 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example.asset; + +import static com.google.common.truth.Truth.assertThat; + +import com.google.cloud.bigquery.BigQuery; +import com.google.cloud.bigquery.BigQuery.DatasetDeleteOption; +import com.google.cloud.bigquery.BigQueryOptions; +import com.google.cloud.bigquery.DatasetId; +import com.google.cloud.bigquery.DatasetInfo; +import com.google.cloud.bigquery.testing.RemoteBigQueryHelper; +import com.google.cloud.storage.Blob; +import com.google.cloud.storage.BlobInfo; +import com.google.cloud.storage.Storage; +import com.google.cloud.storage.Storage.BlobListOption; +import com.google.cloud.storage.StorageOptions; +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.util.UUID; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for search samples. */ +@RunWith(JUnit4.class) +@SuppressWarnings("checkstyle:abbreviationaswordinname") +public class Analyze { + + private static final String projectId = System.getenv("GOOGLE_CLOUD_PROJECT"); + private static final String scope = "projects/" + projectId; + private static final String fullResourceName = + "//cloudresourcemanager.googleapis.com/projects/" + projectId; + + private ByteArrayOutputStream bout; + private PrintStream out; + + private static final void deleteObjects(String bucketName, String objectName) { + Storage storage = StorageOptions.getDefaultInstance().getService(); + Iterable blobs = + storage + .list( + bucketName, + BlobListOption.versions(true), + BlobListOption.currentDirectory(), + BlobListOption.prefix(objectName)) + .getValues(); + for (BlobInfo info : blobs) { + storage.delete(info.getBlobId()); + } + } + + @Before + public void setUp() { + bout = new ByteArrayOutputStream(); + out = new PrintStream(bout); + System.setOut(out); + } + + @After + public void tearDown() { + System.setOut(null); + bout.reset(); + } + + @Test + public void testAnalyzeIamPolicyExample() throws Exception { + AnalyzeIamPolicyExample.analyzeIamPolicy(scope, fullResourceName); + String got = bout.toString(); + assertThat(got).contains(fullResourceName); + } + + @Test + public void testAnalyzeIamPolicyLongrunningBigQueryExample() throws Exception { + String datasetName = RemoteBigQueryHelper.generateDatasetName(); + BigQuery bigquery = BigQueryOptions.getDefaultInstance().getService(); + if (bigquery.getDataset(datasetName) == null) { + bigquery.create(DatasetInfo.newBuilder(datasetName).build()); + } + + String dataset = "projects/" + projectId + "/datasets/" + datasetName; + String tablePrefix = "client_library_table"; + AnalyzeIamPolicyLongrunningBigqueryExample.analyzeIamPolicyLongrunning( + scope, fullResourceName, dataset, tablePrefix); + String got = bout.toString(); + assertThat(got).contains("output_config"); + + DatasetId datasetId = DatasetId.of(bigquery.getOptions().getProjectId(), datasetName); + bigquery.delete(datasetId, DatasetDeleteOption.deleteContents()); + } + + @Test + public void testAnalyzeIamPolicyLongrunningGcsExample() throws Exception { + // The developer needs to have bucket create permission or use an exsiting bucket. + String bucketName = "java-docs-samples-testing"; + String objectName = UUID.randomUUID().toString(); + + String uri = "gs://" + bucketName + "/" + objectName; + AnalyzeIamPolicyLongrunningGcsExample.analyzeIamPolicyLongrunning(scope, fullResourceName, uri); + String got = bout.toString(); + assertThat(got).contains("output_config"); + + deleteObjects(bucketName, objectName); + } +}