feat(scc): add v2 samples for Sources, mute, findings, IAM permission…

…s and security marks (GoogleCloudPlatform#12011)

* added findings v2 version

* list findings

* added source_v2

* changes made based on Java files

* added new files

* iam permissions

* addressed commenets

* added security marks files

* bulk_mute_findings

* errors fixed

* comments addressed

* addressed the comments

* fixed lint changes

* added test functions

* fixed lint issues

* env vars added

* updated Env var

* added noxconfig file

* fixed pipeline errors

* updated Org

securitycenter/snippets_v2/mute_findings_v2.py

@@ -0,0 +1,102 @@
+#!/usr/bin/env python
+#
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# [START securitycenter_set_mute_v2]
+def set_mute_finding(finding_path: str) -> None:
+    """
+      Mute an individual finding.
+      If a finding is already muted, muting it again has no effect.
+      Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE.
+    Args:
+        finding_path: The relative resource name of the finding. See:
+        https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        Use any one of the following formats:
+        - organizations/{organization_id}/sources/{source_id}/finding/{finding_id},
+        - folders/{folder_id}/sources/{source_id}/finding/{finding_id},
+        - projects/{project_id}/sources/{source_id}/finding/{finding_id}.
+    """
+    from google.cloud import securitycenter_v2
+
+    client = securitycenter_v2.SecurityCenterClient()
+
+    request = securitycenter_v2.SetMuteRequest()
+    request.name = finding_path
+    request.mute = securitycenter_v2.Finding.Mute.MUTED
+
+    finding = client.set_mute(request)
+    print(f"Mute value for the finding: {finding.mute.name}")
+    return finding
+
+# [END securitycenter_set_mute_v2]
+
+
+# [START securitycenter_set_unmute_v2]
+def set_unmute_finding(finding_path: str) -> None:
+    """
+      Unmute an individual finding.
+      Unmuting a finding that isn't muted has no effect.
+      Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE.
+    Args:
+        finding_path: The relative resource name of the finding. See:
+        https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        Use any one of the following formats:
+        - organizations/{organization_id}/sources/{source_id}/finding/{finding_id},
+        - folders/{folder_id}/sources/{source_id}/finding/{finding_id},
+        - projects/{project_id}/sources/{source_id}/finding/{finding_id}.
+    """
+    from google.cloud import securitycenter_v2
+
+    client = securitycenter_v2.SecurityCenterClient()
+
+    request = securitycenter_v2.SetMuteRequest()
+    request.name = finding_path
+    request.mute = securitycenter_v2.Finding.Mute.UNMUTED
+
+    finding = client.set_mute(request)
+    print(f"Mute value for the finding: {finding.mute.name}")
+    return finding
+
+# [END securitycenter_set_unmute_v2]
+
+
+# # [START securitycenter_bulk_mute_v2]
+# def bulk_mute_findings(parent_path: str, location_id, mute_rule: str) -> None:
+#     """
+#       Kicks off a long-running operation (LRO) to bulk mute findings for a parent based on a filter.
+#       The parent can be either an organization, folder, or project. The findings
+#       matched by the filter will be muted after the LRO is done.
+#     Args:
+#         parent_path: use any one of the following options:
+#                      - organizations/{organization}
+#                      - folders/{folder}
+#                      - projects/{project}
+#         mute_rule: Expression that identifies findings that should be updated.
+#     """
+#     from google.cloud import securitycenter_v2
+#
+#     client = securitycenter_v2.SecurityCenterClient()
+#
+#     request = securitycenter_v2.BulkMuteFindingsRequest()
+#     request.parent = parent_path+"/locations/"+location_id
+#     # To create mute rules, see:
+#     # https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
+#     request.filter = mute_rule
+#
+#     response = client.bulk_mute_findings(request)
+#     print(f"Bulk mute findings completed successfully! : {response}")
+#     return response
+# # [END securitycenter_bulk_mute_v2]

securitycenter/snippets_v2/mute_findings_v2_test.py

@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+#
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import os
+
+import backoff
+from google.api_core.exceptions import InternalServerError, NotFound, ServiceUnavailable
+
+import pytest
+
+import mute_findings_v2
+
+# TODO(developer): Replace these variables before running the sample.
+PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"]
+ORGANIZATION_ID = os.environ["GCLOUD_ORGANIZATION"]
+
+
+@pytest.fixture
+def finding():
+    import snippets_findings_v2
+    from snippets_findings_v2 import create_finding
+
+    response = snippets_findings_v2.create_source(ORGANIZATION_ID)
+    source_name = response.name
+    finding1_path = create_finding(ORGANIZATION_ID, "global", "1testingscc", source_name, "MEDIUM_RISK_ONE").name
+    finding2_path = create_finding(ORGANIZATION_ID, "global", "2testingscc", source_name, "MEDIUM_RISK_ONE").name
+
+    yield {
+        "source": source_name,
+        "finding1": finding1_path,
+        "finding2": finding2_path,
+    }
+
+
+@backoff.on_exception(
+    backoff.expo, (InternalServerError, ServiceUnavailable, NotFound), max_tries=3
+)
+def test_set_mute_finding(finding):
+    finding_path = finding.get("finding1")
+    response = mute_findings_v2.set_mute_finding(finding_path)
+    assert response.name == finding_path
+    assert response.mute.name == "MUTED"
+
+
+@backoff.on_exception(
+    backoff.expo, (InternalServerError, ServiceUnavailable, NotFound), max_tries=3
+)
+def test_set_unmute_finding(finding):
+    finding_path = finding.get("finding1")
+    response = mute_findings_v2.set_unmute_finding(finding_path)
+    assert response.mute.name == "UNMUTED"
+
+
+# @backoff.on_exception(
+#     backoff.expo, (InternalServerError, ServiceUnavailable, NotFound), max_tries=3
+# )
+# def test_bulk_mute_findings(finding):
+#     # Mute findings that belong to this project.
+#     response = mute_findings_v2.bulk_mute_findings(
+#         f"organizations/{ORGANIZATION_ID}", "global", f'resource.project_display_name="{ORGANIZATION_ID}"'
+#     )
+#     assert response.done

securitycenter/snippets_v2/noxfile_config.py

@@ -0,0 +1,40 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default TEST_CONFIG_OVERRIDE for python repos.
+
+# You can copy this file into your directory, then it will be inported from
+# the noxfile.py.
+
+# The source of truth:
+# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/noxfile_config.py
+
+TEST_CONFIG_OVERRIDE = {
+    # You can opt out from the test for specific Python versions.
+    "ignored_versions": ["2.7", "3.7", "3.9", "3.10", "3.11"],
+    # An envvar key for determining the project id to use. Change it
+    # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a
+    # build specific Cloud project. You can also use your own string
+    # to use your own Cloud project.
+    "gcloud_project_env": "GOOGLE_CLOUD_PROJECT",
+    # "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT",
+    # A dictionary you want to inject into your test. Don't put any
+    # secrets here. These values will override predefined values.
+    "envs": {
+        "GCLOUD_ORGANIZATION": "1081635000895",
+        "GCLOUD_PROJECT": "project-a-id",
+        "GCLOUD_PUBSUB_TOPIC": "projects/project-a-id/topics/notifications-sample-topic",
+        "GCLOUD_PUBSUB_SUBSCRIPTION": "notification-sample-subscription",
+    },
+}

securitycenter/snippets_v2/requirements.txt

@@ -1,2 +1,2 @@
 google-cloud-securitycenter==1.31.0
-google-cloud-bigquery==3.11.4
+google-cloud-bigquery==3.11.4