Skip to content

Commit

Permalink
go rewrite securitycenter-storage (#11353)
Browse files Browse the repository at this point in the history
  • Loading branch information
@NickElliot
NickElliot authored Aug 5, 2024
1 parent f3c0eac commit 549e631
Show file tree
Hide file tree
Showing 63 changed files with 5,850 additions and 51 deletions.
4 changes: 3 additions & 1 deletion mmv1/api/type.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,9 @@ func (t *Type) SetDefault(r *Resource) {
t.ItemType.ParentMetadata = t
t.ItemType.SetDefault(r)
case t.IsA("Map"):
t.KeyExpander = "tpgresource.ExpandString"
if t.KeyExpander == "" {
t.KeyExpander = "tpgresource.ExpandString"
}
t.ValueType.ParentName = t.Name
t.ValueType.ParentMetadata = t
t.ValueType.SetDefault(r)
Expand Down
103 changes: 103 additions & 0 deletions mmv1/products/securitycenter/go_EventThreatDetectionCustomModule.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Warning: This is a temporary file, and should not be edited directly
---
name: 'EventThreatDetectionCustomModule'
description: |
Represents an instance of an Event Threat Detection custom module, including
its full module name, display name, enablement state, andlast updated time.
You can create a custom module at the organization level only.
references:
guides:
'Overview of custom modules for Event Threat Detection': 'https://cloud.google.com/security-command-center/docs/custom-modules-etd-overview'
api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.eventThreatDetectionSettings.customModules'
docs:
base_url: 'organizations/{{organization}}/eventThreatDetectionSettings/customModules'
self_link: 'organizations/{{organization}}/eventThreatDetectionSettings/customModules/{{name}}'
update_verb: 'PATCH'
update_mask: true
mutex: 'organizations/{{organization}}/eventThreatDetectionSettings/customModules'
timeouts:
insert_minutes: 20
update_minutes: 20
delete_minutes: 20
custom_code:
examples:
- name: 'scc_event_threat_detection_custom_module'
primary_resource_id: 'example'
vars:
display_name: 'basic_custom_module'
type: 'CONFIGURABLE_BAD_IP'
test_env_vars:
org_id: 'ORG_ID'
skip_test: true
parameters:
- name: 'organization'
type: String
description: |
Numerical ID of the parent organization.
url_param_only: true
required: true
immutable: true
properties:
- name: 'name'
type: String
description: |
The resource name of the Event Threat Detection custom module.
Its format is "organizations/{organization}/eventThreatDetectionSettings/customModules/{module}".
output: true
custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl'
- name: 'config'
type: String
description: |
Config for the module. For the resident module, its config value is defined at this level.
For the inherited module, its config value is inherited from the ancestor module.
required: true
state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }'
custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl'
custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl'
validation:
function: 'validation.StringIsJSON'
- name: 'enablementState'
type: Enum
description: |
The state of enablement for the module at the given level of the hierarchy.
required: true
enum_values:
- 'ENABLED'
- 'DISABLED'
- name: 'type'
type: String
description: |
Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.
required: true
immutable: true
- name: 'displayName'
type: String
description: |
The human readable name to be displayed for the module.
- name: 'updateTime'
type: String
description: |
The time at which the custom module was last updated.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and
up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
output: true
- name: 'lastEditor'
type: String
description: |
The editor that last updated the custom module
output: true
231 changes: 231 additions & 0 deletions mmv1/products/securitycenter/go_FolderCustomModule.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,231 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Warning: This is a temporary file, and should not be edited directly
---
name: 'FolderCustomModule'
description: |
Represents an instance of a Security Health Analytics custom module, including
its full module name, display name, enablement state, and last updated time.
You can create a custom module at the organization, folder, or project level.
Custom modules that you create at the organization or folder level are inherited
by the child folders and projects.
references:
guides:
'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview'
api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.securityHealthAnalyticsSettings.customModules'
docs:
base_url: 'folders/{{folder}}/securityHealthAnalyticsSettings/customModules'
self_link: 'folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}'
update_verb: 'PATCH'
update_mask: true
mutex: 'folders/{{folder}}/securityHealthAnalyticsSettings/customModules'
timeouts:
insert_minutes: 20
update_minutes: 20
delete_minutes: 20
custom_code:
examples:
- name: 'scc_folder_custom_module_basic'
primary_resource_id: 'example'
vars:
folder_display_name: 'folder-name'
display_name: 'basic_custom_module'
sleep: ''
test_env_vars:
org_id: 'ORG_ID'
test_vars_overrides:
'sleep': 'true'
external_providers: ["random", "time"]
skip_test: true
- name: 'scc_folder_custom_module_full'
primary_resource_id: 'example'
vars:
folder_display_name: 'folder-name'
display_name: 'full_custom_module'
sleep: ''
test_env_vars:
org_id: 'ORG_ID'
test_vars_overrides:
'sleep': 'true'
external_providers: ["random", "time"]
skip_test: true
parameters:
- name: 'folder'
type: String
description: |
Numerical ID of the parent folder.
url_param_only: true
required: true
immutable: true
properties:
- name: 'name'
type: String
description: |
The resource name of the custom module. Its format is "folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}".
The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.
output: true
custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl'
- name: 'displayName'
type: String
description: |
The display name of the Security Health Analytics custom module. This
display name becomes the finding category for all findings that are
returned by this custom module. The display name must be between 1 and
128 characters, start with a lowercase letter, and contain alphanumeric
characters or underscores only.
required: true
immutable: true
validation:
function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)'
- name: 'enablementState'
type: Enum
description: |
The enablement state of the custom module.
required: true
enum_values:
- 'ENABLED'
- 'DISABLED'
- name: 'updateTime'
type: String
description: |
The time at which the custom module was last updated.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and
up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
output: true
- name: 'lastEditor'
type: String
description: |
The editor that last updated the custom module.
output: true
- name: 'ancestorModule'
type: String
description: |
If empty, indicates that the custom module was created in the organization, folder,
or project in which you are viewing the custom module. Otherwise, ancestor_module
specifies the organization or folder from which the custom module is inherited.
output: true
- name: 'customConfig'
type: NestedObject
description: |
The user specified custom configuration for the module.
required: true
properties:
- name: 'predicate'
type: NestedObject
description: |
The CEL expression to evaluate to produce findings. When the expression evaluates
to true against a resource, a finding is generated.
required: true
properties:
- name: 'expression'
type: String
description: |
Textual representation of an expression in Common Expression Language syntax.
required: true
- name: 'title'
type: String
description: |
Title for the expression, i.e. a short string describing its purpose. This can
be used e.g. in UIs which allow to enter the expression.
- name: 'description'
type: String
description: |
Description of the expression. This is a longer text which describes the
expression, e.g. when hovered over it in a UI.
- name: 'location'
type: String
description: |
String indicating the location of the expression for error reporting, e.g. a
file name and a position in the file.
- name: 'customOutput'
type: NestedObject
description: |
Custom output properties.
properties:
- name: 'properties'
type: Array
description: |
A list of custom output properties to add to the finding.
item_type:
type: NestedObject
properties:
- name: 'name'
type: String
description: |
Name of the property for the custom output.
- name: 'valueExpression'
type: NestedObject
description: |
The CEL expression for the custom output. A resource property can be specified
to return the value of the property or a text string enclosed in quotation marks.
properties:
- name: 'expression'
type: String
description: |
Textual representation of an expression in Common Expression Language syntax.
required: true
- name: 'title'
type: String
description: |
Title for the expression, i.e. a short string describing its purpose. This can
be used e.g. in UIs which allow to enter the expression.
- name: 'description'
type: String
description: |
Description of the expression. This is a longer text which describes the
expression, e.g. when hovered over it in a UI.
- name: 'location'
type: String
description: |
String indicating the location of the expression for error reporting, e.g. a
file name and a position in the file.
- name: 'resourceSelector'
type: NestedObject
description: |
The resource types that the custom module operates on. Each custom module
can specify up to 5 resource types.
required: true
properties:
- name: 'resourceTypes'
type: Array
description: |
The resource types to run the detector on.
required: true
item_type:
type: String
- name: 'severity'
type: Enum
description: |
The severity to assign to findings generated by the module.
required: true
enum_values:
- 'CRITICAL'
- 'HIGH'
- 'MEDIUM'
- 'LOW'
- name: 'description'
type: String
description: |
Text that describes the vulnerability or misconfiguration that the custom
module detects. This explanation is returned with each finding instance to
help investigators understand the detected issue. The text must be enclosed in quotation marks.
- name: 'recommendation'
type: String
description: |
An explanation of the recommended steps that security teams can take to resolve
the detected issue. This explanation is returned with each finding generated by
this module in the nextSteps property of the finding JSON.
required: true
Loading

0 comments on commit 549e631

Please sign in to comment.