演示在同一请求中添加和删除安全标记
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Go
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
"google.golang.org/genproto/protobuf/field_mask"
)
// addDeleteSecurityMarks adds/updates "key_a" and deletes "key_b" from
// assetName's securityMarks. assetName is the resource path for an asset.
func addDeleteSecurityMarks(w io.Writer, assetName string) error {
// Specify the value of 'assetName' in one of the following formats:
// assetName := "organizations/{org_id}/assets/{asset_id}"
// assetName := "projects/{project_id}/assets/{asset_id}"
// assetName := "folders/{folder_id}/assets/{asset_id}"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %w", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
req := &securitycenterpb.UpdateSecurityMarksRequest{
// If not set or empty, all marks would be cleared.
UpdateMask: &field_mask.FieldMask{
Paths: []string{"marks.key_a", "marks.key_b"},
},
SecurityMarks: &securitycenterpb.SecurityMarks{
Name: fmt.Sprintf("%s/securityMarks", assetName),
// Intentionally not setting marks for key_b to
// delete it.
Marks: map[string]string{"key_a": "new_value_a"},
},
}
updatedMarks, err := client.UpdateSecurityMarks(ctx, req)
if err != nil {
return fmt.Errorf("UpdateSecurityMarks: %w", err)
}
fmt.Fprintf(w, "Updated marks: %s\n", updatedMarks.Name)
for k, v := range updatedMarks.Marks {
fmt.Fprintf(w, "%s = %s\n", k, v)
}
return nil
}
Java
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
static SecurityMarks deleteAndUpdateMarks(String assetName) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// Specify the value of 'assetName' in one of the following formats:
// String assetName = "organizations/{org-id}/assets/{asset-id}";
// String assetName = "projects/{project-id}/assets/{asset-id}";
// String assetName = "folders/{folder-id}/assets/{asset-id}";
// Start setting up a request to clear and update security marks for an asset.
// Create security mark and field mask for clearing security marks.
SecurityMarks securityMarks =
SecurityMarks.newBuilder()
.setName(assetName + "/securityMarks")
.putMarks("key_a", "new_value_for_a")
.build();
FieldMask updateMask =
FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build();
UpdateSecurityMarksRequest request =
UpdateSecurityMarksRequest.newBuilder()
.setSecurityMarks(securityMarks)
.setUpdateMask(updateMask)
.build();
// Call the API.
SecurityMarks response = client.updateSecurityMarks(request);
System.out.println("Security Marks updated and cleared:");
System.out.println(response);
return response;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}
Node.js
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
async function addDeleteSecurityMarks() {
// assetName is the full resource path for the asset to update.
// Specify the value of 'assetName' in one of the following formats:
// `organizations/${org-id}/assets/${asset-id}`;
// `projects/${project-id}/assets/${asset-id}`;
// `folders/${folder-id}/assets/${asset-id}`;
const [newMarks] = await client.updateSecurityMarks({
securityMarks: {
name: `${assetName}/securityMarks`,
marks: {key_a: 'new_value_a'},
},
// Only update the enableAssetDiscovery field.
updateMask: {paths: ['marks.key_a', 'marks.key_b']},
});
console.log('New marks: %j', newMarks);
}
addDeleteSecurityMarks();
Python
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
from google.cloud import securitycenter
from google.protobuf import field_mask_pb2
client = securitycenter.SecurityCenterClient()
# 'asset_name' is the resource path for an asset that exists in SCC.
# Specify the value of 'asset_name' in one of the following formats:
# f"organizations/{org_id}/assets/{asset_id}"
# f"projects/{project_id}/assets/{asset_id}"
# f"folders/{folder_id}/assets/{asset_id}"
# asset_name = organizations/123123342/assets/12312321
marks_name = f"{asset_name}/securityMarks"
field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"])
marks = {"key_a": "new_value_for_a"}
updated_marks = client.update_security_marks(
request={
"security_marks": {"name": marks_name, "marks": marks},
"update_mask": field_mask,
}
)
print(updated_marks)
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。