特定の時点でのアセットを一覧表示する方法を説明します。
もっと見る
このコードサンプルを含む詳細なドキュメントについては、以下をご覧ください。
コードサンプル
Go
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
import (
"context"
"fmt"
"io"
"time"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
"github.com/golang/protobuf/ptypes"
"google.golang.org/api/iterator"
)
// listAllProjectAssets lists all GCP Projects in orgID at asOf time and prints
// out results to w. orgID is the numeric organization ID of interest.
func listAllProjectAssetsAtTime(w io.Writer, orgID string, asOf time.Time) error {
// orgID := "12321311"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %w", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Convert the time to a Timestamp protobuf
readTime, err := ptypes.TimestampProto(asOf)
if err != nil {
return fmt.Errorf("TimestampProto(%v): %w", asOf, err)
}
// You can also list assets in a project/ folder. To do so, modify the parent and
// filter condition.
req := &securitycenterpb.ListAssetsRequest{
// Parent must be in one of the following formats:
// "organizations/{orgId}"
// "projects/{projectId}"
// "folders/{folderId}"
Parent: fmt.Sprintf("organizations/%s", orgID),
Filter: `security_center_properties.resource_type="google.cloud.resourcemanager.Project"`,
ReadTime: readTime,
}
assetsFound := 0
it := client.ListAssets(ctx, req)
for {
result, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
return fmt.Errorf("ListAssets: %w", err)
}
asset := result.Asset
properties := asset.SecurityCenterProperties
fmt.Fprintf(w, "Asset Name: %s,", asset.Name)
fmt.Fprintf(w, "Resource Name %s,", properties.ResourceName)
fmt.Fprintf(w, "Resource Type %s\n", properties.ResourceType)
assetsFound++
}
return nil
}
Java
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
static ImmutableList<ListAssetsResult> listAssetsAsOfYesterday(
OrganizationName organizationName, Instant asOf) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// Start setting up a request to search for all assets in an organization, project, or folder.
//
// Parent must be in one of the following formats:
// OrganizationName organizationName = OrganizationName.of("organization-id");
// ProjectName projectName = ProjectName.of("project-id");
// FolderName folderName = FolderName.of("folder-id");
// Initialize the builder with the parent and filter
ListAssetsRequest.Builder request =
ListAssetsRequest.newBuilder()
.setParent(organizationName.toString())
.setFilter(
"security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"");
// Set read time to either the instant passed in or one day ago.
asOf = MoreObjects.firstNonNull(asOf, Instant.now().minus(Duration.ofDays(1)));
request.getReadTimeBuilder().setSeconds(asOf.getEpochSecond()).setNanos(asOf.getNano());
// Call the API.
ListAssetsPagedResponse response = client.listAssets(request.build());
// This creates one list for all assets. If your organization has a large number of assets
// this can cause out of memory issues. You can process them incrementally by returning
// the Iterable returned response.iterateAll() directly.
ImmutableList<ListAssetsResult> results = ImmutableList.copyOf(response.iterateAll());
System.out.println("Projects:");
System.out.println(results);
return results;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}
Node.js
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// organizationId is the numeric ID of the organization.
/*
* TODO(developer): Uncomment the following lines
*/
// parent: must be in one of the following formats:
// `organizations/${organization_id}`
// `projects/${project_id}`
// `folders/${folder_id}`
const parent = `organizations/${organizationId}`;
const oneDayAgo = new Date();
oneDayAgo.setDate(oneDayAgo.getDate() - 1);
// Call the API with automatic pagination.
async function listAssetsAtTime() {
const [response] = await client.listAssets({
parent: parent,
filter:
'security_center_properties.resource_type="google.cloud.resourcemanager.Project"',
// readTime must be in the form of a google.protobuf.Timestamp object
// which takes seconds and nanoseconds.
readTime: {
seconds: Math.floor(oneDayAgo.getTime() / 1000),
nanos: (oneDayAgo.getTime() % 1000) * 1e6,
},
});
let count = 0;
Array.from(response).forEach(result =>
console.log(
`${++count} ${result.asset.name} ${
result.asset.securityCenterProperties.resourceName
}`
)
);
}
listAssetsAtTime();
Python
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
from datetime import datetime, timedelta, timezone
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# 'parent' must be in one of the following formats:
# "organizations/{organization_id}"
# "projects/{project_id}"
# "folders/{folder_id}"
parent = f"organizations/{organization_id}"
project_filter = (
"security_center_properties.resource_type="
+ '"google.cloud.resourcemanager.Project"'
)
# Lists assets as of yesterday.
read_time = datetime.now(tz=timezone.utc) - timedelta(days=1)
# Call the API and print results.
asset_iterator = client.list_assets(
request={"parent": parent, "filter": project_filter, "read_time": read_time}
)
for i, asset_result in enumerate(asset_iterator):
print(i, asset_result)
次のステップ
他の Google Cloud プロダクトに関連するコードサンプルの検索およびフィルタ検索を行うには、Google Cloud のサンプルをご覧ください。