IAM 権限をテストする
コレクションでコンテンツを整理
必要に応じて、コンテンツの保存と分類を行います。
検出結果を作成するための IAM 権限の確認方法を説明します。
コードサンプル
Go
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
Java
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
Node.js
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
Python
Security Command Center で認証を行うには、アプリケーションのデフォルト認証情報を設定します。詳細については、ローカル開発環境の認証の設定をご覧ください。
特に記載のない限り、このページのコンテンツはクリエイティブ・コモンズの表示 4.0 ライセンスにより使用許諾されます。コードサンプルは Apache 2.0 ライセンスにより使用許諾されます。詳しくは、Google Developers サイトのポリシーをご覧ください。Java は Oracle および関連会社の登録商標です。
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],[],[],[],null,["Demonstrates how to verify IAM permissions to create findings\n\nCode sample \n\nGo\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tiam \"cloud.google.com/go/iam/apiv1/iampb\"\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n )\n\n // testIam demonstrates how to determine if your service user has appropriate\n // access to create and update findings, it writes permissions to w.\n // sourceName is the full resource name of the source to test for permissions.\n func testIam(w io.Writer, sourceName string) error {\n \t// sourceName := \"organizations/111122222444/sources/1234\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n \t// Check for create/update Permissions.\n \treq := &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_TestIamPermissionsRequest{\n \t\tResource: sourceName,\n \t\tPermissions: []string{\"securitycenter.findings.update\"},\n \t}\n\n \tpolicy, err := client.TestIamPermissions(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error getting IAM policy: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Permision to create/update findings? %t\",\n \t\tlen(policy.Permissions) \u003e 0)\n\n \t// Check for updating state Permissions\n \treq = &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_TestIamPermissionsRequest{\n \t\tResource: sourceName,\n \t\tPermissions: []string{\"securitycenter.findings.setState\"},\n \t}\n\n \tpolicy, err = client.TestIamPermissions(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error getting IAM policy: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Permision to update state? %t\",\n \t\tlen(policy.Permissions) \u003e 0)\n\n \treturn nil\n }\n\nJava\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // SourceName sourceName = SourceName.of(/*organizationId=*/\"123234324\",\n // /*sourceId=*/\"423432321\");\n\n // Iam permission to test.\n List\u003cString\u003e permissionsToTest = new ArrayList\u003c\u003e();\n permissionsToTest.add(\"securitycenter.findings.update\");\n\n // Call the API.\n TestIamPermissionsResponse response =\n client.testIamPermissions(sourceName.toString(), permissionsToTest);\n System.out.println(\"IAM Permission:\");\n System.out.println(response);\n\n return response;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\nNode.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n\n // sourceName is the full resource name of the source to test for permissions.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const sourceName = \"organizations/111122222444/sources/1234\";\n async function testIam() {\n {\n const [policy] = await client.testIamPermissions({\n resource: sourceName,\n permissions: ['securitycenter.findings.update'],\n });\n console.log(\n `Permissions to create/update findings? ${\n policy.permissions.length \u003e 0\n }`\n );\n }\n {\n const [policy] = await client.testIamPermissions({\n resource: sourceName,\n permissions: ['securitycenter.findings.setState'],\n });\n console.log(\n `Permissions to update state? ${policy.permissions.length \u003e 0}`\n );\n }\n }\n testIam();\n\nPython\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from google.cloud import securitycenter_v1\n\n # Create a client.\n client = securitycenter_v1.SecurityCenterClient()\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = \"organizations/{organization_id}/sources/{source_id}\"\n # e.g.:\n # source_name = \"organizations/111122222444/sources/1234\"\n\n # Check for permssions to call create_finding or update_finding.\n permission_response = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_test_iam_permissions(\n request={\n \"resource\": source_name,\n \"permissions\": [\"securitycenter.findings.update\"],\n }\n )\n\n print(\n \"Permision to create or update findings? {}\".format(\n len(permission_response.permissions) \u003e 0\n )\n )\n # Check for permissions necessary to call set_finding_state.\n permission_response = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_test_iam_permissions(\n request={\n \"resource\": source_name,\n \"permissions\": [\"securitycenter.findings.setState\"],\n }\n )\n print(f\"Permision to update state? {len(permission_response.permissions) \u003e 0}\")\n\nWhat's next\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
