测试 IAM 权限
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
演示如何验证 IAM 权限以创建发现结果
代码示例
Go
如需向 Security Command Center 进行身份验证,请设置应用默认凭证。
如需了解详情,请参阅为本地开发环境设置身份验证。
Java
如需向 Security Command Center 进行身份验证,请设置应用默认凭证。
如需了解详情,请参阅为本地开发环境设置身份验证。
Node.js
如需向 Security Command Center 进行身份验证,请设置应用默认凭证。
如需了解详情,请参阅为本地开发环境设置身份验证。
Python
如需向 Security Command Center 进行身份验证,请设置应用默认凭证。
如需了解详情,请参阅为本地开发环境设置身份验证。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],[],[],[],null,["Demonstrates how to verify IAM permissions to create findings\n\nCode sample \n\nGo\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tiam \"cloud.google.com/go/iam/apiv1/iampb\"\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n )\n\n // testIam demonstrates how to determine if your service user has appropriate\n // access to create and update findings, it writes permissions to w.\n // sourceName is the full resource name of the source to test for permissions.\n func testIam(w io.Writer, sourceName string) error {\n \t// sourceName := \"organizations/111122222444/sources/1234\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n \t// Check for create/update Permissions.\n \treq := &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_TestIamPermissionsRequest{\n \t\tResource: sourceName,\n \t\tPermissions: []string{\"securitycenter.findings.update\"},\n \t}\n\n \tpolicy, err := client.TestIamPermissions(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error getting IAM policy: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Permision to create/update findings? %t\",\n \t\tlen(policy.Permissions) \u003e 0)\n\n \t// Check for updating state Permissions\n \treq = &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_TestIamPermissionsRequest{\n \t\tResource: sourceName,\n \t\tPermissions: []string{\"securitycenter.findings.setState\"},\n \t}\n\n \tpolicy, err = client.TestIamPermissions(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error getting IAM policy: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Permision to update state? %t\",\n \t\tlen(policy.Permissions) \u003e 0)\n\n \treturn nil\n }\n\nJava\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // SourceName sourceName = SourceName.of(/*organizationId=*/\"123234324\",\n // /*sourceId=*/\"423432321\");\n\n // Iam permission to test.\n List\u003cString\u003e permissionsToTest = new ArrayList\u003c\u003e();\n permissionsToTest.add(\"securitycenter.findings.update\");\n\n // Call the API.\n TestIamPermissionsResponse response =\n client.testIamPermissions(sourceName.toString(), permissionsToTest);\n System.out.println(\"IAM Permission:\");\n System.out.println(response);\n\n return response;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\nNode.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n\n // sourceName is the full resource name of the source to test for permissions.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const sourceName = \"organizations/111122222444/sources/1234\";\n async function testIam() {\n {\n const [policy] = await client.testIamPermissions({\n resource: sourceName,\n permissions: ['securitycenter.findings.update'],\n });\n console.log(\n `Permissions to create/update findings? ${\n policy.permissions.length \u003e 0\n }`\n );\n }\n {\n const [policy] = await client.testIamPermissions({\n resource: sourceName,\n permissions: ['securitycenter.findings.setState'],\n });\n console.log(\n `Permissions to update state? ${policy.permissions.length \u003e 0}`\n );\n }\n }\n testIam();\n\nPython\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from google.cloud import securitycenter_v1\n\n # Create a client.\n client = securitycenter_v1.SecurityCenterClient()\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = \"organizations/{organization_id}/sources/{source_id}\"\n # e.g.:\n # source_name = \"organizations/111122222444/sources/1234\"\n\n # Check for permssions to call create_finding or update_finding.\n permission_response = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_test_iam_permissions(\n request={\n \"resource\": source_name,\n \"permissions\": [\"securitycenter.findings.update\"],\n }\n )\n\n print(\n \"Permision to create or update findings? {}\".format(\n len(permission_response.permissions) \u003e 0\n )\n )\n # Check for permissions necessary to call set_finding_state.\n permission_response = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_test_iam_permissions(\n request={\n \"resource\": source_name,\n \"permissions\": [\"securitycenter.findings.setState\"],\n }\n )\n print(f\"Permision to update state? {len(permission_response.permissions) \u003e 0}\")\n\nWhat's next\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
