feat(samples): add samples for analyzeIamPolicy and analyzeIamPolicyL…

…ongrunning (#433)
GoogleCloudPlatform · Jan 28, 2021 · 8bc0362 · 8bc0362
1 parent f3c1fe0
commit 8bc0362
Show file tree

Hide file tree

Showing 4 changed files with 199 additions and 0 deletions.
diff --git a/asset/snippets/analyzeIamPolicy.js b/asset/snippets/analyzeIamPolicy.js
@@ -0,0 +1,57 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+// title: Analyze Iam Policy
+// description: Analyzes accessible IAM policies that match a request.
+// usage: node analyzeIamPolicy
+
+async function main() {
+ // [START asset_quickstart_analyze_iam_policy]
+ const util = require('util');
+ const {AssetServiceClient} = require('@google-cloud/asset');
+
+ const client = new AssetServiceClient();
+ const projectId = await client.getProjectId();
+
+ async function analyzeIamPolicy() {
+ const request = {
+ analysisQuery: {
+ scope: `projects/${projectId}`,
+ resourceSelector: {
+ fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+ },
+ options: {
+ expandGroups: true,
+ outputGroupEdges: true,
+ },
+ },
+ };
+
+ // Handle the operation using the promise pattern.
+ const result = await client.analyzeIamPolicy(request);
+ // Do things with with the response.
+ console.log(util.inspect(result, {depth: null}));
+ }
+ // [END asset_quickstart_analyze_iam_policy]
+ analyzeIamPolicy();
+}
+
+process.on('unhandledRejection', err => {
+ console.error(err.message);
+ process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/asset/snippets/analyzeIamPolicyLongrunningBigquery.js b/asset/snippets/analyzeIamPolicyLongrunningBigquery.js
@@ -0,0 +1,71 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+// title: Analyze Iam Policy Longrunning and write results to Bigquery
+// description: Analyzes accessible IAM policies that match a request.
+// usage: node analyzeIamPolicyLongrunningBigquery <dataset_id> <table_prefix>
+
+async function main(datasetId, tablePrefix) {
+ // [START asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+ const util = require('util');
+ const {AssetServiceClient} = require('@google-cloud/asset');
+
+ const client = new AssetServiceClient();
+ const projectId = await client.getProjectId();
+
+ async function analyzeIamPolicyLongrunningBigquery() {
+ // TODO(developer): choose the dataset and table prefix
+ // const datasetId = ''
+ // const tablePrefix = ''
+
+ const request = {
+ analysisQuery: {
+ scope: `projects/${projectId}`,
+ resourceSelector: {
+ fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+ },
+ options: {
+ expandGroups: true,
+ outputGroupEdges: true,
+ },
+ },
+ outputConfig: {
+ bigqueryDestination: {
+ dataset: `projects/${projectId}/datasets/${datasetId}`,
+ tablePrefix: tablePrefix,
+ },
+ },
+ };
+
+ // Handle the operation using the promise pattern.
+ const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+ // Operation#promise starts polling for the completion of the operation.
+ const [result] = await operation.promise();
+
+ // Do things with with the response.
+ console.log(util.inspect(result, {depth: null}));
+ }
+ // [END asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+ analyzeIamPolicyLongrunningBigquery();
+}
+
+process.on('unhandledRejection', err => {
+ console.error(err.message);
+ process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/asset/snippets/analyzeIamPolicyLongrunningGcs.js b/asset/snippets/analyzeIamPolicyLongrunningGcs.js
@@ -0,0 +1,70 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+// title: Analyze Iam Policy Longrunning and write results to GCS
+// description: Analyzes accessible IAM policies that match a request.
+// usage: node analyzeIamPolicyLongrunningGcs
+// <gs://my-bucket/my-analysis.json>
+
+async function main(gcsUri) {
+ // [START asset_quickstart_analyze_iam_policy_longrunning_gcs]
+ const util = require('util');
+ const {AssetServiceClient} = require('@google-cloud/asset');
+
+ const client = new AssetServiceClient();
+ const projectId = await client.getProjectId();
+
+ async function analyzeIamPolicyLongrunningGcs() {
+ // TODO(developer): choose the gcs path uri
+ // const gcsUri = 'Gcs path uri, e.g.: gs://<my_bucket>/<my_analysis_file>'
+
+ const request = {
+ analysisQuery: {
+ scope: `projects/${projectId}`,
+ resourceSelector: {
+ fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+ },
+ options: {
+ expandGroups: true,
+ outputGroupEdges: true,
+ },
+ },
+ outputConfig: {
+ gcsDestination: {
+ uri: gcsUri,
+ },
+ },
+ };
+
+ // Handle the operation using the promise pattern.
+ const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+ // Operation#promise starts polling for the completion of the operation.
+ const [result] = await operation.promise();
+
+ // Do things with with the response.
+ console.log(util.inspect(result, {depth: null}));
+ }
+ // [END asset_quickstart_analyze_iam_policy_longrunning_gcs]
+ analyzeIamPolicyLongrunningGcs();
+}
+
+process.on('unhandledRejection', err => {
+ console.error(err.message);
+ process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/asset/snippets/package.json b/asset/snippets/package.json
@@ -16,6 +16,7 @@
  },
  "dependencies": {
  "@google-cloud/asset": "^3.11.0",
+ "@google-cloud/bigquery": "^5.5.0",
  "@google-cloud/compute": "^2.0.0",
  "@google-cloud/storage": "^5.0.0",
  "uuid": "^8.0.0",