feat(samples): add samples for analyzeIamPolicy and analyzeIamPolicyLongrunning (#433)

Author: donghez-google

packages/google-cloud-asset/samples/analyzeIamPolicy.js

@@ -0,0 +1,57 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicy
+
+async function main() {
+  // [START asset_quickstart_analyze_iam_policy]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicy() {
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+    };
+
+    // Handle the operation using the promise pattern.
+    const result = await client.analyzeIamPolicy(request);
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy]
+  analyzeIamPolicy();
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));

packages/google-cloud-asset/samples/analyzeIamPolicyLongrunningBigquery.js

@@ -0,0 +1,71 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy Longrunning and write results to Bigquery
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicyLongrunningBigquery <dataset_id> <table_prefix>
+
+async function main(datasetId, tablePrefix) {
+  // [START asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicyLongrunningBigquery() {
+    // TODO(developer): choose the dataset and table prefix
+    // const datasetId = ''
+    // const tablePrefix = ''
+
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+      outputConfig: {
+        bigqueryDestination: {
+          dataset: `projects/${projectId}/datasets/${datasetId}`,
+          tablePrefix: tablePrefix,
+        },
+      },
+    };
+
+    // Handle the operation using the promise pattern.
+    const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+    // Operation#promise starts polling for the completion of the operation.
+    const [result] = await operation.promise();
+
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+  analyzeIamPolicyLongrunningBigquery();
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));

packages/google-cloud-asset/samples/analyzeIamPolicyLongrunningGcs.js

@@ -0,0 +1,70 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy Longrunning and write results to GCS
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicyLongrunningGcs
+//   <gs://my-bucket/my-analysis.json>
+
+async function main(gcsUri) {
+  // [START asset_quickstart_analyze_iam_policy_longrunning_gcs]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicyLongrunningGcs() {
+    // TODO(developer): choose the gcs path uri
+    // const gcsUri = 'Gcs path uri, e.g.: gs://<my_bucket>/<my_analysis_file>'
+
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+      outputConfig: {
+        gcsDestination: {
+          uri: gcsUri,
+        },
+      },
+    };
+
+    // Handle the operation using the promise pattern.
+    const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+    // Operation#promise starts polling for the completion of the operation.
+    const [result] = await operation.promise();
+
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy_longrunning_gcs]
+  analyzeIamPolicyLongrunningGcs();
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));

packages/google-cloud-asset/samples/package.json

@@ -16,6 +16,7 @@
   },
   "dependencies": {
     "@google-cloud/asset": "^3.11.0",
+    "@google-cloud/bigquery": "^5.5.0",
     "@google-cloud/compute": "^2.0.0",
     "@google-cloud/storage": "^5.0.0",
     "uuid": "^8.0.0",

packages/google-cloud-asset/samples/test/sample.test.js

@@ -26,6 +26,13 @@ const storage = new Storage();
 const bucketName = `asset-nodejs-${uuid.v4()}`;
 const bucket = storage.bucket(bucketName);
 
+const {BigQuery} = require('@google-cloud/bigquery');
+const bigquery = new BigQuery();
+const options = {
+  location: 'US',
+};
+const datasetId = `asset_nodejs_${uuid.v4()}`.replace(/-/gi, '_');
+
 const Compute = require('@google-cloud/compute');
 const zone = new Compute().zone('us-central1-c');
 const vmName = `asset-nodejs-${uuid.v4()}`;
@@ -49,11 +56,14 @@ const delay = async test => {
 describe('quickstart sample tests', () => {
   before(async () => {
     await bucket.create();
+    await bigquery.createDataset(datasetId, options);
+    await bigquery.dataset(datasetId).exists();
     [vm] = await zone.createVM(vmName, {os: 'ubuntu'});
   });
 
   after(async () => {
     await bucket.delete();
+    await bigquery.dataset(datasetId).delete({force: true}).catch(console.warn);
     await vm.delete();
   });
 
@@ -99,4 +109,41 @@ describe('quickstart sample tests', () => {
     const stdout = execSync(`node listAssets ${assetType}`);
     assert.include(stdout, assetType);
   });
+
+  it('should analyze iam policy successfully', async () => {
+    const stdout = execSync('node analyzeIamPolicy');
+    assert.include(stdout, '//cloudresourcemanager.googleapis.com/projects');
+  });
+
+  it('should analyze iam policy and write analysis results to gcs successfully', async function () {
+    this.retries(2);
+    await delay(this.test);
+    const uri = `gs://${bucketName}/my-analysis.json`;
+    execSync(`node analyzeIamPolicyLongrunningGcs ${uri}`);
+    const file = await bucket.file('my-analysis.json');
+    const exists = await file.exists();
+    assert.ok(exists);
+    await file.delete();
+  });
+
+  it('should analyze iam policy and write analysis results to bigquery successfully', async function () {
+    this.retries(2);
+    await delay(this.test);
+    const tablePrefix = 'analysis_nodejs';
+    execSync(
+      `node analyzeIamPolicyLongrunningBigquery ${datasetId} ${tablePrefix}`
+    );
+    const metadataTable = await bigquery
+      .dataset(datasetId)
+      .table('analysis_nodejs_analysis');
+    const metadataTable_exists = await metadataTable.exists();
+    assert.ok(metadataTable_exists);
+    const resultsTable = await bigquery
+      .dataset(datasetId)
+      .table('analysis_nodejs_analysis_result');
+    const resultsTable_exists = await resultsTable.exists();
+    assert.ok(resultsTable_exists);
+    await metadataTable.delete();
+    await resultsTable.delete();
+  });
 });