621 lines
31 KiB
Python
621 lines
31 KiB
Python
# -*- coding: utf-8 -*- #
|
|
# Copyright 2020 Google LLC. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""A library that used to interact with CTD-IA backend services."""
|
|
|
|
from __future__ import absolute_import
|
|
from __future__ import division
|
|
from __future__ import unicode_literals
|
|
|
|
from apitools.base.py import encoding
|
|
from apitools.base.py import exceptions
|
|
from googlecloudsdk.api_lib.util import apis
|
|
from googlecloudsdk.api_lib.util import exceptions as gcloud_exceptions
|
|
from googlecloudsdk.calliope import exceptions as calliope_exceptions
|
|
from googlecloudsdk.command_lib.scc.settings import exceptions as scc_exceptions
|
|
from googlecloudsdk.core import properties
|
|
|
|
API_NAME = 'securitycenter'
|
|
DEFAULT_API_VERSION = 'v1beta2'
|
|
|
|
SERVICES_ENDPOINTS = {
|
|
'container-threat-detection': 'containerThreatDetectionSettings',
|
|
'event-threat-detection': 'eventThreatDetectionSettings',
|
|
'security-health-analytics': 'securityHealthAnalyticsSettings',
|
|
'virtual-machine-threat-detection': 'virtualMachineThreatDetectionSettings',
|
|
'web-security-scanner': 'webSecurityScannerSettings',
|
|
}
|
|
|
|
SERVICE_STATUS_MASK = 'service_enablement_state'
|
|
MODULE_STATUS_MASK = 'modules'
|
|
|
|
|
|
def GetMessages(version=DEFAULT_API_VERSION):
|
|
"""Import and return the securitycenter settings message_module module.
|
|
|
|
Args:
|
|
version: the API version
|
|
|
|
Returns:
|
|
securitycenter settings message module.
|
|
"""
|
|
return apis.GetMessagesModule(API_NAME, version)
|
|
|
|
|
|
def GetClient(version=DEFAULT_API_VERSION):
|
|
"""Import and return the securitycenter settings client module.
|
|
|
|
Args:
|
|
version: the API version
|
|
|
|
Returns:
|
|
securitycenter settings API client module.
|
|
"""
|
|
return apis.GetClientInstance(API_NAME, version)
|
|
|
|
|
|
def GenerateParent(args):
|
|
if args.organization:
|
|
return 'organizations/{}/'.format(args.organization)
|
|
elif args.project:
|
|
return 'projects/{}/'.format(args.project)
|
|
elif args.folder:
|
|
return 'folders/{}/'.format(args.folder)
|
|
|
|
|
|
def FallBackFlags(args):
|
|
if (not args.organization and not args.folder and not args.project):
|
|
args.organization = properties.VALUES.scc.organization.Get()
|
|
if not args.organization:
|
|
args.project = properties.VALUES.core.project.Get()
|
|
if (not args.organization and not args.folder and not args.project):
|
|
raise calliope_exceptions.MinimumArgumentException(
|
|
['--organization', '--folder', '--project'])
|
|
|
|
|
|
class SettingsClient(object):
|
|
"""Client for securitycenter settings service."""
|
|
|
|
def __init__(self, api_version=DEFAULT_API_VERSION):
|
|
self.message_module = GetMessages(api_version)
|
|
self.service_client = GetClient(api_version)
|
|
|
|
def DescribeExplicit(self, args):
|
|
"""Describe settings of organization."""
|
|
|
|
path = GenerateParent(args) + 'securityCenterSettings'
|
|
|
|
try:
|
|
request_message = self.message_module.SecuritycenterOrganizationsGetSecurityCenterSettingsRequest(
|
|
name=path)
|
|
return self.service_client.organizations.GetSecurityCenterSettings(
|
|
request_message)
|
|
except exceptions.HttpNotFoundError:
|
|
raise scc_exceptions.SecurityCenterSettingsException(
|
|
'Invalid argument {}'.format(path))
|
|
|
|
def DescribeServiceExplicit(self, args):
|
|
"""Describe effective service settings of organization/folder/project."""
|
|
|
|
FallBackFlags(args)
|
|
path = GenerateParent(args) + SERVICES_ENDPOINTS[args.service]
|
|
|
|
try:
|
|
if args.organization:
|
|
if args.service == 'web-security-scanner':
|
|
request_message = self.message_module.SecuritycenterOrganizationsGetWebSecurityScannerSettingsRequest(
|
|
name=path)
|
|
return self.service_client.organizations.GetWebSecurityScannerSettings(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
request_message = self.message_module.SecuritycenterOrganizationsGetSecurityHealthAnalyticsSettingsRequest(
|
|
name=path)
|
|
return self.service_client.organizations.GetSecurityHealthAnalyticsSettings(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
request_message = self.message_module.SecuritycenterOrganizationsGetContainerThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.organizations.GetContainerThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
request_message = self.message_module.SecuritycenterOrganizationsGetEventThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.organizations.GetEventThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
request_message = self.message_module.SecuritycenterOrganizationsGetVirtualMachineThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.organizations.GetVirtualMachineThreatDetectionSettings(
|
|
request_message)
|
|
elif args.project:
|
|
if args.service == 'web-security-scanner':
|
|
request_message = self.message_module.SecuritycenterProjectsGetWebSecurityScannerSettingsRequest(
|
|
name=path)
|
|
return self.service_client.projects.GetWebSecurityScannerSettings(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
request_message = self.message_module.SecuritycenterProjectsGetSecurityHealthAnalyticsSettingsRequest(
|
|
name=path)
|
|
return self.service_client.projects.GetSecurityHealthAnalyticsSettings(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
request_message = self.message_module.SecuritycenterProjectsGetContainerThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.projects.GetContainerThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
request_message = self.message_module.SecuritycenterProjectsGetEventThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.projects.GetEventThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
request_message = self.message_module.SecuritycenterProjectsGetVirtualMachineThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.projects.GetVirtualMachineThreatDetectionSettings(
|
|
request_message)
|
|
elif args.folder:
|
|
if args.service == 'web-security-scanner':
|
|
request_message = self.message_module.SecuritycenterFoldersGetWebSecurityScannerSettingsRequest(
|
|
name=path)
|
|
return self.service_client.folders.GetWebSecurityScannerSettings(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
request_message = self.message_module.SecuritycenterFoldersGetSecurityHealthAnalyticsSettingsRequest(
|
|
name=path)
|
|
return self.service_client.folders.GetSecurityHealthAnalyticsSettings(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
request_message = self.message_module.SecuritycenterFoldersGetContainerThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.folders.GetContainerThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
request_message = self.message_module.SecuritycenterFoldersGetEventThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.folders.GetEventThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
request_message = self.message_module.SecuritycenterFoldersGetVirtualMachineThreatDetectionSettingsRequest(
|
|
name=path)
|
|
return self.service_client.folders.GetVirtualMachineThreatDetectionSettings(
|
|
request_message)
|
|
except exceptions.HttpError as err:
|
|
gcloud_exceptions.core_exceptions.reraise(
|
|
gcloud_exceptions.HttpException(
|
|
err, error_format='Status code [{status_code}]. {message}.'))
|
|
|
|
def DescribeService(self, args):
|
|
"""Describe service settings of organization/folder/project."""
|
|
|
|
FallBackFlags(args)
|
|
path = GenerateParent(args) + SERVICES_ENDPOINTS[args.service]
|
|
|
|
try:
|
|
if args.organization:
|
|
if args.service == 'web-security-scanner':
|
|
request_message = self.message_module.SecuritycenterOrganizationsWebSecurityScannerSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.organizations_webSecurityScannerSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
request_message = self.message_module.SecuritycenterOrganizationsSecurityHealthAnalyticsSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.organizations_securityHealthAnalyticsSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
request_message = self.message_module.SecuritycenterOrganizationsContainerThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.organizations_containerThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
request_message = self.message_module.SecuritycenterOrganizationsEventThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.organizations_eventThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
request_message = self.message_module.SecuritycenterOrganizationsVirtualMachineThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.organizations_virtualMachineThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.project:
|
|
if args.service == 'web-security-scanner':
|
|
request_message = self.message_module.SecuritycenterProjectsWebSecurityScannerSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.projects_webSecurityScannerSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
request_message = self.message_module.SecuritycenterProjectsSecurityHealthAnalyticsSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.projects_securityHealthAnalyticsSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
request_message = self.message_module.SecuritycenterProjectsContainerThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.projects_containerThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
request_message = self.message_module.SecuritycenterProjectsEventThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.projects_eventThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
request_message = self.message_module.SecuritycenterProjectsVirtualMachineThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.projects_virtualMachineThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.folder:
|
|
if args.service == 'web-security-scanner':
|
|
request_message = self.message_module.SecuritycenterFoldersWebSecurityScannerSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.folders_webSecurityScannerSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
request_message = self.message_module.SecuritycenterFoldersSecurityHealthAnalyticsSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.folders_securityHealthAnalyticsSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
request_message = self.message_module.SecuritycenterFoldersContainerThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.folders_containerThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
request_message = self.message_module.SecuritycenterFoldersEventThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.folders_eventThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
request_message = self.message_module.SecuritycenterFoldersVirtualMachineThreatDetectionSettingsCalculateRequest(
|
|
name=path)
|
|
return self.service_client.folders_virtualMachineThreatDetectionSettings.Calculate(
|
|
request_message)
|
|
except exceptions.HttpNotFoundError:
|
|
raise scc_exceptions.SecurityCenterSettingsException(
|
|
'Invalid argument {}'.format(path))
|
|
|
|
def EnableService(self, args):
|
|
"""Enable service of organization/folder/project."""
|
|
if args.service == 'web-security-scanner':
|
|
web_security_center_settings = self.message_module.WebSecurityScannerSettings(
|
|
serviceEnablementState=self.message_module.WebSecurityScannerSettings
|
|
.ServiceEnablementStateValueValuesEnum.ENABLED)
|
|
return self._UpdateService(args, web_security_center_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'security-health-analytics':
|
|
security_health_analytics_settings = self.message_module.SecurityHealthAnalyticsSettings(
|
|
serviceEnablementState=self.message_module
|
|
.SecurityHealthAnalyticsSettings.ServiceEnablementStateValueValuesEnum
|
|
.ENABLED)
|
|
return self._UpdateService(args, security_health_analytics_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'container-threat-detection':
|
|
container_threat_detection_settings = self.message_module.ContainerThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.ContainerThreatDetectionSettings
|
|
.ServiceEnablementStateValueValuesEnum.ENABLED)
|
|
return self._UpdateService(args, container_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'event-threat-detection':
|
|
event_threat_detection_settings = self.message_module.EventThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.EventThreatDetectionSettings.ServiceEnablementStateValueValuesEnum
|
|
.ENABLED)
|
|
return self._UpdateService(args, event_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
virtual_machine_threat_detection_settings = self.message_module.VirtualMachineThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.VirtualMachineThreatDetectionSettings
|
|
.ServiceEnablementStateValueValuesEnum.ENABLED)
|
|
return self._UpdateService(args,
|
|
virtual_machine_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
|
|
def DisableService(self, args):
|
|
"""Disable service of organization/folder/project."""
|
|
if args.service == 'web-security-scanner':
|
|
web_security_center_settings = self.message_module.WebSecurityScannerSettings(
|
|
serviceEnablementState=self.message_module.WebSecurityScannerSettings
|
|
.ServiceEnablementStateValueValuesEnum.DISABLED)
|
|
return self._UpdateService(args, web_security_center_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'security-health-analytics':
|
|
security_health_analytics_settings = self.message_module.SecurityHealthAnalyticsSettings(
|
|
serviceEnablementState=self.message_module
|
|
.SecurityHealthAnalyticsSettings.ServiceEnablementStateValueValuesEnum
|
|
.DISABLED)
|
|
return self._UpdateService(args, security_health_analytics_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'container-threat-detection':
|
|
container_threat_detection_settings = self.message_module.ContainerThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.ContainerThreatDetectionSettings
|
|
.ServiceEnablementStateValueValuesEnum.DISABLED)
|
|
return self._UpdateService(args, container_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'event-threat-detection':
|
|
event_threat_detection_settings = self.message_module.EventThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.EventThreatDetectionSettings.ServiceEnablementStateValueValuesEnum
|
|
.DISABLED)
|
|
return self._UpdateService(args, event_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
virtual_machine_threat_detection_settings = self.message_module.VirtualMachineThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.VirtualMachineThreatDetectionSettings
|
|
.ServiceEnablementStateValueValuesEnum.DISABLED)
|
|
return self._UpdateService(args,
|
|
virtual_machine_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
|
|
def InheritService(self, args):
|
|
"""Set service enablement state of folder/project to "inherited"."""
|
|
if args.service == 'web-security-scanner':
|
|
web_security_center_settings = self.message_module.WebSecurityScannerSettings(
|
|
serviceEnablementState=self.message_module.WebSecurityScannerSettings
|
|
.ServiceEnablementStateValueValuesEnum.INHERITED)
|
|
return self._UpdateService(args, web_security_center_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'security-health-analytics':
|
|
security_health_analytics_settings = self.message_module.SecurityHealthAnalyticsSettings(
|
|
serviceEnablementState=self.message_module
|
|
.SecurityHealthAnalyticsSettings.ServiceEnablementStateValueValuesEnum
|
|
.INHERITED)
|
|
return self._UpdateService(args, security_health_analytics_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'container-threat-detection':
|
|
container_threat_detection_settings = self.message_module.ContainerThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.ContainerThreatDetectionSettings
|
|
.ServiceEnablementStateValueValuesEnum.INHERITED)
|
|
return self._UpdateService(args, container_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'event-threat-detection':
|
|
event_threat_detection_settings = self.message_module.EventThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.EventThreatDetectionSettings.ServiceEnablementStateValueValuesEnum
|
|
.INHERITED)
|
|
return self._UpdateService(args, event_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
virtual_machine_threat_detection_settings = self.message_module.VirtualMachineThreatDetectionSettings(
|
|
serviceEnablementState=self.message_module
|
|
.VirtualMachineThreatDetectionSettings
|
|
.ServiceEnablementStateValueValuesEnum.INHERITED)
|
|
return self._UpdateService(args,
|
|
virtual_machine_threat_detection_settings,
|
|
SERVICE_STATUS_MASK)
|
|
|
|
def _UpdateService(self, args, service_settings, update_mask):
|
|
"""Update service settings of organization/folder/project."""
|
|
|
|
FallBackFlags(args)
|
|
path = GenerateParent(args) + SERVICES_ENDPOINTS[args.service]
|
|
|
|
if args.service == 'web-security-scanner':
|
|
if args.organization:
|
|
request_message = self.message_module.SecuritycenterOrganizationsUpdateWebSecurityScannerSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
webSecurityScannerSettings=service_settings)
|
|
return self.service_client.organizations.UpdateWebSecurityScannerSettings(
|
|
request_message)
|
|
elif args.folder:
|
|
request_message = self.message_module.SecuritycenterFoldersUpdateWebSecurityScannerSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
webSecurityScannerSettings=service_settings)
|
|
return self.service_client.folders.UpdateWebSecurityScannerSettings(
|
|
request_message)
|
|
elif args.project:
|
|
request_message = self.message_module.SecuritycenterProjectsUpdateWebSecurityScannerSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
webSecurityScannerSettings=service_settings)
|
|
return self.service_client.projects.UpdateWebSecurityScannerSettings(
|
|
request_message)
|
|
elif args.service == 'security-health-analytics':
|
|
if args.organization:
|
|
request_message = self.message_module.SecuritycenterOrganizationsUpdateSecurityHealthAnalyticsSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
securityHealthAnalyticsSettings=service_settings)
|
|
return self.service_client.organizations.UpdateSecurityHealthAnalyticsSettings(
|
|
request_message)
|
|
elif args.folder:
|
|
request_message = self.message_module.SecuritycenterFoldersUpdateSecurityHealthAnalyticsSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
securityHealthAnalyticsSettings=service_settings)
|
|
return self.service_client.folders.UpdateSecurityHealthAnalyticsSettings(
|
|
request_message)
|
|
elif args.project:
|
|
request_message = self.message_module.SecuritycenterProjectsUpdateSecurityHealthAnalyticsSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
securityHealthAnalyticsSettings=service_settings)
|
|
return self.service_client.projects.UpdateSecurityHealthAnalyticsSettings(
|
|
request_message)
|
|
elif args.service == 'container-threat-detection':
|
|
if args.organization:
|
|
request_message = self.message_module.SecuritycenterOrganizationsUpdateContainerThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
containerThreatDetectionSettings=service_settings)
|
|
return self.service_client.organizations.UpdateContainerThreatDetectionSettings(
|
|
request_message)
|
|
if args.folder:
|
|
request_message = self.message_module.SecuritycenterFoldersUpdateContainerThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
containerThreatDetectionSettings=service_settings)
|
|
return self.service_client.folders.UpdateContainerThreatDetectionSettings(
|
|
request_message)
|
|
if args.project:
|
|
request_message = self.message_module.SecuritycenterProjectsUpdateContainerThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
containerThreatDetectionSettings=service_settings)
|
|
return self.service_client.projects.UpdateContainerThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'event-threat-detection':
|
|
if args.organization:
|
|
request_message = self.message_module.SecuritycenterOrganizationsUpdateEventThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
eventThreatDetectionSettings=service_settings)
|
|
return self.service_client.organizations.UpdateEventThreatDetectionSettings(
|
|
request_message)
|
|
elif args.folder:
|
|
request_message = self.message_module.SecuritycenterFoldersUpdateEventThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
eventThreatDetectionSettings=service_settings)
|
|
return self.service_client.folders.UpdateEventThreatDetectionSettings(
|
|
request_message)
|
|
elif args.project:
|
|
request_message = self.message_module.SecuritycenterProjectsUpdateEventThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
eventThreatDetectionSettings=service_settings)
|
|
return self.service_client.projects.UpdateEventThreatDetectionSettings(
|
|
request_message)
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
if args.organization:
|
|
request_message = self.message_module.SecuritycenterOrganizationsUpdateVirtualMachineThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
virtualMachineThreatDetectionSettings=service_settings)
|
|
return self.service_client.organizations.UpdateVirtualMachineThreatDetectionSettings(
|
|
request_message)
|
|
if args.folder:
|
|
request_message = self.message_module.SecuritycenterFoldersUpdateVirtualMachineThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
virtualMachineThreatDetectionSettings=service_settings)
|
|
return self.service_client.folders.UpdateVirtualMachineThreatDetectionSettings(
|
|
request_message)
|
|
if args.project:
|
|
request_message = self.message_module.SecuritycenterProjectsUpdateVirtualMachineThreatDetectionSettingsRequest(
|
|
name=path,
|
|
updateMask=update_mask,
|
|
virtualMachineThreatDetectionSettings=service_settings)
|
|
return self.service_client.projects.UpdateVirtualMachineThreatDetectionSettings(
|
|
request_message)
|
|
|
|
def EnableModule(self, args):
|
|
"""Enable a module for a service of organization/folder/project."""
|
|
return self._UpdateModules(args, True)
|
|
|
|
def DisableModule(self, args):
|
|
"""Disable a module for a service of organization/folder/project."""
|
|
return self._UpdateModules(args, False)
|
|
|
|
def UpdateModuleConfig(self, args):
|
|
"""Update a config within a module."""
|
|
if args.clear_config or args.config is None:
|
|
config = None
|
|
else:
|
|
try:
|
|
config = encoding.JsonToMessage(self.message_module.Config.ValueValue,
|
|
args.config)
|
|
except Exception:
|
|
raise scc_exceptions.SecurityCenterSettingsException(
|
|
'Invalid argument {}. Check help text for an example json.'.format(
|
|
args.config))
|
|
enabled = args.enablement_state == 'enabled'
|
|
return self._UpdateModules(args, enabled, args.clear_config, config)
|
|
|
|
def _UpdateModules(self, args, enabled, clear_config=False, config=None):
|
|
"""Update modules within service settings."""
|
|
# TODO(b/264680929): Python 3.10 typing.TypeAlias
|
|
StateEnum = self.message_module.Config.ModuleEnablementStateValueValuesEnum # pylint: disable=invalid-name
|
|
state = StateEnum.ENABLED if enabled else StateEnum.DISABLED
|
|
curr_modules = None
|
|
|
|
try:
|
|
curr_modules = self.DescribeServiceExplicit(args).modules
|
|
except gcloud_exceptions.HttpException as err:
|
|
if err.payload.status_code == 404:
|
|
curr_modules = None
|
|
config = None
|
|
else:
|
|
raise err
|
|
if not clear_config and config is None and curr_modules is not None:
|
|
module = [
|
|
p for p in curr_modules.additionalProperties if p.key == args.module
|
|
]
|
|
if len(module) == 1:
|
|
config = module[0].value.value
|
|
if args.service == 'web-security-scanner':
|
|
settings = self.message_module.WebSecurityScannerSettings(
|
|
modules=self.message_module.WebSecurityScannerSettings.ModulesValue(
|
|
additionalProperties=[
|
|
self.message_module.WebSecurityScannerSettings.ModulesValue
|
|
.AdditionalProperty(
|
|
key=args.module,
|
|
value=self.message_module.Config(
|
|
moduleEnablementState=state, value=config))
|
|
]))
|
|
elif args.service == 'security-health-analytics':
|
|
settings = self.message_module.SecurityHealthAnalyticsSettings(
|
|
modules=self.message_module.SecurityHealthAnalyticsSettings
|
|
.ModulesValue(additionalProperties=[
|
|
self.message_module.SecurityHealthAnalyticsSettings.ModulesValue
|
|
.AdditionalProperty(
|
|
key=args.module,
|
|
value=self.message_module.Config(
|
|
moduleEnablementState=state, value=config))
|
|
]))
|
|
elif args.service == 'container-threat-detection':
|
|
settings = self.message_module.ContainerThreatDetectionSettings(
|
|
modules=self.message_module.ContainerThreatDetectionSettings
|
|
.ModulesValue(additionalProperties=[
|
|
self.message_module.ContainerThreatDetectionSettings.ModulesValue
|
|
.AdditionalProperty(
|
|
key=args.module,
|
|
value=self.message_module.Config(
|
|
moduleEnablementState=state, value=config))
|
|
]))
|
|
elif args.service == 'event-threat-detection':
|
|
settings = self.message_module.EventThreatDetectionSettings(
|
|
modules=self.message_module.EventThreatDetectionSettings.ModulesValue(
|
|
additionalProperties=[
|
|
self.message_module.EventThreatDetectionSettings.ModulesValue
|
|
.AdditionalProperty(
|
|
key=args.module,
|
|
value=self.message_module.Config(
|
|
moduleEnablementState=state, value=config))
|
|
]))
|
|
elif args.service == 'virtual-machine-threat-detection':
|
|
settings = self.message_module.VirtualMachineThreatDetectionSettings(
|
|
modules=self.message_module.VirtualMachineThreatDetectionSettings
|
|
.ModulesValue(additionalProperties=[
|
|
self.message_module.VirtualMachineThreatDetectionSettings
|
|
.ModulesValue.AdditionalProperty(
|
|
key=args.module,
|
|
value=self.message_module.Config(
|
|
moduleEnablementState=state, value=config))
|
|
]))
|
|
if curr_modules is not None:
|
|
unmodified_additional_properties = [
|
|
p for p in curr_modules.additionalProperties if p.key != args.module
|
|
]
|
|
settings.modules.additionalProperties = (
|
|
settings.modules.additionalProperties +
|
|
unmodified_additional_properties)
|
|
|
|
return self._UpdateService(args, settings, MODULE_STATUS_MASK)
|