feat(samples): add samples for analyzeIamPolicy and analyzeIamPolicyLongrunning (#433)

Author: donghez-google

asset/snippets/analyzeIamPolicy.js

@@ -0,0 +1,57 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicy
+
+async function main() {
+  // [START asset_quickstart_analyze_iam_policy]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicy() {
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+    };
+
+    // Handle the operation using the promise pattern.
+    const result = await client.analyzeIamPolicy(request);
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy]
+  analyzeIamPolicy();
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));

asset/snippets/analyzeIamPolicyLongrunningBigquery.js

@@ -0,0 +1,71 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy Longrunning and write results to Bigquery
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicyLongrunningBigquery <dataset_id> <table_prefix>
+
+async function main(datasetId, tablePrefix) {
+  // [START asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicyLongrunningBigquery() {
+    // TODO(developer): choose the dataset and table prefix
+    // const datasetId = ''
+    // const tablePrefix = ''
+
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+      outputConfig: {
+        bigqueryDestination: {
+          dataset: `projects/${projectId}/datasets/${datasetId}`,
+          tablePrefix: tablePrefix,
+        },
+      },
+    };
+
+    // Handle the operation using the promise pattern.
+    const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+    // Operation#promise starts polling for the completion of the operation.
+    const [result] = await operation.promise();
+
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy_longrunning_bigquery]
+  analyzeIamPolicyLongrunningBigquery();
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));

asset/snippets/analyzeIamPolicyLongrunningGcs.js

@@ -0,0 +1,70 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Analyze Iam Policy Longrunning and write results to GCS
+//   description: Analyzes accessible IAM policies that match a request.
+//   usage: node analyzeIamPolicyLongrunningGcs
+//   <gs://my-bucket/my-analysis.json>
+
+async function main(gcsUri) {
+  // [START asset_quickstart_analyze_iam_policy_longrunning_gcs]
+  const util = require('util');
+  const {AssetServiceClient} = require('@google-cloud/asset');
+
+  const client = new AssetServiceClient();
+  const projectId = await client.getProjectId();
+
+  async function analyzeIamPolicyLongrunningGcs() {
+    // TODO(developer): choose the gcs path uri
+    // const gcsUri = 'Gcs path uri, e.g.: gs://<my_bucket>/<my_analysis_file>'
+
+    const request = {
+      analysisQuery: {
+        scope: `projects/${projectId}`,
+        resourceSelector: {
+          fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${projectId}`,
+        },
+        options: {
+          expandGroups: true,
+          outputGroupEdges: true,
+        },
+      },
+      outputConfig: {
+        gcsDestination: {
+          uri: gcsUri,
+        },
+      },
+    };
+
+    // Handle the operation using the promise pattern.
+    const [operation] = await client.analyzeIamPolicyLongrunning(request);
+
+    // Operation#promise starts polling for the completion of the operation.
+    const [result] = await operation.promise();
+
+    // Do things with with the response.
+    console.log(util.inspect(result, {depth: null}));
+  }
+  // [END asset_quickstart_analyze_iam_policy_longrunning_gcs]
+  analyzeIamPolicyLongrunningGcs();
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));

asset/snippets/package.json

@@ -16,6 +16,7 @@
   },
   "dependencies": {
     "@google-cloud/asset": "^3.11.0",
+    "@google-cloud/bigquery": "^5.5.0",
     "@google-cloud/compute": "^2.0.0",
     "@google-cloud/storage": "^5.0.0",
     "uuid": "^8.0.0",