feat(securitycenter): Add Resource SCC Management API Org ETD custom … (#3963)

* feat(securitycenter): Add Resource SCC Management API Org ETD custom modules

* refactor cleanup logic

* updated test

Author: lovenishs04

security-center/snippets/management_api/getEffectiveEventThreatDetectionCustomModule.js

@@ -0,0 +1,64 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+/**
+ *  Retrieve an existing effective event threat detection custom module.
+ */
+function main(organizationId, customModuleId, location = 'global') {
+  // [START securitycenter_get_effective_event_threat_detection_custom_module]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /*
+   * Required. Resource name of effective event threat detection module.
+   *     Its format is
+   *    `organizations/[organization_id]/locations/[location_id]/effectiveEventThreatDetectionCustomModules/[custom_module]`
+   *    `folders/[folder_id]/locations/[location_id]/effectiveEventThreatDetectionCustomModules/[custom_module]`
+   *    `projects/[project_id]/locations/[location_id]/effectiveEventThreatDetectionCustomModules/[custom_module]`
+   */
+  // TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  // const customModuleId = 'CUSTOM_MODULE_ID';
+  const name = `organizations/${organizationId}/locations/${location}/effectiveEventThreatDetectionCustomModules/${customModuleId}`;
+
+  // Build the request.
+  const getEffectiveEventThreatDetectionCustomModuleRequest = {
+    name: name,
+  };
+
+  async function getEffectiveEventThreatDetectionCustomModule() {
+    // Call the API.
+    const [response] =
+      await client.getEffectiveEventThreatDetectionCustomModule(
+        getEffectiveEventThreatDetectionCustomModuleRequest
+      );
+    console.log(
+      'Retrieved EffectiveEventThreatDetectionCustomModule: %j',
+      response
+    );
+  }
+
+  getEffectiveEventThreatDetectionCustomModule();
+  // [END securitycenter_get_effective_event_threat_detection_custom_module]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/management_api/listDescendantEventThreatDetectionCustomModules.js

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// List all descendant event threat detection custom module under a given parent resource.
+function main(organizationId, location = 'global') {
+  // [START securitycenter_list_descendant_event_threat_detection_custom_module]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /**
+   *  Required. The name of the parent resource. Its
+   *  format is "organizations/[organization_id]/locations/[location_id]",
+   *  "folders/[folder_id]/locations/[location_id]", or
+   *  "projects/[project_id]/locations/[location_id]".
+   */
+  //TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  // Build the request.
+  const listDescendantEventThreatDetectionCustomModulesRequest = {
+    parent: parent,
+  };
+
+  async function listDescendantEventThreatDetectionCustomModules() {
+    // Call the API.
+    const [modules] =
+      await client.listDescendantEventThreatDetectionCustomModules(
+        listDescendantEventThreatDetectionCustomModulesRequest
+      );
+    for (const module of modules) {
+      console.log('Custom Module name:', module.name);
+    }
+  }
+
+  listDescendantEventThreatDetectionCustomModules();
+  // [END securitycenter_list_descendant_event_threat_detection_custom_module]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/management_api/listEffectiveEventThreatDetectionCustomModules.js

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// List all effective event threat detection custom module under a given parent resource.
+function main(organizationId, location = 'global') {
+  // [START securitycenter_list_effective_event_threat_detection_custom_module]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /**
+   *  Required. The name of the parent resource. Its
+   *  format is "organizations/[organization_id]/locations/[location_id]",
+   *  "folders/[folder_id]/locations/[location_id]", or
+   *  "projects/[project_id]/locations/[location_id]".
+   */
+  //TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  // Build the request.
+  const listEffectiveEventThreatDetectionCustomModulesRequest = {
+    parent: parent,
+  };
+
+  async function listEffectiveEventThreatDetectionCustomModules() {
+    // Call the API.
+    const [modules] =
+      await client.listEffectiveEventThreatDetectionCustomModules(
+        listEffectiveEventThreatDetectionCustomModulesRequest
+      );
+    for (const module of modules) {
+      console.log('Custom Module name:', module.name);
+    }
+  }
+
+  listEffectiveEventThreatDetectionCustomModules();
+  // [END securitycenter_list_effective_event_threat_detection_custom_module]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/management_api/validateEventThreatDetectionCustomModule.js

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// Validates a event threat detection custom module
+function main(organizationId, location = 'global') {
+  // [START securitycenter_validate_event_threat_detection_custom_module]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /**
+   *  Required. The name of the parent resource. Its
+   *  format is "organizations/[organization_id]/locations/[location_id]",
+   *  "folders/[folder_id]/locations/[location_id]", or
+   *  "projects/[project_id]/locations/[location_id]".
+   */
+  //TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  // Define the raw JSON configuration for the Event Threat Detection custom module
+  const rawText = {
+    ips: ['192.0.2.1'],
+    metadata: {
+      properties: {
+        someProperty: 'someValue',
+      },
+      severity: 'MEDIUM',
+    },
+  };
+
+  // Build the request.
+  const validateEventThreatDetectionCustomModuleRequest = {
+    parent: parent,
+    rawText: JSON.stringify(rawText),
+    type: 'CONFIGURABLE_BAD_IP',
+  };
+
+  async function validateEventThreatDetectionCustomModule() {
+    // Call the API.
+    const [response] = await client.validateEventThreatDetectionCustomModule(
+      validateEventThreatDetectionCustomModuleRequest
+    );
+    // Handle the response and output validation results
+    if (response.errors && response.errors.length > 0) {
+      response.errors.forEach(error => {
+        console.log(
+          `FieldPath: ${error.fieldPath}, Description: ${error.description}`
+        );
+      });
+    } else {
+      console.log('Validation successful: No errors found.');
+    }
+  }
+
+  validateEventThreatDetectionCustomModule();
+  // [END securitycenter_validate_event_threat_detection_custom_module]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/system-test/management_api/eventThreatDetectionCustomModule.test.js

@@ -29,27 +29,6 @@ const customModuleDisplayName = `node_sample_etd_custom_module_test_${uuid()}`;
 // Creates a new client.
 const client = new SecurityCenterManagementClient();
 
-// cleanupExistingCustomModules clean up all the existing custom module
-async function cleanupExistingCustomModules() {
-  const [modules] = await client.listEventThreatDetectionCustomModules({
-    parent: `organizations/${organizationId}/locations/${location}`,
-  });
-  // Iterate over the modules response and delete custom module one by one which start with
-  // node_sample_etd_custom_module
-  for (const module of modules) {
-    try {
-      if (module.displayName.startsWith('node_sample_etd_custom_module')) {
-        console.log('Deleting custom module: ', module.name);
-        // extracts the custom module ID from the full name
-        const customModuleId = module.name.split('/')[5];
-        await deleteCustomModule(customModuleId);
-      }
-    } catch (error) {
-      console.error('Error deleting EventThreatDetectionCustomModule:', error);
-    }
-  }
-}
-
 // deleteCustomModule method is for deleting the custom module
 async function deleteCustomModule(customModuleId) {
   const name = `organizations/${organizationId}/locations/${location}/eventThreatDetectionCustomModules/${customModuleId}`;
@@ -63,6 +42,7 @@ async function deleteCustomModule(customModuleId) {
 
 describe('Event Threat Detection Custom module', async () => {
   let data;
+  const createdCustomModuleIds = [];
   before(async () => {
     const parent = `organizations/${organizationId}/locations/${location}`;
 
@@ -120,8 +100,21 @@ describe('Event Threat Detection Custom module', async () => {
   });
 
   after(async () => {
-    // Perform cleanup after running tests
-    await cleanupExistingCustomModules();
+    // Perform cleanup of the custom modules created by the current execution of the test, after
+    // running tests
+    if (createdCustomModuleIds.length > 0) {
+      for (const customModuleId of createdCustomModuleIds) {
+        try {
+          console.log('Deleting custom module: ', customModuleId);
+          await deleteCustomModule(customModuleId);
+        } catch (error) {
+          console.error(
+            'Error deleting EventThreatDetectionCustomModule:',
+            error
+          );
+        }
+      }
+    }
   });
 
   it('should get the event threat detection custom module', done => {
@@ -160,13 +153,57 @@ describe('Event Threat Detection Custom module', async () => {
     const output = exec(
       `node management_api/createEventThreatDetectionCustomModule.js ${data.orgId} ${data.customModuleName}`
     );
+    // pushing the created custom module Id to an array for cleanup after running test
+    const jsonPart = output.substring(output.indexOf('{')).trim();
+    const parsedOutput = JSON.parse(jsonPart);
+    createdCustomModuleIds.push(parsedOutput.name.split('/')[5]);
     assert(output.includes(data.orgId));
     assert(output.includes(data.customModuleName));
     assert.match(output, /EventThreatDetectionCustomModule created/);
     assert.notMatch(output, /undefined/);
     done();
   });
 
+  it('should get the effective event threat detection custom module', done => {
+    const output = exec(
+      `node management_api/getEffectiveEventThreatDetectionCustomModule.js ${data.orgId} ${data.customModuleId}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.customModuleId));
+    assert.match(output, /Retrieved EffectiveEventThreatDetectionCustomModule/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should list all the effective event threat detection custom module', done => {
+    const output = exec(
+      `node management_api/listEffectiveEventThreatDetectionCustomModules.js ${data.orgId}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.customModuleId));
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should list all the descendant event threat detection custom module', done => {
+    const output = exec(
+      `node management_api/listDescendantEventThreatDetectionCustomModules.js ${data.orgId}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.customModuleId));
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should validate the event threat detection custom module', done => {
+    const output = exec(
+      `node management_api/validateEventThreatDetectionCustomModule.js ${data.orgId}`
+    );
+    assert.match(output, /Validation successful: No errors found./);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
   it('should delete the event threat detection custom module', done => {
     const output = exec(
       `node management_api/deleteEventThreatDetectionCustomModule.js ${data.orgId} ${data.customModuleId}`