feat(securitycenter): Add Resource SCC Management API Org security ce…

security-center/snippets/management_api/getSecurityCenterService.js

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// Retrieve a specific security center service by its name.
+function main(organizationId, service, location = 'global') {
+  // [START securitycenter_get_security_center_service]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /*
+   * Required. Resource name of security center service
+   *     Its format is
+   *    `organizations/[organizationId]/locations/[location]/securityCenterServices/[service]`
+   *    `folders/[folderId]/locations/[location]/securityCenterServices/[service]`
+   *    `projects/[projectId]/locations/[location]/securityCenterServices/[service]`
+   */
+  // TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  // const service = 'SERVICE';
+  // Replace SERVICE with one of the valid values:
+  // container-threat-detection, event-threat-detection, security-health-analytics,
+  // vm-threat-detection, web-security-scanner
+  const name = `organizations/${organizationId}/locations/${location}/securityCenterServices/${service}`;
+
+  // Build the request.
+  const getSecurityCenterServiceRequest = {
+    name: name,
+  };
+
+  async function getSecurityCenterService() {
+    // Call the API.
+    const [response] = await client.getSecurityCenterService(
+      getSecurityCenterServiceRequest
+    );
+    console.log('Retrieved SecurityCenterService:', response.name);
+  }
+
+  getSecurityCenterService();
+  // [END securitycenter_get_security_center_service]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/management_api/listSecurityCenterServices.js

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// List all security center services for the given parent.
+function main(organizationId, location = 'global') {
+  // [START securitycenter_list_security_center_service]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /**
+   *  Required. The name of the parent resource. Its
+   *  format is "organizations/[organizationId]/locations/[location]",
+   *  "folders/[folderId]/locations/[location]", or
+   *  "projects/[projectId]/locations/[location]".
+   */
+  //TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  // Build the request.
+  const listSecurityCenterServicesRequest = {
+    parent: parent,
+  };
+
+  async function listSecurityCenterServices() {
+    // Call the API.
+    const [services] = await client.listSecurityCenterServices(
+      listSecurityCenterServicesRequest
+    );
+    for (const service of services) {
+      console.log('Security Center Service Name:', service.name);
+    }
+  }
+
+  listSecurityCenterServices();
+  // [END securitycenter_list_security_center_service]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/management_api/updateSecurityCenterService.js

@@ -0,0 +1,76 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+// Updates a security center service configuration.
+function main(organizationId, service, location = 'global') {
+  // [START securitycenter_update_security_center_service]
+  // Imports the Google Cloud client library.
+  const {SecurityCenterManagementClient} =
+    require('@google-cloud/securitycentermanagement').v1;
+
+  // Create a Security Center Management client
+  const client = new SecurityCenterManagementClient();
+
+  /*
+   * Required. Resource name of security center service
+   *     Its format is
+   *    `organizations/[organizationId]/locations/[location]/securityCenterServices/[service]`
+   *    `folders/[folderId]/locations/[location]/securityCenterServices/[service]`
+   *    `projects/[projectId]/locations/[location]/securityCenterServices/[service]`
+   */
+  // TODO(developer): Update the following references for your own environment before running the sample.
+  // const organizationId = 'YOUR_ORGANIZATION_ID';
+  // const location = 'LOCATION_ID';
+  // const service = 'SERVICE';
+  // Replace SERVICE with one of the valid values:
+  // container-threat-detection, event-threat-detection, security-health-analytics,
+  // vm-threat-detection, web-security-scanner
+  const name = `organizations/${organizationId}/locations/${location}/securityCenterServices/${service}`;
+
+  // Define the security center service configuration, update the
+  // IntendedEnablementState accordingly.
+  const securityCenterService = {
+    name: name,
+    intendedEnablementState: 'ENABLED',
+  };
+
+  // Set the field mask to specify which properties should be updated.
+  const fieldMask = {
+    paths: ['intended_enablement_state'],
+  };
+
+  // Build the request.
+  const updateSecurityCenterServiceRequest = {
+    securityCenterService: securityCenterService,
+    updateMask: fieldMask,
+  };
+
+  async function updateSecurityCenterService() {
+    // Call the API.
+    const [response] = await client.updateSecurityCenterService(
+      updateSecurityCenterServiceRequest
+    );
+    console.log(
+      `Updated SecurityCenterService: ${response.name} with new enablement state: ${response.intendedEnablementState}`
+    );
+  }
+
+  updateSecurityCenterService();
+  // [END securitycenter_update_security_center_service]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/package.json

@@ -14,7 +14,8 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@google-cloud/pubsub": "^4.0.0",
-    "@google-cloud/security-center": "^8.7.0"
+    "@google-cloud/security-center": "^8.7.0",
+    "@google-cloud/securitycentermanagement": "^0.5.0"
   },
   "devDependencies": {
     "c8": "^10.0.0",

security-center/snippets/system-test/management_api/securityCenterService.test.js

@@ -0,0 +1,68 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const {assert} = require('chai');
+const {execSync} = require('child_process');
+const exec = cmd => execSync(cmd, {encoding: 'utf8'});
+const {describe, it} = require('mocha');
+
+// TODO(developer): update for your own environment
+const organizationId = '1081635000895';
+const location = 'global';
+// Replace service with one of the valid values:
+// container-threat-detection, event-threat-detection, security-health-analytics,
+// vm-threat-detection, web-security-scanner
+const service = 'event_threat_detection';
+
+describe('Security Center Service', async () => {
+  let data = {
+    orgId: organizationId,
+    service: service,
+  };
+
+  it('should get the security center service', done => {
+    const output = exec(
+      `node management_api/getSecurityCenterService.js ${data.orgId} ${data.service}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.service));
+    assert.match(output, /Retrieved SecurityCenterService/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should list the security center services', done => {
+    const output = exec(
+      `node management_api/listSecurityCenterServices.js ${data.orgId}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.service.toUpperCase()));
+    assert.match(output, /Security Center Service Name/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+
+  it('should update the security center service', done => {
+    const output = exec(
+      `node management_api/updateSecurityCenterService.js ${data.orgId} ${data.service}`
+    );
+    assert(output.includes(data.orgId));
+    assert(output.includes(data.service));
+    assert.match(output, /Updated SecurityCenterService/);
+    assert.notMatch(output, /undefined/);
+    done();
+  });
+});