async function main()

in security-center/snippets/v2/testIam.js [18:109]

• 20 lines of code
• 5 McCabe index (conditional complexity)

async function main() {
  // [START securitycenter_test_iam_permissions_v2]
  // npm install '@google-cloud/security-center'
  const {SecurityCenterClient} = require('@google-cloud/security-center').v2;

  const client = new SecurityCenterClient();

  // TODO(developer): Update the following for your own environment.
  const organizationId = '1081635000895';
  const location = 'global';

  async function createSampleFinding() {
    const uuid = require('uuid');

    const [source] = await client.createSource({
      source: {
        displayName: 'Customized Display Name V2',
        description: 'A new custom source that does X',
      },
      parent: client.organizationPath(organizationId),
    });

    const sourceId = source.name.split('/')[3];

    // Resource name of the new finding's parent. Examples:
    //  - `organizations/[organization_id]/sources/[source_id]`
    //  - `organizations/[organization_id]/sources/[source_id]/locations/[location_id]`
    const parent = `organizations/${organizationId}/sources/${sourceId}/locations/${location}`;

    // The resource this finding applies to. The Cloud Security Command Center UI can link the
    // findings for a resource to the corresponding asset of a resource if there are matches.
    const resourceName = `//cloudresourcemanager.googleapis.com/organizations/${organizationId}`;

    // Unique identifier provided by the client within the parent scope.
    // It must be alphanumeric and less than or equal to 32 characters and
    // greater than 0 characters in length.
    const findingId = uuid.v4().replace(/-/g, '');

    // Get the current timestamp.
    const eventDate = new Date();

    // Finding category.
    const category = 'MEDIUM_RISK_ONE';

    // Build the finding request object.
    const createFindingRequest = {
      parent: parent,
      findingId: findingId,
      finding: {
        resourceName,
        category,
        state: 'ACTIVE',
        // The time associated with discovering the issue.
        eventTime: {
          seconds: Math.floor(eventDate.getTime() / 1000),
          nanos: (eventDate.getTime() % 1000) * 1e6,
        },
      },
    };

    await client.createFinding(createFindingRequest);
    return sourceId;
  }

  const sourceId = await createSampleFinding();

  // The resource for which the policy is being requested.
  // See the operation documentation for the appropriate value for this field.
  const sourceName = client.organizationSourcePath(organizationId, sourceId);

  // The set of permissions to check for the `resource`. Permissions with
  // wildcards (such as '*' or 'storage.*') are not allowed. For more
  // information see
  // IAM Overview (https://cloud.google.com/iam/docs/overview#permissions).
  const permission = 'securitycenter.findings.update';

  // Build the request.
  const testIamPermissionsRequest = {
    resource: sourceName,
    permissions: [permission],
  };

  async function testIamPermissions() {
    const [response] = await client.testIamPermissions(
      testIamPermissionsRequest
    );
    console.log('IAM permission to test: %j', response);
  }

  await testIamPermissions();
  // [END securitycenter_test_iam_permissions_v2]
}