google-cloud-security_center 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +2 -0
  3. data/AUTHENTICATION.md +199 -0
  4. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: def42553b5042f4e3cba886f8b9cd8aea2f7b3f9965e13696d07eb863328c738
4
- data.tar.gz: a432a37429dea48408dca6fa127b9dba496d50b4a3bbc829946117b0b4ae49aa
3
+ metadata.gz: 4e743a00401f09ae683b0d8f37af9db0b56cbca3a20fd5db7b9bda0de1430d1e
4
+ data.tar.gz: 044c214f720a0332ae5bec223df77e272a2e58a36bad98563c9edd4f655273d0
5
5
  SHA512:
6
- metadata.gz: 7adc3fb033b0fe79e18ab05284bc7d86a7c0a65cbaf9f719a5f7d118e6019f2ed2282c2e6e9a6e38f7ba8fcbcc64154e298083ebb657181bc280ac2fda3d1f77
7
- data.tar.gz: 2435798a2af56ce34a973e7a54c489621eefc06f361d69911553f04bcde64d7246cceead095269555aaf11c27c5281f2e5e5875b8517e957f7ca9c06f00823b4
6
+ metadata.gz: 5dfc6fc1ebb68058a45a5feba0b57cd094b5995765dc293c62f279ac484a1ca455591c36aa04a21876a5ea0464e4e9d7896923230463dabb80ccf503be1d3550
7
+ data.tar.gz: e41b950f3507f936ef29e6bc98b7f4b1efcf3b0b30942e32094d7c49b04dd3a24fe769f74392e2d16c8368e6e74b903e957411e85bb7943932cd448b51f8b188
data/.yardopts CHANGED
@@ -7,3 +7,5 @@
7
7
  ./lib/**/*.rb
8
8
  -
9
9
  README.md
10
+ AUTHENTICATION.md
11
+ LICENSE
@@ -0,0 +1,199 @@
1
+ # Authentication
2
+
3
+ In general, the google-cloud-security_center library uses [Service
4
+ Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
5
+ credentials to connect to Google Cloud services. When running within [Google
6
+ Cloud Platform environments](#google-cloud-platform-environments)
7
+ the credentials will be discovered automatically. When running on other
8
+ environments, the Service Account credentials can be specified by providing the
9
+ path to the [JSON
10
+ keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) for
11
+ the account (or the JSON itself) in [environment
12
+ variables](#environment-variables). Additionally, Cloud SDK credentials can also
13
+ be discovered automatically, but this is only recommended during development.
14
+
15
+ ## Quickstart
16
+
17
+ 1. [Create a service account and credentials](#creating-a-service-account).
18
+ 2. Set the [environment variable](#environment-variables).
19
+
20
+ ```sh
21
+ export SECURITY_CENTER_CREDENTIALS=/path/to/json`
22
+ ```
23
+
24
+ 3. Initialize the client.
25
+
26
+ ```ruby
27
+ require "google/cloud/security_center"
28
+
29
+ client = Google::Cloud::SecurityCenter.new
30
+ ```
31
+
32
+ ## Project and Credential Lookup
33
+
34
+ The google-cloud-security_center library aims to make authentication
35
+ as simple as possible, and provides several mechanisms to configure your system
36
+ without providing **Project ID** and **Service Account Credentials** directly in
37
+ code.
38
+
39
+ **Project ID** is discovered in the following order:
40
+
41
+ 1. Specify project ID in method arguments
42
+ 2. Specify project ID in configuration
43
+ 3. Discover project ID in environment variables
44
+ 4. Discover GCE project ID
45
+ 5. Discover project ID in credentials JSON
46
+
47
+ **Credentials** are discovered in the following order:
48
+
49
+ 1. Specify credentials in method arguments
50
+ 2. Specify credentials in configuration
51
+ 3. Discover credentials path in environment variables
52
+ 4. Discover credentials JSON in environment variables
53
+ 5. Discover credentials file in the Cloud SDK's path
54
+ 6. Discover GCE credentials
55
+
56
+ ### Google Cloud Platform environments
57
+
58
+ While running on Google Cloud Platform environments such as Google Compute
59
+ Engine, Google App Engine and Google Kubernetes Engine, no extra work is needed.
60
+ The **Project ID** and **Credentials** and are discovered automatically. Code
61
+ should be written as if already authenticated. Just be sure when you [set up the
62
+ GCE instance][gce-how-to], you add the correct scopes for the APIs you want to
63
+ access. For example:
64
+
65
+ * **All APIs**
66
+ * `https://www.googleapis.com/auth/cloud-platform`
67
+ * `https://www.googleapis.com/auth/cloud-platform.read-only`
68
+ * **BigQuery**
69
+ * `https://www.googleapis.com/auth/bigquery`
70
+ * `https://www.googleapis.com/auth/bigquery.insertdata`
71
+ * **Compute Engine**
72
+ * `https://www.googleapis.com/auth/compute`
73
+ * **Datastore**
74
+ * `https://www.googleapis.com/auth/datastore`
75
+ * `https://www.googleapis.com/auth/userinfo.email`
76
+ * **DNS**
77
+ * `https://www.googleapis.com/auth/ndev.clouddns.readwrite`
78
+ * **Pub/Sub**
79
+ * `https://www.googleapis.com/auth/pubsub`
80
+ * **Storage**
81
+ * `https://www.googleapis.com/auth/devstorage.full_control`
82
+ * `https://www.googleapis.com/auth/devstorage.read_only`
83
+ * `https://www.googleapis.com/auth/devstorage.read_write`
84
+
85
+ ### Environment Variables
86
+
87
+ The **Project ID** and **Credentials JSON** can be placed in environment
88
+ variables instead of declaring them directly in code. Each service has its own
89
+ environment variable, allowing for different service accounts to be used for
90
+ different services. (See the READMEs for the individual service gems for
91
+ details.) The path to the **Credentials JSON** file can be stored in the
92
+ environment variable, or the **Credentials JSON** itself can be stored for
93
+ environments such as Docker containers where writing files is difficult or not
94
+ encouraged.
95
+
96
+ The environment variables that google-cloud-security_center checks for project ID are:
97
+
98
+ 1. `SECURITY_CENTER_PROJECT`
99
+ 2. `GOOGLE_CLOUD_PROJECT`
100
+
101
+ The environment variables that google-cloud-security_center checks for credentials are configured on {Google::Cloud::SecurityCenter::V1::Credentials}:
102
+
103
+ 1. `SECURITY_CENTER_CREDENTIALS` - Path to JSON file, or JSON contents
104
+ 2. `SECURITY_CENTER_KEYFILE` - Path to JSON file, or JSON contents
105
+ 3. `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
106
+ 4. `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
107
+ 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
108
+
109
+ ```ruby
110
+ require "google/cloud/security_center"
111
+
112
+ ENV["SECURITY_CENTER_PROJECT"] = "my-project-id"
113
+ ENV["SECURITY_CENTER_CREDENTIALS"] = "path/to/keyfile.json"
114
+
115
+ client = Google::Cloud::SecurityCenter.new
116
+ ```
117
+
118
+ ### Configuration
119
+
120
+ The **Project ID** and **Credentials JSON** can be configured instead of placing them in environment variables or providing them as arguments.
121
+
122
+ ```ruby
123
+ require "google/cloud/security_center"
124
+
125
+ Google::Cloud::SecurityCenter.configure do |config|
126
+ config.project_id = "my-project-id"
127
+ config.credentials = "path/to/keyfile.json"
128
+ end
129
+
130
+ client = Google::Cloud::SecurityCenter.new
131
+ ```
132
+
133
+ ### Cloud SDK
134
+
135
+ This option allows for an easy way to authenticate during development. If
136
+ credentials are not provided in code or in environment variables, then Cloud SDK
137
+ credentials are discovered.
138
+
139
+ To configure your system for this, simply:
140
+
141
+ 1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
142
+ 2. Authenticate using OAuth 2.0 `$ gcloud auth login`
143
+ 3. Write code as if already authenticated.
144
+
145
+ **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
146
+ *should* only be used during development.
147
+
148
+ [gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
149
+ [dev-console]: https://console.cloud.google.com/project
150
+
151
+ [enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
152
+
153
+ [create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
154
+ [create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
155
+ [reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
156
+
157
+ ## Creating a Service Account
158
+
159
+ Google Cloud requires a **Project ID** and **Service Account Credentials** to
160
+ connect to the APIs. You will use the **Project ID** and **JSON key file** to
161
+ connect to most services with google-cloud-security_center.
162
+
163
+ If you are not running this client within [Google Cloud Platform
164
+ environments](#google-cloud-platform-environments), you need a Google
165
+ Developers service account.
166
+
167
+ 1. Visit the [Google Developers Console][dev-console].
168
+ 1. Create a new project or click on an existing project.
169
+ 1. Activate the slide-out navigation tray and select **API Manager**. From
170
+ here, you will enable the APIs that your application requires.
171
+
172
+ ![Enable the APIs that your application requires][enable-apis]
173
+
174
+ *Note: You may need to enable billing in order to use these services.*
175
+
176
+ 1. Select **Credentials** from the side navigation.
177
+
178
+ You should see a screen like one of the following.
179
+
180
+ ![Create a new service account][create-new-service-account]
181
+
182
+ ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
183
+
184
+ Find the "Add credentials" drop down and select "Service account" to be
185
+ guided through downloading a new JSON key file.
186
+
187
+ If you want to re-use an existing service account, you can easily generate a
188
+ new key file. Just select the account you wish to re-use, and click "Generate
189
+ new JSON key":
190
+
191
+ ![Re-use an existing service account][reuse-service-account]
192
+
193
+ The key file you download will be used by this library to authenticate API
194
+ requests and should be stored in a secure location.
195
+
196
+ ## Troubleshooting
197
+
198
+ If you're having trouble authenticating you can ask for help by following the
199
+ {file:TROUBLESHOOTING.md Troubleshooting Guide}.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-security_center
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-26 00:00:00.000000000 Z
11
+ date: 2019-04-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-gax
@@ -116,6 +116,7 @@ extensions: []
116
116
  extra_rdoc_files: []
117
117
  files:
118
118
  - ".yardopts"
119
+ - AUTHENTICATION.md
119
120
  - LICENSE
120
121
  - README.md
121
122
  - lib/google/cloud/security_center.rb