google-apis-securitycenter_v1beta2 0.45.0 → 0.47.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3078ca2b6814ee03bd41f3a6b792c4b4054fd99da4ef97fd5d240bcd9e101a50
-  data.tar.gz: f02a3596312509be2f02f67b039754ea4df08a8279994ab14930e0fd05358202
+  metadata.gz: 3e7be4a9590cfbbf3880baaa299e1ba547e7390536e0a424f702494b84d2a7ee
+  data.tar.gz: 82edb6f0e9681be9d63bdde20fe0f439f16a217af1da201b659179a705fe7587
 SHA512:
-  metadata.gz: d81a4f9a9fc8e17a20af0764644afb1d0519ec75f161e03470afa090d90f88949d0d94fa35fdf210411efacd24d4be04b2542d49e6f2dc96f9542b56ffd06984
-  data.tar.gz: 872e09fec0d7c5d73fcc620caf79b4f7f41fd8d6a66aa90305ad10285ded871096e1a495c0a554285f4fded0e3345ddb0a94aed3cb842e95aac14ef191b6e79e
+  metadata.gz: 465d46773357825575c92aa0e699e668c855273592e8a2f4bfacb46a4670e2445da1a883692128b61d800c6306d80cde5a4c28d81e63a739dbac019d98da2a73
+  data.tar.gz: c2d89a6a7da9c33cbe1dd7cfff333f895e42005524549a5fc91ac422cf0f597937c84ecb6791a288153c80e339999579a2b958973e3954fc3d0862a38e7ef558

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Release history for google-apis-securitycenter_v1beta2
 
+### v0.47.0 (2023-04-23)
+
+* Regenerated from discovery document revision 20230414
+
+### v0.46.0 (2023-04-02)
+
+* Regenerated from discovery document revision 20230329
+
 ### v0.45.0 (2023-03-26)
 
 * Regenerated from discovery document revision 20230321

data/lib/google/apis/securitycenter_v1beta2/classes.rb

@@ -42,39 +42,41 @@ module Google
         attr_accessor :method_name
       
         # Associated email, such as "foo@google.com". The email address of the
-        # authenticated user (or service account on behalf of third party principal)
-        # making the request. For third party identity callers, the `principal_subject`
-        # field is populated instead of this field. For privacy reasons, the principal
-        # email address is sometimes redacted. For more information, see [Caller
-        # identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id).
+        # authenticated user or a service account acting on behalf of a third party
+        # principal making the request. For third party identity callers, the `
+        # principal_subject` field is populated instead of this field. For privacy
+        # reasons, the principal email address is sometimes redacted. For more
+        # information, see [Caller identities in audit logs](https://cloud.google.com/
+        # logging/docs/audit#user-id).
         # Corresponds to the JSON property `principalEmail`
         # @return [String]
         attr_accessor :principal_email
       
-        # A string representing the principal_subject associated with the identity. As
-        # compared to `principal_email`, supports principals that aren't associated with
-        # email addresses, such as third party principals. For most identities, the
-        # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
-        # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
-        # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
-        # identity pool name`[`subject`]`
+        # A string that represents the principal_subject that is associated with the
+        # identity. Unlike `principal_email`, `principal_subject` supports principals
+        # that aren't associated with email addresses, such as third party principals.
+        # For most identities, the format is `principal://iam.googleapis.com/`identity
+        # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
+        # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
+        # identity pool name`[`subject`]`.
         # Corresponds to the JSON property `principalSubject`
         # @return [String]
         attr_accessor :principal_subject
       
-        # Identity delegation history of an authenticated service account that makes the
-        # request. It contains information on the real authorities that try to access
-        # GCP resources by delegating on a service account. When multiple authorities
-        # are present, they are guaranteed to be sorted based on the original ordering
-        # of the identity delegation events.
+        # The identity delegation history of an authenticated service account that made
+        # the request. The `serviceAccountDelegationInfo[]` object contains information
+        # about the real authorities that try to access Google Cloud resources by
+        # delegating on a service account. When multiple authorities are present, they
+        # are guaranteed to be sorted based on the original ordering of the identity
+        # delegation events.
         # Corresponds to the JSON property `serviceAccountDelegationInfo`
         # @return [Array<Google::Apis::SecuritycenterV1beta2::ServiceAccountDelegationInfo>]
         attr_accessor :service_account_delegation_info
       
-        # The name of the service account key used to create or exchange credentials for
-        # authenticating the service account making the request. This is a scheme-less
-        # URI full resource name. For example: "//iam.googleapis.com/projects/`
-        # PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`"
+        # The name of the service account key that was used to create or exchange
+        # credentials when authenticating the service account that made the request.
+        # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
+        # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
         # Corresponds to the JSON property `serviceAccountKeyName`
         # @return [String]
         attr_accessor :service_account_key_name
@@ -85,18 +87,16 @@ module Google
         # @return [String]
         attr_accessor :service_name
       
-        # What kind of user agent is associated, for example operating system shells,
-        # embedded or stand-alone applications, etc.
+        # Type of user agent associated with the finding. For example, an operating
+        # system shell or an embedded or standalone application.
         # Corresponds to the JSON property `userAgentFamily`
         # @return [String]
         attr_accessor :user_agent_family
       
-        # A string that represents the username of a user, user account, or other entity
-        # involved in the access event. What the entity is and what its role in the
-        # access event is depends on the finding that this field appears in. The entity
-        # is likely not an IAM principal, but could be a user that is logged into an
-        # operating system, if the finding is VM-related, or a user that is logged into
-        # some type of application that is involved in the access event.
+        # A string that represents a username. The username provided depends on the type
+        # of the finding and is likely not an IAM principal. For example, this can be a
+        # system username if the finding is related to a virtual machine, or it can be
+        # an application login username.
         # Corresponds to the JSON property `userName`
         # @return [String]
         attr_accessor :user_name
@@ -178,38 +178,6 @@ module Google
         end
       end
       
-      # A finding that is associated with this node in the exposure path.
-      class AssociatedFinding
-        include Google::Apis::Core::Hashable
-      
-        # Canonical name of the associated findings. Example: organizations/123/sources/
-        # 456/findings/789
-        # Corresponds to the JSON property `canonicalFindingName`
-        # @return [String]
-        attr_accessor :canonical_finding_name
-      
-        # The additional taxonomy group within findings from a given source.
-        # Corresponds to the JSON property `findingCategory`
-        # @return [String]
-        attr_accessor :finding_category
-      
-        # Full resource name of the finding.
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-      
-        def initialize(**args)
-           update!(**args)
-        end
-      
-        # Update properties of this object
-        def update!(**args)
-          @canonical_finding_name = args[:canonical_finding_name] if args.key?(:canonical_finding_name)
-          @finding_category = args[:finding_category] if args.key?(:finding_category)
-          @name = args[:name] if args.key?(:name)
-        end
-      end
-      
       # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
       # with the finding.
       class CloudDlpDataProfile
@@ -729,32 +697,6 @@ module Google
         end
       end
       
-      # Represents a connection between a source node and a destination node in this
-      # exposure path.
-      class Edge
-        include Google::Apis::Core::Hashable
-      
-        # This is the resource name of the destination node.
-        # Corresponds to the JSON property `destination`
-        # @return [String]
-        attr_accessor :destination
-      
-        # This is the resource name of the source node.
-        # Corresponds to the JSON property `source`
-        # @return [String]
-        attr_accessor :source
-      
-        def initialize(**args)
-           update!(**args)
-        end
-      
-        # Update properties of this object
-        def update!(**args)
-          @destination = args[:destination] if args.key?(:destination)
-          @source = args[:source] if args.key?(:source)
-        end
-      end
-      
       # EnvironmentVariable is a name-value pair to store environment variables for
       # Process.
       class EnvironmentVariable
@@ -881,6 +823,60 @@ module Google
         end
       end
       
+      # Represents a textual expression in the Common Expression Language (CEL) syntax.
+      # CEL is a C-like expression language. The syntax and semantics of CEL are
+      # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+      # "Summary size limit" description: "Determines if a summary is less than 100
+      # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+      # Requestor is owner" description: "Determines if requestor is the document
+      # owner" expression: "document.owner == request.auth.claims.email" Example (
+      # Logic): title: "Public documents" description: "Determine whether the document
+      # should be publicly visible" expression: "document.type != 'private' &&
+      # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+      # string" description: "Create a notification string with a timestamp."
+      # expression: "'New message received at ' + string(document.create_time)" The
+      # exact variables and functions that may be referenced within an expression are
+      # determined by the service that evaluates it. See the service documentation for
+      # additional information.
+      class Expr
+        include Google::Apis::Core::Hashable
+      
+        # Optional. Description of the expression. This is a longer text which describes
+        # the expression, e.g. when hovered over it in a UI.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # Textual representation of an expression in Common Expression Language syntax.
+        # Corresponds to the JSON property `expression`
+        # @return [String]
+        attr_accessor :expression
+      
+        # Optional. String indicating the location of the expression for error reporting,
+        # e.g. a file name and a position in the file.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+      
+        # Optional. Title for the expression, i.e. a short string describing its purpose.
+        # This can be used e.g. in UIs which allow to enter the expression.
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @description = args[:description] if args.key?(:description)
+          @expression = args[:expression] if args.key?(:expression)
+          @location = args[:location] if args.key?(:location)
+          @title = args[:title] if args.key?(:title)
+        end
+      end
+      
       # File information about the related binary/library used by an executable, or
       # the script used by a script interpreter
       class File
@@ -997,7 +993,7 @@ module Google
         # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::ContactDetails>]
         attr_accessor :contacts
       
-        # Containers associated with the finding. containers provides information for
+        # Containers associated with the finding. This field provides information for
         # both Kubernetes and non-Kubernetes containers.
         # Corresponds to the JSON property `containers`
         # @return [Array<Google::Apis::SecuritycenterV1beta2::Container>]
@@ -1018,7 +1014,7 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::Database]
         attr_accessor :database
       
-        # Contains more detail about the finding.
+        # Contains more details about the finding.
         # Corresponds to the JSON property `description`
         # @return [String]
         attr_accessor :description
@@ -1063,7 +1059,7 @@ module Google
         # @return [String]
         attr_accessor :finding_class
       
-        # Represents IAM bindings associated with the Finding.
+        # Represents IAM bindings associated with the finding.
         # Corresponds to the JSON property `iamBindings`
         # @return [Array<Google::Apis::SecuritycenterV1beta2::IamBinding>]
         attr_accessor :iam_bindings
@@ -1106,10 +1102,9 @@ module Google
         # @return [String]
         attr_accessor :mute
       
-        # First known as mute_annotation. Records additional information about the mute
-        # operation e.g. mute config that muted the finding, user who muted the finding,
-        # etc. Unlike other attributes of a finding, a finding provider shouldn't set
-        # the value of mute.
+        # Records additional information about the mute operation, for example, the [
+        # mute configuration](/security-command-center/docs/how-to-mute-findings) that
+        # muted the finding and the user who muted the finding.
         # Corresponds to the JSON property `muteInitiator`
         # @return [String]
         attr_accessor :mute_initiator
@@ -1119,24 +1114,20 @@ module Google
         # @return [String]
         attr_accessor :mute_update_time
       
-        # The relative resource name of this finding. See: https://cloud.google.com/apis/
-        # design/resource_names#relative_resource_name Example: "organizations/`
-        # organization_id`/sources/`source_id`/findings/`finding_id`"
+        # The [relative resource name](https://cloud.google.com/apis/design/
+        # resource_names#relative_resource_name) of the finding. Example: "organizations/
+        # `organization_id`/sources/`source_id`/findings/`finding_id`", "folders/`
+        # folder_id`/sources/`source_id`/findings/`finding_id`", "projects/`project_id`/
+        # sources/`source_id`/findings/`finding_id`".
         # Corresponds to the JSON property `name`
         # @return [String]
         attr_accessor :name
       
-        # Next steps associate to the finding.
+        # Steps to address the finding.
         # Corresponds to the JSON property `nextSteps`
         # @return [String]
         attr_accessor :next_steps
       
-        # Contains information about the org policy constraints associated with the
-        # finding.
-        # Corresponds to the JSON property `orgPolicyConstraints`
-        # @return [Array<Google::Apis::SecuritycenterV1beta2::OrgPolicyConstraint>]
-        attr_accessor :org_policy_constraints
-      
         # The relative resource name of the source the finding belongs to. See: https://
         # cloud.google.com/apis/design/resource_names#relative_resource_name This field
         # is immutable after creation time. For example: "organizations/`organization_id`
@@ -1232,7 +1223,6 @@ module Google
           @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
           @name = args[:name] if args.key?(:name)
           @next_steps = args[:next_steps] if args.key?(:next_steps)
-          @org_policy_constraints = args[:org_policy_constraints] if args.key?(:org_policy_constraints)
           @parent = args[:parent] if args.key?(:parent)
           @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
           @processes = args[:processes] if args.key?(:processes)
@@ -1424,42 +1414,90 @@ module Google
         end
       end
       
-      # A resource that is exposed as a result of a finding.
-      class GoogleCloudSecuritycenterV1ExposedResource
+      # Defines the properties in a custom module configuration for Security Health
+      # Analytics. Use the custom module configuration to create custom detectors that
+      # generate custom findings for resources that you specify.
+      class GoogleCloudSecuritycenterV1CustomConfig
         include Google::Apis::Core::Hashable
       
-        # Human readable name of the resource that is exposed.
-        # Corresponds to the JSON property `displayName`
-        # @return [String]
-        attr_accessor :display_name
-      
-        # The ways in which this resource is exposed. Examples: Read, Write
-        # Corresponds to the JSON property `methods`
-        # @return [Array<String>]
-        attr_accessor :methods_prop
+        # A set of optional name-value pairs that define custom source properties to
+        # return with each finding that is generated by the custom module. The custom
+        # source properties that are defined here are included in the finding JSON under
+        # `sourceProperties`.
+        # Corresponds to the JSON property `customOutput`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomOutputSpec]
+        attr_accessor :custom_output
       
-        # Exposed Resource Name e.g.: `organizations/123/attackExposureResults/456/
-        # exposedResources/789`
-        # Corresponds to the JSON property `name`
+        # Text that describes the vulnerability or misconfiguration that the custom
+        # module detects. This explanation is returned with each finding instance to
+        # help investigators understand the detected issue. The text must be enclosed in
+        # quotation marks.
+        # Corresponds to the JSON property `description`
         # @return [String]
-        attr_accessor :name
+        attr_accessor :description
       
-        # The name of the resource that is exposed. See: https://cloud.google.com/apis/
-        # design/resource_names#full_resource_name
-        # Corresponds to the JSON property `resource`
+        # Represents a textual expression in the Common Expression Language (CEL) syntax.
+        # CEL is a C-like expression language. The syntax and semantics of CEL are
+        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+        # "Summary size limit" description: "Determines if a summary is less than 100
+        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+        # Requestor is owner" description: "Determines if requestor is the document
+        # owner" expression: "document.owner == request.auth.claims.email" Example (
+        # Logic): title: "Public documents" description: "Determine whether the document
+        # should be publicly visible" expression: "document.type != 'private' &&
+        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+        # string" description: "Create a notification string with a timestamp."
+        # expression: "'New message received at ' + string(document.create_time)" The
+        # exact variables and functions that may be referenced within an expression are
+        # determined by the service that evaluates it. See the service documentation for
+        # additional information.
+        # Corresponds to the JSON property `predicate`
+        # @return [Google::Apis::SecuritycenterV1beta2::Expr]
+        attr_accessor :predicate
+      
+        # An explanation of the recommended steps that security teams can take to
+        # resolve the detected issue. This explanation is returned with each finding
+        # generated by this module in the `nextSteps` property of the finding JSON.
+        # Corresponds to the JSON property `recommendation`
+        # @return [String]
+        attr_accessor :recommendation
+      
+        # Resource for selecting resource type.
+        # Corresponds to the JSON property `resourceSelector`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ResourceSelector]
+        attr_accessor :resource_selector
+      
+        # The severity to assign to findings generated by the module.
+        # Corresponds to the JSON property `severity`
         # @return [String]
-        attr_accessor :resource
+        attr_accessor :severity
       
-        # The resource type of the exposed resource. See: https://cloud.google.com/asset-
-        # inventory/docs/supported-asset-types
-        # Corresponds to the JSON property `resourceType`
-        # @return [String]
-        attr_accessor :resource_type
+        def initialize(**args)
+           update!(**args)
+        end
       
-        # How valuable this resource is.
-        # Corresponds to the JSON property `resourceValue`
-        # @return [String]
-        attr_accessor :resource_value
+        # Update properties of this object
+        def update!(**args)
+          @custom_output = args[:custom_output] if args.key?(:custom_output)
+          @description = args[:description] if args.key?(:description)
+          @predicate = args[:predicate] if args.key?(:predicate)
+          @recommendation = args[:recommendation] if args.key?(:recommendation)
+          @resource_selector = args[:resource_selector] if args.key?(:resource_selector)
+          @severity = args[:severity] if args.key?(:severity)
+        end
+      end
+      
+      # A set of optional name-value pairs that define custom source properties to
+      # return with each finding that is generated by the custom module. The custom
+      # source properties that are defined here are included in the finding JSON under
+      # `sourceProperties`.
+      class GoogleCloudSecuritycenterV1CustomOutputSpec
+        include Google::Apis::Core::Hashable
+      
+        # A list of custom output properties to add to the finding.
+        # Corresponds to the JSON property `properties`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1Property>]
+        attr_accessor :properties
       
         def initialize(**args)
            update!(**args)
@@ -1467,50 +1505,62 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @display_name = args[:display_name] if args.key?(:display_name)
-          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
-          @name = args[:name] if args.key?(:name)
-          @resource = args[:resource] if args.key?(:resource)
-          @resource_type = args[:resource_type] if args.key?(:resource_type)
-          @resource_value = args[:resource_value] if args.key?(:resource_value)
+          @properties = args[:properties] if args.key?(:properties)
         end
       end
       
-      # A path that an attacker could take to reach an exposed resource.
-      class GoogleCloudSecuritycenterV1ExposurePath
+      # An EffectiveSecurityHealthAnalyticsCustomModule is the representation of a
+      # Security Health Analytics custom module at a specified level of the resource
+      # hierarchy: organization, folder, or project. If a custom module is inherited
+      # from a parent organization or folder, the value of the `enablementState`
+      # property in EffectiveSecurityHealthAnalyticsCustomModule is set to the value
+      # that is effective in the parent, instead of `INHERITED`. For example, if the
+      # module is enabled in a parent organization or folder, the effective
+      # enablement_state for the module in all child folders or projects is also `
+      # enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
+      class GoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule
         include Google::Apis::Core::Hashable
       
-        # A list of the edges between nodes in this exposure path.
-        # Corresponds to the JSON property `edges`
-        # @return [Array<Google::Apis::SecuritycenterV1beta2::Edge>]
-        attr_accessor :edges
+        # Defines the properties in a custom module configuration for Security Health
+        # Analytics. Use the custom module configuration to create custom detectors that
+        # generate custom findings for resources that you specify.
+        # Corresponds to the JSON property `customConfig`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig]
+        attr_accessor :custom_config
       
-        # A resource that is exposed as a result of a finding.
-        # Corresponds to the JSON property `exposedResource`
-        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ExposedResource]
-        attr_accessor :exposed_resource
+        # Output only. The display name for the custom module. The name must be between
+        # 1 and 128 characters, start with a lowercase letter, and contain alphanumeric
+        # characters or underscores only.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # Output only. The effective state of enablement for the module at the given
+        # level of the hierarchy.
+        # Corresponds to the JSON property `enablementState`
+        # @return [String]
+        attr_accessor :enablement_state
       
-        # Exposure Path Name e.g.: `organizations/123/attackExposureResults/456/
-        # exposurePaths/789`
+        # Output only. The resource name of the custom module. Its format is "
+        # organizations/`organization`/securityHealthAnalyticsSettings/
+        # effectiveCustomModules/`customModule`", or "folders/`folder`/
+        # securityHealthAnalyticsSettings/effectiveCustomModules/`customModule`", or "
+        # projects/`project`/securityHealthAnalyticsSettings/effectiveCustomModules/`
+        # customModule`"
         # Corresponds to the JSON property `name`
         # @return [String]
         attr_accessor :name
       
-        # A list of nodes that exist in this exposure path.
-        # Corresponds to the JSON property `pathNodes`
-        # @return [Array<Google::Apis::SecuritycenterV1beta2::PathNode>]
-        attr_accessor :path_nodes
-      
         def initialize(**args)
            update!(**args)
         end
       
         # Update properties of this object
         def update!(**args)
-          @edges = args[:edges] if args.key?(:edges)
-          @exposed_resource = args[:exposed_resource] if args.key?(:exposed_resource)
+          @custom_config = args[:custom_config] if args.key?(:custom_config)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @enablement_state = args[:enablement_state] if args.key?(:enablement_state)
           @name = args[:name] if args.key?(:name)
-          @path_nodes = args[:path_nodes] if args.key?(:path_nodes)
         end
       end
       
@@ -1669,6 +1719,45 @@ module Google
         end
       end
       
+      # An individual name-value pair that defines a custom source property.
+      class GoogleCloudSecuritycenterV1Property
+        include Google::Apis::Core::Hashable
+      
+        # Name of the property for the custom output.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Represents a textual expression in the Common Expression Language (CEL) syntax.
+        # CEL is a C-like expression language. The syntax and semantics of CEL are
+        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+        # "Summary size limit" description: "Determines if a summary is less than 100
+        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+        # Requestor is owner" description: "Determines if requestor is the document
+        # owner" expression: "document.owner == request.auth.claims.email" Example (
+        # Logic): title: "Public documents" description: "Determine whether the document
+        # should be publicly visible" expression: "document.type != 'private' &&
+        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+        # string" description: "Create a notification string with a timestamp."
+        # expression: "'New message received at ' + string(document.create_time)" The
+        # exact variables and functions that may be referenced within an expression are
+        # determined by the service that evaluates it. See the service documentation for
+        # additional information.
+        # Corresponds to the JSON property `valueExpression`
+        # @return [Google::Apis::SecuritycenterV1beta2::Expr]
+        attr_accessor :value_expression
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @value_expression = args[:value_expression] if args.key?(:value_expression)
+        end
+      end
+      
       # Information related to the Google Cloud resource.
       class GoogleCloudSecuritycenterV1Resource
         include Google::Apis::Core::Hashable
@@ -1733,65 +1822,14 @@ module Google
         end
       end
       
-      # A resource value config is a mapping configuration of user's tag values to
-      # resource values. Used by the attack path simulation.
-      class GoogleCloudSecuritycenterV1ResourceValueConfig
+      # Resource for selecting resource type.
+      class GoogleCloudSecuritycenterV1ResourceSelector
         include Google::Apis::Core::Hashable
       
-        # Output only. Timestamp this resource value config was created.
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-      
-        # Description of the resource value config.
-        # Corresponds to the JSON property `description`
-        # @return [String]
-        attr_accessor :description
-      
-        # Name for the resource value config
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-      
-        # List of resource labels to search for, evaluated with AND. E.g. "
-        # resource_labels_selector": `"key": "value", "env": "prod"` will match
-        # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
-        # com/resource-manager/docs/creating-managing-labels
-        # Corresponds to the JSON property `resourceLabelsSelector`
-        # @return [Hash<String,String>]
-        attr_accessor :resource_labels_selector
-      
-        # Apply resource_value only to resources that match resource_type. resource_type
-        # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
-        # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
-        # googleapis.com/Bucket" resources.
-        # Corresponds to the JSON property `resourceType`
-        # @return [String]
-        attr_accessor :resource_type
-      
-        # Required. Resource value level this expression represents
-        # Corresponds to the JSON property `resourceValue`
-        # @return [String]
-        attr_accessor :resource_value
-      
-        # Project or folder to scope this config to. For example, "project/456" would
-        # apply this config only to resources in "project/456" scope will be checked
-        # with "AND" of other resources.
-        # Corresponds to the JSON property `scope`
-        # @return [String]
-        attr_accessor :scope
-      
-        # Required. Tag values combined with AND to check against. Values in the form "
-        # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
-        # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
-        # Corresponds to the JSON property `tagValues`
+        # The resource types to run the detector on.
+        # Corresponds to the JSON property `resourceTypes`
         # @return [Array<String>]
-        attr_accessor :tag_values
-      
-        # Output only. Timestamp this resource value config was last updated.
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        attr_accessor :resource_types
       
         def initialize(**args)
            update!(**args)
@@ -1799,15 +1837,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @name = args[:name] if args.key?(:name)
-          @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
-          @resource_type = args[:resource_type] if args.key?(:resource_type)
-          @resource_value = args[:resource_value] if args.key?(:resource_value)
-          @scope = args[:scope] if args.key?(:scope)
-          @tag_values = args[:tag_values] if args.key?(:tag_values)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @resource_types = args[:resource_types] if args.key?(:resource_types)
         end
       end
       
@@ -1836,6 +1866,80 @@ module Google
         end
       end
       
+      # Represents an instance of a Security Health Analytics custom module, including
+      # its full module name, display name, enablement state, and last updated time.
+      # You can create a custom module at the organization, folder, or project level.
+      # Custom modules that you create at the organization or folder level are
+      # inherited by the child folders and projects.
+      class GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModule
+        include Google::Apis::Core::Hashable
+      
+        # Output only. If empty, indicates that the custom module was created in the
+        # organization, folder, or project in which you are viewing the custom module.
+        # Otherwise, `ancestor_module` specifies the organization or folder from which
+        # the custom module is inherited.
+        # Corresponds to the JSON property `ancestorModule`
+        # @return [String]
+        attr_accessor :ancestor_module
+      
+        # Defines the properties in a custom module configuration for Security Health
+        # Analytics. Use the custom module configuration to create custom detectors that
+        # generate custom findings for resources that you specify.
+        # Corresponds to the JSON property `customConfig`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig]
+        attr_accessor :custom_config
+      
+        # The display name of the Security Health Analytics custom module. This display
+        # name becomes the finding category for all findings that are returned by this
+        # custom module. The display name must be between 1 and 128 characters, start
+        # with a lowercase letter, and contain alphanumeric characters or underscores
+        # only.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # The enablement state of the custom module.
+        # Corresponds to the JSON property `enablementState`
+        # @return [String]
+        attr_accessor :enablement_state
+      
+        # Output only. The editor that last updated the custom module.
+        # Corresponds to the JSON property `lastEditor`
+        # @return [String]
+        attr_accessor :last_editor
+      
+        # Immutable. The resource name of the custom module. Its format is "
+        # organizations/`organization`/securityHealthAnalyticsSettings/customModules/`
+        # customModule`", or "folders/`folder`/securityHealthAnalyticsSettings/
+        # customModules/`customModule`", or "projects/`project`/
+        # securityHealthAnalyticsSettings/customModules/`customModule`" The id `
+        # customModule` is server-generated and is not user settable. It will be a
+        # numeric id containing 1-20 digits.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Output only. The time at which the custom module was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @ancestor_module = args[:ancestor_module] if args.key?(:ancestor_module)
+          @custom_config = args[:custom_config] if args.key?(:custom_config)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @enablement_state = args[:enablement_state] if args.key?(:enablement_state)
+          @last_editor = args[:last_editor] if args.key?(:last_editor)
+          @name = args[:name] if args.key?(:name)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
       # Response of asset discovery run
       class GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse
         include Google::Apis::Core::Hashable
@@ -2545,66 +2649,6 @@ module Google
         end
       end
       
-      # Encapsulates data about a constraint associated with an organization policy.
-      class OrgPolicyConstraint
-        include Google::Apis::Core::Hashable
-      
-        # The resource name of the constraint. Example: "organizations/`organization_id`/
-        # constraints/`constraint_name`"
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-      
-        def initialize(**args)
-           update!(**args)
-        end
-      
-        # Update properties of this object
-        def update!(**args)
-          @name = args[:name] if args.key?(:name)
-        end
-      end
-      
-      # Represents one point that an attacker passes through in this exposure path.
-      class PathNode
-        include Google::Apis::Core::Hashable
-      
-        # The findings associated with this node in the exposure path.
-        # Corresponds to the JSON property `associatedFindings`
-        # @return [Array<Google::Apis::SecuritycenterV1beta2::AssociatedFinding>]
-        attr_accessor :associated_findings
-      
-        # Human readable name of this resource.
-        # Corresponds to the JSON property `displayName`
-        # @return [String]
-        attr_accessor :display_name
-      
-        # The name of the resource at this point in the exposure path. The format of the
-        # name is: https://cloud.google.com/apis/design/resource_names#
-        # full_resource_name
-        # Corresponds to the JSON property `resource`
-        # @return [String]
-        attr_accessor :resource
-      
-        # The resource type of this resource. See: https://cloud.google.com/asset-
-        # inventory/docs/supported-asset-types
-        # Corresponds to the JSON property `resourceType`
-        # @return [String]
-        attr_accessor :resource_type
-      
-        def initialize(**args)
-           update!(**args)
-        end
-      
-        # Update properties of this object
-        def update!(**args)
-          @associated_findings = args[:associated_findings] if args.key?(:associated_findings)
-          @display_name = args[:display_name] if args.key?(:display_name)
-          @resource = args[:resource] if args.key?(:resource)
-          @resource_type = args[:resource_type] if args.key?(:resource_type)
-        end
-      end
-      
       # Kubernetes Pod.
       class Pod
         include Google::Apis::Core::Hashable

data/lib/google/apis/securitycenter_v1beta2/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module SecuritycenterV1beta2
       # Version of the google-apis-securitycenter_v1beta2 gem
-      GEM_VERSION = "0.45.0"
+      GEM_VERSION = "0.47.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.12.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20230321"
+      REVISION = "20230414"
     end
   end
 end

data/lib/google/apis/securitycenter_v1beta2/representations.rb

@@ -34,12 +34,6 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class AssociatedFinding
-        class Representation < Google::Apis::Core::JsonRepresentation; end
-      
-        include Google::Apis::Core::JsonObjectSupport
-      end
-      
       class CloudDlpDataProfile
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -124,31 +118,31 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class Edge
+      class EnvironmentVariable
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class EnvironmentVariable
+      class EventThreatDetectionSettings
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class EventThreatDetectionSettings
+      class ExfilResource
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class ExfilResource
+      class Exfiltration
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class Exfiltration
+      class Expr
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
@@ -196,13 +190,19 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class GoogleCloudSecuritycenterV1ExposedResource
+      class GoogleCloudSecuritycenterV1CustomConfig
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class GoogleCloudSecuritycenterV1ExposurePath
+      class GoogleCloudSecuritycenterV1CustomOutputSpec
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
@@ -226,13 +226,19 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class GoogleCloudSecuritycenterV1Property
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class GoogleCloudSecuritycenterV1Resource
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class GoogleCloudSecuritycenterV1ResourceValueConfig
+      class GoogleCloudSecuritycenterV1ResourceSelector
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
@@ -244,6 +250,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModule
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -346,18 +358,6 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
-      class OrgPolicyConstraint
-        class Representation < Google::Apis::Core::JsonRepresentation; end
-      
-        include Google::Apis::Core::JsonObjectSupport
-      end
-      
-      class PathNode
-        class Representation < Google::Apis::Core::JsonRepresentation; end
-      
-        include Google::Apis::Core::JsonObjectSupport
-      end
-      
       class Pod
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -485,15 +485,6 @@ module Google
         end
       end
       
-      class AssociatedFinding
-        # @private
-        class Representation < Google::Apis::Core::JsonRepresentation
-          property :canonical_finding_name, as: 'canonicalFindingName'
-          property :finding_category, as: 'findingCategory'
-          property :name, as: 'name'
-        end
-      end
-      
       class CloudDlpDataProfile
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -632,14 +623,6 @@ module Google
         end
       end
       
-      class Edge
-        # @private
-        class Representation < Google::Apis::Core::JsonRepresentation
-          property :destination, as: 'destination'
-          property :source, as: 'source'
-        end
-      end
-      
       class EnvironmentVariable
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -677,6 +660,16 @@ module Google
         end
       end
       
+      class Expr
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :description, as: 'description'
+          property :expression, as: 'expression'
+          property :location, as: 'location'
+          property :title, as: 'title'
+        end
+      end
+      
       class File
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -737,8 +730,6 @@ module Google
           property :mute_update_time, as: 'muteUpdateTime'
           property :name, as: 'name'
           property :next_steps, as: 'nextSteps'
-          collection :org_policy_constraints, as: 'orgPolicyConstraints', class: Google::Apis::SecuritycenterV1beta2::OrgPolicyConstraint, decorator: Google::Apis::SecuritycenterV1beta2::OrgPolicyConstraint::Representation
-      
           property :parent, as: 'parent'
           property :parent_display_name, as: 'parentDisplayName'
           collection :processes, as: 'processes', class: Google::Apis::SecuritycenterV1beta2::Process, decorator: Google::Apis::SecuritycenterV1beta2::Process::Representation
@@ -801,28 +792,37 @@ module Google
         end
       end
       
-      class GoogleCloudSecuritycenterV1ExposedResource
+      class GoogleCloudSecuritycenterV1CustomConfig
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
-          property :display_name, as: 'displayName'
-          collection :methods_prop, as: 'methods'
-          property :name, as: 'name'
-          property :resource, as: 'resource'
-          property :resource_type, as: 'resourceType'
-          property :resource_value, as: 'resourceValue'
+          property :custom_output, as: 'customOutput', class: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomOutputSpec, decorator: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomOutputSpec::Representation
+      
+          property :description, as: 'description'
+          property :predicate, as: 'predicate', class: Google::Apis::SecuritycenterV1beta2::Expr, decorator: Google::Apis::SecuritycenterV1beta2::Expr::Representation
+      
+          property :recommendation, as: 'recommendation'
+          property :resource_selector, as: 'resourceSelector', class: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ResourceSelector, decorator: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ResourceSelector::Representation
+      
+          property :severity, as: 'severity'
         end
       end
       
-      class GoogleCloudSecuritycenterV1ExposurePath
+      class GoogleCloudSecuritycenterV1CustomOutputSpec
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
-          collection :edges, as: 'edges', class: Google::Apis::SecuritycenterV1beta2::Edge, decorator: Google::Apis::SecuritycenterV1beta2::Edge::Representation
+          collection :properties, as: 'properties', class: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1Property, decorator: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1Property::Representation
       
-          property :exposed_resource, as: 'exposedResource', class: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ExposedResource, decorator: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ExposedResource::Representation
+        end
+      end
       
-          property :name, as: 'name'
-          collection :path_nodes, as: 'pathNodes', class: Google::Apis::SecuritycenterV1beta2::PathNode, decorator: Google::Apis::SecuritycenterV1beta2::PathNode::Representation
+      class GoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :custom_config, as: 'customConfig', class: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig, decorator: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig::Representation
       
+          property :display_name, as: 'displayName'
+          property :enablement_state, as: 'enablementState'
+          property :name, as: 'name'
         end
       end
       
@@ -861,6 +861,15 @@ module Google
         end
       end
       
+      class GoogleCloudSecuritycenterV1Property
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :name, as: 'name'
+          property :value_expression, as: 'valueExpression', class: Google::Apis::SecuritycenterV1beta2::Expr, decorator: Google::Apis::SecuritycenterV1beta2::Expr::Representation
+      
+        end
+      end
+      
       class GoogleCloudSecuritycenterV1Resource
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -876,18 +885,10 @@ module Google
         end
       end
       
-      class GoogleCloudSecuritycenterV1ResourceValueConfig
+      class GoogleCloudSecuritycenterV1ResourceSelector
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
-          property :create_time, as: 'createTime'
-          property :description, as: 'description'
-          property :name, as: 'name'
-          hash :resource_labels_selector, as: 'resourceLabelsSelector'
-          property :resource_type, as: 'resourceType'
-          property :resource_value, as: 'resourceValue'
-          property :scope, as: 'scope'
-          collection :tag_values, as: 'tagValues'
-          property :update_time, as: 'updateTime'
+          collection :resource_types, as: 'resourceTypes'
         end
       end
       
@@ -899,6 +900,20 @@ module Google
         end
       end
       
+      class GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModule
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :ancestor_module, as: 'ancestorModule'
+          property :custom_config, as: 'customConfig', class: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig, decorator: Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig::Representation
+      
+          property :display_name, as: 'displayName'
+          property :enablement_state, as: 'enablementState'
+          property :last_editor, as: 'lastEditor'
+          property :name, as: 'name'
+          property :update_time, as: 'updateTime'
+        end
+      end
+      
       class GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -1080,24 +1095,6 @@ module Google
         end
       end
       
-      class OrgPolicyConstraint
-        # @private
-        class Representation < Google::Apis::Core::JsonRepresentation
-          property :name, as: 'name'
-        end
-      end
-      
-      class PathNode
-        # @private
-        class Representation < Google::Apis::Core::JsonRepresentation
-          collection :associated_findings, as: 'associatedFindings', class: Google::Apis::SecuritycenterV1beta2::AssociatedFinding, decorator: Google::Apis::SecuritycenterV1beta2::AssociatedFinding::Representation
-      
-          property :display_name, as: 'displayName'
-          property :resource, as: 'resource'
-          property :resource_type, as: 'resourceType'
-        end
-      end
-      
       class Pod
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-securitycenter_v1beta2
 version: !ruby/object:Gem::Version
-  version: 0.45.0
+  version: 0.47.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-26 00:00:00.000000000 Z
+date: 2023-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -58,7 +58,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-securitycenter_v1beta2/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-securitycenter_v1beta2/v0.45.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-securitycenter_v1beta2/v0.47.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-securitycenter_v1beta2
 post_install_message: 
 rdoc_options: []