google-apis-securityposture_v1 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1737 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'date'
16
+ require 'google/apis/core/base_service'
17
+ require 'google/apis/core/json_representation'
18
+ require 'google/apis/core/hashable'
19
+ require 'google/apis/errors'
20
+
21
+ module Google
22
+ module Apis
23
+ module SecuritypostureV1
24
+
25
+ # Details of a Cloud Asset Inventory asset that caused a violation.
26
+ class AssetDetails
27
+ include Google::Apis::Core::Hashable
28
+
29
+ # Information about the Cloud Asset Inventory asset that violated a policy. The
30
+ # format of this information can change at any time without prior notice. Your
31
+ # application must not depend on this information in any way.
32
+ # Corresponds to the JSON property `asset`
33
+ # @return [String]
34
+ attr_accessor :asset
35
+
36
+ # The type of Cloud Asset Inventory asset. For a list of asset types, see [
37
+ # Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-
38
+ # asset-types).
39
+ # Corresponds to the JSON property `assetType`
40
+ # @return [String]
41
+ attr_accessor :asset_type
42
+
43
+ def initialize(**args)
44
+ update!(**args)
45
+ end
46
+
47
+ # Update properties of this object
48
+ def update!(**args)
49
+ @asset = args[:asset] if args.key?(:asset)
50
+ @asset_type = args[:asset_type] if args.key?(:asset_type)
51
+ end
52
+ end
53
+
54
+ # The request message for Operations.CancelOperation.
55
+ class CancelOperationRequest
56
+ include Google::Apis::Core::Hashable
57
+
58
+ def initialize(**args)
59
+ update!(**args)
60
+ end
61
+
62
+ # Update properties of this object
63
+ def update!(**args)
64
+ end
65
+ end
66
+
67
+ # Information about a compliance standard that the policy helps enforce.
68
+ class ComplianceStandard
69
+ include Google::Apis::Core::Hashable
70
+
71
+ # Optional. The control in the compliance standard that the policy helps enforce.
72
+ # For example, `AC-3`.
73
+ # Corresponds to the JSON property `control`
74
+ # @return [String]
75
+ attr_accessor :control
76
+
77
+ # Optional. The compliance standard that the policy helps enforce. For example, `
78
+ # NIST SP 800-53`.
79
+ # Corresponds to the JSON property `standard`
80
+ # @return [String]
81
+ attr_accessor :standard
82
+
83
+ def initialize(**args)
84
+ update!(**args)
85
+ end
86
+
87
+ # Update properties of this object
88
+ def update!(**args)
89
+ @control = args[:control] if args.key?(:control)
90
+ @standard = args[:standard] if args.key?(:standard)
91
+ end
92
+ end
93
+
94
+ # Metadata for a constraint in a Policy.
95
+ class Constraint
96
+ include Google::Apis::Core::Hashable
97
+
98
+ # A predefined organization policy constraint.
99
+ # Corresponds to the JSON property `orgPolicyConstraint`
100
+ # @return [Google::Apis::SecuritypostureV1::OrgPolicyConstraint]
101
+ attr_accessor :org_policy_constraint
102
+
103
+ # A custom organization policy constraint.
104
+ # Corresponds to the JSON property `orgPolicyConstraintCustom`
105
+ # @return [Google::Apis::SecuritypostureV1::OrgPolicyConstraintCustom]
106
+ attr_accessor :org_policy_constraint_custom
107
+
108
+ # A custom module for Security Health Analytics.
109
+ # Corresponds to the JSON property `securityHealthAnalyticsCustomModule`
110
+ # @return [Google::Apis::SecuritypostureV1::SecurityHealthAnalyticsCustomModule]
111
+ attr_accessor :security_health_analytics_custom_module
112
+
113
+ # A built-in detector for Security Health Analytics.
114
+ # Corresponds to the JSON property `securityHealthAnalyticsModule`
115
+ # @return [Google::Apis::SecuritypostureV1::SecurityHealthAnalyticsModule]
116
+ attr_accessor :security_health_analytics_module
117
+
118
+ def initialize(**args)
119
+ update!(**args)
120
+ end
121
+
122
+ # Update properties of this object
123
+ def update!(**args)
124
+ @org_policy_constraint = args[:org_policy_constraint] if args.key?(:org_policy_constraint)
125
+ @org_policy_constraint_custom = args[:org_policy_constraint_custom] if args.key?(:org_policy_constraint_custom)
126
+ @security_health_analytics_custom_module = args[:security_health_analytics_custom_module] if args.key?(:security_health_analytics_custom_module)
127
+ @security_health_analytics_module = args[:security_health_analytics_module] if args.key?(:security_health_analytics_module)
128
+ end
129
+ end
130
+
131
+ # Request message for CreateIaCValidationReport.
132
+ class CreateIaCValidationReportRequest
133
+ include Google::Apis::Core::Hashable
134
+
135
+ # Details of an infrastructure-as-code (IaC) configuration.
136
+ # Corresponds to the JSON property `iac`
137
+ # @return [Google::Apis::SecuritypostureV1::IaC]
138
+ attr_accessor :iac
139
+
140
+ def initialize(**args)
141
+ update!(**args)
142
+ end
143
+
144
+ # Update properties of this object
145
+ def update!(**args)
146
+ @iac = args[:iac] if args.key?(:iac)
147
+ end
148
+ end
149
+
150
+ # A custom module configuration for Security Health Analytics. Use `CustomConfig`
151
+ # to create custom detectors that generate custom findings for resources that
152
+ # you specify.
153
+ class CustomConfig
154
+ include Google::Apis::Core::Hashable
155
+
156
+ # Definitions of custom source properties that can appear in findings.
157
+ # Corresponds to the JSON property `customOutput`
158
+ # @return [Google::Apis::SecuritypostureV1::CustomOutputSpec]
159
+ attr_accessor :custom_output
160
+
161
+ # Optional. A description of the vulnerability or misconfiguration that the
162
+ # custom module detects. The description appears in each finding. Provide enough
163
+ # information to help an investigator understand the finding. The value must be
164
+ # enclosed in quotation marks.
165
+ # Corresponds to the JSON property `description`
166
+ # @return [String]
167
+ attr_accessor :description
168
+
169
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
170
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
171
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
172
+ # "Summary size limit" description: "Determines if a summary is less than 100
173
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
174
+ # Requestor is owner" description: "Determines if requestor is the document
175
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
176
+ # Logic): title: "Public documents" description: "Determine whether the document
177
+ # should be publicly visible" expression: "document.type != 'private' &&
178
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
179
+ # string" description: "Create a notification string with a timestamp."
180
+ # expression: "'New message received at ' + string(document.create_time)" The
181
+ # exact variables and functions that may be referenced within an expression are
182
+ # determined by the service that evaluates it. See the service documentation for
183
+ # additional information.
184
+ # Corresponds to the JSON property `predicate`
185
+ # @return [Google::Apis::SecuritypostureV1::Expr]
186
+ attr_accessor :predicate
187
+
188
+ # Required. An explanation of the steps that security teams can take to resolve
189
+ # the detected issue. The explanation appears in each finding.
190
+ # Corresponds to the JSON property `recommendation`
191
+ # @return [String]
192
+ attr_accessor :recommendation
193
+
194
+ # A selector for the resource types to run the detector on.
195
+ # Corresponds to the JSON property `resourceSelector`
196
+ # @return [Google::Apis::SecuritypostureV1::ResourceSelector]
197
+ attr_accessor :resource_selector
198
+
199
+ # Required. The severity of findings generated by the custom module.
200
+ # Corresponds to the JSON property `severity`
201
+ # @return [String]
202
+ attr_accessor :severity
203
+
204
+ def initialize(**args)
205
+ update!(**args)
206
+ end
207
+
208
+ # Update properties of this object
209
+ def update!(**args)
210
+ @custom_output = args[:custom_output] if args.key?(:custom_output)
211
+ @description = args[:description] if args.key?(:description)
212
+ @predicate = args[:predicate] if args.key?(:predicate)
213
+ @recommendation = args[:recommendation] if args.key?(:recommendation)
214
+ @resource_selector = args[:resource_selector] if args.key?(:resource_selector)
215
+ @severity = args[:severity] if args.key?(:severity)
216
+ end
217
+ end
218
+
219
+ # Definitions of custom source properties that can appear in findings.
220
+ class CustomOutputSpec
221
+ include Google::Apis::Core::Hashable
222
+
223
+ # Optional. The custom source properties that can appear in findings.
224
+ # Corresponds to the JSON property `properties`
225
+ # @return [Array<Google::Apis::SecuritypostureV1::Property>]
226
+ attr_accessor :properties
227
+
228
+ def initialize(**args)
229
+ update!(**args)
230
+ end
231
+
232
+ # Update properties of this object
233
+ def update!(**args)
234
+ @properties = args[:properties] if args.key?(:properties)
235
+ end
236
+ end
237
+
238
+ # A generic empty message that you can re-use to avoid defining duplicated empty
239
+ # messages in your APIs. A typical example is to use it as the request or the
240
+ # response type of an API method. For instance: service Foo ` rpc Bar(google.
241
+ # protobuf.Empty) returns (google.protobuf.Empty); `
242
+ class Empty
243
+ include Google::Apis::Core::Hashable
244
+
245
+ def initialize(**args)
246
+ update!(**args)
247
+ end
248
+
249
+ # Update properties of this object
250
+ def update!(**args)
251
+ end
252
+ end
253
+
254
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
255
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
256
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
257
+ # "Summary size limit" description: "Determines if a summary is less than 100
258
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
259
+ # Requestor is owner" description: "Determines if requestor is the document
260
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
261
+ # Logic): title: "Public documents" description: "Determine whether the document
262
+ # should be publicly visible" expression: "document.type != 'private' &&
263
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
264
+ # string" description: "Create a notification string with a timestamp."
265
+ # expression: "'New message received at ' + string(document.create_time)" The
266
+ # exact variables and functions that may be referenced within an expression are
267
+ # determined by the service that evaluates it. See the service documentation for
268
+ # additional information.
269
+ class Expr
270
+ include Google::Apis::Core::Hashable
271
+
272
+ # Optional. Description of the expression. This is a longer text which describes
273
+ # the expression, e.g. when hovered over it in a UI.
274
+ # Corresponds to the JSON property `description`
275
+ # @return [String]
276
+ attr_accessor :description
277
+
278
+ # Textual representation of an expression in Common Expression Language syntax.
279
+ # Corresponds to the JSON property `expression`
280
+ # @return [String]
281
+ attr_accessor :expression
282
+
283
+ # Optional. String indicating the location of the expression for error reporting,
284
+ # e.g. a file name and a position in the file.
285
+ # Corresponds to the JSON property `location`
286
+ # @return [String]
287
+ attr_accessor :location
288
+
289
+ # Optional. Title for the expression, i.e. a short string describing its purpose.
290
+ # This can be used e.g. in UIs which allow to enter the expression.
291
+ # Corresponds to the JSON property `title`
292
+ # @return [String]
293
+ attr_accessor :title
294
+
295
+ def initialize(**args)
296
+ update!(**args)
297
+ end
298
+
299
+ # Update properties of this object
300
+ def update!(**args)
301
+ @description = args[:description] if args.key?(:description)
302
+ @expression = args[:expression] if args.key?(:expression)
303
+ @location = args[:location] if args.key?(:location)
304
+ @title = args[:title] if args.key?(:title)
305
+ end
306
+ end
307
+
308
+ # Request message for ExtractPosture.
309
+ class ExtractPostureRequest
310
+ include Google::Apis::Core::Hashable
311
+
312
+ # Required. An identifier for the posture.
313
+ # Corresponds to the JSON property `postureId`
314
+ # @return [String]
315
+ attr_accessor :posture_id
316
+
317
+ # Required. The organization, folder, or project from which policies are
318
+ # extracted. Must be within the organization defined in parent. Use one of the
319
+ # following formats: * `organization/`organization_number`` * `folder/`
320
+ # folder_number`` * `project/`project_number``
321
+ # Corresponds to the JSON property `workload`
322
+ # @return [String]
323
+ attr_accessor :workload
324
+
325
+ def initialize(**args)
326
+ update!(**args)
327
+ end
328
+
329
+ # Update properties of this object
330
+ def update!(**args)
331
+ @posture_id = args[:posture_id] if args.key?(:posture_id)
332
+ @workload = args[:workload] if args.key?(:workload)
333
+ end
334
+ end
335
+
336
+ # A custom, user-defined constraint. You can apply the constraint only to the
337
+ # resource types specified in the constraint, and only within the organization
338
+ # where the constraint is defined. _When you create a custom constraint, it is
339
+ # not enforced automatically._ You must use an organization policy to [enforce
340
+ # the constraint](https://cloud.google.com/resource-manager/help/organization-
341
+ # policy/constraints/enforce).
342
+ class GoogleCloudSecuritypostureV1CustomConstraint
343
+ include Google::Apis::Core::Hashable
344
+
345
+ # Whether to allow or deny the action.
346
+ # Corresponds to the JSON property `actionType`
347
+ # @return [String]
348
+ attr_accessor :action_type
349
+
350
+ # A Common Expression Language (CEL) condition expression that must evaluate to `
351
+ # true` for the constraint to be enforced. The maximum length is 1000 characters.
352
+ # For example: + `resource.instanceName.matches('(production|test)_(.+_)?[\d]+')
353
+ # `: Evaluates to `true` if the resource's `instanceName` attribute contains the
354
+ # following: + The prefix `production` or `test` + An underscore (`_`) +
355
+ # Optional: One or more characters, followed by an underscore (`_`) + One or
356
+ # more digits + `resource.management.auto_upgrade == true`: Evaluates to `true`
357
+ # if the resource's `management.auto_upgrade` attribute is `true`.
358
+ # Corresponds to the JSON property `condition`
359
+ # @return [String]
360
+ attr_accessor :condition
361
+
362
+ # A description of the constraint. The maximum length is 2000 characters.
363
+ # Corresponds to the JSON property `description`
364
+ # @return [String]
365
+ attr_accessor :description
366
+
367
+ # A display name for the constraint. The maximum length is 200 characters.
368
+ # Corresponds to the JSON property `displayName`
369
+ # @return [String]
370
+ attr_accessor :display_name
371
+
372
+ # The types of operations that the constraint applies to.
373
+ # Corresponds to the JSON property `methodTypes`
374
+ # @return [Array<String>]
375
+ attr_accessor :method_types
376
+
377
+ # Immutable. The name of the constraint, in the format `organizations/`
378
+ # organization_id`/customConstraints/custom.`custom_constraint_id``. For example,
379
+ # `organizations/123456789012/customConstraints/custom.createOnlyE2TypeVms`.
380
+ # Must contain 1 to 62 characters, excluding the prefix `organizations/`
381
+ # organization_id`/customConstraints/custom.`.
382
+ # Corresponds to the JSON property `name`
383
+ # @return [String]
384
+ attr_accessor :name
385
+
386
+ # Immutable. The resource type that the constraint applies to, in the format ``
387
+ # canonical_service_name`/`resource_type_name``. For example, `compute.
388
+ # googleapis.com/Instance`.
389
+ # Corresponds to the JSON property `resourceTypes`
390
+ # @return [Array<String>]
391
+ attr_accessor :resource_types
392
+
393
+ # Output only. The last time at which the constraint was updated or created.
394
+ # Corresponds to the JSON property `updateTime`
395
+ # @return [String]
396
+ attr_accessor :update_time
397
+
398
+ def initialize(**args)
399
+ update!(**args)
400
+ end
401
+
402
+ # Update properties of this object
403
+ def update!(**args)
404
+ @action_type = args[:action_type] if args.key?(:action_type)
405
+ @condition = args[:condition] if args.key?(:condition)
406
+ @description = args[:description] if args.key?(:description)
407
+ @display_name = args[:display_name] if args.key?(:display_name)
408
+ @method_types = args[:method_types] if args.key?(:method_types)
409
+ @name = args[:name] if args.key?(:name)
410
+ @resource_types = args[:resource_types] if args.key?(:resource_types)
411
+ @update_time = args[:update_time] if args.key?(:update_time)
412
+ end
413
+ end
414
+
415
+ # A rule that defines the allowed and denied values for an organization policy
416
+ # constraint.
417
+ class GoogleCloudSecuritypostureV1PolicyRule
418
+ include Google::Apis::Core::Hashable
419
+
420
+ # Whether to allow any value for a list constraint. Valid only for list
421
+ # constraints.
422
+ # Corresponds to the JSON property `allowAll`
423
+ # @return [Boolean]
424
+ attr_accessor :allow_all
425
+ alias_method :allow_all?, :allow_all
426
+
427
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
428
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
429
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
430
+ # "Summary size limit" description: "Determines if a summary is less than 100
431
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
432
+ # Requestor is owner" description: "Determines if requestor is the document
433
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
434
+ # Logic): title: "Public documents" description: "Determine whether the document
435
+ # should be publicly visible" expression: "document.type != 'private' &&
436
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
437
+ # string" description: "Create a notification string with a timestamp."
438
+ # expression: "'New message received at ' + string(document.create_time)" The
439
+ # exact variables and functions that may be referenced within an expression are
440
+ # determined by the service that evaluates it. See the service documentation for
441
+ # additional information.
442
+ # Corresponds to the JSON property `condition`
443
+ # @return [Google::Apis::SecuritypostureV1::Expr]
444
+ attr_accessor :condition
445
+
446
+ # Whether to deny all values for a list constraint. Valid only for list
447
+ # constraints.
448
+ # Corresponds to the JSON property `denyAll`
449
+ # @return [Boolean]
450
+ attr_accessor :deny_all
451
+ alias_method :deny_all?, :deny_all
452
+
453
+ # Whether to enforce the constraint. Valid only for boolean constraints.
454
+ # Corresponds to the JSON property `enforce`
455
+ # @return [Boolean]
456
+ attr_accessor :enforce
457
+ alias_method :enforce?, :enforce
458
+
459
+ # Optional. Required for GMCs if parameters defined in constraints. Pass
460
+ # parameter values when policy enforcement is enabled. Ensure that parameter
461
+ # value types match those defined in the constraint definition. For example: ` "
462
+ # allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true `
463
+ # Corresponds to the JSON property `parameters`
464
+ # @return [Hash<String,Object>]
465
+ attr_accessor :parameters
466
+
467
+ # Set multiple resource types for one policy, eg: resourceTypes: included: -
468
+ # compute.googleapis.com/Instance - compute.googleapis.com/Disk Constraint
469
+ # definition contains an empty resource type in order to support multiple
470
+ # resource types in the policy. Only support Google managed constriaint and
471
+ # method type is GOVERN_TAGS Refer go/multi-resource-support-force-tags-gmc to
472
+ # get more details.
473
+ # Corresponds to the JSON property `resourceTypes`
474
+ # @return [Google::Apis::SecuritypostureV1::ResourceTypes]
475
+ attr_accessor :resource_types
476
+
477
+ # The allowed and denied values for a list constraint. For all constraints,
478
+ # these fields can contain literal values. Optionally, you can add the `is:`
479
+ # prefix to these values. If the value contains a colon (`:`), then the `is:`
480
+ # prefix is required. Some constraints allow you to specify a portion of the
481
+ # resource hierarchy, known as a [_hierarchy subtree_](https://cloud.google.com/
482
+ # resource-manager/help/organization-policy/hierarchy-subtree), that the
483
+ # constraint applies to. To specify a hierarchy subtree, use the `under:` prefix,
484
+ # followed by a value with one of these formats: - `projects/`project_id`` (for
485
+ # example, `projects/tokyo-rain-123`) - `folders/`folder_id`` (for example, `
486
+ # folders/1234567890123`) - `organizations/`organization_id`` (for example, `
487
+ # organizations/123456789012`) A constraint's `supports_under` field indicates
488
+ # whether you can specify a hierarchy subtree. To learn which predefined
489
+ # constraints let you specify a hierarchy subtree, see the [constraints
490
+ # reference](https://cloud.google.com/resource-manager/help/organization-policy/
491
+ # constraints/reference).
492
+ # Corresponds to the JSON property `values`
493
+ # @return [Google::Apis::SecuritypostureV1::GoogleCloudSecuritypostureV1PolicyRuleStringValues]
494
+ attr_accessor :values
495
+
496
+ def initialize(**args)
497
+ update!(**args)
498
+ end
499
+
500
+ # Update properties of this object
501
+ def update!(**args)
502
+ @allow_all = args[:allow_all] if args.key?(:allow_all)
503
+ @condition = args[:condition] if args.key?(:condition)
504
+ @deny_all = args[:deny_all] if args.key?(:deny_all)
505
+ @enforce = args[:enforce] if args.key?(:enforce)
506
+ @parameters = args[:parameters] if args.key?(:parameters)
507
+ @resource_types = args[:resource_types] if args.key?(:resource_types)
508
+ @values = args[:values] if args.key?(:values)
509
+ end
510
+ end
511
+
512
+ # The allowed and denied values for a list constraint. For all constraints,
513
+ # these fields can contain literal values. Optionally, you can add the `is:`
514
+ # prefix to these values. If the value contains a colon (`:`), then the `is:`
515
+ # prefix is required. Some constraints allow you to specify a portion of the
516
+ # resource hierarchy, known as a [_hierarchy subtree_](https://cloud.google.com/
517
+ # resource-manager/help/organization-policy/hierarchy-subtree), that the
518
+ # constraint applies to. To specify a hierarchy subtree, use the `under:` prefix,
519
+ # followed by a value with one of these formats: - `projects/`project_id`` (for
520
+ # example, `projects/tokyo-rain-123`) - `folders/`folder_id`` (for example, `
521
+ # folders/1234567890123`) - `organizations/`organization_id`` (for example, `
522
+ # organizations/123456789012`) A constraint's `supports_under` field indicates
523
+ # whether you can specify a hierarchy subtree. To learn which predefined
524
+ # constraints let you specify a hierarchy subtree, see the [constraints
525
+ # reference](https://cloud.google.com/resource-manager/help/organization-policy/
526
+ # constraints/reference).
527
+ class GoogleCloudSecuritypostureV1PolicyRuleStringValues
528
+ include Google::Apis::Core::Hashable
529
+
530
+ # The allowed values for the constraint.
531
+ # Corresponds to the JSON property `allowedValues`
532
+ # @return [Array<String>]
533
+ attr_accessor :allowed_values
534
+
535
+ # The denied values for the constraint.
536
+ # Corresponds to the JSON property `deniedValues`
537
+ # @return [Array<String>]
538
+ attr_accessor :denied_values
539
+
540
+ def initialize(**args)
541
+ update!(**args)
542
+ end
543
+
544
+ # Update properties of this object
545
+ def update!(**args)
546
+ @allowed_values = args[:allowed_values] if args.key?(:allowed_values)
547
+ @denied_values = args[:denied_values] if args.key?(:denied_values)
548
+ end
549
+ end
550
+
551
+ # Details of an infrastructure-as-code (IaC) configuration.
552
+ class IaC
553
+ include Google::Apis::Core::Hashable
554
+
555
+ # Optional. A Terraform plan file, formatted as a stringified JSON object. To
556
+ # learn how to generate a Terraform plan file in JSON format, see [JSON output
557
+ # format](https://developer.hashicorp.com/terraform/internals/json-format) in
558
+ # the Terraform documentation.
559
+ # Corresponds to the JSON property `tfPlan`
560
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
561
+ # @return [String]
562
+ attr_accessor :tf_plan
563
+
564
+ def initialize(**args)
565
+ update!(**args)
566
+ end
567
+
568
+ # Update properties of this object
569
+ def update!(**args)
570
+ @tf_plan = args[:tf_plan] if args.key?(:tf_plan)
571
+ end
572
+ end
573
+
574
+ # Details of an infrastructure-as-code (IaC) validation report.
575
+ class IaCValidationReport
576
+ include Google::Apis::Core::Hashable
577
+
578
+ # Additional information about the report.
579
+ # Corresponds to the JSON property `note`
580
+ # @return [String]
581
+ attr_accessor :note
582
+
583
+ # A list of every Violation found in the IaC configuration.
584
+ # Corresponds to the JSON property `violations`
585
+ # @return [Array<Google::Apis::SecuritypostureV1::Violation>]
586
+ attr_accessor :violations
587
+
588
+ def initialize(**args)
589
+ update!(**args)
590
+ end
591
+
592
+ # Update properties of this object
593
+ def update!(**args)
594
+ @note = args[:note] if args.key?(:note)
595
+ @violations = args[:violations] if args.key?(:violations)
596
+ end
597
+ end
598
+
599
+ # The response message for Locations.ListLocations.
600
+ class ListLocationsResponse
601
+ include Google::Apis::Core::Hashable
602
+
603
+ # A list of locations that matches the specified filter in the request.
604
+ # Corresponds to the JSON property `locations`
605
+ # @return [Array<Google::Apis::SecuritypostureV1::Location>]
606
+ attr_accessor :locations
607
+
608
+ # The standard List next-page token.
609
+ # Corresponds to the JSON property `nextPageToken`
610
+ # @return [String]
611
+ attr_accessor :next_page_token
612
+
613
+ def initialize(**args)
614
+ update!(**args)
615
+ end
616
+
617
+ # Update properties of this object
618
+ def update!(**args)
619
+ @locations = args[:locations] if args.key?(:locations)
620
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
621
+ end
622
+ end
623
+
624
+ # The response message for Operations.ListOperations.
625
+ class ListOperationsResponse
626
+ include Google::Apis::Core::Hashable
627
+
628
+ # The standard List next-page token.
629
+ # Corresponds to the JSON property `nextPageToken`
630
+ # @return [String]
631
+ attr_accessor :next_page_token
632
+
633
+ # A list of operations that matches the specified filter in the request.
634
+ # Corresponds to the JSON property `operations`
635
+ # @return [Array<Google::Apis::SecuritypostureV1::Operation>]
636
+ attr_accessor :operations
637
+
638
+ def initialize(**args)
639
+ update!(**args)
640
+ end
641
+
642
+ # Update properties of this object
643
+ def update!(**args)
644
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
645
+ @operations = args[:operations] if args.key?(:operations)
646
+ end
647
+ end
648
+
649
+ # Response message for ListPostureDeployments.
650
+ class ListPostureDeploymentsResponse
651
+ include Google::Apis::Core::Hashable
652
+
653
+ # A pagination token. To retrieve the next page of results, call the method
654
+ # again with this token.
655
+ # Corresponds to the JSON property `nextPageToken`
656
+ # @return [String]
657
+ attr_accessor :next_page_token
658
+
659
+ # The list of PostureDeployment resources.
660
+ # Corresponds to the JSON property `postureDeployments`
661
+ # @return [Array<Google::Apis::SecuritypostureV1::PostureDeployment>]
662
+ attr_accessor :posture_deployments
663
+
664
+ # Locations that were temporarily unavailable and could not be reached.
665
+ # Corresponds to the JSON property `unreachable`
666
+ # @return [Array<String>]
667
+ attr_accessor :unreachable
668
+
669
+ def initialize(**args)
670
+ update!(**args)
671
+ end
672
+
673
+ # Update properties of this object
674
+ def update!(**args)
675
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
676
+ @posture_deployments = args[:posture_deployments] if args.key?(:posture_deployments)
677
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
678
+ end
679
+ end
680
+
681
+ # Response message for ListPostureRevisions.
682
+ class ListPostureRevisionsResponse
683
+ include Google::Apis::Core::Hashable
684
+
685
+ # A pagination token. To retrieve the next page of results, call the method
686
+ # again with this token.
687
+ # Corresponds to the JSON property `nextPageToken`
688
+ # @return [String]
689
+ attr_accessor :next_page_token
690
+
691
+ # The list of revisions for the Posture.
692
+ # Corresponds to the JSON property `revisions`
693
+ # @return [Array<Google::Apis::SecuritypostureV1::Posture>]
694
+ attr_accessor :revisions
695
+
696
+ def initialize(**args)
697
+ update!(**args)
698
+ end
699
+
700
+ # Update properties of this object
701
+ def update!(**args)
702
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
703
+ @revisions = args[:revisions] if args.key?(:revisions)
704
+ end
705
+ end
706
+
707
+ # Response message for ListPostureTemplates.
708
+ class ListPostureTemplatesResponse
709
+ include Google::Apis::Core::Hashable
710
+
711
+ # A pagination token. To retrieve the next page of results, call the method
712
+ # again with this token.
713
+ # Corresponds to the JSON property `nextPageToken`
714
+ # @return [String]
715
+ attr_accessor :next_page_token
716
+
717
+ # The list of PostureTemplate resources.
718
+ # Corresponds to the JSON property `postureTemplates`
719
+ # @return [Array<Google::Apis::SecuritypostureV1::PostureTemplate>]
720
+ attr_accessor :posture_templates
721
+
722
+ def initialize(**args)
723
+ update!(**args)
724
+ end
725
+
726
+ # Update properties of this object
727
+ def update!(**args)
728
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
729
+ @posture_templates = args[:posture_templates] if args.key?(:posture_templates)
730
+ end
731
+ end
732
+
733
+ # Response message for ListPostures.
734
+ class ListPosturesResponse
735
+ include Google::Apis::Core::Hashable
736
+
737
+ # A pagination token. To retrieve the next page of results, call the method
738
+ # again with this token.
739
+ # Corresponds to the JSON property `nextPageToken`
740
+ # @return [String]
741
+ attr_accessor :next_page_token
742
+
743
+ # The list of Posture resources.
744
+ # Corresponds to the JSON property `postures`
745
+ # @return [Array<Google::Apis::SecuritypostureV1::Posture>]
746
+ attr_accessor :postures
747
+
748
+ # Locations that were temporarily unavailable and could not be reached.
749
+ # Corresponds to the JSON property `unreachable`
750
+ # @return [Array<String>]
751
+ attr_accessor :unreachable
752
+
753
+ def initialize(**args)
754
+ update!(**args)
755
+ end
756
+
757
+ # Update properties of this object
758
+ def update!(**args)
759
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
760
+ @postures = args[:postures] if args.key?(:postures)
761
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
762
+ end
763
+ end
764
+
765
+ # Response message for ListReports.
766
+ class ListReportsResponse
767
+ include Google::Apis::Core::Hashable
768
+
769
+ # A pagination token. To retrieve the next page of results, call the method
770
+ # again with this token.
771
+ # Corresponds to the JSON property `nextPageToken`
772
+ # @return [String]
773
+ attr_accessor :next_page_token
774
+
775
+ # The list of Report resources.
776
+ # Corresponds to the JSON property `reports`
777
+ # @return [Array<Google::Apis::SecuritypostureV1::Report>]
778
+ attr_accessor :reports
779
+
780
+ # Locations that were temporarily unavailable and could not be reached.
781
+ # Corresponds to the JSON property `unreachable`
782
+ # @return [Array<String>]
783
+ attr_accessor :unreachable
784
+
785
+ def initialize(**args)
786
+ update!(**args)
787
+ end
788
+
789
+ # Update properties of this object
790
+ def update!(**args)
791
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
792
+ @reports = args[:reports] if args.key?(:reports)
793
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
794
+ end
795
+ end
796
+
797
+ # A resource that represents a Google Cloud location.
798
+ class Location
799
+ include Google::Apis::Core::Hashable
800
+
801
+ # The friendly name for this location, typically a nearby city name. For example,
802
+ # "Tokyo".
803
+ # Corresponds to the JSON property `displayName`
804
+ # @return [String]
805
+ attr_accessor :display_name
806
+
807
+ # Cross-service attributes for the location. For example `"cloud.googleapis.com/
808
+ # region": "us-east1"`
809
+ # Corresponds to the JSON property `labels`
810
+ # @return [Hash<String,String>]
811
+ attr_accessor :labels
812
+
813
+ # The canonical id for this location. For example: `"us-east1"`.
814
+ # Corresponds to the JSON property `locationId`
815
+ # @return [String]
816
+ attr_accessor :location_id
817
+
818
+ # Service-specific metadata. For example the available capacity at the given
819
+ # location.
820
+ # Corresponds to the JSON property `metadata`
821
+ # @return [Hash<String,Object>]
822
+ attr_accessor :metadata
823
+
824
+ # Resource name for the location, which may vary between implementations. For
825
+ # example: `"projects/example-project/locations/us-east1"`
826
+ # Corresponds to the JSON property `name`
827
+ # @return [String]
828
+ attr_accessor :name
829
+
830
+ def initialize(**args)
831
+ update!(**args)
832
+ end
833
+
834
+ # Update properties of this object
835
+ def update!(**args)
836
+ @display_name = args[:display_name] if args.key?(:display_name)
837
+ @labels = args[:labels] if args.key?(:labels)
838
+ @location_id = args[:location_id] if args.key?(:location_id)
839
+ @metadata = args[:metadata] if args.key?(:metadata)
840
+ @name = args[:name] if args.key?(:name)
841
+ end
842
+ end
843
+
844
+ # This resource represents a long-running operation that is the result of a
845
+ # network API call.
846
+ class Operation
847
+ include Google::Apis::Core::Hashable
848
+
849
+ # If the value is `false`, it means the operation is still in progress. If `true`
850
+ # , the operation is completed, and either `error` or `response` is available.
851
+ # Corresponds to the JSON property `done`
852
+ # @return [Boolean]
853
+ attr_accessor :done
854
+ alias_method :done?, :done
855
+
856
+ # The `Status` type defines a logical error model that is suitable for different
857
+ # programming environments, including REST APIs and RPC APIs. It is used by [
858
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
859
+ # data: error code, error message, and error details. You can find out more
860
+ # about this error model and how to work with it in the [API Design Guide](https:
861
+ # //cloud.google.com/apis/design/errors).
862
+ # Corresponds to the JSON property `error`
863
+ # @return [Google::Apis::SecuritypostureV1::Status]
864
+ attr_accessor :error
865
+
866
+ # Service-specific metadata associated with the operation. It typically contains
867
+ # progress information and common metadata such as create time. Some services
868
+ # might not provide such metadata. Any method that returns a long-running
869
+ # operation should document the metadata type, if any.
870
+ # Corresponds to the JSON property `metadata`
871
+ # @return [Hash<String,Object>]
872
+ attr_accessor :metadata
873
+
874
+ # The server-assigned name, which is only unique within the same service that
875
+ # originally returns it. If you use the default HTTP mapping, the `name` should
876
+ # be a resource name ending with `operations/`unique_id``.
877
+ # Corresponds to the JSON property `name`
878
+ # @return [String]
879
+ attr_accessor :name
880
+
881
+ # The normal, successful response of the operation. If the original method
882
+ # returns no data on success, such as `Delete`, the response is `google.protobuf.
883
+ # Empty`. If the original method is standard `Get`/`Create`/`Update`, the
884
+ # response should be the resource. For other methods, the response should have
885
+ # the type `XxxResponse`, where `Xxx` is the original method name. For example,
886
+ # if the original method name is `TakeSnapshot()`, the inferred response type is
887
+ # `TakeSnapshotResponse`.
888
+ # Corresponds to the JSON property `response`
889
+ # @return [Hash<String,Object>]
890
+ attr_accessor :response
891
+
892
+ def initialize(**args)
893
+ update!(**args)
894
+ end
895
+
896
+ # Update properties of this object
897
+ def update!(**args)
898
+ @done = args[:done] if args.key?(:done)
899
+ @error = args[:error] if args.key?(:error)
900
+ @metadata = args[:metadata] if args.key?(:metadata)
901
+ @name = args[:name] if args.key?(:name)
902
+ @response = args[:response] if args.key?(:response)
903
+ end
904
+ end
905
+
906
+ # Metadata for an Operation.
907
+ class OperationMetadata
908
+ include Google::Apis::Core::Hashable
909
+
910
+ # Output only. The API version used to start the operation.
911
+ # Corresponds to the JSON property `apiVersion`
912
+ # @return [String]
913
+ attr_accessor :api_version
914
+
915
+ # Output only. The time at which the operation was created.
916
+ # Corresponds to the JSON property `createTime`
917
+ # @return [String]
918
+ attr_accessor :create_time
919
+
920
+ # Output only. The time at which the operation finished running.
921
+ # Corresponds to the JSON property `endTime`
922
+ # @return [String]
923
+ attr_accessor :end_time
924
+
925
+ # Output only. An error message. Returned when a PostureDeployment enters a
926
+ # failure state like UPDATE_FAILED.
927
+ # Corresponds to the JSON property `errorMessage`
928
+ # @return [String]
929
+ attr_accessor :error_message
930
+
931
+ # Output only. Whether a request to cancel the operation has been received. For
932
+ # operations that have been cancelled successfully, the Operation.error field
933
+ # contains the error code CANCELLED.
934
+ # Corresponds to the JSON property `requestedCancellation`
935
+ # @return [Boolean]
936
+ attr_accessor :requested_cancellation
937
+ alias_method :requested_cancellation?, :requested_cancellation
938
+
939
+ # Output only. The status of the operation, if any.
940
+ # Corresponds to the JSON property `statusMessage`
941
+ # @return [String]
942
+ attr_accessor :status_message
943
+
944
+ # Output only. The server-defined resource path for the target of the operation.
945
+ # Corresponds to the JSON property `target`
946
+ # @return [String]
947
+ attr_accessor :target
948
+
949
+ # Output only. The name of the action executed by the operation.
950
+ # Corresponds to the JSON property `verb`
951
+ # @return [String]
952
+ attr_accessor :verb
953
+
954
+ def initialize(**args)
955
+ update!(**args)
956
+ end
957
+
958
+ # Update properties of this object
959
+ def update!(**args)
960
+ @api_version = args[:api_version] if args.key?(:api_version)
961
+ @create_time = args[:create_time] if args.key?(:create_time)
962
+ @end_time = args[:end_time] if args.key?(:end_time)
963
+ @error_message = args[:error_message] if args.key?(:error_message)
964
+ @requested_cancellation = args[:requested_cancellation] if args.key?(:requested_cancellation)
965
+ @status_message = args[:status_message] if args.key?(:status_message)
966
+ @target = args[:target] if args.key?(:target)
967
+ @verb = args[:verb] if args.key?(:verb)
968
+ end
969
+ end
970
+
971
+ # A predefined organization policy constraint.
972
+ class OrgPolicyConstraint
973
+ include Google::Apis::Core::Hashable
974
+
975
+ # Required. A unique identifier for the constraint.
976
+ # Corresponds to the JSON property `cannedConstraintId`
977
+ # @return [String]
978
+ attr_accessor :canned_constraint_id
979
+
980
+ # Required. The rules enforced by the constraint.
981
+ # Corresponds to the JSON property `policyRules`
982
+ # @return [Array<Google::Apis::SecuritypostureV1::GoogleCloudSecuritypostureV1PolicyRule>]
983
+ attr_accessor :policy_rules
984
+
985
+ def initialize(**args)
986
+ update!(**args)
987
+ end
988
+
989
+ # Update properties of this object
990
+ def update!(**args)
991
+ @canned_constraint_id = args[:canned_constraint_id] if args.key?(:canned_constraint_id)
992
+ @policy_rules = args[:policy_rules] if args.key?(:policy_rules)
993
+ end
994
+ end
995
+
996
+ # A custom organization policy constraint.
997
+ class OrgPolicyConstraintCustom
998
+ include Google::Apis::Core::Hashable
999
+
1000
+ # A custom, user-defined constraint. You can apply the constraint only to the
1001
+ # resource types specified in the constraint, and only within the organization
1002
+ # where the constraint is defined. _When you create a custom constraint, it is
1003
+ # not enforced automatically._ You must use an organization policy to [enforce
1004
+ # the constraint](https://cloud.google.com/resource-manager/help/organization-
1005
+ # policy/constraints/enforce).
1006
+ # Corresponds to the JSON property `customConstraint`
1007
+ # @return [Google::Apis::SecuritypostureV1::GoogleCloudSecuritypostureV1CustomConstraint]
1008
+ attr_accessor :custom_constraint
1009
+
1010
+ # Required. The rules enforced by the constraint.
1011
+ # Corresponds to the JSON property `policyRules`
1012
+ # @return [Array<Google::Apis::SecuritypostureV1::GoogleCloudSecuritypostureV1PolicyRule>]
1013
+ attr_accessor :policy_rules
1014
+
1015
+ def initialize(**args)
1016
+ update!(**args)
1017
+ end
1018
+
1019
+ # Update properties of this object
1020
+ def update!(**args)
1021
+ @custom_constraint = args[:custom_constraint] if args.key?(:custom_constraint)
1022
+ @policy_rules = args[:policy_rules] if args.key?(:policy_rules)
1023
+ end
1024
+ end
1025
+
1026
+ # The details of a policy, including the constraints that it includes.
1027
+ class Policy
1028
+ include Google::Apis::Core::Hashable
1029
+
1030
+ # Optional. The compliance standards that the policy helps enforce.
1031
+ # Corresponds to the JSON property `complianceStandards`
1032
+ # @return [Array<Google::Apis::SecuritypostureV1::ComplianceStandard>]
1033
+ attr_accessor :compliance_standards
1034
+
1035
+ # Metadata for a constraint in a Policy.
1036
+ # Corresponds to the JSON property `constraint`
1037
+ # @return [Google::Apis::SecuritypostureV1::Constraint]
1038
+ attr_accessor :constraint
1039
+
1040
+ # Optional. A description of the policy.
1041
+ # Corresponds to the JSON property `description`
1042
+ # @return [String]
1043
+ attr_accessor :description
1044
+
1045
+ # Required. A user-specified identifier for the policy. In a PolicySet, each
1046
+ # policy must have a unique identifier.
1047
+ # Corresponds to the JSON property `policyId`
1048
+ # @return [String]
1049
+ attr_accessor :policy_id
1050
+
1051
+ def initialize(**args)
1052
+ update!(**args)
1053
+ end
1054
+
1055
+ # Update properties of this object
1056
+ def update!(**args)
1057
+ @compliance_standards = args[:compliance_standards] if args.key?(:compliance_standards)
1058
+ @constraint = args[:constraint] if args.key?(:constraint)
1059
+ @description = args[:description] if args.key?(:description)
1060
+ @policy_id = args[:policy_id] if args.key?(:policy_id)
1061
+ end
1062
+ end
1063
+
1064
+ # Details of a policy that was violated.
1065
+ class PolicyDetails
1066
+ include Google::Apis::Core::Hashable
1067
+
1068
+ # The compliance standards that the policy maps to. For example, `CIS-2.0 1.15`.
1069
+ # Corresponds to the JSON property `complianceStandards`
1070
+ # @return [Array<String>]
1071
+ attr_accessor :compliance_standards
1072
+
1073
+ # Information about the constraint that was violated. The format of this
1074
+ # information can change at any time without prior notice. Your application must
1075
+ # not depend on this information in any way.
1076
+ # Corresponds to the JSON property `constraint`
1077
+ # @return [String]
1078
+ attr_accessor :constraint
1079
+
1080
+ # The type of constraint that was violated.
1081
+ # Corresponds to the JSON property `constraintType`
1082
+ # @return [String]
1083
+ attr_accessor :constraint_type
1084
+
1085
+ # A description of the policy.
1086
+ # Corresponds to the JSON property `description`
1087
+ # @return [String]
1088
+ attr_accessor :description
1089
+
1090
+ def initialize(**args)
1091
+ update!(**args)
1092
+ end
1093
+
1094
+ # Update properties of this object
1095
+ def update!(**args)
1096
+ @compliance_standards = args[:compliance_standards] if args.key?(:compliance_standards)
1097
+ @constraint = args[:constraint] if args.key?(:constraint)
1098
+ @constraint_type = args[:constraint_type] if args.key?(:constraint_type)
1099
+ @description = args[:description] if args.key?(:description)
1100
+ end
1101
+ end
1102
+
1103
+ # A group of one or more Policy resources.
1104
+ class PolicySet
1105
+ include Google::Apis::Core::Hashable
1106
+
1107
+ # Optional. A description of the policy set.
1108
+ # Corresponds to the JSON property `description`
1109
+ # @return [String]
1110
+ attr_accessor :description
1111
+
1112
+ # Required. The Policy resources in the policy set. Each policy must have a
1113
+ # policy_id that's unique within the policy set.
1114
+ # Corresponds to the JSON property `policies`
1115
+ # @return [Array<Google::Apis::SecuritypostureV1::Policy>]
1116
+ attr_accessor :policies
1117
+
1118
+ # Required. An identifier for the policy set.
1119
+ # Corresponds to the JSON property `policySetId`
1120
+ # @return [String]
1121
+ attr_accessor :policy_set_id
1122
+
1123
+ def initialize(**args)
1124
+ update!(**args)
1125
+ end
1126
+
1127
+ # Update properties of this object
1128
+ def update!(**args)
1129
+ @description = args[:description] if args.key?(:description)
1130
+ @policies = args[:policies] if args.key?(:policies)
1131
+ @policy_set_id = args[:policy_set_id] if args.key?(:policy_set_id)
1132
+ end
1133
+ end
1134
+
1135
+ # The details of a posture.
1136
+ class Posture
1137
+ include Google::Apis::Core::Hashable
1138
+
1139
+ # Optional. The user-specified annotations for the posture. For details about
1140
+ # the values you can use in an annotation, see [AIP-148: Standard fields](https:/
1141
+ # /google.aip.dev/148#annotations).
1142
+ # Corresponds to the JSON property `annotations`
1143
+ # @return [Hash<String,String>]
1144
+ attr_accessor :annotations
1145
+
1146
+ # Output only. The categories that the posture belongs to, as determined by the
1147
+ # Security Posture API.
1148
+ # Corresponds to the JSON property `categories`
1149
+ # @return [Array<String>]
1150
+ attr_accessor :categories
1151
+
1152
+ # Output only. The time at which the posture was created.
1153
+ # Corresponds to the JSON property `createTime`
1154
+ # @return [String]
1155
+ attr_accessor :create_time
1156
+
1157
+ # Optional. A description of the posture.
1158
+ # Corresponds to the JSON property `description`
1159
+ # @return [String]
1160
+ attr_accessor :description
1161
+
1162
+ # Optional. An opaque identifier for the current version of the posture at the
1163
+ # specified `revision_id`. To prevent concurrent updates from overwriting each
1164
+ # other, always provide the `etag` when you update a posture. You can also
1165
+ # provide the `etag` when you delete a posture, to help ensure that you're
1166
+ # deleting the intended version of the posture.
1167
+ # Corresponds to the JSON property `etag`
1168
+ # @return [String]
1169
+ attr_accessor :etag
1170
+
1171
+ # Required. Identifier. The name of the posture, in the format `organizations/`
1172
+ # organization`/locations/global/postures/`posture_id``.
1173
+ # Corresponds to the JSON property `name`
1174
+ # @return [String]
1175
+ attr_accessor :name
1176
+
1177
+ # Required. The PolicySet resources that the posture includes.
1178
+ # Corresponds to the JSON property `policySets`
1179
+ # @return [Array<Google::Apis::SecuritypostureV1::PolicySet>]
1180
+ attr_accessor :policy_sets
1181
+
1182
+ # Output only. Whether the posture is in the process of being updated.
1183
+ # Corresponds to the JSON property `reconciling`
1184
+ # @return [Boolean]
1185
+ attr_accessor :reconciling
1186
+ alias_method :reconciling?, :reconciling
1187
+
1188
+ # Output only. Immutable. An opaque eight-character string that identifies the
1189
+ # revision of the posture. A posture can have multiple revisions; when you
1190
+ # deploy a posture, you deploy a specific revision of the posture.
1191
+ # Corresponds to the JSON property `revisionId`
1192
+ # @return [String]
1193
+ attr_accessor :revision_id
1194
+
1195
+ # Required. The state of the posture at the specified `revision_id`.
1196
+ # Corresponds to the JSON property `state`
1197
+ # @return [String]
1198
+ attr_accessor :state
1199
+
1200
+ # Output only. The time at which the posture was last updated.
1201
+ # Corresponds to the JSON property `updateTime`
1202
+ # @return [String]
1203
+ attr_accessor :update_time
1204
+
1205
+ def initialize(**args)
1206
+ update!(**args)
1207
+ end
1208
+
1209
+ # Update properties of this object
1210
+ def update!(**args)
1211
+ @annotations = args[:annotations] if args.key?(:annotations)
1212
+ @categories = args[:categories] if args.key?(:categories)
1213
+ @create_time = args[:create_time] if args.key?(:create_time)
1214
+ @description = args[:description] if args.key?(:description)
1215
+ @etag = args[:etag] if args.key?(:etag)
1216
+ @name = args[:name] if args.key?(:name)
1217
+ @policy_sets = args[:policy_sets] if args.key?(:policy_sets)
1218
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1219
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
1220
+ @state = args[:state] if args.key?(:state)
1221
+ @update_time = args[:update_time] if args.key?(:update_time)
1222
+ end
1223
+ end
1224
+
1225
+ # Details for a Posture deployment on an organization, folder, or project. You
1226
+ # can deploy at most one posture to each organization, folder, or project. The
1227
+ # parent resource for a posture deployment is always the organization, even if
1228
+ # the deployment applies to a folder or project.
1229
+ class PostureDeployment
1230
+ include Google::Apis::Core::Hashable
1231
+
1232
+ # Optional. The user-specified annotations for the posture deployment. For
1233
+ # details about the values you can use in an annotation, see [AIP-148: Standard
1234
+ # fields](https://google.aip.dev/148#annotations).
1235
+ # Corresponds to the JSON property `annotations`
1236
+ # @return [Hash<String,String>]
1237
+ attr_accessor :annotations
1238
+
1239
+ # Output only. The categories that the posture deployment belongs to, as
1240
+ # determined by the Security Posture API.
1241
+ # Corresponds to the JSON property `categories`
1242
+ # @return [Array<String>]
1243
+ attr_accessor :categories
1244
+
1245
+ # Output only. The time at which the posture deployment was created.
1246
+ # Corresponds to the JSON property `createTime`
1247
+ # @return [String]
1248
+ attr_accessor :create_time
1249
+
1250
+ # Optional. A description of the posture deployment.
1251
+ # Corresponds to the JSON property `description`
1252
+ # @return [String]
1253
+ attr_accessor :description
1254
+
1255
+ # Output only. The posture ID that was specified for the deployment. Present
1256
+ # only if the posture deployment is in a failed state.
1257
+ # Corresponds to the JSON property `desiredPostureId`
1258
+ # @return [String]
1259
+ attr_accessor :desired_posture_id
1260
+
1261
+ # Output only. The revision ID of the posture that was specified for the
1262
+ # deployment. Present only if the deployment is in a failed state.
1263
+ # Corresponds to the JSON property `desiredPostureRevisionId`
1264
+ # @return [String]
1265
+ attr_accessor :desired_posture_revision_id
1266
+
1267
+ # Optional. An opaque identifier for the current version of the posture
1268
+ # deployment. To prevent concurrent updates from overwriting each other, always
1269
+ # provide the `etag` when you update a posture deployment. You can also provide
1270
+ # the `etag` when you delete a posture deployment, to help ensure that you're
1271
+ # deleting the intended posture deployment.
1272
+ # Corresponds to the JSON property `etag`
1273
+ # @return [String]
1274
+ attr_accessor :etag
1275
+
1276
+ # Output only. A description of why the posture deployment failed. Present only
1277
+ # if the deployment is in a failed state.
1278
+ # Corresponds to the JSON property `failureMessage`
1279
+ # @return [String]
1280
+ attr_accessor :failure_message
1281
+
1282
+ # Required. Identifier. The name of the posture deployment, in the format `
1283
+ # organizations/`organization`/locations/global/postureDeployments/`
1284
+ # deployment_id``.
1285
+ # Corresponds to the JSON property `name`
1286
+ # @return [String]
1287
+ attr_accessor :name
1288
+
1289
+ # Required. The posture used in the deployment, in the format `organizations/`
1290
+ # organization`/locations/global/postures/`posture_id``.
1291
+ # Corresponds to the JSON property `postureId`
1292
+ # @return [String]
1293
+ attr_accessor :posture_id
1294
+
1295
+ # Required. The revision ID of the posture used in the deployment.
1296
+ # Corresponds to the JSON property `postureRevisionId`
1297
+ # @return [String]
1298
+ attr_accessor :posture_revision_id
1299
+
1300
+ # Output only. Whether the posture deployment is in the process of being updated.
1301
+ # Corresponds to the JSON property `reconciling`
1302
+ # @return [Boolean]
1303
+ attr_accessor :reconciling
1304
+ alias_method :reconciling?, :reconciling
1305
+
1306
+ # Output only. The state of the posture deployment.
1307
+ # Corresponds to the JSON property `state`
1308
+ # @return [String]
1309
+ attr_accessor :state
1310
+
1311
+ # Required. The organization, folder, or project where the posture is deployed.
1312
+ # Uses one of the following formats: * `organizations/`organization_number`` * `
1313
+ # folders/`folder_number`` * `projects/`project_number``
1314
+ # Corresponds to the JSON property `targetResource`
1315
+ # @return [String]
1316
+ attr_accessor :target_resource
1317
+
1318
+ # Output only. The time at which the posture deployment was last updated.
1319
+ # Corresponds to the JSON property `updateTime`
1320
+ # @return [String]
1321
+ attr_accessor :update_time
1322
+
1323
+ def initialize(**args)
1324
+ update!(**args)
1325
+ end
1326
+
1327
+ # Update properties of this object
1328
+ def update!(**args)
1329
+ @annotations = args[:annotations] if args.key?(:annotations)
1330
+ @categories = args[:categories] if args.key?(:categories)
1331
+ @create_time = args[:create_time] if args.key?(:create_time)
1332
+ @description = args[:description] if args.key?(:description)
1333
+ @desired_posture_id = args[:desired_posture_id] if args.key?(:desired_posture_id)
1334
+ @desired_posture_revision_id = args[:desired_posture_revision_id] if args.key?(:desired_posture_revision_id)
1335
+ @etag = args[:etag] if args.key?(:etag)
1336
+ @failure_message = args[:failure_message] if args.key?(:failure_message)
1337
+ @name = args[:name] if args.key?(:name)
1338
+ @posture_id = args[:posture_id] if args.key?(:posture_id)
1339
+ @posture_revision_id = args[:posture_revision_id] if args.key?(:posture_revision_id)
1340
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1341
+ @state = args[:state] if args.key?(:state)
1342
+ @target_resource = args[:target_resource] if args.key?(:target_resource)
1343
+ @update_time = args[:update_time] if args.key?(:update_time)
1344
+ end
1345
+ end
1346
+
1347
+ # Details of a posture deployment.
1348
+ class PostureDetails
1349
+ include Google::Apis::Core::Hashable
1350
+
1351
+ # The identifier for the PolicySet that the relevant policy belongs to.
1352
+ # Corresponds to the JSON property `policySet`
1353
+ # @return [String]
1354
+ attr_accessor :policy_set
1355
+
1356
+ # The posture used in the deployment, in the format `organizations/`organization`
1357
+ # /locations/global/postures/`posture_id``.
1358
+ # Corresponds to the JSON property `posture`
1359
+ # @return [String]
1360
+ attr_accessor :posture
1361
+
1362
+ # The name of the posture deployment, in the format `organizations/`organization`
1363
+ # /locations/global/postureDeployments/`deployment_id``.
1364
+ # Corresponds to the JSON property `postureDeployment`
1365
+ # @return [String]
1366
+ attr_accessor :posture_deployment
1367
+
1368
+ # The organization, folder, or project where the posture is deployed. Uses one
1369
+ # of the following formats: * `organizations/`organization_number`` * `folders/`
1370
+ # folder_number`` * `projects/`project_number``
1371
+ # Corresponds to the JSON property `postureDeploymentTargetResource`
1372
+ # @return [String]
1373
+ attr_accessor :posture_deployment_target_resource
1374
+
1375
+ # The revision ID of the posture used in the deployment.
1376
+ # Corresponds to the JSON property `postureRevisionId`
1377
+ # @return [String]
1378
+ attr_accessor :posture_revision_id
1379
+
1380
+ def initialize(**args)
1381
+ update!(**args)
1382
+ end
1383
+
1384
+ # Update properties of this object
1385
+ def update!(**args)
1386
+ @policy_set = args[:policy_set] if args.key?(:policy_set)
1387
+ @posture = args[:posture] if args.key?(:posture)
1388
+ @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
1389
+ @posture_deployment_target_resource = args[:posture_deployment_target_resource] if args.key?(:posture_deployment_target_resource)
1390
+ @posture_revision_id = args[:posture_revision_id] if args.key?(:posture_revision_id)
1391
+ end
1392
+ end
1393
+
1394
+ # The details of a posture template.
1395
+ class PostureTemplate
1396
+ include Google::Apis::Core::Hashable
1397
+
1398
+ # Output only. The categories that the posture template belongs to, as
1399
+ # determined by the Security Posture API.
1400
+ # Corresponds to the JSON property `categories`
1401
+ # @return [Array<String>]
1402
+ attr_accessor :categories
1403
+
1404
+ # Output only. A description of the posture template.
1405
+ # Corresponds to the JSON property `description`
1406
+ # @return [String]
1407
+ attr_accessor :description
1408
+
1409
+ # Output only. Identifier. The name of the posture template, in the format `
1410
+ # organizations/`organization`/locations/global/postureTemplates/`
1411
+ # posture_template``.
1412
+ # Corresponds to the JSON property `name`
1413
+ # @return [String]
1414
+ attr_accessor :name
1415
+
1416
+ # Output only. The PolicySet resources that the posture template includes.
1417
+ # Corresponds to the JSON property `policySets`
1418
+ # @return [Array<Google::Apis::SecuritypostureV1::PolicySet>]
1419
+ attr_accessor :policy_sets
1420
+
1421
+ # Output only. A string that identifies the revision of the posture template.
1422
+ # Corresponds to the JSON property `revisionId`
1423
+ # @return [String]
1424
+ attr_accessor :revision_id
1425
+
1426
+ # Output only. The state of the posture template at the specified `revision_id`.
1427
+ # Corresponds to the JSON property `state`
1428
+ # @return [String]
1429
+ attr_accessor :state
1430
+
1431
+ def initialize(**args)
1432
+ update!(**args)
1433
+ end
1434
+
1435
+ # Update properties of this object
1436
+ def update!(**args)
1437
+ @categories = args[:categories] if args.key?(:categories)
1438
+ @description = args[:description] if args.key?(:description)
1439
+ @name = args[:name] if args.key?(:name)
1440
+ @policy_sets = args[:policy_sets] if args.key?(:policy_sets)
1441
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
1442
+ @state = args[:state] if args.key?(:state)
1443
+ end
1444
+ end
1445
+
1446
+ # A name-value pair used as a custom source property.
1447
+ class Property
1448
+ include Google::Apis::Core::Hashable
1449
+
1450
+ # Required. The name of the custom source property.
1451
+ # Corresponds to the JSON property `name`
1452
+ # @return [String]
1453
+ attr_accessor :name
1454
+
1455
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
1456
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
1457
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
1458
+ # "Summary size limit" description: "Determines if a summary is less than 100
1459
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
1460
+ # Requestor is owner" description: "Determines if requestor is the document
1461
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
1462
+ # Logic): title: "Public documents" description: "Determine whether the document
1463
+ # should be publicly visible" expression: "document.type != 'private' &&
1464
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
1465
+ # string" description: "Create a notification string with a timestamp."
1466
+ # expression: "'New message received at ' + string(document.create_time)" The
1467
+ # exact variables and functions that may be referenced within an expression are
1468
+ # determined by the service that evaluates it. See the service documentation for
1469
+ # additional information.
1470
+ # Corresponds to the JSON property `valueExpression`
1471
+ # @return [Google::Apis::SecuritypostureV1::Expr]
1472
+ attr_accessor :value_expression
1473
+
1474
+ def initialize(**args)
1475
+ update!(**args)
1476
+ end
1477
+
1478
+ # Update properties of this object
1479
+ def update!(**args)
1480
+ @name = args[:name] if args.key?(:name)
1481
+ @value_expression = args[:value_expression] if args.key?(:value_expression)
1482
+ end
1483
+ end
1484
+
1485
+ # Details of a report.
1486
+ class Report
1487
+ include Google::Apis::Core::Hashable
1488
+
1489
+ # Output only. The time at which the report was created.
1490
+ # Corresponds to the JSON property `createTime`
1491
+ # @return [String]
1492
+ attr_accessor :create_time
1493
+
1494
+ # Details of an infrastructure-as-code (IaC) validation report.
1495
+ # Corresponds to the JSON property `iacValidationReport`
1496
+ # @return [Google::Apis::SecuritypostureV1::IaCValidationReport]
1497
+ attr_accessor :iac_validation_report
1498
+
1499
+ # Required. The name of the report, in the format `organizations/`organization`/
1500
+ # locations/global/reports/`report_id``.
1501
+ # Corresponds to the JSON property `name`
1502
+ # @return [String]
1503
+ attr_accessor :name
1504
+
1505
+ # Output only. The time at which the report was last updated.
1506
+ # Corresponds to the JSON property `updateTime`
1507
+ # @return [String]
1508
+ attr_accessor :update_time
1509
+
1510
+ def initialize(**args)
1511
+ update!(**args)
1512
+ end
1513
+
1514
+ # Update properties of this object
1515
+ def update!(**args)
1516
+ @create_time = args[:create_time] if args.key?(:create_time)
1517
+ @iac_validation_report = args[:iac_validation_report] if args.key?(:iac_validation_report)
1518
+ @name = args[:name] if args.key?(:name)
1519
+ @update_time = args[:update_time] if args.key?(:update_time)
1520
+ end
1521
+ end
1522
+
1523
+ # A selector for the resource types to run the detector on.
1524
+ class ResourceSelector
1525
+ include Google::Apis::Core::Hashable
1526
+
1527
+ # Required. The resource types to run the detector on. Each custom module can
1528
+ # specify up to 5 resource types.
1529
+ # Corresponds to the JSON property `resourceTypes`
1530
+ # @return [Array<String>]
1531
+ attr_accessor :resource_types
1532
+
1533
+ def initialize(**args)
1534
+ update!(**args)
1535
+ end
1536
+
1537
+ # Update properties of this object
1538
+ def update!(**args)
1539
+ @resource_types = args[:resource_types] if args.key?(:resource_types)
1540
+ end
1541
+ end
1542
+
1543
+ # Set multiple resource types for one policy, eg: resourceTypes: included: -
1544
+ # compute.googleapis.com/Instance - compute.googleapis.com/Disk Constraint
1545
+ # definition contains an empty resource type in order to support multiple
1546
+ # resource types in the policy. Only support Google managed constriaint and
1547
+ # method type is GOVERN_TAGS Refer go/multi-resource-support-force-tags-gmc to
1548
+ # get more details.
1549
+ class ResourceTypes
1550
+ include Google::Apis::Core::Hashable
1551
+
1552
+ # Optional. The resource type we currently support. cloud/orgpolicy/
1553
+ # customconstraintconfig/prod/resource_types.prototext
1554
+ # Corresponds to the JSON property `included`
1555
+ # @return [Array<String>]
1556
+ attr_accessor :included
1557
+
1558
+ def initialize(**args)
1559
+ update!(**args)
1560
+ end
1561
+
1562
+ # Update properties of this object
1563
+ def update!(**args)
1564
+ @included = args[:included] if args.key?(:included)
1565
+ end
1566
+ end
1567
+
1568
+ # A custom module for Security Health Analytics.
1569
+ class SecurityHealthAnalyticsCustomModule
1570
+ include Google::Apis::Core::Hashable
1571
+
1572
+ # A custom module configuration for Security Health Analytics. Use `CustomConfig`
1573
+ # to create custom detectors that generate custom findings for resources that
1574
+ # you specify.
1575
+ # Corresponds to the JSON property `config`
1576
+ # @return [Google::Apis::SecuritypostureV1::CustomConfig]
1577
+ attr_accessor :config
1578
+
1579
+ # Optional. The display name of the custom module. This value is used as the
1580
+ # finding category for all the asset violation findings that the custom module
1581
+ # returns. The display name must contain between 1 and 128 alphanumeric
1582
+ # characters or underscores, and it must start with a lowercase letter.
1583
+ # Corresponds to the JSON property `displayName`
1584
+ # @return [String]
1585
+ attr_accessor :display_name
1586
+
1587
+ # Output only. Immutable. The unique identifier for the custom module. Contains
1588
+ # 1 to 20 digits.
1589
+ # Corresponds to the JSON property `id`
1590
+ # @return [String]
1591
+ attr_accessor :id
1592
+
1593
+ # Whether the custom module is enabled at a specified level of the resource
1594
+ # hierarchy.
1595
+ # Corresponds to the JSON property `moduleEnablementState`
1596
+ # @return [String]
1597
+ attr_accessor :module_enablement_state
1598
+
1599
+ def initialize(**args)
1600
+ update!(**args)
1601
+ end
1602
+
1603
+ # Update properties of this object
1604
+ def update!(**args)
1605
+ @config = args[:config] if args.key?(:config)
1606
+ @display_name = args[:display_name] if args.key?(:display_name)
1607
+ @id = args[:id] if args.key?(:id)
1608
+ @module_enablement_state = args[:module_enablement_state] if args.key?(:module_enablement_state)
1609
+ end
1610
+ end
1611
+
1612
+ # A built-in detector for Security Health Analytics.
1613
+ class SecurityHealthAnalyticsModule
1614
+ include Google::Apis::Core::Hashable
1615
+
1616
+ # Whether the detector is enabled at a specified level of the resource hierarchy.
1617
+ # Corresponds to the JSON property `moduleEnablementState`
1618
+ # @return [String]
1619
+ attr_accessor :module_enablement_state
1620
+
1621
+ # Required. The name of the detector. For example, `BIGQUERY_TABLE_CMEK_DISABLED`
1622
+ # . This field is also used as the finding category for all the asset violation
1623
+ # findings that the detector returns.
1624
+ # Corresponds to the JSON property `moduleName`
1625
+ # @return [String]
1626
+ attr_accessor :module_name
1627
+
1628
+ def initialize(**args)
1629
+ update!(**args)
1630
+ end
1631
+
1632
+ # Update properties of this object
1633
+ def update!(**args)
1634
+ @module_enablement_state = args[:module_enablement_state] if args.key?(:module_enablement_state)
1635
+ @module_name = args[:module_name] if args.key?(:module_name)
1636
+ end
1637
+ end
1638
+
1639
+ # The `Status` type defines a logical error model that is suitable for different
1640
+ # programming environments, including REST APIs and RPC APIs. It is used by [
1641
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
1642
+ # data: error code, error message, and error details. You can find out more
1643
+ # about this error model and how to work with it in the [API Design Guide](https:
1644
+ # //cloud.google.com/apis/design/errors).
1645
+ class Status
1646
+ include Google::Apis::Core::Hashable
1647
+
1648
+ # The status code, which should be an enum value of google.rpc.Code.
1649
+ # Corresponds to the JSON property `code`
1650
+ # @return [Fixnum]
1651
+ attr_accessor :code
1652
+
1653
+ # A list of messages that carry the error details. There is a common set of
1654
+ # message types for APIs to use.
1655
+ # Corresponds to the JSON property `details`
1656
+ # @return [Array<Hash<String,Object>>]
1657
+ attr_accessor :details
1658
+
1659
+ # A developer-facing error message, which should be in English. Any user-facing
1660
+ # error message should be localized and sent in the google.rpc.Status.details
1661
+ # field, or localized by the client.
1662
+ # Corresponds to the JSON property `message`
1663
+ # @return [String]
1664
+ attr_accessor :message
1665
+
1666
+ def initialize(**args)
1667
+ update!(**args)
1668
+ end
1669
+
1670
+ # Update properties of this object
1671
+ def update!(**args)
1672
+ @code = args[:code] if args.key?(:code)
1673
+ @details = args[:details] if args.key?(:details)
1674
+ @message = args[:message] if args.key?(:message)
1675
+ end
1676
+ end
1677
+
1678
+ # Details of a violation.
1679
+ class Violation
1680
+ include Google::Apis::Core::Hashable
1681
+
1682
+ # The full resource name of the asset that caused the violation. For details
1683
+ # about the format of the full resource name for each asset type, see [Resource
1684
+ # name format](https://cloud.google.com/asset-inventory/docs/resource-name-
1685
+ # format).
1686
+ # Corresponds to the JSON property `assetId`
1687
+ # @return [String]
1688
+ attr_accessor :asset_id
1689
+
1690
+ # A description of the steps that you can take to fix the violation.
1691
+ # Corresponds to the JSON property `nextSteps`
1692
+ # @return [String]
1693
+ attr_accessor :next_steps
1694
+
1695
+ # The policy that was violated.
1696
+ # Corresponds to the JSON property `policyId`
1697
+ # @return [String]
1698
+ attr_accessor :policy_id
1699
+
1700
+ # The severity of the violation.
1701
+ # Corresponds to the JSON property `severity`
1702
+ # @return [String]
1703
+ attr_accessor :severity
1704
+
1705
+ # Details of a Cloud Asset Inventory asset that caused a violation.
1706
+ # Corresponds to the JSON property `violatedAsset`
1707
+ # @return [Google::Apis::SecuritypostureV1::AssetDetails]
1708
+ attr_accessor :violated_asset
1709
+
1710
+ # Details of a policy that was violated.
1711
+ # Corresponds to the JSON property `violatedPolicy`
1712
+ # @return [Google::Apis::SecuritypostureV1::PolicyDetails]
1713
+ attr_accessor :violated_policy
1714
+
1715
+ # Details of a posture deployment.
1716
+ # Corresponds to the JSON property `violatedPosture`
1717
+ # @return [Google::Apis::SecuritypostureV1::PostureDetails]
1718
+ attr_accessor :violated_posture
1719
+
1720
+ def initialize(**args)
1721
+ update!(**args)
1722
+ end
1723
+
1724
+ # Update properties of this object
1725
+ def update!(**args)
1726
+ @asset_id = args[:asset_id] if args.key?(:asset_id)
1727
+ @next_steps = args[:next_steps] if args.key?(:next_steps)
1728
+ @policy_id = args[:policy_id] if args.key?(:policy_id)
1729
+ @severity = args[:severity] if args.key?(:severity)
1730
+ @violated_asset = args[:violated_asset] if args.key?(:violated_asset)
1731
+ @violated_policy = args[:violated_policy] if args.key?(:violated_policy)
1732
+ @violated_posture = args[:violated_posture] if args.key?(:violated_posture)
1733
+ end
1734
+ end
1735
+ end
1736
+ end
1737
+ end