google-cloud-cloud_security_compliance-v1 0.a → 0.1.0

data/proto_docs/google/cloud/cloudsecuritycompliance/v1/common.rb

@@ -0,0 +1,638 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module CloudSecurityCompliance
+      module V1
+        # A Framework is a collection of CloudControls to address security and
+        # compliance requirements. Frameworks can be used for prevention, detection,
+        # and auditing. They can be either built-in, industry-standard frameworks
+        # provided by GCP/AZURE/AWS (e.g., NIST, FedRAMP) or custom frameworks created
+        # by users.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Identifier. The name of the framework.
+        #     Format:
+        #     organizations/\\{organization}/locations/\\{location}/frameworks/\\{framework_id}
+        # @!attribute [r] major_revision_id
+        #   @return [::Integer]
+        #     Output only. Major revision of the framework incremented in ascending
+        #     order.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     Optional. Display name of the framework. The maximum length is 200
+        #     characters.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Optional. The description of the framework. The maximum length is 2000
+        #     characters.
+        # @!attribute [r] type
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::Framework::FrameworkType]
+        #     Output only. The type of the framework. The default is TYPE_CUSTOM.
+        # @!attribute [rw] cloud_control_details
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::CloudControlDetails>]
+        #     Optional. The details of the cloud controls directly added without any
+        #     grouping in the framework.
+        # @!attribute [rw] category
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::FrameworkCategory>]
+        #     Optional. The category of the framework.
+        # @!attribute [r] supported_cloud_providers
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::CloudProvider>]
+        #     Output only. cloud providers supported
+        # @!attribute [r] supported_target_resource_types
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::TargetResourceType>]
+        #     Output only. target resource types supported by the Framework.
+        # @!attribute [r] supported_enforcement_modes
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::EnforcementMode>]
+        #     Output only. The supported enforcement modes of the framework.
+        class Framework
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of the framework.
+          module FrameworkType
+            # Default value. This value is unused.
+            FRAMEWORK_TYPE_UNSPECIFIED = 0
+
+            # The framework is a built-in framework if it is created and managed by
+            # GCP.
+            BUILT_IN = 1
+
+            # The framework is a custom framework if it is created and managed by the
+            # user.
+            CUSTOM = 2
+          end
+        end
+
+        # CloudControlDetails contains the details of a CloudControl.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the CloudControl in the format:
+        #     “organizations/\\{organization}/locations/\\{location}/
+        #     cloudControls/\\{cloud-control}”
+        # @!attribute [rw] major_revision_id
+        #   @return [::Integer]
+        #     Required. Major revision of cloudcontrol
+        # @!attribute [rw] parameters
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::Parameter>]
+        #     Optional. Parameters is a key-value pair that is required by the
+        #     CloudControl. The specification of these parameters will be present in
+        #     cloudcontrol.Eg: { "name": "location","value": "us-west-1"}.
+        class CloudControlDetails
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # FrameworkReference contains the reference of a framework.
+        # @!attribute [rw] framework
+        #   @return [::String]
+        #     Required. In the format:
+        #     organizations/\\{org}/locations/\\{location}/frameworks/\\{framework}
+        # @!attribute [rw] major_revision_id
+        #   @return [::Integer]
+        #     Optional. Major revision id of the framework. If not specified, corresponds
+        #     to the latest revision of the framework.
+        class FrameworkReference
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Parameters is a key-value pair.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the parameter.
+        # @!attribute [rw] parameter_value
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::ParamValue]
+        #     Required. The value of the parameter
+        class Parameter
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A CloudControl is the fundamental unit encapsulating the rules
+        # to meet a specific security or compliance intent. It can contain
+        # various rule types (like Organization Policies, CEL expressions, etc.)
+        # enabling different enforcement modes (Preventive, Detective, Audit).
+        # CloudControls are often parameterized for reusability and can be either
+        # BUILT_IN (provided by Google) or CUSTOM (defined by the user).
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Identifier. The resource name of the cloud control.
+        #     Format:
+        #     organizations/\\{organization}/locations/\\{location}/cloudControls/\\{cloud_control_id}
+        # @!attribute [r] major_revision_id
+        #   @return [::Integer]
+        #     Output only. Major revision of the cloud control incremented in ascending
+        #     order.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Optional. A description of the cloud control. The maximum length is 2000
+        #     characters.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     Optional. The display name of the cloud control. The maximum length is 200
+        #     characters.
+        # @!attribute [r] supported_enforcement_modes
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::EnforcementMode>]
+        #     Output only. The supported enforcement mode of the cloud control. Default
+        #     is DETECTIVE.
+        # @!attribute [rw] parameter_spec
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::ParameterSpec>]
+        #     Optional. The parameter spec of the cloud control.
+        # @!attribute [rw] rules
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::Rule>]
+        #     Optional. The Policy to be enforced to prevent/detect resource
+        #     non-compliance.
+        # @!attribute [rw] severity
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::Severity]
+        #     Optional. The severity of findings generated by the cloud control.
+        # @!attribute [rw] finding_category
+        #   @return [::String]
+        #     Optional. The finding_category of the cloud control. The maximum length is
+        #     255 characters.
+        # @!attribute [rw] supported_cloud_providers
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::CloudProvider>]
+        #     Optional. cloud providers supported
+        # @!attribute [r] related_frameworks
+        #   @return [::Array<::String>]
+        #     Output only. The Frameworks that include this CloudControl
+        # @!attribute [rw] remediation_steps
+        #   @return [::String]
+        #     Optional. The remediation steps for the findings generated by the cloud
+        #     control. The maximum length is 400 characters.
+        # @!attribute [rw] categories
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::CloudControlCategory>]
+        #     Optional. The categories of the cloud control.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The last updated time of the cloud control.
+        #     The create_time is used because a new CC is created whenever we update an
+        #     existing CC.
+        # @!attribute [rw] supported_target_resource_types
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::TargetResourceType>]
+        #     Optional. target resource types supported by the CloudControl.
+        class CloudControl
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A parameter spec of the cloud control.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the parameter.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     Optional. The display name of the parameter. The maximum length is 200
+        #     characters.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Optional. The description of the parameter. The maximum length is 2000
+        #     characters.
+        # @!attribute [rw] is_required
+        #   @return [::Boolean]
+        #     Required. if the parameter is required
+        # @!attribute [rw] value_type
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::ParameterSpec::ValueType]
+        #     Required. Parameter value type.
+        # @!attribute [rw] default_value
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::ParamValue]
+        #     Optional. The default value of the parameter.
+        # @!attribute [rw] substitution_rules
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::ParameterSubstitutionRule>]
+        #     Optional. List of parameter substitutions.
+        # @!attribute [rw] sub_parameters
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::ParameterSpec>]
+        #     Optional. ParameterSpec for oneof attributes.
+        # @!attribute [rw] validation
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::Validation]
+        #     Optional. The allowed set of values for the parameter.
+        class ParameterSpec
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of the parameter value.
+          module ValueType
+            # Default value. This value is unused.
+            VALUE_TYPE_UNSPECIFIED = 0
+
+            # String value.
+            STRING = 3
+
+            # Boolean value.
+            BOOLEAN = 4
+
+            # String list value.
+            STRINGLIST = 5
+
+            # Numeric value.
+            NUMBER = 6
+
+            # OneOf value.
+            ONEOF = 7
+          end
+        end
+
+        # Validation of the parameter.
+        # @!attribute [rw] allowed_values
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::AllowedValues]
+        #     Allowed set of values for the parameter.
+        #
+        #     Note: The following fields are mutually exclusive: `allowed_values`, `int_range`, `regexp_pattern`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] int_range
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::IntRange]
+        #     Allowed range for numeric parameters.
+        #
+        #     Note: The following fields are mutually exclusive: `int_range`, `allowed_values`, `regexp_pattern`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] regexp_pattern
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::RegexpPattern]
+        #     Regular expression for string parameters.
+        #
+        #     Note: The following fields are mutually exclusive: `regexp_pattern`, `allowed_values`, `int_range`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        class Validation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Allowed set of values for the parameter.
+        # @!attribute [rw] values
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::ParamValue>]
+        #     Required. List of allowed values for the parameter.
+        class AllowedValues
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Regular Expression Validator for parameter values.
+        # @!attribute [rw] pattern
+        #   @return [::String]
+        #     Required. Regex Pattern to match the value(s) of parameter.
+        class RegexpPattern
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Number range for number parameters.
+        # @!attribute [rw] min
+        #   @return [::Integer]
+        #     Required. Minimum allowed value for the numeric parameter (inclusive).
+        # @!attribute [rw] max
+        #   @return [::Integer]
+        #     Required. Maximum allowed value for the numeric parameter (inclusive).
+        class IntRange
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A list of strings.
+        # @!attribute [rw] values
+        #   @return [::Array<::String>]
+        #     Required. The strings in the list.
+        class StringList
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Possible parameter value types.
+        # @!attribute [rw] string_value
+        #   @return [::String]
+        #     Represents a string value.
+        #
+        #     Note: The following fields are mutually exclusive: `string_value`, `bool_value`, `string_list_value`, `number_value`, `oneof_value`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] bool_value
+        #   @return [::Boolean]
+        #     Represents a boolean value.
+        #
+        #     Note: The following fields are mutually exclusive: `bool_value`, `string_value`, `string_list_value`, `number_value`, `oneof_value`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] string_list_value
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::StringList]
+        #     Represents a repeated string.
+        #
+        #     Note: The following fields are mutually exclusive: `string_list_value`, `string_value`, `bool_value`, `number_value`, `oneof_value`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] number_value
+        #   @return [::Float]
+        #     Represents a double value.
+        #
+        #     Note: The following fields are mutually exclusive: `number_value`, `string_value`, `bool_value`, `string_list_value`, `oneof_value`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] oneof_value
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::Parameter]
+        #     Represents sub-parameter values.
+        #
+        #     Note: The following fields are mutually exclusive: `oneof_value`, `string_value`, `bool_value`, `string_list_value`, `number_value`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        class ParamValue
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Parameter substitution rules.
+        # @!attribute [rw] placeholder_substitution_rule
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::PlaceholderSubstitutionRule]
+        #     Placeholder substitution rule.
+        #
+        #     Note: The following fields are mutually exclusive: `placeholder_substitution_rule`, `attribute_substitution_rule`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] attribute_substitution_rule
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::AttributeSubstitutionRule]
+        #     Attribute substitution rule.
+        #
+        #     Note: The following fields are mutually exclusive: `attribute_substitution_rule`, `placeholder_substitution_rule`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        class ParameterSubstitutionRule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Attribute at the given path is substituted entirely.
+        # @!attribute [rw] attribute
+        #   @return [::String]
+        #     Fully qualified proto attribute path (in dot notation).
+        #     Example: rules[0].cel_expression.resource_types_values
+        class AttributeSubstitutionRule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Placeholder is substituted in the rendered string.
+        # @!attribute [rw] attribute
+        #   @return [::String]
+        #     Fully qualified proto attribute path (e.g., dot notation)
+        class PlaceholderSubstitutionRule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A rule of the cloud control.
+        # @!attribute [rw] cel_expression
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::CELExpression]
+        #     Logic expression in CEL language.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Optional. Description of the Rule. The maximum length is 2000 characters.
+        # @!attribute [rw] rule_action_types
+        #   @return [::Array<::Google::Cloud::CloudSecurityCompliance::V1::RuleActionType>]
+        #     Required. The functionality enabled by the Rule.
+        class Rule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A [CEL
+        # expression](https://cloud.google.com/certificate-authority-service/docs/using-cel).
+        # @!attribute [rw] resource_types_values
+        #   @return [::Google::Cloud::CloudSecurityCompliance::V1::StringList]
+        #     The resource instance types on which this expression is defined.
+        #     Format will be of the form : `<canonical service name>/<type>`
+        #     Example: `compute.googleapis.com/Instance`.
+        # @!attribute [rw] expression
+        #   @return [::String]
+        #     Required. Logic expression in CEL language.
+        #     The max length of the condition is 1000 characters.
+        class CELExpression
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Represents the metadata of the long-running operation.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time the operation was created.
+        # @!attribute [r] end_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time the operation finished running.
+        # @!attribute [r] target
+        #   @return [::String]
+        #     Output only. Server-defined resource path for the target of the operation.
+        # @!attribute [r] verb
+        #   @return [::String]
+        #     Output only. Name of the verb executed by the operation.
+        # @!attribute [r] status_message
+        #   @return [::String]
+        #     Output only. Human-readable status of the operation, if any.
+        # @!attribute [r] requested_cancellation
+        #   @return [::Boolean]
+        #     Output only. Identifies whether the user has requested cancellation
+        #     of the operation. Operations that have been cancelled successfully
+        #     have [Operation.error][] value with a
+        #     {::Google::Rpc::Status#code google.rpc.Status.code} of 1, corresponding to
+        #     `Code.CANCELLED`.
+        # @!attribute [r] api_version
+        #   @return [::String]
+        #     Output only. API version used to start the operation.
+        class OperationMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The enforcement mode of the cloud control.
+        module EnforcementMode
+          # Default value. This value is unused.
+          ENFORCEMENT_MODE_UNSPECIFIED = 0
+
+          # The cloud control is enforced to prevent resource non-compliance.
+          PREVENTIVE = 1
+
+          # The cloud control is enforced to detect resource non-compliance.
+          DETECTIVE = 2
+
+          # The cloud control is enforced to audit resource non-compliance.
+          AUDIT = 3
+        end
+
+        # The category of the framework.
+        module FrameworkCategory
+          # Default value. This value is unused.
+          FRAMEWORK_CATEGORY_UNSPECIFIED = 0
+
+          # Standard framework
+          INDUSTRY_DEFINED_STANDARD = 1
+
+          # Assured Workloads framework
+          ASSURED_WORKLOADS = 2
+
+          # Data Security framework
+          DATA_SECURITY = 3
+
+          # Google Best Practices framework
+          GOOGLE_BEST_PRACTICES = 4
+
+          # User created framework.
+          CUSTOM_FRAMEWORK = 5
+        end
+
+        # The category of the cloud control.
+        module CloudControlCategory
+          # Default value. This value is unused.
+          CLOUD_CONTROL_CATEGORY_UNSPECIFIED = 0
+
+          # Infrastructure
+          CC_CATEGORY_INFRASTRUCTURE = 1
+
+          # Artificial Intelligence
+          CC_CATEGORY_ARTIFICIAL_INTELLIGENCE = 2
+
+          # Physical Security
+          CC_CATEGORY_PHYSICAL_SECURITY = 3
+
+          # Data Security
+          CC_CATEGORY_DATA_SECURITY = 4
+
+          # Network Security
+          CC_CATEGORY_NETWORK_SECURITY = 5
+
+          # Incident Management
+          CC_CATEGORY_INCIDENT_MANAGEMENT = 6
+
+          # Identity & Access Management
+          CC_CATEGORY_IDENTITY_AND_ACCESS_MANAGEMENT = 7
+
+          # Encryption
+          CC_CATEGORY_ENCRYPTION = 8
+
+          # Logs Management & Infrastructure
+          CC_CATEGORY_LOGS_MANAGEMENT_AND_INFRASTRUCTURE = 9
+
+          # HR, Admin & Processes
+          CC_CATEGORY_HR_ADMIN_AND_PROCESSES = 10
+
+          # Third Party & Sub-Processor Management
+          CC_CATEGORY_THIRD_PARTY_AND_SUB_PROCESSOR_MANAGEMENT = 11
+
+          # Legal & Disclosures
+          CC_CATEGORY_LEGAL_AND_DISCLOSURES = 12
+
+          # Vulnerability Management
+          CC_CATEGORY_VULNERABILITY_MANAGEMENT = 13
+
+          # Privacy
+          CC_CATEGORY_PRIVACY = 14
+
+          # BCDR (Business Continuity and Disaster Recovery)
+          CC_CATEGORY_BCDR = 15
+        end
+
+        # The cloud platform.
+        module CloudProvider
+          # Default value. This value is unused.
+          CLOUD_PROVIDER_UNSPECIFIED = 0
+
+          # Amazon Web Services (AWS).
+          AWS = 1
+
+          # Microsoft Azure.
+          AZURE = 2
+
+          # Google Cloud.
+          GCP = 3
+        end
+
+        # The severity of the finding.
+        module Severity
+          # This value is used for findings when a source doesn't write a severity
+          # value.
+          SEVERITY_UNSPECIFIED = 0
+
+          # Vulnerability:
+          # A critical vulnerability is easily discoverable by an external actor,
+          # exploitable, and results in the direct ability to execute arbitrary code,
+          # exfiltrate data, and otherwise gain additional access and privileges to
+          # cloud resources and workloads. Examples include publicly accessible
+          # unprotected user data and public SSH access with weak or no
+          # passwords.
+          #
+          # Threat:
+          # Indicates a threat that is able to access, modify, or delete data or
+          # execute unauthorized code within existing resources.
+          CRITICAL = 1
+
+          # Vulnerability:
+          # A high risk vulnerability can be easily discovered and exploited in
+          # combination with other vulnerabilities in order to gain direct access and
+          # the ability to execute arbitrary code, exfiltrate data, and otherwise
+          # gain additional access and privileges to cloud resources and workloads.
+          # An example is a database with weak or no passwords that is only
+          # accessible internally. This database could easily be compromised by an
+          # actor that had access to the internal network.
+          #
+          # Threat:
+          # Indicates a threat that is able to create new computational resources in
+          # an environment but not able to access data or execute code in existing
+          # resources.
+          HIGH = 2
+
+          # Vulnerability:
+          # A medium risk vulnerability could be used by an actor to gain access to
+          # resources or privileges that enable them to eventually (through multiple
+          # steps or a complex exploit) gain access and the ability to execute
+          # arbitrary code or exfiltrate data. An example is a service account with
+          # access to more projects than it should have. If an actor gains access to
+          # the service account, they could potentially use that access to manipulate
+          # a project the service account was not intended to.
+          #
+          # Threat:
+          # Indicates a threat that is able to cause operational impact but may not
+          # access data or execute unauthorized code.
+          MEDIUM = 3
+
+          # Vulnerability:
+          # A low risk vulnerability hampers a security organization's ability to
+          # detect vulnerabilities or active threats in their deployment, or prevents
+          # the root cause investigation of security issues. An example is monitoring
+          # and logs being disabled for resource configurations and access.
+          #
+          # Threat:
+          # Indicates a threat that has obtained minimal access to an environment but
+          # is not able to access data, execute code, or create resources.
+          LOW = 4
+        end
+
+        # The action type of the rule.
+        module RuleActionType
+          # Default value. This value is unused.
+          RULE_ACTION_TYPE_UNSPECIFIED = 0
+
+          # Preventative action type.
+          RULE_ACTION_TYPE_PREVENTIVE = 1
+
+          # Detective action type.
+          RULE_ACTION_TYPE_DETECTIVE = 2
+
+          # Audit action type.
+          RULE_ACTION_TYPE_AUDIT = 3
+        end
+
+        # TargetResourceType represents the type of resource that a control or
+        # framework can be applied to.
+        module TargetResourceType
+          # Default value. This value is unused.
+          TARGET_RESOURCE_TYPE_UNSPECIFIED = 0
+
+          # Target resource is an Organization.
+          TARGET_RESOURCE_CRM_TYPE_ORG = 1
+
+          # Target resource is a Folder.
+          TARGET_RESOURCE_CRM_TYPE_FOLDER = 2
+
+          # Target resource is a Project.
+          TARGET_RESOURCE_CRM_TYPE_PROJECT = 3
+
+          # Target resource is an Application.
+          TARGET_RESOURCE_TYPE_APPLICATION = 4
+        end
+      end
+    end
+  end
+end