google-cloud-os_config-v1 0.4.1 → 0.6.0

data/proto_docs/google/api/field_behavior.rb

@@ -57,9 +57,15 @@ module Google
 
       # Denotes that a (repeated) field is an unordered list.
       # This indicates that the service may provide the elements of the list
-      # in any arbitrary order, rather than the order the user originally
+      # in any arbitrary  order, rather than the order the user originally
       # provided. Additionally, the list's order may or may not be stable.
       UNORDERED_LIST = 6
+
+      # Denotes that this field returns a non-empty default value if not set.
+      # This indicates that if the user provides the empty value in a request,
+      # a non-empty value will be returned. The user will not be aware of what
+      # non-empty value to expect.
+      NON_EMPTY_DEFAULT = 7
     end
   end
 end

data/proto_docs/google/cloud/osconfig/v1/inventory.rb

@@ -21,7 +21,19 @@ module Google
   module Cloud
     module OsConfig
       module V1
-        # The inventory details of a VM.
+        # This API resource represents the available inventory data for a
+        # Compute Engine virtual machine (VM) instance at a given point in time.
+        #
+        # You can use this API resource to determine the inventory data of your VM.
+        #
+        # For more information, see [Information provided by OS inventory
+        # management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The `Inventory` API resource name.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
         # @!attribute [rw] os_info
         #   @return [::Google::Cloud::OsConfig::V1::Inventory::OsInfo]
         #     Base level operating system information for the VM.
@@ -31,6 +43,9 @@ module Google
         #     each inventory item.  The identifier is unique to each distinct and
         #     addressable inventory item and will change, when there is a new package
         #     version.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. Timestamp of the last reported inventory for the VM.
         class Inventory
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -157,6 +172,9 @@ module Google
           # @!attribute [rw] cos_package
           #   @return [::Google::Cloud::OsConfig::V1::Inventory::VersionedPackage]
           #     Details of a COS package.
+          # @!attribute [rw] windows_application
+          #   @return [::Google::Cloud::OsConfig::V1::Inventory::WindowsApplication]
+          #     Details of Windows Application.
           class SoftwarePackage
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -178,6 +196,24 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
+          # Details related to a Zypper Patch.
+          # @!attribute [rw] patch_name
+          #   @return [::String]
+          #     The name of the patch.
+          # @!attribute [rw] category
+          #   @return [::String]
+          #     The category of the patch.
+          # @!attribute [rw] severity
+          #   @return [::String]
+          #     The severity specified for this patch
+          # @!attribute [rw] summary
+          #   @return [::String]
+          #     Any summary information provided about this patch.
+          class ZypperPatch
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # Details related to a Windows Update package.
           # Field data and names are taken from Windows Update API IUpdate Interface:
           # https://docs.microsoft.com/en-us/windows/win32/api/_wua/
@@ -230,24 +266,6 @@ module Google
             end
           end
 
-          # Details related to a Zypper Patch.
-          # @!attribute [rw] patch_name
-          #   @return [::String]
-          #     The name of the patch.
-          # @!attribute [rw] category
-          #   @return [::String]
-          #     The category of the patch.
-          # @!attribute [rw] severity
-          #   @return [::String]
-          #     The severity specified for this patch
-          # @!attribute [rw] summary
-          #   @return [::String]
-          #     Any summary information provided about this patch.
-          class ZypperPatch
-            include ::Google::Protobuf::MessageExts
-            extend ::Google::Protobuf::MessageExts::ClassMethods
-          end
-
           # Information related to a Quick Fix Engineering package.
           # Fields are taken from Windows QuickFixEngineering Interface and match
           # the source names:
@@ -269,6 +287,34 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
+          # Contains information about a Windows application as retrieved from the
+          # Windows Registry. For more information about these fields, see
+          #
+          # [Windows Installer Properties for the Uninstall
+          # Registry](https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key){:
+          # class="external" }
+          # @!attribute [rw] display_name
+          #   @return [::String]
+          #     The name of the application or product.
+          # @!attribute [rw] display_version
+          #   @return [::String]
+          #     The version of the product or application in string format.
+          # @!attribute [rw] publisher
+          #   @return [::String]
+          #     The name of the manufacturer for the product or application.
+          # @!attribute [rw] install_date
+          #   @return [::Google::Type::Date]
+          #     The last time this product received service. The value of this property
+          #     is replaced each time a patch is applied or removed from the product or
+          #     the command-line option is used to repair the product.
+          # @!attribute [rw] help_link
+          #   @return [::String]
+          #     The internet address for technical support.
+          class WindowsApplication
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # @!attribute [rw] key
           #   @return [::String]
           # @!attribute [rw] value
@@ -278,6 +324,82 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
         end
+
+        # A request message for getting inventory data for the specified VM.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. API resource name for inventory resource.
+        #
+        #     Format:
+        #     `projects/{project}/locations/{location}/instances/{instance}/inventory`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        #     For `{instance}`, either Compute Engine  `instance-id` or `instance-name`
+        #     can be provided.
+        # @!attribute [rw] view
+        #   @return [::Google::Cloud::OsConfig::V1::InventoryView]
+        #     Inventory view indicating what information should be included in the
+        #     inventory resource. If unspecified, the default view is BASIC.
+        class GetInventoryRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message for listing inventory data for all VMs in the specified
+        # location.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource name.
+        #
+        #     Format: `projects/{project}/locations/{location}/instances/-`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        # @!attribute [rw] view
+        #   @return [::Google::Cloud::OsConfig::V1::InventoryView]
+        #     Inventory view indicating what information should be included in the
+        #     inventory resource. If unspecified, the default view is BASIC.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of results to return.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A pagination token returned from a previous call to
+        #     `ListInventories` that indicates where this listing
+        #     should continue from.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     If provided, this field specifies the criteria that must be met by a
+        #     `Inventory` API resource to be included in the response.
+        class ListInventoriesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for listing inventory data for all VMs in a specified
+        # location.
+        # @!attribute [rw] inventories
+        #   @return [::Array<::Google::Cloud::OsConfig::V1::Inventory>]
+        #     List of inventory objects.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     The pagination token to retrieve the next page of inventory objects.
+        class ListInventoriesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The view for inventory objects.
+        module InventoryView
+          # The default value.
+          # The API defaults to the BASIC view.
+          INVENTORY_VIEW_UNSPECIFIED = 0
+
+          # Returns the basic inventory information that includes `os_info`.
+          BASIC = 1
+
+          # Returns all fields.
+          FULL = 2
+        end
       end
     end
   end

data/proto_docs/google/cloud/osconfig/v1/vulnerability.rb

@@ -0,0 +1,342 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OsConfig
+      module V1
+        # This API resource represents the vulnerability report for a specified
+        # Compute Engine virtual machine (VM) instance at a given point in time.
+        #
+        # For more information, see [Vulnerability
+        # reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports).
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The `vulnerabilityReport` API resource name.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport`
+        # @!attribute [r] vulnerabilities
+        #   @return [::Array<::Google::Cloud::OsConfig::V1::VulnerabilityReport::Vulnerability>]
+        #     Output only. List of vulnerabilities affecting the VM.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The timestamp for when the last vulnerability report was generated for the
+        #     VM.
+        class VulnerabilityReport
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A vulnerability affecting the VM instance.
+          # @!attribute [rw] details
+          #   @return [::Google::Cloud::OsConfig::V1::VulnerabilityReport::Vulnerability::Details]
+          #     Contains metadata as per the upstream feed of the operating system and
+          #     NVD.
+          # @!attribute [rw] installed_inventory_item_ids
+          #   @return [::Array<::String>]
+          #     Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
+          #     This field displays the inventory items affected by this vulnerability.
+          #     If the vulnerability report was not updated after the VM inventory
+          #     update, these values might not display in VM inventory. For some distros,
+          #     this field may be empty.
+          # @!attribute [rw] available_inventory_item_ids
+          #   @return [::Array<::String>]
+          #     Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
+          #     If the vulnerability report was not updated after the VM inventory
+          #     update, these values might not display in VM inventory. If there is no
+          #     available fix, the field is empty. The `inventory_item` value specifies
+          #     the latest `SoftwarePackage` available to the VM that fixes the
+          #     vulnerability.
+          # @!attribute [rw] create_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     The timestamp for when the vulnerability was first detected.
+          # @!attribute [rw] update_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     The timestamp for when the vulnerability was last modified.
+          class Vulnerability
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Contains metadata information for the vulnerability. This information is
+            # collected from the upstream feed of the operating system.
+            # @!attribute [rw] cve
+            #   @return [::String]
+            #     The CVE of the vulnerability. CVE cannot be
+            #     empty and the combination of <cve, classification> should be unique
+            #     across vulnerabilities for a VM.
+            # @!attribute [rw] cvss_v2_score
+            #   @return [::Float]
+            #     The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of
+            #     0 - 10 where 0 indicates low severity and 10 indicates high severity.
+            # @!attribute [rw] cvss_v3
+            #   @return [::Google::Cloud::OsConfig::V1::CVSSv3]
+            #     The full description of the CVSSv3 for this vulnerability from NVD.
+            # @!attribute [rw] severity
+            #   @return [::String]
+            #     Assigned severity/impact ranking from the distro.
+            # @!attribute [rw] description
+            #   @return [::String]
+            #     The note or description describing the vulnerability from the distro.
+            # @!attribute [rw] references
+            #   @return [::Array<::Google::Cloud::OsConfig::V1::VulnerabilityReport::Vulnerability::Details::Reference>]
+            #     Corresponds to the references attached to the `VulnerabilityDetails`.
+            class Details
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # A reference for this vulnerability.
+              # @!attribute [rw] url
+              #   @return [::String]
+              #     The url of the reference.
+              # @!attribute [rw] source
+              #   @return [::String]
+              #     The source of the reference e.g. NVD.
+              class Reference
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+          end
+        end
+
+        # A request message for getting the vulnerability report for the specified VM.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. API resource name for vulnerability resource.
+        #
+        #     Format:
+        #     `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        #     For `{instance}`, either Compute Engine `instance-id` or `instance-name`
+        #     can be provided.
+        class GetVulnerabilityReportRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message for listing vulnerability reports for all VM instances in
+        # the specified location.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource name.
+        #
+        #     Format: `projects/{project}/locations/{location}/instances/-`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of results to return.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A pagination token returned from a previous call to
+        #     `ListVulnerabilityReports` that indicates where this listing
+        #     should continue from.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     If provided, this field specifies the criteria that must be met by a
+        #     `vulnerabilityReport` API resource to be included in the response.
+        class ListVulnerabilityReportsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for listing vulnerability reports for all VM instances in
+        # the specified location.
+        # @!attribute [rw] vulnerability_reports
+        #   @return [::Array<::Google::Cloud::OsConfig::V1::VulnerabilityReport>]
+        #     List of vulnerabilityReport objects.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     The pagination token to retrieve the next page of vulnerabilityReports
+        #     object.
+        class ListVulnerabilityReportsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Common Vulnerability Scoring System version 3.
+        # For details, see https://www.first.org/cvss/specification-document
+        # @!attribute [rw] base_score
+        #   @return [::Float]
+        #     The base score is a function of the base metric scores.
+        #     https://www.first.org/cvss/specification-document#Base-Metrics
+        # @!attribute [rw] exploitability_score
+        #   @return [::Float]
+        #     The Exploitability sub-score equation is derived from the Base
+        #     Exploitability metrics.
+        #     https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics
+        # @!attribute [rw] impact_score
+        #   @return [::Float]
+        #     The Impact sub-score equation is derived from the Base Impact metrics.
+        # @!attribute [rw] attack_vector
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::AttackVector]
+        #     This metric reflects the context by which vulnerability exploitation is
+        #     possible.
+        # @!attribute [rw] attack_complexity
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::AttackComplexity]
+        #     This metric describes the conditions beyond the attacker's control that
+        #     must exist in order to exploit the vulnerability.
+        # @!attribute [rw] privileges_required
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::PrivilegesRequired]
+        #     This metric describes the level of privileges an attacker must possess
+        #     before successfully exploiting the vulnerability.
+        # @!attribute [rw] user_interaction
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::UserInteraction]
+        #     This metric captures the requirement for a human user, other than the
+        #     attacker, to participate in the successful compromise of the vulnerable
+        #     component.
+        # @!attribute [rw] scope
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::Scope]
+        #     The Scope metric captures whether a vulnerability in one vulnerable
+        #     component impacts resources in components beyond its security scope.
+        # @!attribute [rw] confidentiality_impact
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::Impact]
+        #     This metric measures the impact to the confidentiality of the information
+        #     resources managed by a software component due to a successfully exploited
+        #     vulnerability.
+        # @!attribute [rw] integrity_impact
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::Impact]
+        #     This metric measures the impact to integrity of a successfully exploited
+        #     vulnerability.
+        # @!attribute [rw] availability_impact
+        #   @return [::Google::Cloud::OsConfig::V1::CVSSv3::Impact]
+        #     This metric measures the impact to the availability of the impacted
+        #     component resulting from a successfully exploited vulnerability.
+        class CVSSv3
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # This metric reflects the context by which vulnerability exploitation is
+          # possible.
+          module AttackVector
+            # Invalid value.
+            ATTACK_VECTOR_UNSPECIFIED = 0
+
+            # The vulnerable component is bound to the network stack and the set of
+            # possible attackers extends beyond the other options listed below, up to
+            # and including the entire Internet.
+            ATTACK_VECTOR_NETWORK = 1
+
+            # The vulnerable component is bound to the network stack, but the attack is
+            # limited at the protocol level to a logically adjacent topology.
+            ATTACK_VECTOR_ADJACENT = 2
+
+            # The vulnerable component is not bound to the network stack and the
+            # attacker's path is via read/write/execute capabilities.
+            ATTACK_VECTOR_LOCAL = 3
+
+            # The attack requires the attacker to physically touch or manipulate the
+            # vulnerable component.
+            ATTACK_VECTOR_PHYSICAL = 4
+          end
+
+          # This metric describes the conditions beyond the attacker's control that
+          # must exist in order to exploit the vulnerability.
+          module AttackComplexity
+            # Invalid value.
+            ATTACK_COMPLEXITY_UNSPECIFIED = 0
+
+            # Specialized access conditions or extenuating circumstances do not exist.
+            # An attacker can expect repeatable success when attacking the vulnerable
+            # component.
+            ATTACK_COMPLEXITY_LOW = 1
+
+            # A successful attack depends on conditions beyond the attacker's control.
+            # That is, a successful attack cannot be accomplished at will, but requires
+            # the attacker to invest in some measurable amount of effort in preparation
+            # or execution against the vulnerable component before a successful attack
+            # can be expected.
+            ATTACK_COMPLEXITY_HIGH = 2
+          end
+
+          # This metric describes the level of privileges an attacker must possess
+          # before successfully exploiting the vulnerability.
+          module PrivilegesRequired
+            # Invalid value.
+            PRIVILEGES_REQUIRED_UNSPECIFIED = 0
+
+            # The attacker is unauthorized prior to attack, and therefore does not
+            # require any access to settings or files of the vulnerable system to
+            # carry out an attack.
+            PRIVILEGES_REQUIRED_NONE = 1
+
+            # The attacker requires privileges that provide basic user capabilities
+            # that could normally affect only settings and files owned by a user.
+            # Alternatively, an attacker with Low privileges has the ability to access
+            # only non-sensitive resources.
+            PRIVILEGES_REQUIRED_LOW = 2
+
+            # The attacker requires privileges that provide significant (e.g.,
+            # administrative) control over the vulnerable component allowing access to
+            # component-wide settings and files.
+            PRIVILEGES_REQUIRED_HIGH = 3
+          end
+
+          # This metric captures the requirement for a human user, other than the
+          # attacker, to participate in the successful compromise of the vulnerable
+          # component.
+          module UserInteraction
+            # Invalid value.
+            USER_INTERACTION_UNSPECIFIED = 0
+
+            # The vulnerable system can be exploited without interaction from any user.
+            USER_INTERACTION_NONE = 1
+
+            # Successful exploitation of this vulnerability requires a user to take
+            # some action before the vulnerability can be exploited.
+            USER_INTERACTION_REQUIRED = 2
+          end
+
+          # The Scope metric captures whether a vulnerability in one vulnerable
+          # component impacts resources in components beyond its security scope.
+          module Scope
+            # Invalid value.
+            SCOPE_UNSPECIFIED = 0
+
+            # An exploited vulnerability can only affect resources managed by the same
+            # security authority.
+            SCOPE_UNCHANGED = 1
+
+            # An exploited vulnerability can affect resources beyond the security scope
+            # managed by the security authority of the vulnerable component.
+            SCOPE_CHANGED = 2
+          end
+
+          # The Impact metrics capture the effects of a successfully exploited
+          # vulnerability on the component that suffers the worst outcome that is most
+          # directly and predictably associated with the attack.
+          module Impact
+            # Invalid value.
+            IMPACT_UNSPECIFIED = 0
+
+            # High impact.
+            IMPACT_HIGH = 1
+
+            # Low impact.
+            IMPACT_LOW = 2
+
+            # No impact.
+            IMPACT_NONE = 3
+          end
+        end
+      end
+    end
+  end
+end