google-cloud-os_config-v1alpha 0.1.0

data/proto_docs/google/cloud/osconfig/v1alpha/os_policy_assignments.rb

@@ -0,0 +1,367 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OsConfig
+      module V1alpha
+        # OS policy assignment is an API resource that is used to
+        # apply a set of OS policies to a dynamically targeted group of Compute Engine
+        # VM instances.
+        #
+        # An OS policy is used to define the desired state configuration for a
+        # Compute Engine VM instance through a set of configuration resources that
+        # provide capabilities such as installing or removing software packages, or
+        # executing a script.
+        #
+        # For more information, see [OS policy and OS policy
+        # assignment](https://cloud.google.com/compute/docs/os-configuration-management/working-with-os-policies).
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Resource name.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id}`
+        #
+        #     This field is ignored when you create an OS policy assignment.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     OS policy assignment description.
+        #     Length of the description is limited to 1024 characters.
+        # @!attribute [rw] os_policies
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicy>]
+        #     Required. List of OS policies to be applied to the VMs.
+        # @!attribute [rw] instance_filter
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::InstanceFilter]
+        #     Required. Filter to select VMs.
+        # @!attribute [rw] rollout
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::Rollout]
+        #     Required. Rollout to deploy the OS policy assignment.
+        #     A rollout is triggered in the following situations:
+        #     1) OSPolicyAssignment is created.
+        #     2) OSPolicyAssignment is updated and the update contains changes to one of
+        #     the following fields:
+        #        - instance_filter
+        #        - os_policies
+        #     3) OSPolicyAssignment is deleted.
+        # @!attribute [r] revision_id
+        #   @return [::String]
+        #     Output only. The assignment revision ID
+        #     A new revision is committed whenever a rollout is triggered for a OS policy
+        #     assignment
+        # @!attribute [r] revision_create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The timestamp that the revision was created.
+        # @!attribute [r] rollout_state
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::RolloutState]
+        #     Output only. OS policy assignment rollout state
+        # @!attribute [r] baseline
+        #   @return [::Boolean]
+        #     Output only. Indicates that this revision has been successfully rolled out in this zone
+        #     and new VMs will be assigned OS policies from this revision.
+        #
+        #     For a given OS policy assignment, there is only one revision with a value
+        #     of `true` for this field.
+        # @!attribute [r] deleted
+        #   @return [::Boolean]
+        #     Output only. Indicates that this revision deletes the OS policy assignment.
+        # @!attribute [r] reconciling
+        #   @return [::Boolean]
+        #     Output only. Indicates that reconciliation is in progress for the revision.
+        #     This value is `true` when the `rollout_state` is one of:
+        #     * IN_PROGRESS
+        #     * CANCELLING
+        # @!attribute [r] uid
+        #   @return [::String]
+        #     Output only. Server generated unique id for the OS policy assignment resource.
+        class OSPolicyAssignment
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Message representing label set.
+          # * A label is a key value pair set for a VM.
+          # * A LabelSet is a set of labels.
+          # * Labels within a LabelSet are ANDed. In other words, a LabelSet is
+          #   applicable for a VM only if it matches all the labels in the
+          #   LabelSet.
+          # * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will
+          #            only be applicable for those VMs with both labels
+          #            present.
+          # @!attribute [rw] labels
+          #   @return [::Google::Protobuf::Map{::String => ::String}]
+          #     Labels are identified by key/value pairs in this map.
+          #     A VM should contain all the key/value pairs specified in this
+          #     map to be selected.
+          class LabelSet
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # @!attribute [rw] key
+            #   @return [::String]
+            # @!attribute [rw] value
+            #   @return [::String]
+            class LabelsEntry
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+
+          # Message to represent the filters to select VMs for an assignment
+          # @!attribute [rw] all
+          #   @return [::Boolean]
+          #     Target all VMs in the project. If true, no other criteria is
+          #     permitted.
+          # @!attribute [rw] os_short_names
+          #   @return [::Array<::String>]
+          #     A VM is included if it's OS short name matches with any of the
+          #     values provided in this list.
+          # @!attribute [rw] inclusion_labels
+          #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::LabelSet>]
+          #     List of label sets used for VM inclusion.
+          #
+          #     If the list has more than one `LabelSet`, the VM is included if any
+          #     of the label sets are applicable for the VM.
+          # @!attribute [rw] exclusion_labels
+          #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::LabelSet>]
+          #     List of label sets used for VM exclusion.
+          #
+          #     If the list has more than one label set, the VM is excluded if any
+          #     of the label sets are applicable for the VM.
+          #
+          #     This filter is applied last in the filtering chain and therefore a
+          #     VM is guaranteed to be excluded if it satisfies one of the below
+          #     label sets.
+          class InstanceFilter
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Message to configure the rollout at the zonal level for the OS policy
+          # assignment.
+          # @!attribute [rw] disruption_budget
+          #   @return [::Google::Cloud::OsConfig::V1alpha::FixedOrPercent]
+          #     Required. The maximum number (or percentage) of VMs per zone to disrupt at
+          #     any given moment.
+          # @!attribute [rw] min_wait_duration
+          #   @return [::Google::Protobuf::Duration]
+          #     Required. This determines the minimum duration of time to wait after the
+          #     configuration changes are applied through the current rollout. A
+          #     VM continues to count towards the `disruption_budget` at least
+          #     until this duration of time has passed after configuration changes are
+          #     applied.
+          class Rollout
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # OS policy assignment rollout state
+          module RolloutState
+            # Invalid value
+            ROLLOUT_STATE_UNSPECIFIED = 0
+
+            # The rollout is in progress.
+            IN_PROGRESS = 1
+
+            # The rollout is being cancelled.
+            CANCELLING = 2
+
+            # The rollout is cancelled.
+            CANCELLED = 3
+
+            # The rollout has completed successfully.
+            SUCCEEDED = 4
+          end
+        end
+
+        # OS policy assignment operation metadata provided by OS policy assignment API
+        # methods that return long running operations.
+        # @!attribute [rw] os_policy_assignment
+        #   @return [::String]
+        #     Reference to the `OSPolicyAssignment` API resource.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
+        # @!attribute [rw] api_method
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentOperationMetadata::APIMethod]
+        #     The OS policy assignment API method.
+        # @!attribute [rw] rollout_state
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentOperationMetadata::RolloutState]
+        #     State of the rollout
+        # @!attribute [rw] rollout_start_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Rollout start time
+        # @!attribute [rw] rollout_update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Rollout update time
+        class OSPolicyAssignmentOperationMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The OS policy assignment API method.
+          module APIMethod
+            # Invalid value
+            API_METHOD_UNSPECIFIED = 0
+
+            # Create OS policy assignment API method
+            CREATE = 1
+
+            # Update OS policy assignment API method
+            UPDATE = 2
+
+            # Delete OS policy assignment API method
+            DELETE = 3
+          end
+
+          # State of the rollout
+          module RolloutState
+            # Invalid value
+            ROLLOUT_STATE_UNSPECIFIED = 0
+
+            # The rollout is in progress.
+            IN_PROGRESS = 1
+
+            # The rollout is being cancelled.
+            CANCELLING = 2
+
+            # The rollout is cancelled.
+            CANCELLED = 3
+
+            # The rollout has completed successfully.
+            SUCCEEDED = 4
+          end
+        end
+
+        # A request message to create an OS policy assignment
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource name in the form:
+        #     projects/\\{project}/locations/\\{location}
+        # @!attribute [rw] os_policy_assignment
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment]
+        #     Required. The OS policy assignment to be created.
+        # @!attribute [rw] os_policy_assignment_id
+        #   @return [::String]
+        #     Required. The logical name of the OS policy assignment in the project
+        #     with the following restrictions:
+        #
+        #     * Must contain only lowercase letters, numbers, and hyphens.
+        #     * Must start with a letter.
+        #     * Must be between 1-63 characters.
+        #     * Must end with a number or a letter.
+        #     * Must be unique within the project.
+        class CreateOSPolicyAssignmentRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message to update an OS policy assignment
+        # @!attribute [rw] os_policy_assignment
+        #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment]
+        #     Required. The updated OS policy assignment.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     Optional. Field mask that controls which fields of the assignment should be updated.
+        class UpdateOSPolicyAssignmentRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message to get an OS policy assignment
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name of OS policy assignment.
+        #
+        #     Format:
+        #     `projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}@{revisionId}`
+        class GetOSPolicyAssignmentRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message to list OS policy assignments for a parent resource
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource name.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of assignments to return.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A pagination token returned from a previous call to
+        #     `ListOSPolicyAssignments` that indicates where this listing should continue
+        #     from.
+        class ListOSPolicyAssignmentsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for listing all assignments under given parent.
+        # @!attribute [rw] os_policy_assignments
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment>]
+        #     The list of assignments
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     The pagination token to retrieve the next page of OS policy assignments.
+        class ListOSPolicyAssignmentsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message to list revisions for a OS policy assignment
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the OS policy assignment to list revisions for.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of revisions to return.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A pagination token returned from a previous call to
+        #     `ListOSPolicyAssignmentRevisions` that indicates where this listing should
+        #     continue from.
+        class ListOSPolicyAssignmentRevisionsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for listing all revisions for a OS policy assignment.
+        # @!attribute [rw] os_policy_assignments
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment>]
+        #     The OS policy assignment revisions
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     The pagination token to retrieve the next page of OS policy assignment
+        #     revisions.
+        class ListOSPolicyAssignmentRevisionsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message for deleting a OS policy assignment.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the OS policy assignment to be deleted
+        class DeleteOSPolicyAssignmentRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/osconfig/v1alpha/osconfig_common.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OsConfig
+      module V1alpha
+        # Message encapsulating a value that can be either absolute ("fixed") or
+        # relative ("percent") to a value.
+        # @!attribute [rw] fixed
+        #   @return [::Integer]
+        #     Specifies a fixed value.
+        # @!attribute [rw] percent
+        #   @return [::Integer]
+        #     Specifies the relative value defined as a percentage, which will be
+        #     multiplied by a reference value.
+        class FixedOrPercent
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/osconfig/v1alpha/vulnerability.rb

@@ -0,0 +1,341 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OsConfig
+      module V1alpha
+        # This API resource represents the vulnerability report for a specified
+        # Compute Engine virtual machine (VM) instance at a given point in time.
+        #
+        # For more information, see [Vulnerability
+        # reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports).
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The `vulnerabilityReport` API resource name.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport`
+        # @!attribute [r] vulnerabilities
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::VulnerabilityReport::Vulnerability>]
+        #     Output only. List of vulnerabilities affecting the VM.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The timestamp for when the last vulnerability report was
+        #     generated for the VM.
+        class VulnerabilityReport
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A vulnerability affecting the VM instance.
+          # @!attribute [rw] details
+          #   @return [::Google::Cloud::OsConfig::V1alpha::VulnerabilityReport::Vulnerability::Details]
+          #     Contains metadata as per the upstream feed of the operating system and
+          #     NVD.
+          # @!attribute [rw] installed_inventory_item_ids
+          #   @return [::Array<::String>]
+          #     Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
+          #     This field displays the inventory items affected by this vulnerability.
+          #     If the vulnerability report was not updated after the VM inventory
+          #     update, these values might not display in VM inventory. For some distros,
+          #     this field may be empty.
+          # @!attribute [rw] available_inventory_item_ids
+          #   @return [::Array<::String>]
+          #     Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
+          #     If the vulnerability report was not updated after the VM inventory
+          #     update, these values might not display in VM inventory. If there is no
+          #     available fix, the field is empty. The `inventory_item` value specifies
+          #     the latest `SoftwarePackage` available to the VM that fixes the
+          #     vulnerability.
+          # @!attribute [rw] create_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     The timestamp for when the vulnerability was first detected.
+          # @!attribute [rw] update_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     The timestamp for when the vulnerability was last modified.
+          class Vulnerability
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Contains metadata information for the vulnerability. This information is
+            # collected from the upstream feed of the operating system.
+            # @!attribute [rw] cve
+            #   @return [::String]
+            #     The CVE of the vulnerability. CVE cannot be
+            #     empty and the combination of <cve, classification> should be unique
+            #     across vulnerabilities for a VM.
+            # @!attribute [rw] cvss_v2_score
+            #   @return [::Float]
+            #     The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of
+            #     0 - 10 where 0 indicates low severity and 10 indicates high severity.
+            # @!attribute [rw] cvss_v3
+            #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3]
+            #     The full description of the CVSSv3 for this vulnerability from NVD.
+            # @!attribute [rw] severity
+            #   @return [::String]
+            #     Assigned severity/impact ranking from the distro.
+            # @!attribute [rw] description
+            #   @return [::String]
+            #     The note or description describing the vulnerability from the distro.
+            # @!attribute [rw] references
+            #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::VulnerabilityReport::Vulnerability::Details::Reference>]
+            #     Corresponds to the references attached to the `VulnerabilityDetails`.
+            class Details
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # A reference for this vulnerability.
+              # @!attribute [rw] url
+              #   @return [::String]
+              #     The url of the reference.
+              class Reference
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+          end
+        end
+
+        # A request message for getting the vulnerability report for the specified VM.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. API resource name for vulnerability resource.
+        #
+        #     Format:
+        #     `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        #     For `{instance}`, either Compute Engine `instance-id` or `instance-name`
+        #     can be provided.
+        class GetVulnerabilityReportRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A request message for listing vulnerability reports for all VM instances in
+        # the specified location.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource name.
+        #
+        #     Format: `projects/{project}/locations/{location}/instances/{instance}`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        #     For `{instance}`, only `-` character is supported to list vulnerability
+        #     reports across VMs.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of results to return.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A pagination token returned from a previous call to
+        #     `ListVulnerabilityReports` that indicates where this listing
+        #     should continue from.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     If provided, this field specifies the criteria that must be met by a
+        #     `vulnerabilityReport` API resource to be included in the response.
+        class ListVulnerabilityReportsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for listing vulnerability reports for all VM instances in
+        # the specified location.
+        # @!attribute [rw] vulnerability_reports
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::VulnerabilityReport>]
+        #     List of vulnerabilityReport objects.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     The pagination token to retrieve the next page of vulnerabilityReports
+        #     object.
+        class ListVulnerabilityReportsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Common Vulnerability Scoring System version 3.
+        # For details, see https://www.first.org/cvss/specification-document
+        # @!attribute [rw] base_score
+        #   @return [::Float]
+        #     The base score is a function of the base metric scores.
+        #     https://www.first.org/cvss/specification-document#Base-Metrics
+        # @!attribute [rw] exploitability_score
+        #   @return [::Float]
+        #     The Exploitability sub-score equation is derived from the Base
+        #     Exploitability metrics.
+        #     https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics
+        # @!attribute [rw] impact_score
+        #   @return [::Float]
+        #     The Impact sub-score equation is derived from the Base Impact metrics.
+        # @!attribute [rw] attack_vector
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::AttackVector]
+        #     This metric reflects the context by which vulnerability exploitation is
+        #     possible.
+        # @!attribute [rw] attack_complexity
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::AttackComplexity]
+        #     This metric describes the conditions beyond the attacker's control that
+        #     must exist in order to exploit the vulnerability.
+        # @!attribute [rw] privileges_required
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::PrivilegesRequired]
+        #     This metric describes the level of privileges an attacker must possess
+        #     before successfully exploiting the vulnerability.
+        # @!attribute [rw] user_interaction
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::UserInteraction]
+        #     This metric captures the requirement for a human user, other than the
+        #     attacker, to participate in the successful compromise of the vulnerable
+        #     component.
+        # @!attribute [rw] scope
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::Scope]
+        #     The Scope metric captures whether a vulnerability in one vulnerable
+        #     component impacts resources in components beyond its security scope.
+        # @!attribute [rw] confidentiality_impact
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::Impact]
+        #     This metric measures the impact to the confidentiality of the information
+        #     resources managed by a software component due to a successfully exploited
+        #     vulnerability.
+        # @!attribute [rw] integrity_impact
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::Impact]
+        #     This metric measures the impact to integrity of a successfully exploited
+        #     vulnerability.
+        # @!attribute [rw] availability_impact
+        #   @return [::Google::Cloud::OsConfig::V1alpha::CVSSv3::Impact]
+        #     This metric measures the impact to the availability of the impacted
+        #     component resulting from a successfully exploited vulnerability.
+        class CVSSv3
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # This metric reflects the context by which vulnerability exploitation is
+          # possible.
+          module AttackVector
+            # Invalid value.
+            ATTACK_VECTOR_UNSPECIFIED = 0
+
+            # The vulnerable component is bound to the network stack and the set of
+            # possible attackers extends beyond the other options listed below, up to
+            # and including the entire Internet.
+            ATTACK_VECTOR_NETWORK = 1
+
+            # The vulnerable component is bound to the network stack, but the attack is
+            # limited at the protocol level to a logically adjacent topology.
+            ATTACK_VECTOR_ADJACENT = 2
+
+            # The vulnerable component is not bound to the network stack and the
+            # attacker's path is via read/write/execute capabilities.
+            ATTACK_VECTOR_LOCAL = 3
+
+            # The attack requires the attacker to physically touch or manipulate the
+            # vulnerable component.
+            ATTACK_VECTOR_PHYSICAL = 4
+          end
+
+          # This metric describes the conditions beyond the attacker's control that
+          # must exist in order to exploit the vulnerability.
+          module AttackComplexity
+            # Invalid value.
+            ATTACK_COMPLEXITY_UNSPECIFIED = 0
+
+            # Specialized access conditions or extenuating circumstances do not exist.
+            # An attacker can expect repeatable success when attacking the vulnerable
+            # component.
+            ATTACK_COMPLEXITY_LOW = 1
+
+            # A successful attack depends on conditions beyond the attacker's control.
+            # That is, a successful attack cannot be accomplished at will, but requires
+            # the attacker to invest in some measurable amount of effort in preparation
+            # or execution against the vulnerable component before a successful attack
+            # can be expected.
+            ATTACK_COMPLEXITY_HIGH = 2
+          end
+
+          # This metric describes the level of privileges an attacker must possess
+          # before successfully exploiting the vulnerability.
+          module PrivilegesRequired
+            # Invalid value.
+            PRIVILEGES_REQUIRED_UNSPECIFIED = 0
+
+            # The attacker is unauthorized prior to attack, and therefore does not
+            # require any access to settings or files of the vulnerable system to
+            # carry out an attack.
+            PRIVILEGES_REQUIRED_NONE = 1
+
+            # The attacker requires privileges that provide basic user capabilities
+            # that could normally affect only settings and files owned by a user.
+            # Alternatively, an attacker with Low privileges has the ability to access
+            # only non-sensitive resources.
+            PRIVILEGES_REQUIRED_LOW = 2
+
+            # The attacker requires privileges that provide significant (e.g.,
+            # administrative) control over the vulnerable component allowing access to
+            # component-wide settings and files.
+            PRIVILEGES_REQUIRED_HIGH = 3
+          end
+
+          # This metric captures the requirement for a human user, other than the
+          # attacker, to participate in the successful compromise of the vulnerable
+          # component.
+          module UserInteraction
+            # Invalid value.
+            USER_INTERACTION_UNSPECIFIED = 0
+
+            # The vulnerable system can be exploited without interaction from any user.
+            USER_INTERACTION_NONE = 1
+
+            # Successful exploitation of this vulnerability requires a user to take
+            # some action before the vulnerability can be exploited.
+            USER_INTERACTION_REQUIRED = 2
+          end
+
+          # The Scope metric captures whether a vulnerability in one vulnerable
+          # component impacts resources in components beyond its security scope.
+          module Scope
+            # Invalid value.
+            SCOPE_UNSPECIFIED = 0
+
+            # An exploited vulnerability can only affect resources managed by the same
+            # security authority.
+            SCOPE_UNCHANGED = 1
+
+            # An exploited vulnerability can affect resources beyond the security scope
+            # managed by the security authority of the vulnerable component.
+            SCOPE_CHANGED = 2
+          end
+
+          # The Impact metrics capture the effects of a successfully exploited
+          # vulnerability on the component that suffers the worst outcome that is most
+          # directly and predictably associated with the attack.
+          module Impact
+            # Invalid value.
+            IMPACT_UNSPECIFIED = 0
+
+            # High impact.
+            IMPACT_HIGH = 1
+
+            # Low impact.
+            IMPACT_LOW = 2
+
+            # No impact.
+            IMPACT_NONE = 3
+          end
+        end
+      end
+    end
+  end
+end