google-cloud-security_center-v1 0.17.0 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e3ae250857d52e75b05799e39d34463565c53bc1f5e18ce96a342f2e5829ece5
4
- data.tar.gz: 19a1d075069e65f39a958e685403bbc3f890185f650bd17738a7c30b1d1530c1
3
+ metadata.gz: b9f9e1b3b77d926a60e6bb8a4b11bed716ac74ae56ea1e984bafaac835607181
4
+ data.tar.gz: 864e8098c3f7ef2f1dc956793e076342fadf1e0024d92d36a1feef5d8c3f4b13
5
5
  SHA512:
6
- metadata.gz: 189bcee49d131fc318bb64f83ccfa81fb404336d30ba06891e9ff018ce5dd94e53fe4405170e8b648e4e6259a1d26e4603195ef69388ab8ef8c1688df11ce17b
7
- data.tar.gz: d4829dddaf03d5bfd1ea81ed607b94e651b3f20a514075893868c1b55ce564d1c91dc2b45b600a42429bdeb276f21ab5dc19a72b46ebe3b25788126d3e09997a
6
+ metadata.gz: a6ccb8d4673c5f879c6264014b64f9de358174110a24c25d2d6e4ab69dc74d31339d6b98f48aeac6a7798682e289b694592fa879e59fa875e37e926e685aa229
7
+ data.tar.gz: 275be95aea213891a5f156f769d324142fbd7e6b394baf2ce842843e81b942a177c4e47ceba24a294d0d1a7c6c411ecd4cca378220845a9bb76334ac7bfc8bcf
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module SecurityCenter
23
23
  module V1
24
- VERSION = "0.17.0"
24
+ VERSION = "0.20.0"
25
25
  end
26
26
  end
27
27
  end
@@ -12,6 +12,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
12
12
  optional :user_agent_family, :string, 4
13
13
  optional :service_name, :string, 5
14
14
  optional :method_name, :string, 6
15
+ optional :principal_subject, :string, 7
16
+ optional :service_account_key_name, :string, 8
17
+ repeated :service_account_delegation_info, :message, 9, "google.cloud.securitycenter.v1.ServiceAccountDelegationInfo"
18
+ end
19
+ add_message "google.cloud.securitycenter.v1.ServiceAccountDelegationInfo" do
20
+ optional :principal_email, :string, 1
21
+ optional :principal_subject, :string, 2
15
22
  end
16
23
  add_message "google.cloud.securitycenter.v1.Geolocation" do
17
24
  optional :region_code, :string, 1
@@ -24,6 +31,7 @@ module Google
24
31
  module SecurityCenter
25
32
  module V1
26
33
  Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Access").msgclass
34
+ ServiceAccountDelegationInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.ServiceAccountDelegationInfo").msgclass
27
35
  Geolocation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Geolocation").msgclass
28
36
  end
29
37
  end
@@ -0,0 +1,27 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/cloud/securitycenter/v1/container.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/cloud/securitycenter/v1/label_pb'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("google/cloud/securitycenter/v1/container.proto", :syntax => :proto3) do
10
+ add_message "google.cloud.securitycenter.v1.Container" do
11
+ optional :name, :string, 1
12
+ optional :uri, :string, 2
13
+ optional :image_id, :string, 3
14
+ repeated :labels, :message, 4, "google.cloud.securitycenter.v1.Label"
15
+ end
16
+ end
17
+ end
18
+
19
+ module Google
20
+ module Cloud
21
+ module SecurityCenter
22
+ module V1
23
+ Container = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Container").msgclass
24
+ end
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,26 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/cloud/securitycenter/v1/database.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ Google::Protobuf::DescriptorPool.generated_pool.build do
7
+ add_file("google/cloud/securitycenter/v1/database.proto", :syntax => :proto3) do
8
+ add_message "google.cloud.securitycenter.v1.Database" do
9
+ optional :name, :string, 1
10
+ optional :display_name, :string, 2
11
+ optional :user_name, :string, 3
12
+ optional :query, :string, 4
13
+ repeated :grantees, :string, 5
14
+ end
15
+ end
16
+ end
17
+
18
+ module Google
19
+ module Cloud
20
+ module SecurityCenter
21
+ module V1
22
+ Database = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Database").msgclass
23
+ end
24
+ end
25
+ end
26
+ end
@@ -9,10 +9,13 @@ require 'google/cloud/securitycenter/v1/access_pb'
9
9
  require 'google/cloud/securitycenter/v1/compliance_pb'
10
10
  require 'google/cloud/securitycenter/v1/connection_pb'
11
11
  require 'google/cloud/securitycenter/v1/contact_details_pb'
12
+ require 'google/cloud/securitycenter/v1/container_pb'
13
+ require 'google/cloud/securitycenter/v1/database_pb'
12
14
  require 'google/cloud/securitycenter/v1/exfiltration_pb'
13
15
  require 'google/cloud/securitycenter/v1/external_system_pb'
14
16
  require 'google/cloud/securitycenter/v1/iam_binding_pb'
15
17
  require 'google/cloud/securitycenter/v1/indicator_pb'
18
+ require 'google/cloud/securitycenter/v1/kubernetes_pb'
16
19
  require 'google/cloud/securitycenter/v1/mitre_attack_pb'
17
20
  require 'google/cloud/securitycenter/v1/process_pb'
18
21
  require 'google/cloud/securitycenter/v1/security_marks_pb'
@@ -52,6 +55,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
52
55
  optional :exfiltration, :message, 38, "google.cloud.securitycenter.v1.Exfiltration"
53
56
  repeated :iam_bindings, :message, 39, "google.cloud.securitycenter.v1.IamBinding"
54
57
  optional :next_steps, :string, 40
58
+ repeated :containers, :message, 42, "google.cloud.securitycenter.v1.Container"
59
+ optional :kubernetes, :message, 43, "google.cloud.securitycenter.v1.Kubernetes"
60
+ optional :database, :message, 44, "google.cloud.securitycenter.v1.Database"
55
61
  end
56
62
  add_enum "google.cloud.securitycenter.v1.Finding.State" do
57
63
  value :STATE_UNSPECIFIED, 0
@@ -9,6 +9,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
9
9
  repeated :ip_addresses, :string, 1
10
10
  repeated :domains, :string, 2
11
11
  repeated :signatures, :message, 3, "google.cloud.securitycenter.v1.Indicator.ProcessSignature"
12
+ repeated :uris, :string, 4
12
13
  end
13
14
  add_message "google.cloud.securitycenter.v1.Indicator.ProcessSignature" do
14
15
  oneof :signature do
@@ -0,0 +1,88 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/cloud/securitycenter/v1/kubernetes.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/cloud/securitycenter/v1/container_pb'
7
+ require 'google/cloud/securitycenter/v1/label_pb'
8
+
9
+ Google::Protobuf::DescriptorPool.generated_pool.build do
10
+ add_file("google/cloud/securitycenter/v1/kubernetes.proto", :syntax => :proto3) do
11
+ add_message "google.cloud.securitycenter.v1.Kubernetes" do
12
+ repeated :pods, :message, 1, "google.cloud.securitycenter.v1.Kubernetes.Pod"
13
+ repeated :nodes, :message, 2, "google.cloud.securitycenter.v1.Kubernetes.Node"
14
+ repeated :node_pools, :message, 3, "google.cloud.securitycenter.v1.Kubernetes.NodePool"
15
+ repeated :roles, :message, 4, "google.cloud.securitycenter.v1.Kubernetes.Role"
16
+ repeated :bindings, :message, 5, "google.cloud.securitycenter.v1.Kubernetes.Binding"
17
+ repeated :access_reviews, :message, 6, "google.cloud.securitycenter.v1.Kubernetes.AccessReview"
18
+ end
19
+ add_message "google.cloud.securitycenter.v1.Kubernetes.Pod" do
20
+ optional :ns, :string, 1
21
+ optional :name, :string, 2
22
+ repeated :labels, :message, 3, "google.cloud.securitycenter.v1.Label"
23
+ repeated :containers, :message, 4, "google.cloud.securitycenter.v1.Container"
24
+ end
25
+ add_message "google.cloud.securitycenter.v1.Kubernetes.Node" do
26
+ optional :name, :string, 1
27
+ end
28
+ add_message "google.cloud.securitycenter.v1.Kubernetes.NodePool" do
29
+ optional :name, :string, 1
30
+ repeated :nodes, :message, 2, "google.cloud.securitycenter.v1.Kubernetes.Node"
31
+ end
32
+ add_message "google.cloud.securitycenter.v1.Kubernetes.Role" do
33
+ optional :kind, :enum, 1, "google.cloud.securitycenter.v1.Kubernetes.Role.Kind"
34
+ optional :ns, :string, 2
35
+ optional :name, :string, 3
36
+ end
37
+ add_enum "google.cloud.securitycenter.v1.Kubernetes.Role.Kind" do
38
+ value :KIND_UNSPECIFIED, 0
39
+ value :ROLE, 1
40
+ value :CLUSTER_ROLE, 2
41
+ end
42
+ add_message "google.cloud.securitycenter.v1.Kubernetes.Binding" do
43
+ optional :ns, :string, 1
44
+ optional :name, :string, 2
45
+ optional :role, :message, 3, "google.cloud.securitycenter.v1.Kubernetes.Role"
46
+ repeated :subjects, :message, 4, "google.cloud.securitycenter.v1.Kubernetes.Subject"
47
+ end
48
+ add_message "google.cloud.securitycenter.v1.Kubernetes.Subject" do
49
+ optional :kind, :enum, 1, "google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType"
50
+ optional :ns, :string, 2
51
+ optional :name, :string, 3
52
+ end
53
+ add_enum "google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType" do
54
+ value :AUTH_TYPE_UNSPECIFIED, 0
55
+ value :USER, 1
56
+ value :SERVICEACCOUNT, 2
57
+ value :GROUP, 3
58
+ end
59
+ add_message "google.cloud.securitycenter.v1.Kubernetes.AccessReview" do
60
+ optional :group, :string, 1
61
+ optional :ns, :string, 2
62
+ optional :name, :string, 3
63
+ optional :resource, :string, 4
64
+ optional :subresource, :string, 5
65
+ optional :verb, :string, 6
66
+ optional :version, :string, 7
67
+ end
68
+ end
69
+ end
70
+
71
+ module Google
72
+ module Cloud
73
+ module SecurityCenter
74
+ module V1
75
+ Kubernetes = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes").msgclass
76
+ Kubernetes::Pod = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Pod").msgclass
77
+ Kubernetes::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Node").msgclass
78
+ Kubernetes::NodePool = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.NodePool").msgclass
79
+ Kubernetes::Role = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Role").msgclass
80
+ Kubernetes::Role::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Role.Kind").enummodule
81
+ Kubernetes::Binding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Binding").msgclass
82
+ Kubernetes::Subject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Subject").msgclass
83
+ Kubernetes::Subject::AuthType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType").enummodule
84
+ Kubernetes::AccessReview = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.AccessReview").msgclass
85
+ end
86
+ end
87
+ end
88
+ end
@@ -0,0 +1,23 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/cloud/securitycenter/v1/label.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ Google::Protobuf::DescriptorPool.generated_pool.build do
7
+ add_file("google/cloud/securitycenter/v1/label.proto", :syntax => :proto3) do
8
+ add_message "google.cloud.securitycenter.v1.Label" do
9
+ optional :name, :string, 1
10
+ optional :value, :string, 2
11
+ end
12
+ end
13
+ end
14
+
15
+ module Google
16
+ module Cloud
17
+ module SecurityCenter
18
+ module V1
19
+ Label = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Label").msgclass
20
+ end
21
+ end
22
+ end
23
+ end
@@ -62,6 +62,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
62
62
  value :DATA_DESTRUCTION, 29
63
63
  value :DOMAIN_POLICY_MODIFICATION, 30
64
64
  value :IMPAIR_DEFENSES, 31
65
+ value :NETWORK_SERVICE_DISCOVERY, 32
66
+ value :ACCESS_TOKEN_MANIPULATION, 33
67
+ value :ABUSE_ELEVATION_CONTROL_MECHANISM, 34
65
68
  end
66
69
  end
67
70
  end
@@ -25,6 +25,13 @@ module Google
25
25
  # @!attribute [rw] principal_email
26
26
  # @return [::String]
27
27
  # Associated email, such as "foo@google.com".
28
+ #
29
+ # The email address of the authenticated user (or service account on behalf
30
+ # of third party principal) making the request. For third party identity
31
+ # callers, the `principal_subject` field is populated instead of this field.
32
+ # For privacy reasons, the principal email address is sometimes redacted.
33
+ # For more information, see [Caller identities in audit
34
+ # logs](https://cloud.google.com/logging/docs/audit#user-id).
28
35
  # @!attribute [rw] caller_ip
29
36
  # @return [::String]
30
37
  # Caller's IP address, such as "1.1.1.1".
@@ -42,11 +49,52 @@ module Google
42
49
  # @!attribute [rw] method_name
43
50
  # @return [::String]
44
51
  # The method that the service account called, e.g. "SetIamPolicy".
52
+ # @!attribute [rw] principal_subject
53
+ # @return [::String]
54
+ # A string representing the principal_subject associated with the identity.
55
+ # As compared to `principal_email`, supports principals that aren't
56
+ # associated with email addresses, such as third party principals. For most
57
+ # identities, the format will be `principal://iam.googleapis.com/{identity
58
+ # pool name}/subjects/\\{subject}` except for some GKE identities
59
+ # (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
60
+ # format `serviceAccount:{identity pool name}[{subject}]`
61
+ # @!attribute [rw] service_account_key_name
62
+ # @return [::String]
63
+ # The name of the service account key used to create or exchange
64
+ # credentials for authenticating the service account making the request.
65
+ # This is a scheme-less URI full resource name. For example:
66
+ #
67
+ # "//iam.googleapis.com/projects/\\{PROJECT_ID}/serviceAccounts/\\{ACCOUNT}/keys/\\{key}"
68
+ # @!attribute [rw] service_account_delegation_info
69
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::ServiceAccountDelegationInfo>]
70
+ # Identity delegation history of an authenticated service account that makes
71
+ # the request. It contains information on the real authorities that try to
72
+ # access GCP resources by delegating on a service account. When multiple
73
+ # authorities are present, they are guaranteed to be sorted based on the
74
+ # original ordering of the identity delegation events.
45
75
  class Access
46
76
  include ::Google::Protobuf::MessageExts
47
77
  extend ::Google::Protobuf::MessageExts::ClassMethods
48
78
  end
49
79
 
80
+ # Identity delegation history of an authenticated service account.
81
+ # @!attribute [rw] principal_email
82
+ # @return [::String]
83
+ # The email address of a Google account.
84
+ # @!attribute [rw] principal_subject
85
+ # @return [::String]
86
+ # A string representing the principal_subject associated with the identity.
87
+ # As compared to `principal_email`, supports principals that aren't
88
+ # associated with email addresses, such as third party principals. For most
89
+ # identities, the format will be `principal://iam.googleapis.com/{identity
90
+ # pool name}/subjects/\\{subject}` except for some GKE identities
91
+ # (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
92
+ # format `serviceAccount:{identity pool name}[{subject}]`
93
+ class ServiceAccountDelegationInfo
94
+ include ::Google::Protobuf::MessageExts
95
+ extend ::Google::Protobuf::MessageExts::ClassMethods
96
+ end
97
+
50
98
  # Represents a geographical location for a given access.
51
99
  # @!attribute [rw] region_code
52
100
  # @return [::String]
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module SecurityCenter
23
+ module V1
24
+ # Container associated with the finding.
25
+ # @!attribute [rw] name
26
+ # @return [::String]
27
+ # Container name.
28
+ # @!attribute [rw] uri
29
+ # @return [::String]
30
+ # Container image URI provided when configuring a pod/container.
31
+ # May identify a container image version using mutable tags.
32
+ # @!attribute [rw] image_id
33
+ # @return [::String]
34
+ # Optional container image id, when provided by the container runtime.
35
+ # Uniquely identifies the container image launched using a container image
36
+ # digest.
37
+ # @!attribute [rw] labels
38
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
39
+ # Container labels, as provided by the container runtime.
40
+ class Container
41
+ include ::Google::Protobuf::MessageExts
42
+ extend ::Google::Protobuf::MessageExts::ClassMethods
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module SecurityCenter
23
+ module V1
24
+ # Represents database access information, such as queries.
25
+ # A database may be a sub-resource of an instance (as in the case of CloudSQL
26
+ # instances or Cloud Spanner instances), or the database instance itself.
27
+ # Some database resources may not have the full resource name populated
28
+ # because these resource types are not yet supported by Cloud Asset Inventory
29
+ # (e.g. CloudSQL databases). In these cases only the display name will be
30
+ # provided.
31
+ # @!attribute [rw] name
32
+ # @return [::String]
33
+ # The full resource name of the database the user connected to, if it is
34
+ # supported by CAI. (https://google.aip.dev/122#full-resource-names)
35
+ # @!attribute [rw] display_name
36
+ # @return [::String]
37
+ # The human readable name of the database the user connected to.
38
+ # @!attribute [rw] user_name
39
+ # @return [::String]
40
+ # The username used to connect to the DB. This may not necessarily be an IAM
41
+ # principal, and has no required format.
42
+ # @!attribute [rw] query
43
+ # @return [::String]
44
+ # The SQL statement associated with the relevant access.
45
+ # @!attribute [rw] grantees
46
+ # @return [::Array<::String>]
47
+ # The target usernames/roles/groups of a SQL privilege grant (not an IAM
48
+ # policy change).
49
+ class Database
50
+ include ::Google::Protobuf::MessageExts
51
+ extend ::Google::Protobuf::MessageExts::ClassMethods
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
@@ -122,8 +122,8 @@ module Google
122
122
  # Output only. The most recent time this finding was muted or unmuted.
123
123
  # @!attribute [r] external_systems
124
124
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}]
125
- # Output only. Third party SIEM/SOAR fields within SCC, contains external system
126
- # information and external system finding fields.
125
+ # Output only. Third party SIEM/SOAR fields within SCC, contains external
126
+ # system information and external system finding fields.
127
127
  # @!attribute [rw] mitre_attack
128
128
  # @return [::Google::Cloud::SecurityCenter::V1::MitreAttack]
129
129
  # MITRE ATT&CK tactics and techniques related to this finding.
@@ -146,9 +146,9 @@ module Google
146
146
  # Represents operating system processes associated with the Finding.
147
147
  # @!attribute [r] contacts
148
148
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}]
149
- # Output only. Map containing the point of contacts for the given finding. The key
150
- # represents the type of contact, while the value contains a list of all the
151
- # contacts that pertain. Please refer to:
149
+ # Output only. Map containing the point of contacts for the given finding.
150
+ # The key represents the type of contact, while the value contains a list of
151
+ # all the contacts that pertain. Please refer to:
152
152
  # https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
153
153
  #
154
154
  # {
@@ -179,6 +179,16 @@ module Google
179
179
  # @!attribute [rw] next_steps
180
180
  # @return [::String]
181
181
  # Next steps associate to the finding.
182
+ # @!attribute [rw] containers
183
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
184
+ # Containers associated with the finding. containers provides information
185
+ # for both Kubernetes and non-Kubernetes containers.
186
+ # @!attribute [rw] kubernetes
187
+ # @return [::Google::Cloud::SecurityCenter::V1::Kubernetes]
188
+ # Kubernetes resources associated with the finding.
189
+ # @!attribute [rw] database
190
+ # @return [::Google::Cloud::SecurityCenter::V1::Database]
191
+ # Database associated with the finding.
182
192
  class Finding
183
193
  include ::Google::Protobuf::MessageExts
184
194
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -35,6 +35,9 @@ module Google
35
35
  # @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature>]
36
36
  # The list of matched signatures indicating that the given
37
37
  # process is present in the environment.
38
+ # @!attribute [rw] uris
39
+ # @return [::Array<::String>]
40
+ # The list of URIs associated to the Findings.
38
41
  class Indicator
39
42
  include ::Google::Protobuf::MessageExts
40
43
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,203 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module SecurityCenter
23
+ module V1
24
+ # Kubernetes related attributes.
25
+ # @!attribute [rw] pods
26
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Pod>]
27
+ # Kubernetes Pods associated with the finding. This field will contain Pod
28
+ # records for each container that is owned by a Pod.
29
+ # @!attribute [rw] nodes
30
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
31
+ # Provides Kubernetes Node information.
32
+ # @!attribute [rw] node_pools
33
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::NodePool>]
34
+ # GKE Node Pools associated with the finding. This field will
35
+ # contain NodePool information for each Node, when it is available.
36
+ # @!attribute [rw] roles
37
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Role>]
38
+ # Provides Kubernetes role information for findings that involve
39
+ # Roles or ClusterRoles.
40
+ # @!attribute [rw] bindings
41
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Binding>]
42
+ # Provides Kubernetes role binding information for findings that involve
43
+ # RoleBindings or ClusterRoleBindings.
44
+ # @!attribute [rw] access_reviews
45
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::AccessReview>]
46
+ # Provides information on any Kubernetes access reviews (i.e. privilege
47
+ # checks) relevant to the finding.
48
+ class Kubernetes
49
+ include ::Google::Protobuf::MessageExts
50
+ extend ::Google::Protobuf::MessageExts::ClassMethods
51
+
52
+ # Kubernetes Pod.
53
+ # @!attribute [rw] ns
54
+ # @return [::String]
55
+ # Kubernetes Pod namespace.
56
+ # @!attribute [rw] name
57
+ # @return [::String]
58
+ # Kubernetes Pod name.
59
+ # @!attribute [rw] labels
60
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
61
+ # Pod labels. For Kubernetes containers, these are applied to the
62
+ # container.
63
+ # @!attribute [rw] containers
64
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
65
+ # Pod containers associated with this finding, if any.
66
+ class Pod
67
+ include ::Google::Protobuf::MessageExts
68
+ extend ::Google::Protobuf::MessageExts::ClassMethods
69
+ end
70
+
71
+ # Kubernetes Nodes associated with the finding.
72
+ # @!attribute [rw] name
73
+ # @return [::String]
74
+ # Full Resource name of the Compute Engine VM running the
75
+ # cluster node.
76
+ class Node
77
+ include ::Google::Protobuf::MessageExts
78
+ extend ::Google::Protobuf::MessageExts::ClassMethods
79
+ end
80
+
81
+ # Provides GKE Node Pool information.
82
+ # @!attribute [rw] name
83
+ # @return [::String]
84
+ # Kubernetes Node pool name.
85
+ # @!attribute [rw] nodes
86
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
87
+ # Nodes associated with the finding.
88
+ class NodePool
89
+ include ::Google::Protobuf::MessageExts
90
+ extend ::Google::Protobuf::MessageExts::ClassMethods
91
+ end
92
+
93
+ # Kubernetes Role or ClusterRole.
94
+ # @!attribute [rw] kind
95
+ # @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role::Kind]
96
+ # Role type.
97
+ # @!attribute [rw] ns
98
+ # @return [::String]
99
+ # Role namespace.
100
+ # @!attribute [rw] name
101
+ # @return [::String]
102
+ # Role name.
103
+ class Role
104
+ include ::Google::Protobuf::MessageExts
105
+ extend ::Google::Protobuf::MessageExts::ClassMethods
106
+
107
+ # Types of Kubernetes roles.
108
+ module Kind
109
+ # Role type is not specified.
110
+ KIND_UNSPECIFIED = 0
111
+
112
+ # Kubernetes Role.
113
+ ROLE = 1
114
+
115
+ # Kubernetes ClusterRole.
116
+ CLUSTER_ROLE = 2
117
+ end
118
+ end
119
+
120
+ # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
121
+ # @!attribute [rw] ns
122
+ # @return [::String]
123
+ # Namespace for binding.
124
+ # @!attribute [rw] name
125
+ # @return [::String]
126
+ # Name for binding.
127
+ # @!attribute [rw] role
128
+ # @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role]
129
+ # The Role or ClusterRole referenced by the binding.
130
+ # @!attribute [rw] subjects
131
+ # @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject>]
132
+ # Represents the subjects(s) bound to the role. Not always available
133
+ # for PATCH requests.
134
+ class Binding
135
+ include ::Google::Protobuf::MessageExts
136
+ extend ::Google::Protobuf::MessageExts::ClassMethods
137
+ end
138
+
139
+ # Represents a Kubernetes Subject.
140
+ # @!attribute [rw] kind
141
+ # @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject::AuthType]
142
+ # Authentication type for subject.
143
+ # @!attribute [rw] ns
144
+ # @return [::String]
145
+ # Namespace for subject.
146
+ # @!attribute [rw] name
147
+ # @return [::String]
148
+ # Name for subject.
149
+ class Subject
150
+ include ::Google::Protobuf::MessageExts
151
+ extend ::Google::Protobuf::MessageExts::ClassMethods
152
+
153
+ # Auth types that can be used for Subject's kind field.
154
+ module AuthType
155
+ # Authentication is not specified.
156
+ AUTH_TYPE_UNSPECIFIED = 0
157
+
158
+ # User with valid certificate.
159
+ USER = 1
160
+
161
+ # Users managed by Kubernetes API with credentials stored as Secrets.
162
+ SERVICEACCOUNT = 2
163
+
164
+ # Collection of users.
165
+ GROUP = 3
166
+ end
167
+ end
168
+
169
+ # Conveys information about a Kubernetes access review (e.g. kubectl auth
170
+ # can-i ...) that was involved in a finding.
171
+ # @!attribute [rw] group
172
+ # @return [::String]
173
+ # Group is the API Group of the Resource. "*" means all.
174
+ # @!attribute [rw] ns
175
+ # @return [::String]
176
+ # Namespace of the action being requested. Currently, there is no
177
+ # distinction between no namespace and all namespaces. Both
178
+ # are represented by "" (empty).
179
+ # @!attribute [rw] name
180
+ # @return [::String]
181
+ # Name is the name of the resource being requested. Empty means all.
182
+ # @!attribute [rw] resource
183
+ # @return [::String]
184
+ # Resource is the optional resource type requested. "*" means all.
185
+ # @!attribute [rw] subresource
186
+ # @return [::String]
187
+ # Subresource is the optional subresource type.
188
+ # @!attribute [rw] verb
189
+ # @return [::String]
190
+ # Verb is a Kubernetes resource API verb, like: get, list, watch, create,
191
+ # update, delete, proxy. "*" means all.
192
+ # @!attribute [rw] version
193
+ # @return [::String]
194
+ # Version is the API Version of the Resource. "*" means all.
195
+ class AccessReview
196
+ include ::Google::Protobuf::MessageExts
197
+ extend ::Google::Protobuf::MessageExts::ClassMethods
198
+ end
199
+ end
200
+ end
201
+ end
202
+ end
203
+ end
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module SecurityCenter
23
+ module V1
24
+ # Label represents a generic name=value label. Label has separate name and
25
+ # value fields to support filtering with contains().
26
+ # @!attribute [rw] name
27
+ # @return [::String]
28
+ # Label name.
29
+ # @!attribute [rw] value
30
+ # @return [::String]
31
+ # Label value.
32
+ class Label
33
+ include ::Google::Protobuf::MessageExts
34
+ extend ::Google::Protobuf::MessageExts::ClassMethods
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
@@ -195,6 +195,15 @@ module Google
195
195
 
196
196
  # T1562
197
197
  IMPAIR_DEFENSES = 31
198
+
199
+ # T1046
200
+ NETWORK_SERVICE_DISCOVERY = 32
201
+
202
+ # T1134
203
+ ACCESS_TOKEN_MANIPULATION = 33
204
+
205
+ # T1548
206
+ ABUSE_ELEVATION_CONTROL_MECHANISM = 34
198
207
  end
199
208
  end
200
209
  end
@@ -26,8 +26,6 @@ module Google
26
26
  # service Foo {
27
27
  # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
28
28
  # }
29
- #
30
- # The JSON representation for `Empty` is empty JSON object `{}`.
31
29
  class Empty
32
30
  include ::Google::Protobuf::MessageExts
33
31
  extend ::Google::Protobuf::MessageExts::ClassMethods
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-security_center-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.17.0
4
+ version: 0.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-08 00:00:00.000000000 Z
11
+ date: 2022-08-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -197,6 +197,8 @@ files:
197
197
  - lib/google/cloud/securitycenter/v1/compliance_pb.rb
198
198
  - lib/google/cloud/securitycenter/v1/connection_pb.rb
199
199
  - lib/google/cloud/securitycenter/v1/contact_details_pb.rb
200
+ - lib/google/cloud/securitycenter/v1/container_pb.rb
201
+ - lib/google/cloud/securitycenter/v1/database_pb.rb
200
202
  - lib/google/cloud/securitycenter/v1/exfiltration_pb.rb
201
203
  - lib/google/cloud/securitycenter/v1/external_system_pb.rb
202
204
  - lib/google/cloud/securitycenter/v1/file_pb.rb
@@ -204,6 +206,8 @@ files:
204
206
  - lib/google/cloud/securitycenter/v1/folder_pb.rb
205
207
  - lib/google/cloud/securitycenter/v1/iam_binding_pb.rb
206
208
  - lib/google/cloud/securitycenter/v1/indicator_pb.rb
209
+ - lib/google/cloud/securitycenter/v1/kubernetes_pb.rb
210
+ - lib/google/cloud/securitycenter/v1/label_pb.rb
207
211
  - lib/google/cloud/securitycenter/v1/mitre_attack_pb.rb
208
212
  - lib/google/cloud/securitycenter/v1/mute_config_pb.rb
209
213
  - lib/google/cloud/securitycenter/v1/notification_config_pb.rb
@@ -226,6 +230,8 @@ files:
226
230
  - proto_docs/google/cloud/securitycenter/v1/compliance.rb
227
231
  - proto_docs/google/cloud/securitycenter/v1/connection.rb
228
232
  - proto_docs/google/cloud/securitycenter/v1/contact_details.rb
233
+ - proto_docs/google/cloud/securitycenter/v1/container.rb
234
+ - proto_docs/google/cloud/securitycenter/v1/database.rb
229
235
  - proto_docs/google/cloud/securitycenter/v1/exfiltration.rb
230
236
  - proto_docs/google/cloud/securitycenter/v1/external_system.rb
231
237
  - proto_docs/google/cloud/securitycenter/v1/file.rb
@@ -233,6 +239,8 @@ files:
233
239
  - proto_docs/google/cloud/securitycenter/v1/folder.rb
234
240
  - proto_docs/google/cloud/securitycenter/v1/iam_binding.rb
235
241
  - proto_docs/google/cloud/securitycenter/v1/indicator.rb
242
+ - proto_docs/google/cloud/securitycenter/v1/kubernetes.rb
243
+ - proto_docs/google/cloud/securitycenter/v1/label.rb
236
244
  - proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb
237
245
  - proto_docs/google/cloud/securitycenter/v1/mute_config.rb
238
246
  - proto_docs/google/cloud/securitycenter/v1/notification_config.rb