google-cloud-security_center-v1 0.17.0 → 0.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e3ae250857d52e75b05799e39d34463565c53bc1f5e18ce96a342f2e5829ece5
-  data.tar.gz: 19a1d075069e65f39a958e685403bbc3f890185f650bd17738a7c30b1d1530c1
+  metadata.gz: b9f9e1b3b77d926a60e6bb8a4b11bed716ac74ae56ea1e984bafaac835607181
+  data.tar.gz: 864e8098c3f7ef2f1dc956793e076342fadf1e0024d92d36a1feef5d8c3f4b13
 SHA512:
-  metadata.gz: 189bcee49d131fc318bb64f83ccfa81fb404336d30ba06891e9ff018ce5dd94e53fe4405170e8b648e4e6259a1d26e4603195ef69388ab8ef8c1688df11ce17b
-  data.tar.gz: d4829dddaf03d5bfd1ea81ed607b94e651b3f20a514075893868c1b55ce564d1c91dc2b45b600a42429bdeb276f21ab5dc19a72b46ebe3b25788126d3e09997a
+  metadata.gz: a6ccb8d4673c5f879c6264014b64f9de358174110a24c25d2d6e4ab69dc74d31339d6b98f48aeac6a7798682e289b694592fa879e59fa875e37e926e685aa229
+  data.tar.gz: 275be95aea213891a5f156f769d324142fbd7e6b394baf2ce842843e81b942a177c4e47ceba24a294d0d1a7c6c411ecd4cca378220845a9bb76334ac7bfc8bcf

data/lib/google/cloud/security_center/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecurityCenter
       module V1
-        VERSION = "0.17.0"
+        VERSION = "0.20.0"
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/access_pb.rb

@@ -12,6 +12,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :user_agent_family, :string, 4
       optional :service_name, :string, 5
       optional :method_name, :string, 6
+      optional :principal_subject, :string, 7
+      optional :service_account_key_name, :string, 8
+      repeated :service_account_delegation_info, :message, 9, "google.cloud.securitycenter.v1.ServiceAccountDelegationInfo"
+    end
+    add_message "google.cloud.securitycenter.v1.ServiceAccountDelegationInfo" do
+      optional :principal_email, :string, 1
+      optional :principal_subject, :string, 2
     end
     add_message "google.cloud.securitycenter.v1.Geolocation" do
       optional :region_code, :string, 1
@@ -24,6 +31,7 @@ module Google
     module SecurityCenter
       module V1
         Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Access").msgclass
+        ServiceAccountDelegationInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.ServiceAccountDelegationInfo").msgclass
         Geolocation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Geolocation").msgclass
       end
     end

data/lib/google/cloud/securitycenter/v1/container_pb.rb

@@ -0,0 +1,27 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/container.proto
+
+require 'google/protobuf'
+
+require 'google/cloud/securitycenter/v1/label_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/container.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Container" do
+      optional :name, :string, 1
+      optional :uri, :string, 2
+      optional :image_id, :string, 3
+      repeated :labels, :message, 4, "google.cloud.securitycenter.v1.Label"
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Container = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Container").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/database_pb.rb

@@ -0,0 +1,26 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/database.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/database.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Database" do
+      optional :name, :string, 1
+      optional :display_name, :string, 2
+      optional :user_name, :string, 3
+      optional :query, :string, 4
+      repeated :grantees, :string, 5
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Database = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Database").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/finding_pb.rb

@@ -9,10 +9,13 @@ require 'google/cloud/securitycenter/v1/access_pb'
 require 'google/cloud/securitycenter/v1/compliance_pb'
 require 'google/cloud/securitycenter/v1/connection_pb'
 require 'google/cloud/securitycenter/v1/contact_details_pb'
+require 'google/cloud/securitycenter/v1/container_pb'
+require 'google/cloud/securitycenter/v1/database_pb'
 require 'google/cloud/securitycenter/v1/exfiltration_pb'
 require 'google/cloud/securitycenter/v1/external_system_pb'
 require 'google/cloud/securitycenter/v1/iam_binding_pb'
 require 'google/cloud/securitycenter/v1/indicator_pb'
+require 'google/cloud/securitycenter/v1/kubernetes_pb'
 require 'google/cloud/securitycenter/v1/mitre_attack_pb'
 require 'google/cloud/securitycenter/v1/process_pb'
 require 'google/cloud/securitycenter/v1/security_marks_pb'
@@ -52,6 +55,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :exfiltration, :message, 38, "google.cloud.securitycenter.v1.Exfiltration"
       repeated :iam_bindings, :message, 39, "google.cloud.securitycenter.v1.IamBinding"
       optional :next_steps, :string, 40
+      repeated :containers, :message, 42, "google.cloud.securitycenter.v1.Container"
+      optional :kubernetes, :message, 43, "google.cloud.securitycenter.v1.Kubernetes"
+      optional :database, :message, 44, "google.cloud.securitycenter.v1.Database"
     end
     add_enum "google.cloud.securitycenter.v1.Finding.State" do
       value :STATE_UNSPECIFIED, 0

data/lib/google/cloud/securitycenter/v1/indicator_pb.rb

@@ -9,6 +9,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :ip_addresses, :string, 1
       repeated :domains, :string, 2
       repeated :signatures, :message, 3, "google.cloud.securitycenter.v1.Indicator.ProcessSignature"
+      repeated :uris, :string, 4
     end
     add_message "google.cloud.securitycenter.v1.Indicator.ProcessSignature" do
       oneof :signature do

data/lib/google/cloud/securitycenter/v1/kubernetes_pb.rb

@@ -0,0 +1,88 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/kubernetes.proto
+
+require 'google/protobuf'
+
+require 'google/cloud/securitycenter/v1/container_pb'
+require 'google/cloud/securitycenter/v1/label_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/kubernetes.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Kubernetes" do
+      repeated :pods, :message, 1, "google.cloud.securitycenter.v1.Kubernetes.Pod"
+      repeated :nodes, :message, 2, "google.cloud.securitycenter.v1.Kubernetes.Node"
+      repeated :node_pools, :message, 3, "google.cloud.securitycenter.v1.Kubernetes.NodePool"
+      repeated :roles, :message, 4, "google.cloud.securitycenter.v1.Kubernetes.Role"
+      repeated :bindings, :message, 5, "google.cloud.securitycenter.v1.Kubernetes.Binding"
+      repeated :access_reviews, :message, 6, "google.cloud.securitycenter.v1.Kubernetes.AccessReview"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Pod" do
+      optional :ns, :string, 1
+      optional :name, :string, 2
+      repeated :labels, :message, 3, "google.cloud.securitycenter.v1.Label"
+      repeated :containers, :message, 4, "google.cloud.securitycenter.v1.Container"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Node" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.NodePool" do
+      optional :name, :string, 1
+      repeated :nodes, :message, 2, "google.cloud.securitycenter.v1.Kubernetes.Node"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Role" do
+      optional :kind, :enum, 1, "google.cloud.securitycenter.v1.Kubernetes.Role.Kind"
+      optional :ns, :string, 2
+      optional :name, :string, 3
+    end
+    add_enum "google.cloud.securitycenter.v1.Kubernetes.Role.Kind" do
+      value :KIND_UNSPECIFIED, 0
+      value :ROLE, 1
+      value :CLUSTER_ROLE, 2
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Binding" do
+      optional :ns, :string, 1
+      optional :name, :string, 2
+      optional :role, :message, 3, "google.cloud.securitycenter.v1.Kubernetes.Role"
+      repeated :subjects, :message, 4, "google.cloud.securitycenter.v1.Kubernetes.Subject"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Subject" do
+      optional :kind, :enum, 1, "google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType"
+      optional :ns, :string, 2
+      optional :name, :string, 3
+    end
+    add_enum "google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType" do
+      value :AUTH_TYPE_UNSPECIFIED, 0
+      value :USER, 1
+      value :SERVICEACCOUNT, 2
+      value :GROUP, 3
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.AccessReview" do
+      optional :group, :string, 1
+      optional :ns, :string, 2
+      optional :name, :string, 3
+      optional :resource, :string, 4
+      optional :subresource, :string, 5
+      optional :verb, :string, 6
+      optional :version, :string, 7
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Kubernetes = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes").msgclass
+        Kubernetes::Pod = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Pod").msgclass
+        Kubernetes::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Node").msgclass
+        Kubernetes::NodePool = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.NodePool").msgclass
+        Kubernetes::Role = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Role").msgclass
+        Kubernetes::Role::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Role.Kind").enummodule
+        Kubernetes::Binding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Binding").msgclass
+        Kubernetes::Subject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Subject").msgclass
+        Kubernetes::Subject::AuthType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType").enummodule
+        Kubernetes::AccessReview = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.AccessReview").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/label_pb.rb

@@ -0,0 +1,23 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/label.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/label.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Label" do
+      optional :name, :string, 1
+      optional :value, :string, 2
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Label = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Label").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/mitre_attack_pb.rb

@@ -62,6 +62,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :DATA_DESTRUCTION, 29
       value :DOMAIN_POLICY_MODIFICATION, 30
       value :IMPAIR_DEFENSES, 31
+      value :NETWORK_SERVICE_DISCOVERY, 32
+      value :ACCESS_TOKEN_MANIPULATION, 33
+      value :ABUSE_ELEVATION_CONTROL_MECHANISM, 34
     end
   end
 end

data/proto_docs/google/cloud/securitycenter/v1/access.rb

@@ -25,6 +25,13 @@ module Google
         # @!attribute [rw] principal_email
         #   @return [::String]
         #     Associated email, such as "foo@google.com".
+        #
+        #     The email address of the authenticated user (or service account on behalf
+        #     of third party principal) making the request. For third party identity
+        #     callers, the `principal_subject` field is populated instead of this field.
+        #     For privacy reasons, the principal email address is sometimes redacted.
+        #     For more information, see [Caller identities in audit
+        #     logs](https://cloud.google.com/logging/docs/audit#user-id).
         # @!attribute [rw] caller_ip
         #   @return [::String]
         #     Caller's IP address, such as "1.1.1.1".
@@ -42,11 +49,52 @@ module Google
         # @!attribute [rw] method_name
         #   @return [::String]
         #     The method that the service account called, e.g. "SetIamPolicy".
+        # @!attribute [rw] principal_subject
+        #   @return [::String]
+        #     A string representing the principal_subject associated with the identity.
+        #     As compared to `principal_email`, supports principals that aren't
+        #     associated with email addresses, such as third party principals. For most
+        #     identities, the format will be `principal://iam.googleapis.com/{identity
+        #     pool name}/subjects/\\{subject}` except for some GKE identities
+        #     (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+        #     format `serviceAccount:{identity pool name}[{subject}]`
+        # @!attribute [rw] service_account_key_name
+        #   @return [::String]
+        #     The name of the service account key used to create or exchange
+        #     credentials for authenticating the service account making the request.
+        #     This is a scheme-less URI full resource name. For example:
+        #
+        #     "//iam.googleapis.com/projects/\\{PROJECT_ID}/serviceAccounts/\\{ACCOUNT}/keys/\\{key}"
+        # @!attribute [rw] service_account_delegation_info
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::ServiceAccountDelegationInfo>]
+        #     Identity delegation history of an authenticated service account that makes
+        #     the request. It contains information on the real authorities that try to
+        #     access GCP resources by delegating on a service account. When multiple
+        #     authorities are present, they are guaranteed to be sorted based on the
+        #     original ordering of the identity delegation events.
         class Access
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Identity delegation history of an authenticated service account.
+        # @!attribute [rw] principal_email
+        #   @return [::String]
+        #     The email address of a Google account.
+        # @!attribute [rw] principal_subject
+        #   @return [::String]
+        #     A string representing the principal_subject associated with the identity.
+        #     As compared to `principal_email`, supports principals that aren't
+        #     associated with email addresses, such as third party principals. For most
+        #     identities, the format will be `principal://iam.googleapis.com/{identity
+        #     pool name}/subjects/\\{subject}` except for some GKE identities
+        #     (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+        #     format `serviceAccount:{identity pool name}[{subject}]`
+        class ServiceAccountDelegationInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Represents a geographical location for a given access.
         # @!attribute [rw] region_code
         #   @return [::String]

data/proto_docs/google/cloud/securitycenter/v1/container.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Container associated with the finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Container name.
+        # @!attribute [rw] uri
+        #   @return [::String]
+        #     Container image URI provided when configuring a pod/container.
+        #     May identify a container image version using mutable tags.
+        # @!attribute [rw] image_id
+        #   @return [::String]
+        #     Optional container image id, when provided by the container runtime.
+        #     Uniquely identifies the container image launched using a container image
+        #     digest.
+        # @!attribute [rw] labels
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
+        #     Container labels, as provided by the container runtime.
+        class Container
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/database.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Represents database access information, such as queries.
+        # A database may be a sub-resource of an instance (as in the case of CloudSQL
+        # instances or Cloud Spanner instances), or the database instance itself.
+        # Some database resources may not have the full resource name populated
+        # because these resource types are not yet supported by Cloud Asset Inventory
+        # (e.g. CloudSQL databases).  In these cases only the display name will be
+        # provided.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The full resource name of the database the user connected to, if it is
+        #     supported by CAI. (https://google.aip.dev/122#full-resource-names)
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The human readable name of the database the user connected to.
+        # @!attribute [rw] user_name
+        #   @return [::String]
+        #     The username used to connect to the DB. This may not necessarily be an IAM
+        #     principal, and has no required format.
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     The SQL statement associated with the relevant access.
+        # @!attribute [rw] grantees
+        #   @return [::Array<::String>]
+        #     The target usernames/roles/groups of a SQL privilege grant (not an IAM
+        #     policy change).
+        class Database
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/finding.rb

@@ -122,8 +122,8 @@ module Google
         #     Output only. The most recent time this finding was muted or unmuted.
         # @!attribute [r] external_systems
         #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}]
-        #     Output only. Third party SIEM/SOAR fields within SCC, contains external system
-        #     information and external system finding fields.
+        #     Output only. Third party SIEM/SOAR fields within SCC, contains external
+        #     system information and external system finding fields.
         # @!attribute [rw] mitre_attack
         #   @return [::Google::Cloud::SecurityCenter::V1::MitreAttack]
         #     MITRE ATT&CK tactics and techniques related to this finding.
@@ -146,9 +146,9 @@ module Google
         #     Represents operating system processes associated with the Finding.
         # @!attribute [r] contacts
         #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}]
-        #     Output only. Map containing the point of contacts for the given finding. The key
-        #     represents the type of contact, while the value contains a list of all the
-        #     contacts that pertain. Please refer to:
+        #     Output only. Map containing the point of contacts for the given finding.
+        #     The key represents the type of contact, while the value contains a list of
+        #     all the contacts that pertain. Please refer to:
         #     https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
         #
         #         {
@@ -179,6 +179,16 @@ module Google
         # @!attribute [rw] next_steps
         #   @return [::String]
         #     Next steps associate to the finding.
+        # @!attribute [rw] containers
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
+        #     Containers associated with the finding. containers provides information
+        #     for both Kubernetes and non-Kubernetes containers.
+        # @!attribute [rw] kubernetes
+        #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes]
+        #     Kubernetes resources associated with the finding.
+        # @!attribute [rw] database
+        #   @return [::Google::Cloud::SecurityCenter::V1::Database]
+        #     Database associated with the finding.
         class Finding
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/indicator.rb

@@ -35,6 +35,9 @@ module Google
         #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature>]
         #     The list of matched signatures indicating that the given
         #     process is present in the environment.
+        # @!attribute [rw] uris
+        #   @return [::Array<::String>]
+        #     The list of URIs associated to the Findings.
         class Indicator
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/kubernetes.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Kubernetes related attributes.
+        # @!attribute [rw] pods
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Pod>]
+        #     Kubernetes Pods associated with the finding. This field will contain Pod
+        #     records for each container that is owned by a Pod.
+        # @!attribute [rw] nodes
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
+        #     Provides Kubernetes Node information.
+        # @!attribute [rw] node_pools
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::NodePool>]
+        #     GKE Node Pools associated with the finding. This field will
+        #     contain NodePool information for each Node, when it is available.
+        # @!attribute [rw] roles
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Role>]
+        #     Provides Kubernetes role information for findings that involve
+        #     Roles or ClusterRoles.
+        # @!attribute [rw] bindings
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Binding>]
+        #     Provides Kubernetes role binding information for findings that involve
+        #     RoleBindings or ClusterRoleBindings.
+        # @!attribute [rw] access_reviews
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::AccessReview>]
+        #     Provides information on any Kubernetes access reviews (i.e. privilege
+        #     checks) relevant to the finding.
+        class Kubernetes
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Kubernetes Pod.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Kubernetes Pod namespace.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Kubernetes Pod name.
+          # @!attribute [rw] labels
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
+          #     Pod labels.  For Kubernetes containers, these are applied to the
+          #     container.
+          # @!attribute [rw] containers
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
+          #     Pod containers associated with this finding, if any.
+          class Pod
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Kubernetes Nodes associated with the finding.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Full Resource name of the Compute Engine VM running the
+          #     cluster node.
+          class Node
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Provides GKE Node Pool information.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Kubernetes Node pool name.
+          # @!attribute [rw] nodes
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
+          #     Nodes associated with the finding.
+          class NodePool
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Kubernetes Role or ClusterRole.
+          # @!attribute [rw] kind
+          #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role::Kind]
+          #     Role type.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Role namespace.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Role name.
+          class Role
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Types of Kubernetes roles.
+            module Kind
+              # Role type is not specified.
+              KIND_UNSPECIFIED = 0
+
+              # Kubernetes Role.
+              ROLE = 1
+
+              # Kubernetes ClusterRole.
+              CLUSTER_ROLE = 2
+            end
+          end
+
+          # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Namespace for binding.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Name for binding.
+          # @!attribute [rw] role
+          #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role]
+          #     The Role or ClusterRole referenced by the binding.
+          # @!attribute [rw] subjects
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject>]
+          #     Represents the subjects(s) bound to the role. Not always available
+          #     for PATCH requests.
+          class Binding
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Represents a Kubernetes Subject.
+          # @!attribute [rw] kind
+          #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject::AuthType]
+          #     Authentication type for subject.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Namespace for subject.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Name for subject.
+          class Subject
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Auth types that can be used for Subject's kind field.
+            module AuthType
+              # Authentication is not specified.
+              AUTH_TYPE_UNSPECIFIED = 0
+
+              # User with valid certificate.
+              USER = 1
+
+              # Users managed by Kubernetes API with credentials stored as Secrets.
+              SERVICEACCOUNT = 2
+
+              # Collection of users.
+              GROUP = 3
+            end
+          end
+
+          # Conveys information about a Kubernetes access review (e.g. kubectl auth
+          # can-i ...) that was involved in a finding.
+          # @!attribute [rw] group
+          #   @return [::String]
+          #     Group is the API Group of the Resource. "*" means all.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Namespace of the action being requested. Currently, there is no
+          #     distinction between no namespace and all namespaces.  Both
+          #     are represented by "" (empty).
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Name is the name of the resource being requested. Empty means all.
+          # @!attribute [rw] resource
+          #   @return [::String]
+          #     Resource is the optional resource type requested. "*" means all.
+          # @!attribute [rw] subresource
+          #   @return [::String]
+          #     Subresource is the optional subresource type.
+          # @!attribute [rw] verb
+          #   @return [::String]
+          #     Verb is a Kubernetes resource API verb, like: get, list, watch, create,
+          #     update, delete, proxy. "*" means all.
+          # @!attribute [rw] version
+          #   @return [::String]
+          #     Version is the API Version of the Resource. "*" means all.
+          class AccessReview
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/label.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Label represents a generic name=value label. Label has separate name and
+        # value fields to support filtering with contains().
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Label name.
+        # @!attribute [rw] value
+        #   @return [::String]
+        #     Label value.
+        class Label
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb

@@ -195,6 +195,15 @@ module Google
 
             # T1562
             IMPAIR_DEFENSES = 31
+
+            # T1046
+            NETWORK_SERVICE_DISCOVERY = 32
+
+            # T1134
+            ACCESS_TOKEN_MANIPULATION = 33
+
+            # T1548
+            ABUSE_ELEVATION_CONTROL_MECHANISM = 34
           end
         end
       end

data/proto_docs/google/protobuf/empty.rb

@@ -26,8 +26,6 @@ module Google
     #     service Foo {
     #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
     #     }
-    #
-    # The JSON representation for `Empty` is empty JSON object `{}`.
     class Empty
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-security_center-v1
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.20.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-08 00:00:00.000000000 Z
+date: 2022-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -197,6 +197,8 @@ files:
 - lib/google/cloud/securitycenter/v1/compliance_pb.rb
 - lib/google/cloud/securitycenter/v1/connection_pb.rb
 - lib/google/cloud/securitycenter/v1/contact_details_pb.rb
+- lib/google/cloud/securitycenter/v1/container_pb.rb
+- lib/google/cloud/securitycenter/v1/database_pb.rb
 - lib/google/cloud/securitycenter/v1/exfiltration_pb.rb
 - lib/google/cloud/securitycenter/v1/external_system_pb.rb
 - lib/google/cloud/securitycenter/v1/file_pb.rb
@@ -204,6 +206,8 @@ files:
 - lib/google/cloud/securitycenter/v1/folder_pb.rb
 - lib/google/cloud/securitycenter/v1/iam_binding_pb.rb
 - lib/google/cloud/securitycenter/v1/indicator_pb.rb
+- lib/google/cloud/securitycenter/v1/kubernetes_pb.rb
+- lib/google/cloud/securitycenter/v1/label_pb.rb
 - lib/google/cloud/securitycenter/v1/mitre_attack_pb.rb
 - lib/google/cloud/securitycenter/v1/mute_config_pb.rb
 - lib/google/cloud/securitycenter/v1/notification_config_pb.rb
@@ -226,6 +230,8 @@ files:
 - proto_docs/google/cloud/securitycenter/v1/compliance.rb
 - proto_docs/google/cloud/securitycenter/v1/connection.rb
 - proto_docs/google/cloud/securitycenter/v1/contact_details.rb
+- proto_docs/google/cloud/securitycenter/v1/container.rb
+- proto_docs/google/cloud/securitycenter/v1/database.rb
 - proto_docs/google/cloud/securitycenter/v1/exfiltration.rb
 - proto_docs/google/cloud/securitycenter/v1/external_system.rb
 - proto_docs/google/cloud/securitycenter/v1/file.rb
@@ -233,6 +239,8 @@ files:
 - proto_docs/google/cloud/securitycenter/v1/folder.rb
 - proto_docs/google/cloud/securitycenter/v1/iam_binding.rb
 - proto_docs/google/cloud/securitycenter/v1/indicator.rb
+- proto_docs/google/cloud/securitycenter/v1/kubernetes.rb
+- proto_docs/google/cloud/securitycenter/v1/label.rb
 - proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb
 - proto_docs/google/cloud/securitycenter/v1/mute_config.rb
 - proto_docs/google/cloud/securitycenter/v1/notification_config.rb