google-cloud-security_center-v1 0.29.1 → 0.30.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/google/cloud/security_center/v1/security_center/client.rb +6 -6
- data/lib/google/cloud/security_center/v1/security_center/rest/client.rb +6 -6
- data/lib/google/cloud/security_center/v1/version.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/access_pb.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/cloud_dlp_data_profile_pb.rb +2 -1
- data/proto_docs/google/cloud/securitycenter/v1/access.rb +3 -0
- data/proto_docs/google/cloud/securitycenter/v1/cloud_dlp_data_profile.rb +15 -0
- data/proto_docs/google/cloud/securitycenter/v1/cloud_dlp_inspection.rb +2 -2
- data/proto_docs/google/cloud/securitycenter/v1/compliance.rb +4 -4
- data/proto_docs/google/cloud/securitycenter/v1/contact_details.rb +1 -1
- data/proto_docs/google/cloud/securitycenter/v1/container.rb +5 -6
- data/proto_docs/google/cloud/securitycenter/v1/database.rb +20 -14
- data/proto_docs/google/cloud/securitycenter/v1/exfiltration.rb +12 -10
- data/proto_docs/google/cloud/securitycenter/v1/file.rb +1 -2
- data/proto_docs/google/cloud/securitycenter/v1/iam_binding.rb +2 -2
- data/proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb +9 -9
- data/proto_docs/google/cloud/securitycenter/v1/kubernetes.rb +42 -33
- data/proto_docs/google/cloud/securitycenter/v1/label.rb +6 -4
- data/proto_docs/google/cloud/securitycenter/v1/organization_settings.rb +3 -3
- data/proto_docs/google/cloud/securitycenter/v1/process.rb +10 -10
- data/proto_docs/google/cloud/securitycenter/v1/securitycenter_service.rb +6 -6
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f280aa261383e0c8e3cbb2ef8ab6408ab34eb1d4f3f23e7ae6429aae5225ade5
|
4
|
+
data.tar.gz: 6ae917f3d90c3fd37e2733e3ad9080141454fa97ff89bf7b52439e3669e5d4c1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 161fe0c139f2cd33a4544a83d0fec61f5897b20111d226ff364590bd7534e7c6be3b0edfba346af8f586afa68ac27b85db5e23d6618106abe19994b1322c56a2
|
7
|
+
data.tar.gz: c06dd2cf03d23f61e0eff887925486be45b63491c12ed8c324578aa1b14c7ac8db3f81042ac530ce907b3fc64406aaf5e977ab802e90197c2475e59027977610
|
@@ -692,9 +692,9 @@ module Google
|
|
692
692
|
# Required. The mute config being created.
|
693
693
|
# @param mute_config_id [::String]
|
694
694
|
# Required. Unique identifier provided by the client within the parent scope.
|
695
|
-
# It must consist of
|
696
|
-
#
|
697
|
-
#
|
695
|
+
# It must consist of only lowercase letters, numbers, and hyphens, must start
|
696
|
+
# with a letter, must end with either a letter or a number, and must be 63
|
697
|
+
# characters or less.
|
698
698
|
#
|
699
699
|
# @yield [response, operation] Access the result along with the RPC operation
|
700
700
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::MuteConfig]
|
@@ -4540,9 +4540,9 @@ module Google
|
|
4540
4540
|
# Required. The BigQuery export being created.
|
4541
4541
|
# @param big_query_export_id [::String]
|
4542
4542
|
# Required. Unique identifier provided by the client within the parent scope.
|
4543
|
-
# It must consist of
|
4544
|
-
#
|
4545
|
-
#
|
4543
|
+
# It must consist of only lowercase letters, numbers, and hyphens, must start
|
4544
|
+
# with a letter, must end with either a letter or a number, and must be 63
|
4545
|
+
# characters or less.
|
4546
4546
|
#
|
4547
4547
|
# @yield [response, operation] Access the result along with the RPC operation
|
4548
4548
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::BigQueryExport]
|
@@ -584,9 +584,9 @@ module Google
|
|
584
584
|
# Required. The mute config being created.
|
585
585
|
# @param mute_config_id [::String]
|
586
586
|
# Required. Unique identifier provided by the client within the parent scope.
|
587
|
-
# It must consist of
|
588
|
-
#
|
589
|
-
#
|
587
|
+
# It must consist of only lowercase letters, numbers, and hyphens, must start
|
588
|
+
# with a letter, must end with either a letter or a number, and must be 63
|
589
|
+
# characters or less.
|
590
590
|
# @yield [result, operation] Access the result along with the TransportOperation object
|
591
591
|
# @yieldparam result [::Google::Cloud::SecurityCenter::V1::MuteConfig]
|
592
592
|
# @yieldparam operation [::Gapic::Rest::TransportOperation]
|
@@ -3557,9 +3557,9 @@ module Google
|
|
3557
3557
|
# Required. The BigQuery export being created.
|
3558
3558
|
# @param big_query_export_id [::String]
|
3559
3559
|
# Required. Unique identifier provided by the client within the parent scope.
|
3560
|
-
# It must consist of
|
3561
|
-
#
|
3562
|
-
#
|
3560
|
+
# It must consist of only lowercase letters, numbers, and hyphens, must start
|
3561
|
+
# with a letter, must end with either a letter or a number, and must be 63
|
3562
|
+
# characters or less.
|
3563
3563
|
# @yield [result, operation] Access the result along with the TransportOperation object
|
3564
3564
|
# @yieldparam result [::Google::Cloud::SecurityCenter::V1::BigQueryExport]
|
3565
3565
|
# @yieldparam operation [::Gapic::Rest::TransportOperation]
|
@@ -5,7 +5,7 @@
|
|
5
5
|
require 'google/protobuf'
|
6
6
|
|
7
7
|
|
8
|
-
descriptor_data = "\n+google/cloud/securitycenter/v1/access.proto\x12\x1egoogle.cloud.securitycenter.v1\"\
|
8
|
+
descriptor_data = "\n+google/cloud/securitycenter/v1/access.proto\x12\x1egoogle.cloud.securitycenter.v1\"\x89\x03\n\x06\x41\x63\x63\x65ss\x12\x17\n\x0fprincipal_email\x18\x01 \x01(\t\x12\x11\n\tcaller_ip\x18\x02 \x01(\t\x12\x42\n\rcaller_ip_geo\x18\x03 \x01(\x0b\x32+.google.cloud.securitycenter.v1.Geolocation\x12\x19\n\x11user_agent_family\x18\x04 \x01(\t\x12\x12\n\nuser_agent\x18\x0c \x01(\t\x12\x14\n\x0cservice_name\x18\x05 \x01(\t\x12\x13\n\x0bmethod_name\x18\x06 \x01(\t\x12\x19\n\x11principal_subject\x18\x07 \x01(\t\x12 \n\x18service_account_key_name\x18\x08 \x01(\t\x12\x65\n\x1fservice_account_delegation_info\x18\t \x03(\x0b\x32<.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo\x12\x11\n\tuser_name\x18\x0b \x01(\t\"R\n\x1cServiceAccountDelegationInfo\x12\x17\n\x0fprincipal_email\x18\x01 \x01(\t\x12\x19\n\x11principal_subject\x18\x02 \x01(\t\"\"\n\x0bGeolocation\x12\x13\n\x0bregion_code\x18\x01 \x01(\tB\xe5\x01\n\"com.google.cloud.securitycenter.v1B\x0b\x41\x63\x63\x65ssProtoP\x01ZJcloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb\xaa\x02\x1eGoogle.Cloud.SecurityCenter.V1\xca\x02\x1eGoogle\\Cloud\\SecurityCenter\\V1\xea\x02!Google::Cloud::SecurityCenter::V1b\x06proto3"
|
9
9
|
|
10
10
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
11
11
|
|
@@ -7,7 +7,7 @@ require 'google/protobuf'
|
|
7
7
|
require 'google/api/resource_pb'
|
8
8
|
|
9
9
|
|
10
|
-
descriptor_data = "\n;google/cloud/securitycenter/v1/cloud_dlp_data_profile.proto\x12\x1egoogle.cloud.securitycenter.v1\x1a\x19google/api/resource.proto\"
|
10
|
+
descriptor_data = "\n;google/cloud/securitycenter/v1/cloud_dlp_data_profile.proto\x12\x1egoogle.cloud.securitycenter.v1\x1a\x19google/api/resource.proto\"\xf4\x01\n\x13\x43loudDlpDataProfile\x12>\n\x0c\x64\x61ta_profile\x18\x01 \x01(\tB(\xfa\x41%\n#dlp.googleapis.com/TableDataProfile\x12S\n\x0bparent_type\x18\x02 \x01(\x0e\x32>.google.cloud.securitycenter.v1.CloudDlpDataProfile.ParentType\"H\n\nParentType\x12\x1b\n\x17PARENT_TYPE_UNSPECIFIED\x10\x00\x12\x10\n\x0cORGANIZATION\x10\x01\x12\x0b\n\x07PROJECT\x10\x02\x42\x94\x03\n\"com.google.cloud.securitycenter.v1B\x18\x43loudDlpDataProfileProtoP\x01ZJcloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb\xaa\x02\x1eGoogle.Cloud.SecurityCenter.V1\xca\x02\x1eGoogle\\Cloud\\SecurityCenter\\V1\xea\x02!Google::Cloud::SecurityCenter::V1\xea\x41\x9e\x01\n#dlp.googleapis.com/TableDataProfile\x12\x30projects/{project}/tableProfiles/{table_profile}\x12\x45projects/{project}/locations/{location}/tableProfiles/{table_profile}b\x06proto3"
|
11
11
|
|
12
12
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
13
13
|
|
@@ -38,6 +38,7 @@ module Google
|
|
38
38
|
module SecurityCenter
|
39
39
|
module V1
|
40
40
|
CloudDlpDataProfile = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.CloudDlpDataProfile").msgclass
|
41
|
+
CloudDlpDataProfile::ParentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.CloudDlpDataProfile.ParentType").enummodule
|
41
42
|
end
|
42
43
|
end
|
43
44
|
end
|
@@ -42,6 +42,9 @@ module Google
|
|
42
42
|
# @return [::String]
|
43
43
|
# Type of user agent associated with the finding. For example, an operating
|
44
44
|
# system shell or an embedded or standalone application.
|
45
|
+
# @!attribute [rw] user_agent
|
46
|
+
# @return [::String]
|
47
|
+
# The caller's user agent string associated with the finding.
|
45
48
|
# @!attribute [rw] service_name
|
46
49
|
# @return [::String]
|
47
50
|
# This is the API service that the service account made a call to, e.g.
|
@@ -27,9 +27,24 @@ module Google
|
|
27
27
|
# @return [::String]
|
28
28
|
# Name of the data profile, for example,
|
29
29
|
# `projects/123/locations/europe/tableProfiles/8383929`.
|
30
|
+
# @!attribute [rw] parent_type
|
31
|
+
# @return [::Google::Cloud::SecurityCenter::V1::CloudDlpDataProfile::ParentType]
|
32
|
+
# The resource hierarchy level at which the data profile was generated.
|
30
33
|
class CloudDlpDataProfile
|
31
34
|
include ::Google::Protobuf::MessageExts
|
32
35
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
36
|
+
|
37
|
+
# Parents for configurations that produce data profile findings.
|
38
|
+
module ParentType
|
39
|
+
# Unspecified parent type.
|
40
|
+
PARENT_TYPE_UNSPECIFIED = 0
|
41
|
+
|
42
|
+
# Organization-level configurations.
|
43
|
+
ORGANIZATION = 1
|
44
|
+
|
45
|
+
# Project-level configurations.
|
46
|
+
PROJECT = 2
|
47
|
+
end
|
33
48
|
end
|
34
49
|
end
|
35
50
|
end
|
@@ -30,8 +30,8 @@ module Google
|
|
30
30
|
# `projects/123/locations/europe/dlpJobs/i-8383929`.
|
31
31
|
# @!attribute [rw] info_type
|
32
32
|
# @return [::String]
|
33
|
-
# The
|
34
|
-
#
|
33
|
+
# The type of information (or
|
34
|
+
# *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found,
|
35
35
|
# for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
|
36
36
|
# @!attribute [rw] info_type_count
|
37
37
|
# @return [::Integer]
|
@@ -25,14 +25,14 @@ module Google
|
|
25
25
|
# recommendations.
|
26
26
|
# @!attribute [rw] standard
|
27
27
|
# @return [::String]
|
28
|
-
#
|
29
|
-
#
|
28
|
+
# Industry-wide compliance standards or benchmarks, such as CIS, PCI, and
|
29
|
+
# OWASP.
|
30
30
|
# @!attribute [rw] version
|
31
31
|
# @return [::String]
|
32
|
-
# Version of the standard
|
32
|
+
# Version of the standard or benchmark, for example, 1.1
|
33
33
|
# @!attribute [rw] ids
|
34
34
|
# @return [::Array<::String>]
|
35
|
-
# Policies within the standard
|
35
|
+
# Policies within the standard or benchmark, for example, A.12.4.1
|
36
36
|
class Compliance
|
37
37
|
include ::Google::Protobuf::MessageExts
|
38
38
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -21,7 +21,7 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module SecurityCenter
|
23
23
|
module V1
|
24
|
-
#
|
24
|
+
# Details about specific contacts
|
25
25
|
# @!attribute [rw] contacts
|
26
26
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Contact>]
|
27
27
|
# A list of contacts
|
@@ -24,16 +24,15 @@ module Google
|
|
24
24
|
# Container associated with the finding.
|
25
25
|
# @!attribute [rw] name
|
26
26
|
# @return [::String]
|
27
|
-
#
|
27
|
+
# Name of the container.
|
28
28
|
# @!attribute [rw] uri
|
29
29
|
# @return [::String]
|
30
|
-
# Container image URI provided when configuring a pod
|
31
|
-
#
|
30
|
+
# Container image URI provided when configuring a pod or container. This
|
31
|
+
# string can identify a container image version using mutable tags.
|
32
32
|
# @!attribute [rw] image_id
|
33
33
|
# @return [::String]
|
34
|
-
# Optional container image
|
35
|
-
#
|
36
|
-
# digest.
|
34
|
+
# Optional container image ID, if provided by the container runtime. Uniquely
|
35
|
+
# identifies the container image launched using a container image digest.
|
37
36
|
# @!attribute [rw] labels
|
38
37
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
|
39
38
|
# Container labels, as provided by the container runtime.
|
@@ -21,31 +21,37 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module SecurityCenter
|
23
23
|
module V1
|
24
|
-
# Represents database access information, such as queries.
|
25
|
-
#
|
26
|
-
#
|
27
|
-
#
|
28
|
-
#
|
29
|
-
#
|
24
|
+
# Represents database access information, such as queries. A database may be a
|
25
|
+
# sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
|
26
|
+
# Spanner instances), or the database instance itself. Some database resources
|
27
|
+
# might not have the [full resource
|
28
|
+
# name](https://google.aip.dev/122#full-resource-names) populated because these
|
29
|
+
# resource types, such as Cloud SQL databases, are not yet supported by Cloud
|
30
|
+
# Asset Inventory. In these cases only the display name is provided.
|
31
|
+
# Some database resources may not have the [full resource
|
32
|
+
# name](https://google.aip.dev/122#full-resource-names) populated because
|
33
|
+
# these resource types are not yet supported by Cloud Asset Inventory (e.g.
|
34
|
+
# Cloud SQL databases). In these cases only the display name will be
|
30
35
|
# provided.
|
31
36
|
# @!attribute [rw] name
|
32
37
|
# @return [::String]
|
33
|
-
# The full resource name of
|
34
|
-
# supported by
|
38
|
+
# The [full resource name](https://google.aip.dev/122#full-resource-names) of
|
39
|
+
# the database that the user connected to, if it is supported by Cloud Asset
|
40
|
+
# Inventory.
|
35
41
|
# @!attribute [rw] display_name
|
36
42
|
# @return [::String]
|
37
|
-
# The human
|
43
|
+
# The human-readable name of the database that the user connected to.
|
38
44
|
# @!attribute [rw] user_name
|
39
45
|
# @return [::String]
|
40
|
-
# The username used to connect to the
|
41
|
-
# principal
|
46
|
+
# The username used to connect to the database. The username might not be an
|
47
|
+
# IAM principal and does not have a set format.
|
42
48
|
# @!attribute [rw] query
|
43
49
|
# @return [::String]
|
44
|
-
# The SQL statement associated with the
|
50
|
+
# The SQL statement that is associated with the database access.
|
45
51
|
# @!attribute [rw] grantees
|
46
52
|
# @return [::Array<::String>]
|
47
|
-
# The target usernames
|
48
|
-
# policy change
|
53
|
+
# The target usernames, roles, or groups of an SQL privilege grant, which is
|
54
|
+
# not an IAM policy change.
|
49
55
|
class Database
|
50
56
|
include ::Google::Protobuf::MessageExts
|
51
57
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -21,10 +21,10 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module SecurityCenter
|
23
23
|
module V1
|
24
|
-
# Exfiltration represents a data exfiltration attempt
|
25
|
-
#
|
26
|
-
#
|
27
|
-
#
|
24
|
+
# Exfiltration represents a data exfiltration attempt from one or more sources
|
25
|
+
# to one or more targets. The `sources` attribute lists the sources of the
|
26
|
+
# exfiltrated data. The `targets` attribute lists the destinations the data was
|
27
|
+
# copied to.
|
28
28
|
# @!attribute [rw] sources
|
29
29
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::ExfilResource>]
|
30
30
|
# If there are multiple sources, then the data is considered "joined" between
|
@@ -39,16 +39,18 @@ module Google
|
|
39
39
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
40
40
|
end
|
41
41
|
|
42
|
-
# Resource
|
42
|
+
# Resource where data was exfiltrated from or exfiltrated to.
|
43
43
|
# @!attribute [rw] name
|
44
44
|
# @return [::String]
|
45
|
-
#
|
45
|
+
# The resource's [full resource
|
46
|
+
# name](https://cloud.google.com/apis/design/resource_names#full_resource_name).
|
46
47
|
# @!attribute [rw] components
|
47
48
|
# @return [::Array<::String>]
|
48
|
-
# Subcomponents of the asset that
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
49
|
+
# Subcomponents of the asset that was exfiltrated, like URIs used during
|
50
|
+
# exfiltration, table names, databases, and filenames. For example, multiple
|
51
|
+
# tables might have been exfiltrated from the same Cloud SQL instance, or
|
52
|
+
# multiple files might have been exfiltrated from the same Cloud Storage
|
53
|
+
# bucket.
|
52
54
|
class ExfilResource
|
53
55
|
include ::Google::Protobuf::MessageExts
|
54
56
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -44,8 +44,7 @@ module Google
|
|
44
44
|
# True when the hash covers only a prefix of the file.
|
45
45
|
# @!attribute [rw] contents
|
46
46
|
# @return [::String]
|
47
|
-
# Prefix of the file contents as a JSON
|
48
|
-
# (Currently only populated for Malicious Script Executed findings.)
|
47
|
+
# Prefix of the file contents as a JSON-encoded string.
|
49
48
|
class File
|
50
49
|
include ::Google::Protobuf::MessageExts
|
51
50
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -32,8 +32,8 @@ module Google
|
|
32
32
|
# For example, "roles/viewer", "roles/editor", or "roles/owner".
|
33
33
|
# @!attribute [rw] member
|
34
34
|
# @return [::String]
|
35
|
-
# A single identity requesting access for a Cloud Platform resource,
|
36
|
-
#
|
35
|
+
# A single identity requesting access for a Cloud Platform resource, for
|
36
|
+
# example, "foo@google.com".
|
37
37
|
class IamBinding
|
38
38
|
include ::Google::Protobuf::MessageExts
|
39
39
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -24,37 +24,37 @@ module Google
|
|
24
24
|
# Kernel mode rootkit signatures.
|
25
25
|
# @!attribute [rw] name
|
26
26
|
# @return [::String]
|
27
|
-
# Rootkit name when available.
|
27
|
+
# Rootkit name, when available.
|
28
28
|
# @!attribute [rw] unexpected_code_modification
|
29
29
|
# @return [::Boolean]
|
30
|
-
# True
|
30
|
+
# True if unexpected modifications of kernel code memory are present.
|
31
31
|
# @!attribute [rw] unexpected_read_only_data_modification
|
32
32
|
# @return [::Boolean]
|
33
|
-
# True
|
33
|
+
# True if unexpected modifications of kernel read-only data memory are
|
34
34
|
# present.
|
35
35
|
# @!attribute [rw] unexpected_ftrace_handler
|
36
36
|
# @return [::Boolean]
|
37
|
-
# True
|
37
|
+
# True if `ftrace` points are present with callbacks pointing to regions
|
38
38
|
# that are not in the expected kernel or module code range.
|
39
39
|
# @!attribute [rw] unexpected_kprobe_handler
|
40
40
|
# @return [::Boolean]
|
41
|
-
# True
|
41
|
+
# True if `kprobe` points are present with callbacks pointing to regions
|
42
42
|
# that are not in the expected kernel or module code range.
|
43
43
|
# @!attribute [rw] unexpected_kernel_code_pages
|
44
44
|
# @return [::Boolean]
|
45
|
-
# True
|
45
|
+
# True if kernel code pages that are not in the expected kernel or module
|
46
46
|
# code regions are present.
|
47
47
|
# @!attribute [rw] unexpected_system_call_handler
|
48
48
|
# @return [::Boolean]
|
49
|
-
# True
|
49
|
+
# True if system call handlers that are are not in the expected kernel or
|
50
50
|
# module code regions are present.
|
51
51
|
# @!attribute [rw] unexpected_interrupt_handler
|
52
52
|
# @return [::Boolean]
|
53
|
-
# True
|
53
|
+
# True if interrupt handlers that are are not in the expected kernel or
|
54
54
|
# module code regions are present.
|
55
55
|
# @!attribute [rw] unexpected_processes_in_runqueue
|
56
56
|
# @return [::Boolean]
|
57
|
-
# True
|
57
|
+
# True if unexpected processes in the scheduler run queue are present. Such
|
58
58
|
# processes are in the run queue, but not in the process task list.
|
59
59
|
class KernelRootkit
|
60
60
|
include ::Google::Protobuf::MessageExts
|
@@ -24,32 +24,39 @@ module Google
|
|
24
24
|
# Kubernetes-related attributes.
|
25
25
|
# @!attribute [rw] pods
|
26
26
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Pod>]
|
27
|
-
# Kubernetes
|
28
|
-
#
|
27
|
+
# Kubernetes
|
28
|
+
# [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
|
29
|
+
# associated with the finding. This field contains Pod records for each
|
30
|
+
# container that is owned by a Pod.
|
29
31
|
# @!attribute [rw] nodes
|
30
32
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
|
31
|
-
# Provides Kubernetes
|
33
|
+
# Provides Kubernetes
|
34
|
+
# [node](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes)
|
35
|
+
# information.
|
32
36
|
# @!attribute [rw] node_pools
|
33
37
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::NodePool>]
|
34
|
-
# GKE
|
35
|
-
#
|
38
|
+
# GKE [node
|
39
|
+
# pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools)
|
40
|
+
# associated with the finding. This field contains node pool information for
|
41
|
+
# each node, when it is available.
|
36
42
|
# @!attribute [rw] roles
|
37
43
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Role>]
|
38
|
-
# Provides Kubernetes role information for findings that involve
|
39
|
-
#
|
44
|
+
# Provides Kubernetes role information for findings that involve [Roles or
|
45
|
+
# ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).
|
40
46
|
# @!attribute [rw] bindings
|
41
47
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Binding>]
|
42
48
|
# Provides Kubernetes role binding information for findings that involve
|
43
|
-
# RoleBindings or
|
49
|
+
# [RoleBindings or
|
50
|
+
# ClusterRoleBindings](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).
|
44
51
|
# @!attribute [rw] access_reviews
|
45
52
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::AccessReview>]
|
46
|
-
# Provides information on any Kubernetes access reviews (
|
47
|
-
#
|
53
|
+
# Provides information on any Kubernetes access reviews (privilege checks)
|
54
|
+
# relevant to the finding.
|
48
55
|
class Kubernetes
|
49
56
|
include ::Google::Protobuf::MessageExts
|
50
57
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
51
58
|
|
52
|
-
# Kubernetes Pod.
|
59
|
+
# A Kubernetes Pod.
|
53
60
|
# @!attribute [rw] ns
|
54
61
|
# @return [::String]
|
55
62
|
# Kubernetes Pod namespace.
|
@@ -68,20 +75,20 @@ module Google
|
|
68
75
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
69
76
|
end
|
70
77
|
|
71
|
-
# Kubernetes
|
78
|
+
# Kubernetes nodes associated with the finding.
|
72
79
|
# @!attribute [rw] name
|
73
80
|
# @return [::String]
|
74
|
-
# Full
|
75
|
-
# cluster node.
|
81
|
+
# [Full resource name](https://google.aip.dev/122#full-resource-names) of
|
82
|
+
# the Compute Engine VM running the cluster node.
|
76
83
|
class Node
|
77
84
|
include ::Google::Protobuf::MessageExts
|
78
85
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
79
86
|
end
|
80
87
|
|
81
|
-
# Provides GKE
|
88
|
+
# Provides GKE node pool information.
|
82
89
|
# @!attribute [rw] name
|
83
90
|
# @return [::String]
|
84
|
-
# Kubernetes
|
91
|
+
# Kubernetes node pool name.
|
85
92
|
# @!attribute [rw] nodes
|
86
93
|
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
|
87
94
|
# Nodes associated with the finding.
|
@@ -120,10 +127,10 @@ module Google
|
|
120
127
|
# Represents a Kubernetes RoleBinding or ClusterRoleBinding.
|
121
128
|
# @!attribute [rw] ns
|
122
129
|
# @return [::String]
|
123
|
-
# Namespace for binding.
|
130
|
+
# Namespace for the binding.
|
124
131
|
# @!attribute [rw] name
|
125
132
|
# @return [::String]
|
126
|
-
# Name for binding.
|
133
|
+
# Name for the binding.
|
127
134
|
# @!attribute [rw] role
|
128
135
|
# @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role]
|
129
136
|
# The Role or ClusterRole referenced by the binding.
|
@@ -136,21 +143,21 @@ module Google
|
|
136
143
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
137
144
|
end
|
138
145
|
|
139
|
-
# Represents a Kubernetes
|
146
|
+
# Represents a Kubernetes subject.
|
140
147
|
# @!attribute [rw] kind
|
141
148
|
# @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject::AuthType]
|
142
|
-
# Authentication type for subject.
|
149
|
+
# Authentication type for the subject.
|
143
150
|
# @!attribute [rw] ns
|
144
151
|
# @return [::String]
|
145
|
-
# Namespace for subject.
|
152
|
+
# Namespace for the subject.
|
146
153
|
# @!attribute [rw] name
|
147
154
|
# @return [::String]
|
148
|
-
# Name for subject.
|
155
|
+
# Name for the subject.
|
149
156
|
class Subject
|
150
157
|
include ::Google::Protobuf::MessageExts
|
151
158
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
152
159
|
|
153
|
-
# Auth types that can be used for
|
160
|
+
# Auth types that can be used for the subject's kind field.
|
154
161
|
module AuthType
|
155
162
|
# Authentication is not specified.
|
156
163
|
AUTH_TYPE_UNSPECIFIED = 0
|
@@ -158,7 +165,7 @@ module Google
|
|
158
165
|
# User with valid certificate.
|
159
166
|
USER = 1
|
160
167
|
|
161
|
-
# Users managed by Kubernetes API with credentials stored as
|
168
|
+
# Users managed by Kubernetes API with credentials stored as secrets.
|
162
169
|
SERVICEACCOUNT = 2
|
163
170
|
|
164
171
|
# Collection of users.
|
@@ -166,11 +173,13 @@ module Google
|
|
166
173
|
end
|
167
174
|
end
|
168
175
|
|
169
|
-
# Conveys information about a Kubernetes access review (
|
170
|
-
#
|
176
|
+
# Conveys information about a Kubernetes access review (such as one returned
|
177
|
+
# by a [`kubectl auth
|
178
|
+
# can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access)
|
179
|
+
# command) that was involved in a finding.
|
171
180
|
# @!attribute [rw] group
|
172
181
|
# @return [::String]
|
173
|
-
#
|
182
|
+
# The API group of the resource. "*" means all.
|
174
183
|
# @!attribute [rw] ns
|
175
184
|
# @return [::String]
|
176
185
|
# Namespace of the action being requested. Currently, there is no
|
@@ -178,20 +187,20 @@ module Google
|
|
178
187
|
# are represented by "" (empty).
|
179
188
|
# @!attribute [rw] name
|
180
189
|
# @return [::String]
|
181
|
-
#
|
190
|
+
# The name of the resource being requested. Empty means all.
|
182
191
|
# @!attribute [rw] resource
|
183
192
|
# @return [::String]
|
184
|
-
#
|
193
|
+
# The optional resource type requested. "*" means all.
|
185
194
|
# @!attribute [rw] subresource
|
186
195
|
# @return [::String]
|
187
|
-
#
|
196
|
+
# The optional subresource type.
|
188
197
|
# @!attribute [rw] verb
|
189
198
|
# @return [::String]
|
190
|
-
#
|
191
|
-
#
|
199
|
+
# A Kubernetes resource API verb, like get, list, watch, create, update,
|
200
|
+
# delete, proxy. "*" means all.
|
192
201
|
# @!attribute [rw] version
|
193
202
|
# @return [::String]
|
194
|
-
#
|
203
|
+
# The API version of the resource. "*" means all.
|
195
204
|
class AccessReview
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -21,14 +21,16 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module SecurityCenter
|
23
23
|
module V1
|
24
|
-
#
|
25
|
-
#
|
24
|
+
# Represents a generic name-value label. A label has separate name and value
|
25
|
+
# fields to support filtering with the `contains()` function. For more
|
26
|
+
# information, see [Filtering on array-type
|
27
|
+
# fields](https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering).
|
26
28
|
# @!attribute [rw] name
|
27
29
|
# @return [::String]
|
28
|
-
#
|
30
|
+
# Name of the label.
|
29
31
|
# @!attribute [rw] value
|
30
32
|
# @return [::String]
|
31
|
-
#
|
33
|
+
# Value that corresponds to the label's name.
|
32
34
|
class Label
|
33
35
|
include ::Google::Protobuf::MessageExts
|
34
36
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -32,9 +32,9 @@ module Google
|
|
32
32
|
# @!attribute [rw] enable_asset_discovery
|
33
33
|
# @return [::Boolean]
|
34
34
|
# A flag that indicates if Asset Discovery should be enabled. If the flag is
|
35
|
-
# set to `true`, then discovery of assets will occur. If it is set to
|
36
|
-
# all historical assets will remain, but discovery of future assets
|
37
|
-
# occur.
|
35
|
+
# set to `true`, then discovery of assets will occur. If it is set to
|
36
|
+
# `false`, all historical assets will remain, but discovery of future assets
|
37
|
+
# will not occur.
|
38
38
|
# @!attribute [rw] asset_discovery_config
|
39
39
|
# @return [::Google::Cloud::SecurityCenter::V1::OrganizationSettings::AssetDiscoveryConfig]
|
40
40
|
# The configuration used for Asset Discovery runs.
|
@@ -24,8 +24,9 @@ module Google
|
|
24
24
|
# Represents an operating system process.
|
25
25
|
# @!attribute [rw] name
|
26
26
|
# @return [::String]
|
27
|
-
# The process name
|
28
|
-
# be accessed
|
27
|
+
# The process name, as displayed in utilities like `top` and `ps`. This name
|
28
|
+
# can be accessed through `/proc/[pid]/comm` and changed with
|
29
|
+
# `prctl(PR_SET_NAME)`.
|
29
30
|
# @!attribute [rw] binary
|
30
31
|
# @return [::Google::Cloud::SecurityCenter::V1::File]
|
31
32
|
# File information for the process executable.
|
@@ -34,10 +35,9 @@ module Google
|
|
34
35
|
# File information for libraries loaded by the process.
|
35
36
|
# @!attribute [rw] script
|
36
37
|
# @return [::Google::Cloud::SecurityCenter::V1::File]
|
37
|
-
# When the process represents the invocation of a script,
|
38
|
-
#
|
39
|
-
#
|
40
|
-
# interpreter.
|
38
|
+
# When the process represents the invocation of a script, `binary` provides
|
39
|
+
# information about the interpreter, while `script` provides information
|
40
|
+
# about the script file provided to the interpreter.
|
41
41
|
# @!attribute [rw] args
|
42
42
|
# @return [::Array<::String>]
|
43
43
|
# Process arguments as JSON encoded strings.
|
@@ -52,17 +52,17 @@ module Google
|
|
52
52
|
# True if `env_variables` is incomplete.
|
53
53
|
# @!attribute [rw] pid
|
54
54
|
# @return [::Integer]
|
55
|
-
# The process
|
55
|
+
# The process ID.
|
56
56
|
# @!attribute [rw] parent_pid
|
57
57
|
# @return [::Integer]
|
58
|
-
# The parent process
|
58
|
+
# The parent process ID.
|
59
59
|
class Process
|
60
60
|
include ::Google::Protobuf::MessageExts
|
61
61
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
62
62
|
end
|
63
63
|
|
64
|
-
#
|
65
|
-
#
|
64
|
+
# A name-value pair representing an environment variable used in an operating
|
65
|
+
# system process.
|
66
66
|
# @!attribute [rw] name
|
67
67
|
# @return [::String]
|
68
68
|
# Environment variable name as a JSON encoded string.
|
@@ -100,9 +100,9 @@ module Google
|
|
100
100
|
# @!attribute [rw] mute_config_id
|
101
101
|
# @return [::String]
|
102
102
|
# Required. Unique identifier provided by the client within the parent scope.
|
103
|
-
# It must consist of
|
104
|
-
#
|
105
|
-
#
|
103
|
+
# It must consist of only lowercase letters, numbers, and hyphens, must start
|
104
|
+
# with a letter, must end with either a letter or a number, and must be 63
|
105
|
+
# characters or less.
|
106
106
|
class CreateMuteConfigRequest
|
107
107
|
include ::Google::Protobuf::MessageExts
|
108
108
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1456,9 +1456,9 @@ module Google
|
|
1456
1456
|
# @!attribute [rw] big_query_export_id
|
1457
1457
|
# @return [::String]
|
1458
1458
|
# Required. Unique identifier provided by the client within the parent scope.
|
1459
|
-
# It must consist of
|
1460
|
-
#
|
1461
|
-
#
|
1459
|
+
# It must consist of only lowercase letters, numbers, and hyphens, must start
|
1460
|
+
# with a letter, must end with either a letter or a number, and must be 63
|
1461
|
+
# characters or less.
|
1462
1462
|
class CreateBigQueryExportRequest
|
1463
1463
|
include ::Google::Protobuf::MessageExts
|
1464
1464
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-security_center-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.30.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-06-
|
11
|
+
date: 2023-06-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|