google-cloud-security_center-v1 0.3.3 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f772d2af163707987c4b79833e2425cd75d9a82c26f4a9be837a28ff3b79d1c6
-  data.tar.gz: '053079c9677ef1464f03c03bad6379e6d45bc66de45b0aa600b085e7045ad759'
+  metadata.gz: d01d8cd0bc1315c572d06349e4799ce038983842033309c215d8601194a7cf89
+  data.tar.gz: 1e500ae59892f532c933f395a802da73ac7c2269ab70b09a69e40000e410bd02
 SHA512:
-  metadata.gz: 26e43e50d602671e6e9f3bef3606bd10bb61fd91f6aaac7ac0ed4a61f1d3bb14186a644ec48eeee155f20fe43afc3e7e8ef9ecdf3cf83c8dc857a9deb0e05d2e
-  data.tar.gz: 7ea5629bf49fbaecd01102a716eef3e11eafbdb3157b5971c45546eaca9cc9c5f0b62fcd84ea56e4f417d2e65b0287839c05ba20fc60d141875af5b510364469
+  metadata.gz: 4e741cfe78b0a1486ce1ea27bd234a8f919d753d80fa3ebe7cb2d326e4b120c38a941e8c0ad0e48525ee7ef28834c6d4cc21bc4a7a9448332d2442462a8a0593
+  data.tar.gz: 326cb7a13a66fdb134fadbdcf07f84cddbfb9ba0380c5cd812d521ca5600a80465964311412171554816ac669e596f7de9a76937a05468ee188c27d81c450212

data/README.md

@@ -6,6 +6,12 @@ Security Command Center API provides access to temporal views of assets and find
 
 https://github.com/googleapis/google-cloud-ruby
 
+This gem is a _versioned_ client. It provides basic client classes for a
+specific version of the Cloud Security Command Center V1 API. Most users should consider using
+the main client gem,
+[google-cloud-security_center](https://rubygems.org/gems/google-cloud-security_center).
+See the section below titled *Which client should I use?* for more information.
+
 ## Installation
 
 ```
@@ -73,3 +79,61 @@ in security maintenance, and not end of life. Currently, this means Ruby 2.4
 and later. Older versions of Ruby _may_ still work, but are unsupported and not
 recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
 about the Ruby support schedule.
+
+## Which client should I use?
+
+Most modern Ruby client libraries for Google APIs come in two flavors: the main
+client library with a name such as `google-cloud-security_center`,
+and lower-level _versioned_ client libraries with names such as
+`google-cloud-security_center-v1`.
+_In most cases, you should install the main client._
+
+### What's the difference between the main client and a versioned client?
+
+A _versioned client_ provides a basic set of data types and client classes for
+a _single version_ of a specific service. (That is, for a service with multiple
+versions, there might be a separate versioned client for each service version.)
+Most versioned clients are written and maintained by a code generator.
+
+The _main client_ is designed to provide you with the _recommended_ client
+interfaces for the service. There will be only one main client for any given
+service, even a service with multiple versions. The main client includes
+factory methods for constructing the client objects we recommend for most
+users. In some cases, those will be classes provided by an underlying versioned
+client; in other cases, they will be handwritten higher-level client objects
+with additional capabilities, convenience methods, or best practices built in.
+Generally, the main client will default to a recommended service version,
+although in some cases you can override this if you need to talk to a specific
+service version.
+
+### Why would I want to use the main client?
+
+We recommend that most users install the main client gem for a service. You can
+identify this gem as the one _without_ a version in its name, e.g.
+`google-cloud-security_center`.
+The main client is recommended because it will embody the best practices for
+accessing the service, and may also provide more convenient interfaces or
+tighter integration into frameworks and third-party libraries. In addition, the
+documentation and samples published by Google will generally demonstrate use of
+the main client.
+
+### Why would I want to use a versioned client?
+
+You can use a versioned client if you are content with a possibly lower-level
+class interface, you explicitly want to avoid features provided by the main
+client, or you want to access a specific service version not be covered by the
+main client. You can identify versioned client gems because the service version
+is part of the name, e.g. `google-cloud-security_center-v1`.
+
+### What about the google-apis-<name> clients?
+
+Client library gems with names that begin with `google-apis-` are based on an
+older code generation technology. They talk to a REST/JSON backend (whereas
+most modern clients talk to a [gRPC](https://grpc.io/) backend) and they may
+not offer the same performance, features, and ease of use provided by more
+modern clients.
+
+The `google-apis-` clients have wide coverage across Google services, so you
+might need to use one if there is no modern client available for the service.
+However, if a modern client is available, we generally recommend it over the
+older `google-apis-` clients.

data/lib/google/cloud/security_center/v1.rb

@@ -33,3 +33,6 @@ module Google
     end
   end
 end
+
+helper_path = ::File.join __dir__, "v1", "_helpers.rb"
+require "google/cloud/security_center/v1/_helpers" if ::File.file? helper_path

data/lib/google/cloud/security_center/v1/security_center/client.rb

@@ -238,7 +238,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              credentials ||= Credentials.default scope: @config.scope
+              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # but only if the default endpoint does not have a region prefix.
+              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
+                                       @config.endpoint == Client.configure.endpoint &&
+                                       !@config.endpoint.split(".").first.include?("-")
+              credentials ||= Credentials.default scope:                  @config.scope,
+                                                  enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
@@ -290,8 +296,8 @@ module Google
             #     Required. Resource name of the new source's parent. Its format should be
             #     "organizations/[organization_id]".
             #   @param source [::Google::Cloud::SecurityCenter::V1::Source, ::Hash]
-            #     Required. The Source being created, only the display_name and description
-            #     will be used. All other fields will be ignored.
+            #     Required. The Source being created, only the display_name and description will be
+            #     used. All other fields will be ignored.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecurityCenter::V1::Source]
@@ -365,8 +371,8 @@ module Google
             #     It must be alphanumeric and less than or equal to 32 characters and
             #     greater than 0 characters in length.
             #   @param finding [::Google::Cloud::SecurityCenter::V1::Finding, ::Hash]
-            #     Required. The Finding being created. The name and security_marks will be
-            #     ignored as they are both output only fields on this resource.
+            #     Required. The Finding being created. The name and security_marks will be ignored as
+            #     they are both output only fields on this resource.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecurityCenter::V1::Finding]
@@ -432,17 +438,16 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     Required. Resource name of the new notification config's parent. Its format
-            #     is "organizations/[organization_id]".
+            #     Required. Resource name of the new notification config's parent. Its format is
+            #     "organizations/[organization_id]".
             #   @param config_id [::String]
             #     Required.
             #     Unique identifier provided by the client within the parent scope.
             #     It must be between 1 and 128 characters, and contains alphanumeric
             #     characters, underscores or hyphens only.
             #   @param notification_config [::Google::Cloud::SecurityCenter::V1::NotificationConfig, ::Hash]
-            #     Required. The notification config being created. The name and the service
-            #     account will be ignored as they are both output only fields on this
-            #     resource.
+            #     Required. The notification config being created. The name and the service account
+            #     will be ignored as they are both output only fields on this resource.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecurityCenter::V1::NotificationConfig]
@@ -712,8 +717,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. Name of the organization to get organization settings for. Its
-            #     format is "organizations/[organization_id]/organizationSettings".
+            #     Required. Name of the organization to get organization settings for. Its format is
+            #     "organizations/[organization_id]/organizationSettings".
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecurityCenter::V1::OrganizationSettings]
@@ -908,14 +913,14 @@ module Google
             #     For example, `resource_properties.size = 100` is a valid filter string.
             #
             #     Use a partial match on the empty string to filter based on a property
-            #     existing:`resource_properties.my_property : ""`
+            #     existing: `resource_properties.my_property : ""`
             #
             #     Use a negated partial match on the empty string to filter based on a
             #     property not existing: `-resource_properties.my_property : ""`
             #   @param group_by [::String]
-            #     Required. Expression that defines what assets fields to use for grouping.
-            #     The string value should follow SQL syntax: comma separated list of fields.
-            #     For example:
+            #     Required. Expression that defines what assets fields to use for grouping. The string
+            #     value should follow SQL syntax: comma separated list of fields. For
+            #     example:
             #     "security_center_properties.resource_project,security_center_properties.project".
             #
             #     The following fields are supported when compare_duration is not set:
@@ -1079,6 +1084,7 @@ module Google
             #     * category: `=`, `:`
             #     * external_uri: `=`, `:`
             #     * event_time: `=`, `>`, `<`, `>=`, `<=`
+            #     * severity: `=`, `:`
             #
             #       Usage: This should be milliseconds since epoch or an RFC3339 string.
             #       Examples:
@@ -1096,9 +1102,9 @@ module Google
             #     Use a negated partial match on the empty string to filter based on a
             #     property not existing: `-source_properties.my_property : ""`
             #   @param group_by [::String]
-            #     Required. Expression that defines what assets fields to use for grouping
-            #     (including `state_change`). The string value should follow SQL syntax:
-            #     comma separated list of fields. For example: "parent,resource_name".
+            #     Required. Expression that defines what assets fields to use for grouping (including
+            #     `state_change`). The string value should follow SQL syntax: comma separated
+            #     list of fields. For example: "parent,resource_name".
             #
             #     The following fields are supported:
             #
@@ -1106,6 +1112,7 @@ module Google
             #     * category
             #     * state
             #     * parent
+            #     * severity
             #
             #     The following fields are supported when compare_duration is set:
             #
@@ -1339,8 +1346,9 @@ module Google
             #     is "UNUSED",  which will be the state_change set for all assets present at
             #     read_time.
             #   @param field_mask [::Google::Protobuf::FieldMask, ::Hash]
-            #     Optional. A field mask to specify the ListAssetsResult fields to be listed
-            #     in the response. An empty field mask will list all fields.
+            #     A field mask to specify the ListAssetsResult fields to be listed in the
+            #     response.
+            #     An empty field mask will list all fields.
             #   @param page_token [::String]
             #     The value returned by the last `ListAssetsResponse`; indicates
             #     that this is a continuation of a prior `ListAssets` call, and
@@ -1448,13 +1456,14 @@ module Google
             #
             #     The following field and operator combinations are supported:
             #
-            #     name: `=`
-            #     parent: `=`, `:`
-            #     resource_name: `=`, `:`
-            #     state: `=`, `:`
-            #     category: `=`, `:`
-            #     external_uri: `=`, `:`
-            #     event_time: `=`, `>`, `<`, `>=`, `<=`
+            #     * name: `=`
+            #     * parent: `=`, `:`
+            #     * resource_name: `=`, `:`
+            #     * state: `=`, `:`
+            #     * category: `=`, `:`
+            #     * external_uri: `=`, `:`
+            #     * event_time: `=`, `>`, `<`, `>=`, `<=`
+            #     * severity: `=`, `:`
             #
             #       Usage: This should be milliseconds since epoch or an RFC3339 string.
             #       Examples:
@@ -1527,8 +1536,8 @@ module Google
             #     is "UNUSED", which will be the state_change set for all findings present at
             #     read_time.
             #   @param field_mask [::Google::Protobuf::FieldMask, ::Hash]
-            #     Optional. A field mask to specify the Finding fields to be listed in the
-            #     response. An empty field mask will list all fields.
+            #     A field mask to specify the Finding fields to be listed in the response.
+            #     An empty field mask will list all fields.
             #   @param page_token [::String]
             #     The value returned by the last `ListFindingsResponse`; indicates
             #     that this is a continuation of a prior `ListFindings` call, and
@@ -1757,8 +1766,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     Required. Name of the organization to run asset discovery for. Its format
-            #     is "organizations/[organization_id]".
+            #     Required. Name of the organization to run asset discovery for. Its format is
+            #     "organizations/[organization_id]".
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::Operation]
@@ -2043,8 +2052,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param finding [::Google::Cloud::SecurityCenter::V1::Finding, ::Hash]
-            #     Required. The finding resource to update or create if it does not already
-            #     exist. parent, security_marks, and update_time will be ignored.
+            #     Required. The finding resource to update or create if it does not already exist.
+            #     parent, security_marks, and update_time will be ignored.
             #
             #     In the case of creation, the finding id portion of the name must be
             #     alphanumeric and less than or equal to 32 characters and greater than 0
@@ -2197,7 +2206,7 @@ module Google
             #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
             #     The FieldMask to use when updating the settings resource.
             #
-            #      If empty all mutable fields will be updated.
+            #     If empty all mutable fields will be updated.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecurityCenter::V1::OrganizationSettings]
@@ -2475,7 +2484,7 @@ module Google
 
               config_attr :endpoint,      "securitycenter.googleapis.com", ::String
               config_attr :credentials,   nil do |value|
-                allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
+                allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
@@ -2515,7 +2524,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:

data/lib/google/cloud/security_center/v1/security_center/operations.rb

@@ -103,8 +103,13 @@ module Google
             # Lists operations that match the specified filter in the request. If the
             # server doesn't support this method, it returns `UNIMPLEMENTED`.
             #
-            # NOTE: the `name` binding below allows API services to override the binding
-            # to use different resource name schemes, such as `users/*/operations`.
+            # NOTE: the `name` binding allows API services to override the binding
+            # to use different resource name schemes, such as `users/*/operations`. To
+            # override the binding, API services can add a binding such as
+            # `"/v1/{name=users/*}/operations"` to their service configuration.
+            # For backwards compatibility, the default name includes the operations
+            # collection id, however overriding users must ensure the name binding
+            # is the parent resource, without the operations collection id.
             #
             # @overload list_operations(request, options = nil)
             #   Pass arguments to `list_operations` via a request object, either of type
@@ -122,7 +127,7 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     The name of the operation collection.
+            #     The name of the operation's parent resource.
             #   @param filter [::String]
             #     The standard list filter.
             #   @param page_size [::Integer]
@@ -390,6 +395,79 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Waits for the specified long-running operation until it is done or reaches
+            # at most a specified timeout, returning the latest state.  If the operation
+            # is already done, the latest state is immediately returned.  If the timeout
+            # specified is greater than the default HTTP/RPC timeout, the HTTP/RPC
+            # timeout is used.  If the server does not support this method, it returns
+            # `google.rpc.Code.UNIMPLEMENTED`.
+            # Note that this method is on a best-effort basis.  It may return the latest
+            # state before the specified timeout (including immediately), meaning even an
+            # immediate response is no guarantee that the operation is done.
+            #
+            # @overload wait_operation(request, options = nil)
+            #   Pass arguments to `wait_operation` via a request object, either of type
+            #   {::Google::Longrunning::WaitOperationRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Longrunning::WaitOperationRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload wait_operation(name: nil, timeout: nil)
+            #   Pass arguments to `wait_operation` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     The name of the operation resource to wait on.
+            #   @param timeout [::Google::Protobuf::Duration, ::Hash]
+            #     The maximum duration to wait before timing out. If left blank, the wait
+            #     will be at most the time permitted by the underlying HTTP/RPC protocol.
+            #     If RPC context deadline is also specified, the shorter one will be used.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::Operation]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::Operation]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def wait_operation request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Longrunning::WaitOperationRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.wait_operation.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::SecurityCenter::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              options.apply_defaults timeout:      @config.rpcs.wait_operation.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.wait_operation.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @operations_stub.call_rpc :wait_operation, request, options: options do |response, operation|
+                response = ::Gapic::Operation.new response, @operations_client, options: options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the Operations API.
             #
@@ -475,7 +553,7 @@ module Google
 
               config_attr :endpoint,      "securitycenter.googleapis.com", ::String
               config_attr :credentials,   nil do |value|
-                allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
+                allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
@@ -515,7 +593,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:
@@ -546,6 +624,11 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :cancel_operation
+                ##
+                # RPC-specific configuration for `wait_operation`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :wait_operation
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -557,6 +640,8 @@ module Google
                   @delete_operation = ::Gapic::Config::Method.new delete_operation_config
                   cancel_operation_config = parent_rpcs&.cancel_operation if parent_rpcs&.respond_to? :cancel_operation
                   @cancel_operation = ::Gapic::Config::Method.new cancel_operation_config
+                  wait_operation_config = parent_rpcs&.wait_operation if parent_rpcs&.respond_to? :wait_operation
+                  @wait_operation = ::Gapic::Config::Method.new wait_operation_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/security_center/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecurityCenter
       module V1
-        VERSION = "0.3.3"
+        VERSION = "0.5.0"
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/finding_pb.rb

@@ -22,12 +22,20 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :security_marks, :message, 8, "google.cloud.securitycenter.v1.SecurityMarks"
       optional :event_time, :message, 9, "google.protobuf.Timestamp"
       optional :create_time, :message, 10, "google.protobuf.Timestamp"
+      optional :severity, :enum, 12, "google.cloud.securitycenter.v1.Finding.Severity"
     end
     add_enum "google.cloud.securitycenter.v1.Finding.State" do
       value :STATE_UNSPECIFIED, 0
       value :ACTIVE, 1
       value :INACTIVE, 2
     end
+    add_enum "google.cloud.securitycenter.v1.Finding.Severity" do
+      value :SEVERITY_UNSPECIFIED, 0
+      value :CRITICAL, 1
+      value :HIGH, 2
+      value :MEDIUM, 3
+      value :LOW, 4
+    end
   end
 end
 
@@ -37,6 +45,7 @@ module Google
       module V1
         Finding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding").msgclass
         Finding::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.State").enummodule
+        Finding::Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.Severity").enummodule
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/securitycenter_service_services_pb.rb

@@ -34,67 +34,67 @@ module Google
             self.service_name = 'google.cloud.securitycenter.v1.SecurityCenter'
 
             # Creates a source.
-            rpc :CreateSource, Google::Cloud::SecurityCenter::V1::CreateSourceRequest, Google::Cloud::SecurityCenter::V1::Source
+            rpc :CreateSource, ::Google::Cloud::SecurityCenter::V1::CreateSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
             # Creates a finding. The corresponding source must exist for finding creation
             # to succeed.
-            rpc :CreateFinding, Google::Cloud::SecurityCenter::V1::CreateFindingRequest, Google::Cloud::SecurityCenter::V1::Finding
+            rpc :CreateFinding, ::Google::Cloud::SecurityCenter::V1::CreateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
             # Creates a notification config.
-            rpc :CreateNotificationConfig, Google::Cloud::SecurityCenter::V1::CreateNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
+            rpc :CreateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::CreateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
             # Deletes a notification config.
-            rpc :DeleteNotificationConfig, Google::Cloud::SecurityCenter::V1::DeleteNotificationConfigRequest, Google::Protobuf::Empty
+            rpc :DeleteNotificationConfig, ::Google::Cloud::SecurityCenter::V1::DeleteNotificationConfigRequest, ::Google::Protobuf::Empty
             # Gets the access control policy on the specified Source.
-            rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Gets a notification config.
-            rpc :GetNotificationConfig, Google::Cloud::SecurityCenter::V1::GetNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
+            rpc :GetNotificationConfig, ::Google::Cloud::SecurityCenter::V1::GetNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
             # Gets the settings for an organization.
-            rpc :GetOrganizationSettings, Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest, Google::Cloud::SecurityCenter::V1::OrganizationSettings
+            rpc :GetOrganizationSettings, ::Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest, ::Google::Cloud::SecurityCenter::V1::OrganizationSettings
             # Gets a source.
-            rpc :GetSource, Google::Cloud::SecurityCenter::V1::GetSourceRequest, Google::Cloud::SecurityCenter::V1::Source
+            rpc :GetSource, ::Google::Cloud::SecurityCenter::V1::GetSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
             # Filters an organization's assets and  groups them by their specified
             # properties.
-            rpc :GroupAssets, Google::Cloud::SecurityCenter::V1::GroupAssetsRequest, Google::Cloud::SecurityCenter::V1::GroupAssetsResponse
+            rpc :GroupAssets, ::Google::Cloud::SecurityCenter::V1::GroupAssetsRequest, ::Google::Cloud::SecurityCenter::V1::GroupAssetsResponse
             # Filters an organization or source's findings and  groups them by their
             # specified properties.
             #
             # To group across all sources provide a `-` as the source id.
             # Example: /v1/organizations/{organization_id}/sources/-/findings
-            rpc :GroupFindings, Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
+            rpc :GroupFindings, ::Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, ::Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
             # Lists an organization's assets.
-            rpc :ListAssets, Google::Cloud::SecurityCenter::V1::ListAssetsRequest, Google::Cloud::SecurityCenter::V1::ListAssetsResponse
+            rpc :ListAssets, ::Google::Cloud::SecurityCenter::V1::ListAssetsRequest, ::Google::Cloud::SecurityCenter::V1::ListAssetsResponse
             # Lists an organization or source's findings.
             #
             # To list across all sources provide a `-` as the source id.
             # Example: /v1/organizations/{organization_id}/sources/-/findings
-            rpc :ListFindings, Google::Cloud::SecurityCenter::V1::ListFindingsRequest, Google::Cloud::SecurityCenter::V1::ListFindingsResponse
+            rpc :ListFindings, ::Google::Cloud::SecurityCenter::V1::ListFindingsRequest, ::Google::Cloud::SecurityCenter::V1::ListFindingsResponse
             # Lists notification configs.
-            rpc :ListNotificationConfigs, Google::Cloud::SecurityCenter::V1::ListNotificationConfigsRequest, Google::Cloud::SecurityCenter::V1::ListNotificationConfigsResponse
+            rpc :ListNotificationConfigs, ::Google::Cloud::SecurityCenter::V1::ListNotificationConfigsRequest, ::Google::Cloud::SecurityCenter::V1::ListNotificationConfigsResponse
             # Lists all sources belonging to an organization.
-            rpc :ListSources, Google::Cloud::SecurityCenter::V1::ListSourcesRequest, Google::Cloud::SecurityCenter::V1::ListSourcesResponse
+            rpc :ListSources, ::Google::Cloud::SecurityCenter::V1::ListSourcesRequest, ::Google::Cloud::SecurityCenter::V1::ListSourcesResponse
             # Runs asset discovery. The discovery is tracked with a long-running
             # operation.
             #
             # This API can only be called with limited frequency for an organization. If
             # it is called too frequently the caller will receive a TOO_MANY_REQUESTS
             # error.
-            rpc :RunAssetDiscovery, Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest, Google::Longrunning::Operation
+            rpc :RunAssetDiscovery, ::Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest, ::Google::Longrunning::Operation
             # Updates the state of a finding.
-            rpc :SetFindingState, Google::Cloud::SecurityCenter::V1::SetFindingStateRequest, Google::Cloud::SecurityCenter::V1::Finding
+            rpc :SetFindingState, ::Google::Cloud::SecurityCenter::V1::SetFindingStateRequest, ::Google::Cloud::SecurityCenter::V1::Finding
             # Sets the access control policy on the specified Source.
-            rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Returns the permissions that a caller has on the specified source.
-            rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
+            rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
             # Creates or updates a finding. The corresponding source must exist for a
             # finding creation to succeed.
-            rpc :UpdateFinding, Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, Google::Cloud::SecurityCenter::V1::Finding
+            rpc :UpdateFinding, ::Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
             # Updates a notification config. The following update
             # fields are allowed: description, pubsub_topic, streaming_config.filter
-            rpc :UpdateNotificationConfig, Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
+            rpc :UpdateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
             # Updates an organization's settings.
-            rpc :UpdateOrganizationSettings, Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest, Google::Cloud::SecurityCenter::V1::OrganizationSettings
+            rpc :UpdateOrganizationSettings, ::Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest, ::Google::Cloud::SecurityCenter::V1::OrganizationSettings
             # Updates a source.
-            rpc :UpdateSource, Google::Cloud::SecurityCenter::V1::UpdateSourceRequest, Google::Cloud::SecurityCenter::V1::Source
+            rpc :UpdateSource, ::Google::Cloud::SecurityCenter::V1::UpdateSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
             # Updates security marks.
-            rpc :UpdateSecurityMarks, Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest, Google::Cloud::SecurityCenter::V1::SecurityMarks
+            rpc :UpdateSecurityMarks, ::Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest, ::Google::Cloud::SecurityCenter::V1::SecurityMarks
           end
 
           Stub = Service.rpc_stub_class

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/api/resource.rb

@@ -43,12 +43,12 @@ module Google
     #
     # The ResourceDescriptor Yaml config will look like:
     #
-    #    resources:
-    #    - type: "pubsub.googleapis.com/Topic"
-    #      name_descriptor:
-    #        - pattern: "projects/\\{project}/topics/\\{topic}"
-    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #          parent_name_extractor: "projects/\\{project}"
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
     #         }
     # @!attribute [rw] plural
     #   @return [::String]
-    #     The plural name used in the resource name, such as 'projects' for
-    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
-    #     field in k8s CRD spec
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
+    #     concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
     # @!attribute [rw] singular
     #   @return [::String]
     #     The same concept of the `singular` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
     class ResourceDescriptor
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
         # that from being necessary once there are multiple patterns.)
         FUTURE_MULTI_PATTERN = 2
       end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
     end
 
     # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
     #             type: "pubsub.googleapis.com/Topic"
     #           }];
     #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
     # @!attribute [rw] child_type
     #   @return [::String]
     #     The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
     #
     #     Example:
     #
-    #       message ListLogEntriesRequest {
-    #         string parent = 1 [(google.api.resource_reference) = {
-    #           child_type: "logging.googleapis.com/LogEntry"
-    #         };
-    #       }
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
     class ResourceReference
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/finding.rb

@@ -75,12 +75,18 @@ module Google
         #     to the finding.
         # @!attribute [rw] event_time
         #   @return [::Google::Protobuf::Timestamp]
-        #     The time at which the event took place. For example, if the finding
-        #     represents an open firewall it would capture the time the detector believes
-        #     the firewall became open. The accuracy is determined by the detector.
+        #     The time at which the event took place, or when an update to the finding
+        #     occurred. For example, if the finding represents an open firewall it would
+        #     capture the time the detector believes the firewall became open. The
+        #     accuracy is determined by the detector. If the finding were to be resolved
+        #     afterward, this time would reflect when the finding was resolved.
         # @!attribute [rw] create_time
         #   @return [::Google::Protobuf::Timestamp]
         #     The time at which the finding was created in Security Command Center.
+        # @!attribute [rw] severity
+        #   @return [::Google::Cloud::SecurityCenter::V1::Finding::Severity]
+        #     The severity of the finding. This field is managed by the source that
+        #     writes the finding.
         class Finding
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -106,6 +112,65 @@ module Google
             # and is no longer active.
             INACTIVE = 2
           end
+
+          # The severity of the finding.
+          module Severity
+            # This value is used for findings when a source doesn't write a severity
+            # value.
+            SEVERITY_UNSPECIFIED = 0
+
+            # Vulnerability:
+            # A critical vulnerability is easily discoverable by an external actor,
+            # exploitable, and results in the direct ability to execute arbitrary code,
+            # exfiltrate data, and otherwise gain additional access and privileges to
+            # cloud resources and workloads. Examples include publicly accessible
+            # unprotected user data, public SSH access with weak or no passwords, etc.
+            #
+            # Threat:
+            # Indicates a threat that is able to access, modify, or delete data or
+            # execute unauthorized code within existing resources.
+            CRITICAL = 1
+
+            # Vulnerability:
+            # A high risk vulnerability can be easily discovered and exploited in
+            # combination with other vulnerabilities in order to gain direct access and
+            # the ability to execute arbitrary code, exfiltrate data, and otherwise
+            # gain additional access and privileges to cloud resources and workloads.
+            # An example is a database with weak or no passwords that is only
+            # accessible internally. This database could easily be compromised by an
+            # actor that had access to the internal network.
+            #
+            # Threat:
+            # Indicates a threat that is able to create new computational resources in
+            # an environment but not able to access data or execute code in existing
+            # resources.
+            HIGH = 2
+
+            # Vulnerability:
+            # A medium risk vulnerability could be used by an actor to gain access to
+            # resources or privileges that enable them to eventually (through multiple
+            # steps or a complex exploit) gain access and the ability to execute
+            # arbitrary code or exfiltrate data. An example is a service account with
+            # access to more projects than it should have. If an actor gains access to
+            # the service account, they could potentially use that access to manipulate
+            # a project the service account was not intended to.
+            #
+            # Threat:
+            # Indicates a threat that is able to cause operational impact but may not
+            # access data or execute unauthorized code.
+            MEDIUM = 3
+
+            # Vulnerability:
+            # A low risk vulnerability hampers a security organization’s ability to
+            # detect vulnerabilities or active threats in their deployment, or prevents
+            # the root cause investigation of security issues. An example is monitoring
+            # and logs being disabled for resource configurations and access.
+            #
+            # Threat:
+            # Indicates a threat that has obtained minimal access to an environment but
+            # is not able to access data, execute code, or create resources.
+            LOW = 4
+          end
         end
       end
     end

data/proto_docs/google/cloud/securitycenter/v1/notification_config.rb

@@ -36,12 +36,12 @@ module Google
         #     The description of the notification config (max of 1024 characters).
         # @!attribute [rw] pubsub_topic
         #   @return [::String]
-        #     The PubSub topic to send notifications to. Its format is
+        #     The Pub/Sub topic to send notifications to. Its format is
         #     "projects/[project_id]/topics/[topic]".
         # @!attribute [r] service_account
         #   @return [::String]
         #     Output only. The service account that needs "pubsub.topics.publish"
-        #     permission to publish to the PubSub topic.
+        #     permission to publish to the Pub/Sub topic.
         # @!attribute [rw] streaming_config
         #   @return [::Google::Cloud::SecurityCenter::V1::NotificationConfig::StreamingConfig]
         #     The config for triggering streaming-based notifications.

data/proto_docs/google/cloud/securitycenter/v1/securitycenter_service.rb

@@ -33,8 +33,8 @@ module Google
         #     greater than 0 characters in length.
         # @!attribute [rw] finding
         #   @return [::Google::Cloud::SecurityCenter::V1::Finding]
-        #     Required. The Finding being created. The name and security_marks will be
-        #     ignored as they are both output only fields on this resource.
+        #     Required. The Finding being created. The name and security_marks will be ignored as
+        #     they are both output only fields on this resource.
         class CreateFindingRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -43,8 +43,8 @@ module Google
         # Request message for creating a notification config.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. Resource name of the new notification config's parent. Its format
-        #     is "organizations/[organization_id]".
+        #     Required. Resource name of the new notification config's parent. Its format is
+        #     "organizations/[organization_id]".
         # @!attribute [rw] config_id
         #   @return [::String]
         #     Required.
@@ -53,9 +53,8 @@ module Google
         #     characters, underscores or hyphens only.
         # @!attribute [rw] notification_config
         #   @return [::Google::Cloud::SecurityCenter::V1::NotificationConfig]
-        #     Required. The notification config being created. The name and the service
-        #     account will be ignored as they are both output only fields on this
-        #     resource.
+        #     Required. The notification config being created. The name and the service account
+        #     will be ignored as they are both output only fields on this resource.
         class CreateNotificationConfigRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -68,8 +67,8 @@ module Google
         #     "organizations/[organization_id]".
         # @!attribute [rw] source
         #   @return [::Google::Cloud::SecurityCenter::V1::Source]
-        #     Required. The Source being created, only the display_name and description
-        #     will be used. All other fields will be ignored.
+        #     Required. The Source being created, only the display_name and description will be
+        #     used. All other fields will be ignored.
         class CreateSourceRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -98,8 +97,8 @@ module Google
         # Request message for getting organization settings.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. Name of the organization to get organization settings for. Its
-        #     format is "organizations/[organization_id]/organizationSettings".
+        #     Required. Name of the organization to get organization settings for. Its format is
+        #     "organizations/[organization_id]/organizationSettings".
         class GetOrganizationSettingsRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -180,15 +179,15 @@ module Google
         #     For example, `resource_properties.size = 100` is a valid filter string.
         #
         #     Use a partial match on the empty string to filter based on a property
-        #     existing:`resource_properties.my_property : ""`
+        #     existing: `resource_properties.my_property : ""`
         #
         #     Use a negated partial match on the empty string to filter based on a
         #     property not existing: `-resource_properties.my_property : ""`
         # @!attribute [rw] group_by
         #   @return [::String]
-        #     Required. Expression that defines what assets fields to use for grouping.
-        #     The string value should follow SQL syntax: comma separated list of fields.
-        #     For example:
+        #     Required. Expression that defines what assets fields to use for grouping. The string
+        #     value should follow SQL syntax: comma separated list of fields. For
+        #     example:
         #     "security_center_properties.resource_project,security_center_properties.project".
         #
         #     The following fields are supported when compare_duration is not set:
@@ -316,6 +315,7 @@ module Google
         #     * category: `=`, `:`
         #     * external_uri: `=`, `:`
         #     * event_time: `=`, `>`, `<`, `>=`, `<=`
+        #     * severity: `=`, `:`
         #
         #       Usage: This should be milliseconds since epoch or an RFC3339 string.
         #       Examples:
@@ -334,9 +334,9 @@ module Google
         #     property not existing: `-source_properties.my_property : ""`
         # @!attribute [rw] group_by
         #   @return [::String]
-        #     Required. Expression that defines what assets fields to use for grouping
-        #     (including `state_change`). The string value should follow SQL syntax:
-        #     comma separated list of fields. For example: "parent,resource_name".
+        #     Required. Expression that defines what assets fields to use for grouping (including
+        #     `state_change`). The string value should follow SQL syntax: comma separated
+        #     list of fields. For example: "parent,resource_name".
         #
         #     The following fields are supported:
         #
@@ -344,6 +344,7 @@ module Google
         #     * category
         #     * state
         #     * parent
+        #     * severity
         #
         #     The following fields are supported when compare_duration is set:
         #
@@ -634,8 +635,9 @@ module Google
         #     read_time.
         # @!attribute [rw] field_mask
         #   @return [::Google::Protobuf::FieldMask]
-        #     Optional. A field mask to specify the ListAssetsResult fields to be listed
-        #     in the response. An empty field mask will list all fields.
+        #     A field mask to specify the ListAssetsResult fields to be listed in the
+        #     response.
+        #     An empty field mask will list all fields.
         # @!attribute [rw] page_token
         #   @return [::String]
         #     The value returned by the last `ListAssetsResponse`; indicates
@@ -736,13 +738,14 @@ module Google
         #
         #     The following field and operator combinations are supported:
         #
-        #     name: `=`
-        #     parent: `=`, `:`
-        #     resource_name: `=`, `:`
-        #     state: `=`, `:`
-        #     category: `=`, `:`
-        #     external_uri: `=`, `:`
-        #     event_time: `=`, `>`, `<`, `>=`, `<=`
+        #     * name: `=`
+        #     * parent: `=`, `:`
+        #     * resource_name: `=`, `:`
+        #     * state: `=`, `:`
+        #     * category: `=`, `:`
+        #     * external_uri: `=`, `:`
+        #     * event_time: `=`, `>`, `<`, `>=`, `<=`
+        #     * severity: `=`, `:`
         #
         #       Usage: This should be milliseconds since epoch or an RFC3339 string.
         #       Examples:
@@ -819,8 +822,8 @@ module Google
         #     read_time.
         # @!attribute [rw] field_mask
         #   @return [::Google::Protobuf::FieldMask]
-        #     Optional. A field mask to specify the Finding fields to be listed in the
-        #     response. An empty field mask will list all fields.
+        #     A field mask to specify the Finding fields to be listed in the response.
+        #     An empty field mask will list all fields.
         # @!attribute [rw] page_token
         #   @return [::String]
         #     The value returned by the last `ListFindingsResponse`; indicates
@@ -860,7 +863,7 @@ module Google
           # @!attribute [rw] state_change
           #   @return [::Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult::StateChange]
           #     State change of the finding between the points in time.
-          # @!attribute [rw] resource
+          # @!attribute [r] resource
           #   @return [::Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult::Resource]
           #     Output only. Resource that is associated with this finding.
           class ListFindingsResult
@@ -941,8 +944,8 @@ module Google
         # Request message for running asset discovery for an organization.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. Name of the organization to run asset discovery for. Its format
-        #     is "organizations/[organization_id]".
+        #     Required. Name of the organization to run asset discovery for. Its format is
+        #     "organizations/[organization_id]".
         class RunAssetDiscoveryRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -951,8 +954,8 @@ module Google
         # Request message for updating or creating a finding.
         # @!attribute [rw] finding
         #   @return [::Google::Cloud::SecurityCenter::V1::Finding]
-        #     Required. The finding resource to update or create if it does not already
-        #     exist. parent, security_marks, and update_time will be ignored.
+        #     Required. The finding resource to update or create if it does not already exist.
+        #     parent, security_marks, and update_time will be ignored.
         #
         #     In the case of creation, the finding id portion of the name must be
         #     alphanumeric and less than or equal to 32 characters and greater than 0
@@ -993,7 +996,7 @@ module Google
         #   @return [::Google::Protobuf::FieldMask]
         #     The FieldMask to use when updating the settings resource.
         #
-        #      If empty all mutable fields will be updated.
+        #     If empty all mutable fields will be updated.
         class UpdateOrganizationSettingsRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/longrunning/operations.rb

@@ -25,7 +25,7 @@ module Google
     #   @return [::String]
     #     The server-assigned name, which is only unique within the same service that
     #     originally returns it. If you use the default HTTP mapping, the
-    #     `name` should have the format of `operations/some/unique/name`.
+    #     `name` should be a resource name ending with `operations/{unique_id}`.
     # @!attribute [rw] metadata
     #   @return [::Google::Protobuf::Any]
     #     Service-specific metadata associated with the operation.  It typically
@@ -35,7 +35,7 @@ module Google
     # @!attribute [rw] done
     #   @return [::Boolean]
     #     If the value is `false`, it means the operation is still in progress.
-    #     If true, the operation is completed, and either `error` or `response` is
+    #     If `true`, the operation is completed, and either `error` or `response` is
     #     available.
     # @!attribute [rw] error
     #   @return [::Google::Rpc::Status]
@@ -67,7 +67,7 @@ module Google
     # The request message for Operations.ListOperations.
     # @!attribute [rw] name
     #   @return [::String]
-    #     The name of the operation collection.
+    #     The name of the operation's parent resource.
     # @!attribute [rw] filter
     #   @return [::String]
     #     The standard list filter.
@@ -112,6 +112,20 @@ module Google
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
 
+    # The request message for Operations.WaitOperation.
+    # @!attribute [rw] name
+    #   @return [::String]
+    #     The name of the operation resource to wait on.
+    # @!attribute [rw] timeout
+    #   @return [::Google::Protobuf::Duration]
+    #     The maximum duration to wait before timing out. If left blank, the wait
+    #     will be at most the time permitted by the underlying HTTP/RPC protocol.
+    #     If RPC context deadline is also specified, the shorter one will be used.
+    class WaitOperationRequest
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # A message representing the message types used by a long-running operation.
     #
     # Example:

data/proto_docs/google/protobuf/any.rb

@@ -57,10 +57,13 @@ module Google
     #  Example 4: Pack and unpack a message in Go
     #
     #      foo := &pb.Foo{...}
-    #      any, err := ptypes.MarshalAny(foo)
+    #      any, err := anypb.New(foo)
+    #      if err != nil {
+    #        ...
+    #      }
     #      ...
     #      foo := &pb.Foo{}
-    #      if err := ptypes.UnmarshalAny(any, foo); err != nil {
+    #      if err := any.UnmarshalTo(foo); err != nil {
     #        ...
     #      }
     #

data/proto_docs/google/protobuf/timestamp.rb

@@ -70,7 +70,16 @@ module Google
     #         .setNanos((int) ((millis % 1000) * 1000000)).build();
     #
     #
-    # Example 5: Compute Timestamp from current time in Python.
+    # Example 5: Compute Timestamp from Java `Instant.now()`.
+    #
+    #     Instant now = Instant.now();
+    #
+    #     Timestamp timestamp =
+    #         Timestamp.newBuilder().setSeconds(now.getEpochSecond())
+    #             .setNanos(now.getNano()).build();
+    #
+    #
+    # Example 6: Compute Timestamp from current time in Python.
     #
     #     timestamp = Timestamp()
     #     timestamp.GetCurrentTime()

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-security_center-v1
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.5.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-07 00:00:00.000000000 Z
+date: 2021-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -171,7 +171,9 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.9'
 description: Security Command Center API provides access to temporal views of assets
-  and findings within an organization.
+  and findings within an organization. Note that google-cloud-security_center-v1 is
+  a version-specific client library. For most uses, we recommend installing the main
+  client library google-cloud-security_center instead. See the readme for more details.
 email: googleapis-packages@google.com
 executables: []
 extensions: []
@@ -244,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: API Client library for the Cloud Security Command Center V1 API