google-cloud-security_center-v1 0.3.3 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +64 -0
- data/lib/google/cloud/security_center/v1.rb +3 -0
- data/lib/google/cloud/security_center/v1/security_center/client.rb +46 -37
- data/lib/google/cloud/security_center/v1/security_center/operations.rb +90 -5
- data/lib/google/cloud/security_center/v1/version.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/finding_pb.rb +9 -0
- data/lib/google/cloud/securitycenter/v1/securitycenter_service_services_pb.rb +23 -23
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/securitycenter/v1/finding.rb +68 -3
- data/proto_docs/google/cloud/securitycenter/v1/notification_config.rb +2 -2
- data/proto_docs/google/cloud/securitycenter/v1/securitycenter_service.rb +38 -35
- data/proto_docs/google/longrunning/operations.rb +17 -3
- data/proto_docs/google/protobuf/any.rb +5 -2
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d01d8cd0bc1315c572d06349e4799ce038983842033309c215d8601194a7cf89
|
4
|
+
data.tar.gz: 1e500ae59892f532c933f395a802da73ac7c2269ab70b09a69e40000e410bd02
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4e741cfe78b0a1486ce1ea27bd234a8f919d753d80fa3ebe7cb2d326e4b120c38a941e8c0ad0e48525ee7ef28834c6d4cc21bc4a7a9448332d2442462a8a0593
|
7
|
+
data.tar.gz: 326cb7a13a66fdb134fadbdcf07f84cddbfb9ba0380c5cd812d521ca5600a80465964311412171554816ac669e596f7de9a76937a05468ee188c27d81c450212
|
data/README.md
CHANGED
@@ -6,6 +6,12 @@ Security Command Center API provides access to temporal views of assets and find
|
|
6
6
|
|
7
7
|
https://github.com/googleapis/google-cloud-ruby
|
8
8
|
|
9
|
+
This gem is a _versioned_ client. It provides basic client classes for a
|
10
|
+
specific version of the Cloud Security Command Center V1 API. Most users should consider using
|
11
|
+
the main client gem,
|
12
|
+
[google-cloud-security_center](https://rubygems.org/gems/google-cloud-security_center).
|
13
|
+
See the section below titled *Which client should I use?* for more information.
|
14
|
+
|
9
15
|
## Installation
|
10
16
|
|
11
17
|
```
|
@@ -73,3 +79,61 @@ in security maintenance, and not end of life. Currently, this means Ruby 2.4
|
|
73
79
|
and later. Older versions of Ruby _may_ still work, but are unsupported and not
|
74
80
|
recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
|
75
81
|
about the Ruby support schedule.
|
82
|
+
|
83
|
+
## Which client should I use?
|
84
|
+
|
85
|
+
Most modern Ruby client libraries for Google APIs come in two flavors: the main
|
86
|
+
client library with a name such as `google-cloud-security_center`,
|
87
|
+
and lower-level _versioned_ client libraries with names such as
|
88
|
+
`google-cloud-security_center-v1`.
|
89
|
+
_In most cases, you should install the main client._
|
90
|
+
|
91
|
+
### What's the difference between the main client and a versioned client?
|
92
|
+
|
93
|
+
A _versioned client_ provides a basic set of data types and client classes for
|
94
|
+
a _single version_ of a specific service. (That is, for a service with multiple
|
95
|
+
versions, there might be a separate versioned client for each service version.)
|
96
|
+
Most versioned clients are written and maintained by a code generator.
|
97
|
+
|
98
|
+
The _main client_ is designed to provide you with the _recommended_ client
|
99
|
+
interfaces for the service. There will be only one main client for any given
|
100
|
+
service, even a service with multiple versions. The main client includes
|
101
|
+
factory methods for constructing the client objects we recommend for most
|
102
|
+
users. In some cases, those will be classes provided by an underlying versioned
|
103
|
+
client; in other cases, they will be handwritten higher-level client objects
|
104
|
+
with additional capabilities, convenience methods, or best practices built in.
|
105
|
+
Generally, the main client will default to a recommended service version,
|
106
|
+
although in some cases you can override this if you need to talk to a specific
|
107
|
+
service version.
|
108
|
+
|
109
|
+
### Why would I want to use the main client?
|
110
|
+
|
111
|
+
We recommend that most users install the main client gem for a service. You can
|
112
|
+
identify this gem as the one _without_ a version in its name, e.g.
|
113
|
+
`google-cloud-security_center`.
|
114
|
+
The main client is recommended because it will embody the best practices for
|
115
|
+
accessing the service, and may also provide more convenient interfaces or
|
116
|
+
tighter integration into frameworks and third-party libraries. In addition, the
|
117
|
+
documentation and samples published by Google will generally demonstrate use of
|
118
|
+
the main client.
|
119
|
+
|
120
|
+
### Why would I want to use a versioned client?
|
121
|
+
|
122
|
+
You can use a versioned client if you are content with a possibly lower-level
|
123
|
+
class interface, you explicitly want to avoid features provided by the main
|
124
|
+
client, or you want to access a specific service version not be covered by the
|
125
|
+
main client. You can identify versioned client gems because the service version
|
126
|
+
is part of the name, e.g. `google-cloud-security_center-v1`.
|
127
|
+
|
128
|
+
### What about the google-apis-<name> clients?
|
129
|
+
|
130
|
+
Client library gems with names that begin with `google-apis-` are based on an
|
131
|
+
older code generation technology. They talk to a REST/JSON backend (whereas
|
132
|
+
most modern clients talk to a [gRPC](https://grpc.io/) backend) and they may
|
133
|
+
not offer the same performance, features, and ease of use provided by more
|
134
|
+
modern clients.
|
135
|
+
|
136
|
+
The `google-apis-` clients have wide coverage across Google services, so you
|
137
|
+
might need to use one if there is no modern client available for the service.
|
138
|
+
However, if a modern client is available, we generally recommend it over the
|
139
|
+
older `google-apis-` clients.
|
@@ -238,7 +238,13 @@ module Google
|
|
238
238
|
|
239
239
|
# Create credentials
|
240
240
|
credentials = @config.credentials
|
241
|
-
|
241
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
242
|
+
# but only if the default endpoint does not have a region prefix.
|
243
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
244
|
+
@config.endpoint == Client.configure.endpoint &&
|
245
|
+
!@config.endpoint.split(".").first.include?("-")
|
246
|
+
credentials ||= Credentials.default scope: @config.scope,
|
247
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
242
248
|
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
243
249
|
credentials = Credentials.new credentials, scope: @config.scope
|
244
250
|
end
|
@@ -290,8 +296,8 @@ module Google
|
|
290
296
|
# Required. Resource name of the new source's parent. Its format should be
|
291
297
|
# "organizations/[organization_id]".
|
292
298
|
# @param source [::Google::Cloud::SecurityCenter::V1::Source, ::Hash]
|
293
|
-
# Required. The Source being created, only the display_name and description
|
294
|
-
#
|
299
|
+
# Required. The Source being created, only the display_name and description will be
|
300
|
+
# used. All other fields will be ignored.
|
295
301
|
#
|
296
302
|
# @yield [response, operation] Access the result along with the RPC operation
|
297
303
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::Source]
|
@@ -365,8 +371,8 @@ module Google
|
|
365
371
|
# It must be alphanumeric and less than or equal to 32 characters and
|
366
372
|
# greater than 0 characters in length.
|
367
373
|
# @param finding [::Google::Cloud::SecurityCenter::V1::Finding, ::Hash]
|
368
|
-
# Required. The Finding being created. The name and security_marks will be
|
369
|
-
#
|
374
|
+
# Required. The Finding being created. The name and security_marks will be ignored as
|
375
|
+
# they are both output only fields on this resource.
|
370
376
|
#
|
371
377
|
# @yield [response, operation] Access the result along with the RPC operation
|
372
378
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::Finding]
|
@@ -432,17 +438,16 @@ module Google
|
|
432
438
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
433
439
|
#
|
434
440
|
# @param parent [::String]
|
435
|
-
# Required. Resource name of the new notification config's parent. Its format
|
436
|
-
#
|
441
|
+
# Required. Resource name of the new notification config's parent. Its format is
|
442
|
+
# "organizations/[organization_id]".
|
437
443
|
# @param config_id [::String]
|
438
444
|
# Required.
|
439
445
|
# Unique identifier provided by the client within the parent scope.
|
440
446
|
# It must be between 1 and 128 characters, and contains alphanumeric
|
441
447
|
# characters, underscores or hyphens only.
|
442
448
|
# @param notification_config [::Google::Cloud::SecurityCenter::V1::NotificationConfig, ::Hash]
|
443
|
-
# Required. The notification config being created. The name and the service
|
444
|
-
#
|
445
|
-
# resource.
|
449
|
+
# Required. The notification config being created. The name and the service account
|
450
|
+
# will be ignored as they are both output only fields on this resource.
|
446
451
|
#
|
447
452
|
# @yield [response, operation] Access the result along with the RPC operation
|
448
453
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::NotificationConfig]
|
@@ -712,8 +717,8 @@ module Google
|
|
712
717
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
713
718
|
#
|
714
719
|
# @param name [::String]
|
715
|
-
# Required. Name of the organization to get organization settings for. Its
|
716
|
-
#
|
720
|
+
# Required. Name of the organization to get organization settings for. Its format is
|
721
|
+
# "organizations/[organization_id]/organizationSettings".
|
717
722
|
#
|
718
723
|
# @yield [response, operation] Access the result along with the RPC operation
|
719
724
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::OrganizationSettings]
|
@@ -908,14 +913,14 @@ module Google
|
|
908
913
|
# For example, `resource_properties.size = 100` is a valid filter string.
|
909
914
|
#
|
910
915
|
# Use a partial match on the empty string to filter based on a property
|
911
|
-
# existing
|
916
|
+
# existing: `resource_properties.my_property : ""`
|
912
917
|
#
|
913
918
|
# Use a negated partial match on the empty string to filter based on a
|
914
919
|
# property not existing: `-resource_properties.my_property : ""`
|
915
920
|
# @param group_by [::String]
|
916
|
-
# Required. Expression that defines what assets fields to use for grouping.
|
917
|
-
#
|
918
|
-
#
|
921
|
+
# Required. Expression that defines what assets fields to use for grouping. The string
|
922
|
+
# value should follow SQL syntax: comma separated list of fields. For
|
923
|
+
# example:
|
919
924
|
# "security_center_properties.resource_project,security_center_properties.project".
|
920
925
|
#
|
921
926
|
# The following fields are supported when compare_duration is not set:
|
@@ -1079,6 +1084,7 @@ module Google
|
|
1079
1084
|
# * category: `=`, `:`
|
1080
1085
|
# * external_uri: `=`, `:`
|
1081
1086
|
# * event_time: `=`, `>`, `<`, `>=`, `<=`
|
1087
|
+
# * severity: `=`, `:`
|
1082
1088
|
#
|
1083
1089
|
# Usage: This should be milliseconds since epoch or an RFC3339 string.
|
1084
1090
|
# Examples:
|
@@ -1096,9 +1102,9 @@ module Google
|
|
1096
1102
|
# Use a negated partial match on the empty string to filter based on a
|
1097
1103
|
# property not existing: `-source_properties.my_property : ""`
|
1098
1104
|
# @param group_by [::String]
|
1099
|
-
# Required. Expression that defines what assets fields to use for grouping
|
1100
|
-
#
|
1101
|
-
#
|
1105
|
+
# Required. Expression that defines what assets fields to use for grouping (including
|
1106
|
+
# `state_change`). The string value should follow SQL syntax: comma separated
|
1107
|
+
# list of fields. For example: "parent,resource_name".
|
1102
1108
|
#
|
1103
1109
|
# The following fields are supported:
|
1104
1110
|
#
|
@@ -1106,6 +1112,7 @@ module Google
|
|
1106
1112
|
# * category
|
1107
1113
|
# * state
|
1108
1114
|
# * parent
|
1115
|
+
# * severity
|
1109
1116
|
#
|
1110
1117
|
# The following fields are supported when compare_duration is set:
|
1111
1118
|
#
|
@@ -1339,8 +1346,9 @@ module Google
|
|
1339
1346
|
# is "UNUSED", which will be the state_change set for all assets present at
|
1340
1347
|
# read_time.
|
1341
1348
|
# @param field_mask [::Google::Protobuf::FieldMask, ::Hash]
|
1342
|
-
#
|
1343
|
-
#
|
1349
|
+
# A field mask to specify the ListAssetsResult fields to be listed in the
|
1350
|
+
# response.
|
1351
|
+
# An empty field mask will list all fields.
|
1344
1352
|
# @param page_token [::String]
|
1345
1353
|
# The value returned by the last `ListAssetsResponse`; indicates
|
1346
1354
|
# that this is a continuation of a prior `ListAssets` call, and
|
@@ -1448,13 +1456,14 @@ module Google
|
|
1448
1456
|
#
|
1449
1457
|
# The following field and operator combinations are supported:
|
1450
1458
|
#
|
1451
|
-
# name: `=`
|
1452
|
-
# parent: `=`, `:`
|
1453
|
-
# resource_name: `=`, `:`
|
1454
|
-
# state: `=`, `:`
|
1455
|
-
# category: `=`, `:`
|
1456
|
-
# external_uri: `=`, `:`
|
1457
|
-
# event_time: `=`, `>`, `<`, `>=`, `<=`
|
1459
|
+
# * name: `=`
|
1460
|
+
# * parent: `=`, `:`
|
1461
|
+
# * resource_name: `=`, `:`
|
1462
|
+
# * state: `=`, `:`
|
1463
|
+
# * category: `=`, `:`
|
1464
|
+
# * external_uri: `=`, `:`
|
1465
|
+
# * event_time: `=`, `>`, `<`, `>=`, `<=`
|
1466
|
+
# * severity: `=`, `:`
|
1458
1467
|
#
|
1459
1468
|
# Usage: This should be milliseconds since epoch or an RFC3339 string.
|
1460
1469
|
# Examples:
|
@@ -1527,8 +1536,8 @@ module Google
|
|
1527
1536
|
# is "UNUSED", which will be the state_change set for all findings present at
|
1528
1537
|
# read_time.
|
1529
1538
|
# @param field_mask [::Google::Protobuf::FieldMask, ::Hash]
|
1530
|
-
#
|
1531
|
-
#
|
1539
|
+
# A field mask to specify the Finding fields to be listed in the response.
|
1540
|
+
# An empty field mask will list all fields.
|
1532
1541
|
# @param page_token [::String]
|
1533
1542
|
# The value returned by the last `ListFindingsResponse`; indicates
|
1534
1543
|
# that this is a continuation of a prior `ListFindings` call, and
|
@@ -1757,8 +1766,8 @@ module Google
|
|
1757
1766
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1758
1767
|
#
|
1759
1768
|
# @param parent [::String]
|
1760
|
-
# Required. Name of the organization to run asset discovery for. Its format
|
1761
|
-
#
|
1769
|
+
# Required. Name of the organization to run asset discovery for. Its format is
|
1770
|
+
# "organizations/[organization_id]".
|
1762
1771
|
#
|
1763
1772
|
# @yield [response, operation] Access the result along with the RPC operation
|
1764
1773
|
# @yieldparam response [::Gapic::Operation]
|
@@ -2043,8 +2052,8 @@ module Google
|
|
2043
2052
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2044
2053
|
#
|
2045
2054
|
# @param finding [::Google::Cloud::SecurityCenter::V1::Finding, ::Hash]
|
2046
|
-
# Required. The finding resource to update or create if it does not already
|
2047
|
-
#
|
2055
|
+
# Required. The finding resource to update or create if it does not already exist.
|
2056
|
+
# parent, security_marks, and update_time will be ignored.
|
2048
2057
|
#
|
2049
2058
|
# In the case of creation, the finding id portion of the name must be
|
2050
2059
|
# alphanumeric and less than or equal to 32 characters and greater than 0
|
@@ -2197,7 +2206,7 @@ module Google
|
|
2197
2206
|
# @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
|
2198
2207
|
# The FieldMask to use when updating the settings resource.
|
2199
2208
|
#
|
2200
|
-
#
|
2209
|
+
# If empty all mutable fields will be updated.
|
2201
2210
|
#
|
2202
2211
|
# @yield [response, operation] Access the result along with the RPC operation
|
2203
2212
|
# @yieldparam response [::Google::Cloud::SecurityCenter::V1::OrganizationSettings]
|
@@ -2475,7 +2484,7 @@ module Google
|
|
2475
2484
|
|
2476
2485
|
config_attr :endpoint, "securitycenter.googleapis.com", ::String
|
2477
2486
|
config_attr :credentials, nil do |value|
|
2478
|
-
allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
2487
|
+
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
2479
2488
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
2480
2489
|
allowed.any? { |klass| klass === value }
|
2481
2490
|
end
|
@@ -2515,7 +2524,7 @@ module Google
|
|
2515
2524
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
2516
2525
|
# the following configuration fields:
|
2517
2526
|
#
|
2518
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
2527
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
2519
2528
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
2520
2529
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
2521
2530
|
# include the following keys:
|
@@ -103,8 +103,13 @@ module Google
|
|
103
103
|
# Lists operations that match the specified filter in the request. If the
|
104
104
|
# server doesn't support this method, it returns `UNIMPLEMENTED`.
|
105
105
|
#
|
106
|
-
# NOTE: the `name` binding
|
107
|
-
# to use different resource name schemes, such as `users/*/operations`.
|
106
|
+
# NOTE: the `name` binding allows API services to override the binding
|
107
|
+
# to use different resource name schemes, such as `users/*/operations`. To
|
108
|
+
# override the binding, API services can add a binding such as
|
109
|
+
# `"/v1/{name=users/*}/operations"` to their service configuration.
|
110
|
+
# For backwards compatibility, the default name includes the operations
|
111
|
+
# collection id, however overriding users must ensure the name binding
|
112
|
+
# is the parent resource, without the operations collection id.
|
108
113
|
#
|
109
114
|
# @overload list_operations(request, options = nil)
|
110
115
|
# Pass arguments to `list_operations` via a request object, either of type
|
@@ -122,7 +127,7 @@ module Google
|
|
122
127
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
123
128
|
#
|
124
129
|
# @param name [::String]
|
125
|
-
# The name of the operation
|
130
|
+
# The name of the operation's parent resource.
|
126
131
|
# @param filter [::String]
|
127
132
|
# The standard list filter.
|
128
133
|
# @param page_size [::Integer]
|
@@ -390,6 +395,79 @@ module Google
|
|
390
395
|
raise ::Google::Cloud::Error.from_error(e)
|
391
396
|
end
|
392
397
|
|
398
|
+
##
|
399
|
+
# Waits for the specified long-running operation until it is done or reaches
|
400
|
+
# at most a specified timeout, returning the latest state. If the operation
|
401
|
+
# is already done, the latest state is immediately returned. If the timeout
|
402
|
+
# specified is greater than the default HTTP/RPC timeout, the HTTP/RPC
|
403
|
+
# timeout is used. If the server does not support this method, it returns
|
404
|
+
# `google.rpc.Code.UNIMPLEMENTED`.
|
405
|
+
# Note that this method is on a best-effort basis. It may return the latest
|
406
|
+
# state before the specified timeout (including immediately), meaning even an
|
407
|
+
# immediate response is no guarantee that the operation is done.
|
408
|
+
#
|
409
|
+
# @overload wait_operation(request, options = nil)
|
410
|
+
# Pass arguments to `wait_operation` via a request object, either of type
|
411
|
+
# {::Google::Longrunning::WaitOperationRequest} or an equivalent Hash.
|
412
|
+
#
|
413
|
+
# @param request [::Google::Longrunning::WaitOperationRequest, ::Hash]
|
414
|
+
# A request object representing the call parameters. Required. To specify no
|
415
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
416
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
417
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
418
|
+
#
|
419
|
+
# @overload wait_operation(name: nil, timeout: nil)
|
420
|
+
# Pass arguments to `wait_operation` via keyword arguments. Note that at
|
421
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
422
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
423
|
+
#
|
424
|
+
# @param name [::String]
|
425
|
+
# The name of the operation resource to wait on.
|
426
|
+
# @param timeout [::Google::Protobuf::Duration, ::Hash]
|
427
|
+
# The maximum duration to wait before timing out. If left blank, the wait
|
428
|
+
# will be at most the time permitted by the underlying HTTP/RPC protocol.
|
429
|
+
# If RPC context deadline is also specified, the shorter one will be used.
|
430
|
+
#
|
431
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
432
|
+
# @yieldparam response [::Gapic::Operation]
|
433
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
434
|
+
#
|
435
|
+
# @return [::Gapic::Operation]
|
436
|
+
#
|
437
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
438
|
+
#
|
439
|
+
def wait_operation request, options = nil
|
440
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
441
|
+
|
442
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Longrunning::WaitOperationRequest
|
443
|
+
|
444
|
+
# Converts hash and nil to an options object
|
445
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
446
|
+
|
447
|
+
# Customize the options with defaults
|
448
|
+
metadata = @config.rpcs.wait_operation.metadata.to_h
|
449
|
+
|
450
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
451
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
452
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
453
|
+
gapic_version: ::Google::Cloud::SecurityCenter::V1::VERSION
|
454
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
455
|
+
|
456
|
+
options.apply_defaults timeout: @config.rpcs.wait_operation.timeout,
|
457
|
+
metadata: metadata,
|
458
|
+
retry_policy: @config.rpcs.wait_operation.retry_policy
|
459
|
+
options.apply_defaults metadata: @config.metadata,
|
460
|
+
retry_policy: @config.retry_policy
|
461
|
+
|
462
|
+
@operations_stub.call_rpc :wait_operation, request, options: options do |response, operation|
|
463
|
+
response = ::Gapic::Operation.new response, @operations_client, options: options
|
464
|
+
yield response, operation if block_given?
|
465
|
+
return response
|
466
|
+
end
|
467
|
+
rescue ::GRPC::BadStatus => e
|
468
|
+
raise ::Google::Cloud::Error.from_error(e)
|
469
|
+
end
|
470
|
+
|
393
471
|
##
|
394
472
|
# Configuration class for the Operations API.
|
395
473
|
#
|
@@ -475,7 +553,7 @@ module Google
|
|
475
553
|
|
476
554
|
config_attr :endpoint, "securitycenter.googleapis.com", ::String
|
477
555
|
config_attr :credentials, nil do |value|
|
478
|
-
allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
556
|
+
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
479
557
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
480
558
|
allowed.any? { |klass| klass === value }
|
481
559
|
end
|
@@ -515,7 +593,7 @@ module Google
|
|
515
593
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
516
594
|
# the following configuration fields:
|
517
595
|
#
|
518
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
596
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
519
597
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
520
598
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
521
599
|
# include the following keys:
|
@@ -546,6 +624,11 @@ module Google
|
|
546
624
|
# @return [::Gapic::Config::Method]
|
547
625
|
#
|
548
626
|
attr_reader :cancel_operation
|
627
|
+
##
|
628
|
+
# RPC-specific configuration for `wait_operation`
|
629
|
+
# @return [::Gapic::Config::Method]
|
630
|
+
#
|
631
|
+
attr_reader :wait_operation
|
549
632
|
|
550
633
|
# @private
|
551
634
|
def initialize parent_rpcs = nil
|
@@ -557,6 +640,8 @@ module Google
|
|
557
640
|
@delete_operation = ::Gapic::Config::Method.new delete_operation_config
|
558
641
|
cancel_operation_config = parent_rpcs&.cancel_operation if parent_rpcs&.respond_to? :cancel_operation
|
559
642
|
@cancel_operation = ::Gapic::Config::Method.new cancel_operation_config
|
643
|
+
wait_operation_config = parent_rpcs&.wait_operation if parent_rpcs&.respond_to? :wait_operation
|
644
|
+
@wait_operation = ::Gapic::Config::Method.new wait_operation_config
|
560
645
|
|
561
646
|
yield self if block_given?
|
562
647
|
end
|
@@ -22,12 +22,20 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
22
|
optional :security_marks, :message, 8, "google.cloud.securitycenter.v1.SecurityMarks"
|
23
23
|
optional :event_time, :message, 9, "google.protobuf.Timestamp"
|
24
24
|
optional :create_time, :message, 10, "google.protobuf.Timestamp"
|
25
|
+
optional :severity, :enum, 12, "google.cloud.securitycenter.v1.Finding.Severity"
|
25
26
|
end
|
26
27
|
add_enum "google.cloud.securitycenter.v1.Finding.State" do
|
27
28
|
value :STATE_UNSPECIFIED, 0
|
28
29
|
value :ACTIVE, 1
|
29
30
|
value :INACTIVE, 2
|
30
31
|
end
|
32
|
+
add_enum "google.cloud.securitycenter.v1.Finding.Severity" do
|
33
|
+
value :SEVERITY_UNSPECIFIED, 0
|
34
|
+
value :CRITICAL, 1
|
35
|
+
value :HIGH, 2
|
36
|
+
value :MEDIUM, 3
|
37
|
+
value :LOW, 4
|
38
|
+
end
|
31
39
|
end
|
32
40
|
end
|
33
41
|
|
@@ -37,6 +45,7 @@ module Google
|
|
37
45
|
module V1
|
38
46
|
Finding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding").msgclass
|
39
47
|
Finding::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.State").enummodule
|
48
|
+
Finding::Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.Severity").enummodule
|
40
49
|
end
|
41
50
|
end
|
42
51
|
end
|
@@ -34,67 +34,67 @@ module Google
|
|
34
34
|
self.service_name = 'google.cloud.securitycenter.v1.SecurityCenter'
|
35
35
|
|
36
36
|
# Creates a source.
|
37
|
-
rpc :CreateSource, Google::Cloud::SecurityCenter::V1::CreateSourceRequest, Google::Cloud::SecurityCenter::V1::Source
|
37
|
+
rpc :CreateSource, ::Google::Cloud::SecurityCenter::V1::CreateSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
|
38
38
|
# Creates a finding. The corresponding source must exist for finding creation
|
39
39
|
# to succeed.
|
40
|
-
rpc :CreateFinding, Google::Cloud::SecurityCenter::V1::CreateFindingRequest, Google::Cloud::SecurityCenter::V1::Finding
|
40
|
+
rpc :CreateFinding, ::Google::Cloud::SecurityCenter::V1::CreateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
|
41
41
|
# Creates a notification config.
|
42
|
-
rpc :CreateNotificationConfig, Google::Cloud::SecurityCenter::V1::CreateNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
|
42
|
+
rpc :CreateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::CreateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
|
43
43
|
# Deletes a notification config.
|
44
|
-
rpc :DeleteNotificationConfig, Google::Cloud::SecurityCenter::V1::DeleteNotificationConfigRequest, Google::Protobuf::Empty
|
44
|
+
rpc :DeleteNotificationConfig, ::Google::Cloud::SecurityCenter::V1::DeleteNotificationConfigRequest, ::Google::Protobuf::Empty
|
45
45
|
# Gets the access control policy on the specified Source.
|
46
|
-
rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
|
46
|
+
rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
|
47
47
|
# Gets a notification config.
|
48
|
-
rpc :GetNotificationConfig, Google::Cloud::SecurityCenter::V1::GetNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
|
48
|
+
rpc :GetNotificationConfig, ::Google::Cloud::SecurityCenter::V1::GetNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
|
49
49
|
# Gets the settings for an organization.
|
50
|
-
rpc :GetOrganizationSettings, Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest, Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
50
|
+
rpc :GetOrganizationSettings, ::Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest, ::Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
51
51
|
# Gets a source.
|
52
|
-
rpc :GetSource, Google::Cloud::SecurityCenter::V1::GetSourceRequest, Google::Cloud::SecurityCenter::V1::Source
|
52
|
+
rpc :GetSource, ::Google::Cloud::SecurityCenter::V1::GetSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
|
53
53
|
# Filters an organization's assets and groups them by their specified
|
54
54
|
# properties.
|
55
|
-
rpc :GroupAssets, Google::Cloud::SecurityCenter::V1::GroupAssetsRequest, Google::Cloud::SecurityCenter::V1::GroupAssetsResponse
|
55
|
+
rpc :GroupAssets, ::Google::Cloud::SecurityCenter::V1::GroupAssetsRequest, ::Google::Cloud::SecurityCenter::V1::GroupAssetsResponse
|
56
56
|
# Filters an organization or source's findings and groups them by their
|
57
57
|
# specified properties.
|
58
58
|
#
|
59
59
|
# To group across all sources provide a `-` as the source id.
|
60
60
|
# Example: /v1/organizations/{organization_id}/sources/-/findings
|
61
|
-
rpc :GroupFindings, Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
|
61
|
+
rpc :GroupFindings, ::Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, ::Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
|
62
62
|
# Lists an organization's assets.
|
63
|
-
rpc :ListAssets, Google::Cloud::SecurityCenter::V1::ListAssetsRequest, Google::Cloud::SecurityCenter::V1::ListAssetsResponse
|
63
|
+
rpc :ListAssets, ::Google::Cloud::SecurityCenter::V1::ListAssetsRequest, ::Google::Cloud::SecurityCenter::V1::ListAssetsResponse
|
64
64
|
# Lists an organization or source's findings.
|
65
65
|
#
|
66
66
|
# To list across all sources provide a `-` as the source id.
|
67
67
|
# Example: /v1/organizations/{organization_id}/sources/-/findings
|
68
|
-
rpc :ListFindings, Google::Cloud::SecurityCenter::V1::ListFindingsRequest, Google::Cloud::SecurityCenter::V1::ListFindingsResponse
|
68
|
+
rpc :ListFindings, ::Google::Cloud::SecurityCenter::V1::ListFindingsRequest, ::Google::Cloud::SecurityCenter::V1::ListFindingsResponse
|
69
69
|
# Lists notification configs.
|
70
|
-
rpc :ListNotificationConfigs, Google::Cloud::SecurityCenter::V1::ListNotificationConfigsRequest, Google::Cloud::SecurityCenter::V1::ListNotificationConfigsResponse
|
70
|
+
rpc :ListNotificationConfigs, ::Google::Cloud::SecurityCenter::V1::ListNotificationConfigsRequest, ::Google::Cloud::SecurityCenter::V1::ListNotificationConfigsResponse
|
71
71
|
# Lists all sources belonging to an organization.
|
72
|
-
rpc :ListSources, Google::Cloud::SecurityCenter::V1::ListSourcesRequest, Google::Cloud::SecurityCenter::V1::ListSourcesResponse
|
72
|
+
rpc :ListSources, ::Google::Cloud::SecurityCenter::V1::ListSourcesRequest, ::Google::Cloud::SecurityCenter::V1::ListSourcesResponse
|
73
73
|
# Runs asset discovery. The discovery is tracked with a long-running
|
74
74
|
# operation.
|
75
75
|
#
|
76
76
|
# This API can only be called with limited frequency for an organization. If
|
77
77
|
# it is called too frequently the caller will receive a TOO_MANY_REQUESTS
|
78
78
|
# error.
|
79
|
-
rpc :RunAssetDiscovery, Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest, Google::Longrunning::Operation
|
79
|
+
rpc :RunAssetDiscovery, ::Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest, ::Google::Longrunning::Operation
|
80
80
|
# Updates the state of a finding.
|
81
|
-
rpc :SetFindingState, Google::Cloud::SecurityCenter::V1::SetFindingStateRequest, Google::Cloud::SecurityCenter::V1::Finding
|
81
|
+
rpc :SetFindingState, ::Google::Cloud::SecurityCenter::V1::SetFindingStateRequest, ::Google::Cloud::SecurityCenter::V1::Finding
|
82
82
|
# Sets the access control policy on the specified Source.
|
83
|
-
rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
|
83
|
+
rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
|
84
84
|
# Returns the permissions that a caller has on the specified source.
|
85
|
-
rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
|
85
|
+
rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
|
86
86
|
# Creates or updates a finding. The corresponding source must exist for a
|
87
87
|
# finding creation to succeed.
|
88
|
-
rpc :UpdateFinding, Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, Google::Cloud::SecurityCenter::V1::Finding
|
88
|
+
rpc :UpdateFinding, ::Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
|
89
89
|
# Updates a notification config. The following update
|
90
90
|
# fields are allowed: description, pubsub_topic, streaming_config.filter
|
91
|
-
rpc :UpdateNotificationConfig, Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
|
91
|
+
rpc :UpdateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
|
92
92
|
# Updates an organization's settings.
|
93
|
-
rpc :UpdateOrganizationSettings, Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest, Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
93
|
+
rpc :UpdateOrganizationSettings, ::Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest, ::Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
94
94
|
# Updates a source.
|
95
|
-
rpc :UpdateSource, Google::Cloud::SecurityCenter::V1::UpdateSourceRequest, Google::Cloud::SecurityCenter::V1::Source
|
95
|
+
rpc :UpdateSource, ::Google::Cloud::SecurityCenter::V1::UpdateSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
|
96
96
|
# Updates security marks.
|
97
|
-
rpc :UpdateSecurityMarks, Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest, Google::Cloud::SecurityCenter::V1::SecurityMarks
|
97
|
+
rpc :UpdateSecurityMarks, ::Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest, ::Google::Cloud::SecurityCenter::V1::SecurityMarks
|
98
98
|
end
|
99
99
|
|
100
100
|
Stub = Service.rpc_stub_class
|
@@ -54,6 +54,12 @@ module Google
|
|
54
54
|
# This indicates that the field may be set once in a request to create a
|
55
55
|
# resource, but may not be changed thereafter.
|
56
56
|
IMMUTABLE = 5
|
57
|
+
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
59
|
+
# This indicates that the service may provide the elements of the list
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
62
|
+
UNORDERED_LIST = 6
|
57
63
|
end
|
58
64
|
end
|
59
65
|
end
|
@@ -43,12 +43,12 @@ module Google
|
|
43
43
|
#
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
45
45
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
52
|
#
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
54
|
# live under multiple parents.
|
@@ -183,15 +183,24 @@ module Google
|
|
183
183
|
# }
|
184
184
|
# @!attribute [rw] plural
|
185
185
|
# @return [::String]
|
186
|
-
# The plural name used in the resource name, such as
|
187
|
-
# the name of 'projects/\\{project}'
|
188
|
-
#
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
190
194
|
# @!attribute [rw] singular
|
191
195
|
# @return [::String]
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
195
204
|
class ResourceDescriptor
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -211,6 +220,22 @@ module Google
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
213
222
|
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
214
239
|
end
|
215
240
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
@@ -226,6 +251,17 @@ module Google
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
227
252
|
# }];
|
228
253
|
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
229
265
|
# @!attribute [rw] child_type
|
230
266
|
# @return [::String]
|
231
267
|
# The resource type of a child collection that the annotated field
|
@@ -234,11 +270,11 @@ module Google
|
|
234
270
|
#
|
235
271
|
# Example:
|
236
272
|
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
242
278
|
class ResourceReference
|
243
279
|
include ::Google::Protobuf::MessageExts
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -75,12 +75,18 @@ module Google
|
|
75
75
|
# to the finding.
|
76
76
|
# @!attribute [rw] event_time
|
77
77
|
# @return [::Google::Protobuf::Timestamp]
|
78
|
-
# The time at which the event took place
|
79
|
-
# represents an open firewall it would
|
80
|
-
# the firewall became open. The
|
78
|
+
# The time at which the event took place, or when an update to the finding
|
79
|
+
# occurred. For example, if the finding represents an open firewall it would
|
80
|
+
# capture the time the detector believes the firewall became open. The
|
81
|
+
# accuracy is determined by the detector. If the finding were to be resolved
|
82
|
+
# afterward, this time would reflect when the finding was resolved.
|
81
83
|
# @!attribute [rw] create_time
|
82
84
|
# @return [::Google::Protobuf::Timestamp]
|
83
85
|
# The time at which the finding was created in Security Command Center.
|
86
|
+
# @!attribute [rw] severity
|
87
|
+
# @return [::Google::Cloud::SecurityCenter::V1::Finding::Severity]
|
88
|
+
# The severity of the finding. This field is managed by the source that
|
89
|
+
# writes the finding.
|
84
90
|
class Finding
|
85
91
|
include ::Google::Protobuf::MessageExts
|
86
92
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -106,6 +112,65 @@ module Google
|
|
106
112
|
# and is no longer active.
|
107
113
|
INACTIVE = 2
|
108
114
|
end
|
115
|
+
|
116
|
+
# The severity of the finding.
|
117
|
+
module Severity
|
118
|
+
# This value is used for findings when a source doesn't write a severity
|
119
|
+
# value.
|
120
|
+
SEVERITY_UNSPECIFIED = 0
|
121
|
+
|
122
|
+
# Vulnerability:
|
123
|
+
# A critical vulnerability is easily discoverable by an external actor,
|
124
|
+
# exploitable, and results in the direct ability to execute arbitrary code,
|
125
|
+
# exfiltrate data, and otherwise gain additional access and privileges to
|
126
|
+
# cloud resources and workloads. Examples include publicly accessible
|
127
|
+
# unprotected user data, public SSH access with weak or no passwords, etc.
|
128
|
+
#
|
129
|
+
# Threat:
|
130
|
+
# Indicates a threat that is able to access, modify, or delete data or
|
131
|
+
# execute unauthorized code within existing resources.
|
132
|
+
CRITICAL = 1
|
133
|
+
|
134
|
+
# Vulnerability:
|
135
|
+
# A high risk vulnerability can be easily discovered and exploited in
|
136
|
+
# combination with other vulnerabilities in order to gain direct access and
|
137
|
+
# the ability to execute arbitrary code, exfiltrate data, and otherwise
|
138
|
+
# gain additional access and privileges to cloud resources and workloads.
|
139
|
+
# An example is a database with weak or no passwords that is only
|
140
|
+
# accessible internally. This database could easily be compromised by an
|
141
|
+
# actor that had access to the internal network.
|
142
|
+
#
|
143
|
+
# Threat:
|
144
|
+
# Indicates a threat that is able to create new computational resources in
|
145
|
+
# an environment but not able to access data or execute code in existing
|
146
|
+
# resources.
|
147
|
+
HIGH = 2
|
148
|
+
|
149
|
+
# Vulnerability:
|
150
|
+
# A medium risk vulnerability could be used by an actor to gain access to
|
151
|
+
# resources or privileges that enable them to eventually (through multiple
|
152
|
+
# steps or a complex exploit) gain access and the ability to execute
|
153
|
+
# arbitrary code or exfiltrate data. An example is a service account with
|
154
|
+
# access to more projects than it should have. If an actor gains access to
|
155
|
+
# the service account, they could potentially use that access to manipulate
|
156
|
+
# a project the service account was not intended to.
|
157
|
+
#
|
158
|
+
# Threat:
|
159
|
+
# Indicates a threat that is able to cause operational impact but may not
|
160
|
+
# access data or execute unauthorized code.
|
161
|
+
MEDIUM = 3
|
162
|
+
|
163
|
+
# Vulnerability:
|
164
|
+
# A low risk vulnerability hampers a security organization’s ability to
|
165
|
+
# detect vulnerabilities or active threats in their deployment, or prevents
|
166
|
+
# the root cause investigation of security issues. An example is monitoring
|
167
|
+
# and logs being disabled for resource configurations and access.
|
168
|
+
#
|
169
|
+
# Threat:
|
170
|
+
# Indicates a threat that has obtained minimal access to an environment but
|
171
|
+
# is not able to access data, execute code, or create resources.
|
172
|
+
LOW = 4
|
173
|
+
end
|
109
174
|
end
|
110
175
|
end
|
111
176
|
end
|
@@ -36,12 +36,12 @@ module Google
|
|
36
36
|
# The description of the notification config (max of 1024 characters).
|
37
37
|
# @!attribute [rw] pubsub_topic
|
38
38
|
# @return [::String]
|
39
|
-
# The
|
39
|
+
# The Pub/Sub topic to send notifications to. Its format is
|
40
40
|
# "projects/[project_id]/topics/[topic]".
|
41
41
|
# @!attribute [r] service_account
|
42
42
|
# @return [::String]
|
43
43
|
# Output only. The service account that needs "pubsub.topics.publish"
|
44
|
-
# permission to publish to the
|
44
|
+
# permission to publish to the Pub/Sub topic.
|
45
45
|
# @!attribute [rw] streaming_config
|
46
46
|
# @return [::Google::Cloud::SecurityCenter::V1::NotificationConfig::StreamingConfig]
|
47
47
|
# The config for triggering streaming-based notifications.
|
@@ -33,8 +33,8 @@ module Google
|
|
33
33
|
# greater than 0 characters in length.
|
34
34
|
# @!attribute [rw] finding
|
35
35
|
# @return [::Google::Cloud::SecurityCenter::V1::Finding]
|
36
|
-
# Required. The Finding being created. The name and security_marks will be
|
37
|
-
#
|
36
|
+
# Required. The Finding being created. The name and security_marks will be ignored as
|
37
|
+
# they are both output only fields on this resource.
|
38
38
|
class CreateFindingRequest
|
39
39
|
include ::Google::Protobuf::MessageExts
|
40
40
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -43,8 +43,8 @@ module Google
|
|
43
43
|
# Request message for creating a notification config.
|
44
44
|
# @!attribute [rw] parent
|
45
45
|
# @return [::String]
|
46
|
-
# Required. Resource name of the new notification config's parent. Its format
|
47
|
-
#
|
46
|
+
# Required. Resource name of the new notification config's parent. Its format is
|
47
|
+
# "organizations/[organization_id]".
|
48
48
|
# @!attribute [rw] config_id
|
49
49
|
# @return [::String]
|
50
50
|
# Required.
|
@@ -53,9 +53,8 @@ module Google
|
|
53
53
|
# characters, underscores or hyphens only.
|
54
54
|
# @!attribute [rw] notification_config
|
55
55
|
# @return [::Google::Cloud::SecurityCenter::V1::NotificationConfig]
|
56
|
-
# Required. The notification config being created. The name and the service
|
57
|
-
#
|
58
|
-
# resource.
|
56
|
+
# Required. The notification config being created. The name and the service account
|
57
|
+
# will be ignored as they are both output only fields on this resource.
|
59
58
|
class CreateNotificationConfigRequest
|
60
59
|
include ::Google::Protobuf::MessageExts
|
61
60
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -68,8 +67,8 @@ module Google
|
|
68
67
|
# "organizations/[organization_id]".
|
69
68
|
# @!attribute [rw] source
|
70
69
|
# @return [::Google::Cloud::SecurityCenter::V1::Source]
|
71
|
-
# Required. The Source being created, only the display_name and description
|
72
|
-
#
|
70
|
+
# Required. The Source being created, only the display_name and description will be
|
71
|
+
# used. All other fields will be ignored.
|
73
72
|
class CreateSourceRequest
|
74
73
|
include ::Google::Protobuf::MessageExts
|
75
74
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -98,8 +97,8 @@ module Google
|
|
98
97
|
# Request message for getting organization settings.
|
99
98
|
# @!attribute [rw] name
|
100
99
|
# @return [::String]
|
101
|
-
# Required. Name of the organization to get organization settings for. Its
|
102
|
-
#
|
100
|
+
# Required. Name of the organization to get organization settings for. Its format is
|
101
|
+
# "organizations/[organization_id]/organizationSettings".
|
103
102
|
class GetOrganizationSettingsRequest
|
104
103
|
include ::Google::Protobuf::MessageExts
|
105
104
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -180,15 +179,15 @@ module Google
|
|
180
179
|
# For example, `resource_properties.size = 100` is a valid filter string.
|
181
180
|
#
|
182
181
|
# Use a partial match on the empty string to filter based on a property
|
183
|
-
# existing
|
182
|
+
# existing: `resource_properties.my_property : ""`
|
184
183
|
#
|
185
184
|
# Use a negated partial match on the empty string to filter based on a
|
186
185
|
# property not existing: `-resource_properties.my_property : ""`
|
187
186
|
# @!attribute [rw] group_by
|
188
187
|
# @return [::String]
|
189
|
-
# Required. Expression that defines what assets fields to use for grouping.
|
190
|
-
#
|
191
|
-
#
|
188
|
+
# Required. Expression that defines what assets fields to use for grouping. The string
|
189
|
+
# value should follow SQL syntax: comma separated list of fields. For
|
190
|
+
# example:
|
192
191
|
# "security_center_properties.resource_project,security_center_properties.project".
|
193
192
|
#
|
194
193
|
# The following fields are supported when compare_duration is not set:
|
@@ -316,6 +315,7 @@ module Google
|
|
316
315
|
# * category: `=`, `:`
|
317
316
|
# * external_uri: `=`, `:`
|
318
317
|
# * event_time: `=`, `>`, `<`, `>=`, `<=`
|
318
|
+
# * severity: `=`, `:`
|
319
319
|
#
|
320
320
|
# Usage: This should be milliseconds since epoch or an RFC3339 string.
|
321
321
|
# Examples:
|
@@ -334,9 +334,9 @@ module Google
|
|
334
334
|
# property not existing: `-source_properties.my_property : ""`
|
335
335
|
# @!attribute [rw] group_by
|
336
336
|
# @return [::String]
|
337
|
-
# Required. Expression that defines what assets fields to use for grouping
|
338
|
-
#
|
339
|
-
#
|
337
|
+
# Required. Expression that defines what assets fields to use for grouping (including
|
338
|
+
# `state_change`). The string value should follow SQL syntax: comma separated
|
339
|
+
# list of fields. For example: "parent,resource_name".
|
340
340
|
#
|
341
341
|
# The following fields are supported:
|
342
342
|
#
|
@@ -344,6 +344,7 @@ module Google
|
|
344
344
|
# * category
|
345
345
|
# * state
|
346
346
|
# * parent
|
347
|
+
# * severity
|
347
348
|
#
|
348
349
|
# The following fields are supported when compare_duration is set:
|
349
350
|
#
|
@@ -634,8 +635,9 @@ module Google
|
|
634
635
|
# read_time.
|
635
636
|
# @!attribute [rw] field_mask
|
636
637
|
# @return [::Google::Protobuf::FieldMask]
|
637
|
-
#
|
638
|
-
#
|
638
|
+
# A field mask to specify the ListAssetsResult fields to be listed in the
|
639
|
+
# response.
|
640
|
+
# An empty field mask will list all fields.
|
639
641
|
# @!attribute [rw] page_token
|
640
642
|
# @return [::String]
|
641
643
|
# The value returned by the last `ListAssetsResponse`; indicates
|
@@ -736,13 +738,14 @@ module Google
|
|
736
738
|
#
|
737
739
|
# The following field and operator combinations are supported:
|
738
740
|
#
|
739
|
-
# name: `=`
|
740
|
-
# parent: `=`, `:`
|
741
|
-
# resource_name: `=`, `:`
|
742
|
-
# state: `=`, `:`
|
743
|
-
# category: `=`, `:`
|
744
|
-
# external_uri: `=`, `:`
|
745
|
-
# event_time: `=`, `>`, `<`, `>=`, `<=`
|
741
|
+
# * name: `=`
|
742
|
+
# * parent: `=`, `:`
|
743
|
+
# * resource_name: `=`, `:`
|
744
|
+
# * state: `=`, `:`
|
745
|
+
# * category: `=`, `:`
|
746
|
+
# * external_uri: `=`, `:`
|
747
|
+
# * event_time: `=`, `>`, `<`, `>=`, `<=`
|
748
|
+
# * severity: `=`, `:`
|
746
749
|
#
|
747
750
|
# Usage: This should be milliseconds since epoch or an RFC3339 string.
|
748
751
|
# Examples:
|
@@ -819,8 +822,8 @@ module Google
|
|
819
822
|
# read_time.
|
820
823
|
# @!attribute [rw] field_mask
|
821
824
|
# @return [::Google::Protobuf::FieldMask]
|
822
|
-
#
|
823
|
-
#
|
825
|
+
# A field mask to specify the Finding fields to be listed in the response.
|
826
|
+
# An empty field mask will list all fields.
|
824
827
|
# @!attribute [rw] page_token
|
825
828
|
# @return [::String]
|
826
829
|
# The value returned by the last `ListFindingsResponse`; indicates
|
@@ -860,7 +863,7 @@ module Google
|
|
860
863
|
# @!attribute [rw] state_change
|
861
864
|
# @return [::Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult::StateChange]
|
862
865
|
# State change of the finding between the points in time.
|
863
|
-
# @!attribute [
|
866
|
+
# @!attribute [r] resource
|
864
867
|
# @return [::Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult::Resource]
|
865
868
|
# Output only. Resource that is associated with this finding.
|
866
869
|
class ListFindingsResult
|
@@ -941,8 +944,8 @@ module Google
|
|
941
944
|
# Request message for running asset discovery for an organization.
|
942
945
|
# @!attribute [rw] parent
|
943
946
|
# @return [::String]
|
944
|
-
# Required. Name of the organization to run asset discovery for. Its format
|
945
|
-
#
|
947
|
+
# Required. Name of the organization to run asset discovery for. Its format is
|
948
|
+
# "organizations/[organization_id]".
|
946
949
|
class RunAssetDiscoveryRequest
|
947
950
|
include ::Google::Protobuf::MessageExts
|
948
951
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -951,8 +954,8 @@ module Google
|
|
951
954
|
# Request message for updating or creating a finding.
|
952
955
|
# @!attribute [rw] finding
|
953
956
|
# @return [::Google::Cloud::SecurityCenter::V1::Finding]
|
954
|
-
# Required. The finding resource to update or create if it does not already
|
955
|
-
#
|
957
|
+
# Required. The finding resource to update or create if it does not already exist.
|
958
|
+
# parent, security_marks, and update_time will be ignored.
|
956
959
|
#
|
957
960
|
# In the case of creation, the finding id portion of the name must be
|
958
961
|
# alphanumeric and less than or equal to 32 characters and greater than 0
|
@@ -993,7 +996,7 @@ module Google
|
|
993
996
|
# @return [::Google::Protobuf::FieldMask]
|
994
997
|
# The FieldMask to use when updating the settings resource.
|
995
998
|
#
|
996
|
-
#
|
999
|
+
# If empty all mutable fields will be updated.
|
997
1000
|
class UpdateOrganizationSettingsRequest
|
998
1001
|
include ::Google::Protobuf::MessageExts
|
999
1002
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -25,7 +25,7 @@ module Google
|
|
25
25
|
# @return [::String]
|
26
26
|
# The server-assigned name, which is only unique within the same service that
|
27
27
|
# originally returns it. If you use the default HTTP mapping, the
|
28
|
-
# `name` should
|
28
|
+
# `name` should be a resource name ending with `operations/{unique_id}`.
|
29
29
|
# @!attribute [rw] metadata
|
30
30
|
# @return [::Google::Protobuf::Any]
|
31
31
|
# Service-specific metadata associated with the operation. It typically
|
@@ -35,7 +35,7 @@ module Google
|
|
35
35
|
# @!attribute [rw] done
|
36
36
|
# @return [::Boolean]
|
37
37
|
# If the value is `false`, it means the operation is still in progress.
|
38
|
-
# If true
|
38
|
+
# If `true`, the operation is completed, and either `error` or `response` is
|
39
39
|
# available.
|
40
40
|
# @!attribute [rw] error
|
41
41
|
# @return [::Google::Rpc::Status]
|
@@ -67,7 +67,7 @@ module Google
|
|
67
67
|
# The request message for Operations.ListOperations.
|
68
68
|
# @!attribute [rw] name
|
69
69
|
# @return [::String]
|
70
|
-
# The name of the operation
|
70
|
+
# The name of the operation's parent resource.
|
71
71
|
# @!attribute [rw] filter
|
72
72
|
# @return [::String]
|
73
73
|
# The standard list filter.
|
@@ -112,6 +112,20 @@ module Google
|
|
112
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
113
113
|
end
|
114
114
|
|
115
|
+
# The request message for Operations.WaitOperation.
|
116
|
+
# @!attribute [rw] name
|
117
|
+
# @return [::String]
|
118
|
+
# The name of the operation resource to wait on.
|
119
|
+
# @!attribute [rw] timeout
|
120
|
+
# @return [::Google::Protobuf::Duration]
|
121
|
+
# The maximum duration to wait before timing out. If left blank, the wait
|
122
|
+
# will be at most the time permitted by the underlying HTTP/RPC protocol.
|
123
|
+
# If RPC context deadline is also specified, the shorter one will be used.
|
124
|
+
class WaitOperationRequest
|
125
|
+
include ::Google::Protobuf::MessageExts
|
126
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
127
|
+
end
|
128
|
+
|
115
129
|
# A message representing the message types used by a long-running operation.
|
116
130
|
#
|
117
131
|
# Example:
|
@@ -57,10 +57,13 @@ module Google
|
|
57
57
|
# Example 4: Pack and unpack a message in Go
|
58
58
|
#
|
59
59
|
# foo := &pb.Foo{...}
|
60
|
-
# any, err :=
|
60
|
+
# any, err := anypb.New(foo)
|
61
|
+
# if err != nil {
|
62
|
+
# ...
|
63
|
+
# }
|
61
64
|
# ...
|
62
65
|
# foo := &pb.Foo{}
|
63
|
-
# if err :=
|
66
|
+
# if err := any.UnmarshalTo(foo); err != nil {
|
64
67
|
# ...
|
65
68
|
# }
|
66
69
|
#
|
@@ -70,7 +70,16 @@ module Google
|
|
70
70
|
# .setNanos((int) ((millis % 1000) * 1000000)).build();
|
71
71
|
#
|
72
72
|
#
|
73
|
-
# Example 5: Compute Timestamp from
|
73
|
+
# Example 5: Compute Timestamp from Java `Instant.now()`.
|
74
|
+
#
|
75
|
+
# Instant now = Instant.now();
|
76
|
+
#
|
77
|
+
# Timestamp timestamp =
|
78
|
+
# Timestamp.newBuilder().setSeconds(now.getEpochSecond())
|
79
|
+
# .setNanos(now.getNano()).build();
|
80
|
+
#
|
81
|
+
#
|
82
|
+
# Example 6: Compute Timestamp from current time in Python.
|
74
83
|
#
|
75
84
|
# timestamp = Timestamp()
|
76
85
|
# timestamp.GetCurrentTime()
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-security_center-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|
@@ -171,7 +171,9 @@ dependencies:
|
|
171
171
|
- !ruby/object:Gem::Version
|
172
172
|
version: '0.9'
|
173
173
|
description: Security Command Center API provides access to temporal views of assets
|
174
|
-
and findings within an organization.
|
174
|
+
and findings within an organization. Note that google-cloud-security_center-v1 is
|
175
|
+
a version-specific client library. For most uses, we recommend installing the main
|
176
|
+
client library google-cloud-security_center instead. See the readme for more details.
|
175
177
|
email: googleapis-packages@google.com
|
176
178
|
executables: []
|
177
179
|
extensions: []
|
@@ -244,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
244
246
|
- !ruby/object:Gem::Version
|
245
247
|
version: '0'
|
246
248
|
requirements: []
|
247
|
-
rubygems_version: 3.
|
249
|
+
rubygems_version: 3.2.6
|
248
250
|
signing_key:
|
249
251
|
specification_version: 4
|
250
252
|
summary: API Client library for the Cloud Security Command Center V1 API
|