google-cloud-security_center-v1 0.3.5 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.md +188 -190
- data/README.md +66 -2
- data/lib/google/cloud/security_center/v1.rb +3 -0
- data/lib/google/cloud/security_center/v1/security_center/client.rb +126 -106
- data/lib/google/cloud/security_center/v1/security_center/operations.rb +95 -10
- data/lib/google/cloud/security_center/v1/security_center/paths.rb +175 -17
- data/lib/google/cloud/security_center/v1/version.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/asset_pb.rb +4 -1
- data/lib/google/cloud/securitycenter/v1/finding_pb.rb +11 -1
- data/lib/google/cloud/securitycenter/v1/folder_pb.rb +24 -0
- data/lib/google/cloud/securitycenter/v1/notification_config_pb.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/notification_message_pb.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/organization_settings_pb.rb +2 -1
- data/lib/google/cloud/securitycenter/v1/resource_pb.rb +3 -0
- data/lib/google/cloud/securitycenter/v1/run_asset_discovery_response_pb.rb +1 -1
- data/lib/google/cloud/securitycenter/v1/security_marks_pb.rb +2 -1
- data/lib/google/cloud/securitycenter/v1/securitycenter_service_pb.rb +2 -0
- data/lib/google/cloud/securitycenter/v1/securitycenter_service_services_pb.rb +28 -25
- data/lib/google/cloud/securitycenter/v1/source_pb.rb +2 -1
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/securitycenter/v1/asset.rb +13 -2
- data/proto_docs/google/cloud/securitycenter/v1/finding.rb +73 -1
- data/proto_docs/google/cloud/securitycenter/v1/folder.rb +40 -0
- data/proto_docs/google/cloud/securitycenter/v1/notification_config.rb +2 -2
- data/proto_docs/google/cloud/securitycenter/v1/organization_settings.rb +4 -0
- data/proto_docs/google/cloud/securitycenter/v1/resource.rb +5 -0
- data/proto_docs/google/cloud/securitycenter/v1/security_marks.rb +10 -0
- data/proto_docs/google/cloud/securitycenter/v1/securitycenter_service.rb +62 -45
- data/proto_docs/google/cloud/securitycenter/v1/source.rb +8 -0
- data/proto_docs/google/longrunning/operations.rb +17 -3
- data/proto_docs/google/protobuf/any.rb +5 -2
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +13 -9
@@ -0,0 +1,24 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: google/cloud/securitycenter/v1/folder.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
|
+
add_file("google/cloud/securitycenter/v1/folder.proto", :syntax => :proto3) do
|
9
|
+
add_message "google.cloud.securitycenter.v1.Folder" do
|
10
|
+
optional :resource_folder, :string, 1
|
11
|
+
optional :resource_folder_display_name, :string, 2
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
module Google
|
17
|
+
module Cloud
|
18
|
+
module SecurityCenter
|
19
|
+
module V1
|
20
|
+
Folder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Folder").msgclass
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -3,9 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/api/field_behavior_pb'
|
8
7
|
require 'google/api/resource_pb'
|
8
|
+
require 'google/api/annotations_pb'
|
9
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
10
|
add_file("google/cloud/securitycenter/v1/notification_config.proto", :syntax => :proto3) do
|
11
11
|
add_message "google.cloud.securitycenter.v1.NotificationConfig" do
|
@@ -3,9 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/cloud/securitycenter/v1/finding_pb'
|
8
7
|
require 'google/cloud/securitycenter/v1/resource_pb'
|
8
|
+
require 'google/api/annotations_pb'
|
9
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
10
|
add_file("google/cloud/securitycenter/v1/notification_message.proto", :syntax => :proto3) do
|
11
11
|
add_message "google.cloud.securitycenter.v1.NotificationMessage" do
|
@@ -3,8 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/api/resource_pb'
|
7
|
+
require 'google/api/annotations_pb'
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("google/cloud/securitycenter/v1/organization_settings.proto", :syntax => :proto3) do
|
10
10
|
add_message "google.cloud.securitycenter.v1.OrganizationSettings" do
|
@@ -15,6 +15,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
15
15
|
add_message "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig" do
|
16
16
|
repeated :project_ids, :string, 1
|
17
17
|
optional :inclusion_mode, :enum, 2, "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode"
|
18
|
+
repeated :folder_ids, :string, 3
|
18
19
|
end
|
19
20
|
add_enum "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode" do
|
20
21
|
value :INCLUSION_MODE_UNSPECIFIED, 0
|
@@ -3,6 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'google/api/field_behavior_pb'
|
7
|
+
require 'google/cloud/securitycenter/v1/folder_pb'
|
6
8
|
require 'google/api/annotations_pb'
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("google/cloud/securitycenter/v1/resource.proto", :syntax => :proto3) do
|
@@ -12,6 +14,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
12
14
|
optional :project_display_name, :string, 3
|
13
15
|
optional :parent, :string, 4
|
14
16
|
optional :parent_display_name, :string, 5
|
17
|
+
repeated :folders, :message, 7, "google.cloud.securitycenter.v1.Folder"
|
15
18
|
end
|
16
19
|
end
|
17
20
|
end
|
@@ -3,8 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/protobuf/duration_pb'
|
7
|
+
require 'google/api/annotations_pb'
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("google/cloud/securitycenter/v1/run_asset_discovery_response.proto", :syntax => :proto3) do
|
10
10
|
add_message "google.cloud.securitycenter.v1.RunAssetDiscoveryResponse" do
|
@@ -3,13 +3,14 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/api/resource_pb'
|
7
|
+
require 'google/api/annotations_pb'
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("google/cloud/securitycenter/v1/security_marks.proto", :syntax => :proto3) do
|
10
10
|
add_message "google.cloud.securitycenter.v1.SecurityMarks" do
|
11
11
|
optional :name, :string, 1
|
12
12
|
map :marks, :string, :string, 2
|
13
|
+
optional :canonical_name, :string, 3
|
13
14
|
end
|
14
15
|
end
|
15
16
|
end
|
@@ -10,6 +10,7 @@ require 'google/api/field_behavior_pb'
|
|
10
10
|
require 'google/api/resource_pb'
|
11
11
|
require 'google/cloud/securitycenter/v1/asset_pb'
|
12
12
|
require 'google/cloud/securitycenter/v1/finding_pb'
|
13
|
+
require 'google/cloud/securitycenter/v1/folder_pb'
|
13
14
|
require 'google/cloud/securitycenter/v1/notification_config_pb'
|
14
15
|
require 'google/cloud/securitycenter/v1/organization_settings_pb'
|
15
16
|
require 'google/cloud/securitycenter/v1/security_marks_pb'
|
@@ -155,6 +156,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
155
156
|
optional :project_display_name, :string, 3
|
156
157
|
optional :parent_name, :string, 4
|
157
158
|
optional :parent_display_name, :string, 5
|
159
|
+
repeated :folders, :message, 7, "google.cloud.securitycenter.v1.Folder"
|
158
160
|
end
|
159
161
|
add_enum "google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult.StateChange" do
|
160
162
|
value :UNUSED, 0
|
@@ -27,74 +27,77 @@ module Google
|
|
27
27
|
# V1 APIs for Security Center service.
|
28
28
|
class Service
|
29
29
|
|
30
|
-
include GRPC::GenericService
|
30
|
+
include ::GRPC::GenericService
|
31
31
|
|
32
32
|
self.marshal_class_method = :encode
|
33
33
|
self.unmarshal_class_method = :decode
|
34
34
|
self.service_name = 'google.cloud.securitycenter.v1.SecurityCenter'
|
35
35
|
|
36
36
|
# Creates a source.
|
37
|
-
rpc :CreateSource, Google::Cloud::SecurityCenter::V1::CreateSourceRequest, Google::Cloud::SecurityCenter::V1::Source
|
37
|
+
rpc :CreateSource, ::Google::Cloud::SecurityCenter::V1::CreateSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
|
38
38
|
# Creates a finding. The corresponding source must exist for finding creation
|
39
39
|
# to succeed.
|
40
|
-
rpc :CreateFinding, Google::Cloud::SecurityCenter::V1::CreateFindingRequest, Google::Cloud::SecurityCenter::V1::Finding
|
40
|
+
rpc :CreateFinding, ::Google::Cloud::SecurityCenter::V1::CreateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
|
41
41
|
# Creates a notification config.
|
42
|
-
rpc :CreateNotificationConfig, Google::Cloud::SecurityCenter::V1::CreateNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
|
42
|
+
rpc :CreateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::CreateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
|
43
43
|
# Deletes a notification config.
|
44
|
-
rpc :DeleteNotificationConfig, Google::Cloud::SecurityCenter::V1::DeleteNotificationConfigRequest, Google::Protobuf::Empty
|
44
|
+
rpc :DeleteNotificationConfig, ::Google::Cloud::SecurityCenter::V1::DeleteNotificationConfigRequest, ::Google::Protobuf::Empty
|
45
45
|
# Gets the access control policy on the specified Source.
|
46
|
-
rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
|
46
|
+
rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
|
47
47
|
# Gets a notification config.
|
48
|
-
rpc :GetNotificationConfig, Google::Cloud::SecurityCenter::V1::GetNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
|
48
|
+
rpc :GetNotificationConfig, ::Google::Cloud::SecurityCenter::V1::GetNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
|
49
49
|
# Gets the settings for an organization.
|
50
|
-
rpc :GetOrganizationSettings, Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest, Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
50
|
+
rpc :GetOrganizationSettings, ::Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest, ::Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
51
51
|
# Gets a source.
|
52
|
-
rpc :GetSource, Google::Cloud::SecurityCenter::V1::GetSourceRequest, Google::Cloud::SecurityCenter::V1::Source
|
52
|
+
rpc :GetSource, ::Google::Cloud::SecurityCenter::V1::GetSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
|
53
53
|
# Filters an organization's assets and groups them by their specified
|
54
54
|
# properties.
|
55
|
-
rpc :GroupAssets, Google::Cloud::SecurityCenter::V1::GroupAssetsRequest, Google::Cloud::SecurityCenter::V1::GroupAssetsResponse
|
55
|
+
rpc :GroupAssets, ::Google::Cloud::SecurityCenter::V1::GroupAssetsRequest, ::Google::Cloud::SecurityCenter::V1::GroupAssetsResponse
|
56
56
|
# Filters an organization or source's findings and groups them by their
|
57
57
|
# specified properties.
|
58
58
|
#
|
59
59
|
# To group across all sources provide a `-` as the source id.
|
60
|
-
# Example: /v1/organizations/{organization_id}/sources/-/findings
|
61
|
-
|
60
|
+
# Example: /v1/organizations/{organization_id}/sources/-/findings,
|
61
|
+
# /v1/folders/{folder_id}/sources/-/findings,
|
62
|
+
# /v1/projects/{project_id}/sources/-/findings
|
63
|
+
rpc :GroupFindings, ::Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, ::Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
|
62
64
|
# Lists an organization's assets.
|
63
|
-
rpc :ListAssets, Google::Cloud::SecurityCenter::V1::ListAssetsRequest, Google::Cloud::SecurityCenter::V1::ListAssetsResponse
|
65
|
+
rpc :ListAssets, ::Google::Cloud::SecurityCenter::V1::ListAssetsRequest, ::Google::Cloud::SecurityCenter::V1::ListAssetsResponse
|
64
66
|
# Lists an organization or source's findings.
|
65
67
|
#
|
66
68
|
# To list across all sources provide a `-` as the source id.
|
67
69
|
# Example: /v1/organizations/{organization_id}/sources/-/findings
|
68
|
-
rpc :ListFindings, Google::Cloud::SecurityCenter::V1::ListFindingsRequest, Google::Cloud::SecurityCenter::V1::ListFindingsResponse
|
70
|
+
rpc :ListFindings, ::Google::Cloud::SecurityCenter::V1::ListFindingsRequest, ::Google::Cloud::SecurityCenter::V1::ListFindingsResponse
|
69
71
|
# Lists notification configs.
|
70
|
-
rpc :ListNotificationConfigs, Google::Cloud::SecurityCenter::V1::ListNotificationConfigsRequest, Google::Cloud::SecurityCenter::V1::ListNotificationConfigsResponse
|
72
|
+
rpc :ListNotificationConfigs, ::Google::Cloud::SecurityCenter::V1::ListNotificationConfigsRequest, ::Google::Cloud::SecurityCenter::V1::ListNotificationConfigsResponse
|
71
73
|
# Lists all sources belonging to an organization.
|
72
|
-
rpc :ListSources, Google::Cloud::SecurityCenter::V1::ListSourcesRequest, Google::Cloud::SecurityCenter::V1::ListSourcesResponse
|
74
|
+
rpc :ListSources, ::Google::Cloud::SecurityCenter::V1::ListSourcesRequest, ::Google::Cloud::SecurityCenter::V1::ListSourcesResponse
|
73
75
|
# Runs asset discovery. The discovery is tracked with a long-running
|
74
76
|
# operation.
|
75
77
|
#
|
76
78
|
# This API can only be called with limited frequency for an organization. If
|
77
79
|
# it is called too frequently the caller will receive a TOO_MANY_REQUESTS
|
78
80
|
# error.
|
79
|
-
rpc :RunAssetDiscovery, Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest, Google::Longrunning::Operation
|
81
|
+
rpc :RunAssetDiscovery, ::Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest, ::Google::Longrunning::Operation
|
80
82
|
# Updates the state of a finding.
|
81
|
-
rpc :SetFindingState, Google::Cloud::SecurityCenter::V1::SetFindingStateRequest, Google::Cloud::SecurityCenter::V1::Finding
|
83
|
+
rpc :SetFindingState, ::Google::Cloud::SecurityCenter::V1::SetFindingStateRequest, ::Google::Cloud::SecurityCenter::V1::Finding
|
82
84
|
# Sets the access control policy on the specified Source.
|
83
|
-
rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
|
85
|
+
rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
|
84
86
|
# Returns the permissions that a caller has on the specified source.
|
85
|
-
rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
|
87
|
+
rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
|
86
88
|
# Creates or updates a finding. The corresponding source must exist for a
|
87
89
|
# finding creation to succeed.
|
88
|
-
rpc :UpdateFinding, Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, Google::Cloud::SecurityCenter::V1::Finding
|
90
|
+
rpc :UpdateFinding, ::Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
|
91
|
+
#
|
89
92
|
# Updates a notification config. The following update
|
90
93
|
# fields are allowed: description, pubsub_topic, streaming_config.filter
|
91
|
-
rpc :UpdateNotificationConfig, Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, Google::Cloud::SecurityCenter::V1::NotificationConfig
|
94
|
+
rpc :UpdateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig
|
92
95
|
# Updates an organization's settings.
|
93
|
-
rpc :UpdateOrganizationSettings, Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest, Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
96
|
+
rpc :UpdateOrganizationSettings, ::Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest, ::Google::Cloud::SecurityCenter::V1::OrganizationSettings
|
94
97
|
# Updates a source.
|
95
|
-
rpc :UpdateSource, Google::Cloud::SecurityCenter::V1::UpdateSourceRequest, Google::Cloud::SecurityCenter::V1::Source
|
98
|
+
rpc :UpdateSource, ::Google::Cloud::SecurityCenter::V1::UpdateSourceRequest, ::Google::Cloud::SecurityCenter::V1::Source
|
96
99
|
# Updates security marks.
|
97
|
-
rpc :UpdateSecurityMarks, Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest, Google::Cloud::SecurityCenter::V1::SecurityMarks
|
100
|
+
rpc :UpdateSecurityMarks, ::Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest, ::Google::Cloud::SecurityCenter::V1::SecurityMarks
|
98
101
|
end
|
99
102
|
|
100
103
|
Stub = Service.rpc_stub_class
|
@@ -3,14 +3,15 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/api/resource_pb'
|
7
|
+
require 'google/api/annotations_pb'
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("google/cloud/securitycenter/v1/source.proto", :syntax => :proto3) do
|
10
10
|
add_message "google.cloud.securitycenter.v1.Source" do
|
11
11
|
optional :name, :string, 1
|
12
12
|
optional :display_name, :string, 2
|
13
13
|
optional :description, :string, 3
|
14
|
+
optional :canonical_name, :string, 14
|
14
15
|
end
|
15
16
|
end
|
16
17
|
end
|
@@ -54,6 +54,12 @@ module Google
|
|
54
54
|
# This indicates that the field may be set once in a request to create a
|
55
55
|
# resource, but may not be changed thereafter.
|
56
56
|
IMMUTABLE = 5
|
57
|
+
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
59
|
+
# This indicates that the service may provide the elements of the list
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
62
|
+
UNORDERED_LIST = 6
|
57
63
|
end
|
58
64
|
end
|
59
65
|
end
|
@@ -43,12 +43,12 @@ module Google
|
|
43
43
|
#
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
45
45
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
52
|
#
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
54
|
# live under multiple parents.
|
@@ -183,15 +183,24 @@ module Google
|
|
183
183
|
# }
|
184
184
|
# @!attribute [rw] plural
|
185
185
|
# @return [::String]
|
186
|
-
# The plural name used in the resource name, such as
|
187
|
-
# the name of 'projects/\\{project}'
|
188
|
-
#
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
190
194
|
# @!attribute [rw] singular
|
191
195
|
# @return [::String]
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
195
204
|
class ResourceDescriptor
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -211,6 +220,22 @@ module Google
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
213
222
|
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
214
239
|
end
|
215
240
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
@@ -226,6 +251,17 @@ module Google
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
227
252
|
# }];
|
228
253
|
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
229
265
|
# @!attribute [rw] child_type
|
230
266
|
# @return [::String]
|
231
267
|
# The resource type of a child collection that the annotated field
|
@@ -234,11 +270,11 @@ module Google
|
|
234
270
|
#
|
235
271
|
# Example:
|
236
272
|
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
242
278
|
class ResourceReference
|
243
279
|
include ::Google::Protobuf::MessageExts
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -51,14 +51,20 @@ module Google
|
|
51
51
|
# The time at which the asset was created in Security Command Center.
|
52
52
|
# @!attribute [rw] update_time
|
53
53
|
# @return [::Google::Protobuf::Timestamp]
|
54
|
-
# The time at which the asset was last updated
|
55
|
-
# Command Center.
|
54
|
+
# The time at which the asset was last updated or added in Cloud SCC.
|
56
55
|
# @!attribute [rw] iam_policy
|
57
56
|
# @return [::Google::Cloud::SecurityCenter::V1::Asset::IamPolicy]
|
58
57
|
# Cloud IAM Policy information associated with the Google Cloud resource
|
59
58
|
# described by the Security Command Center asset. This information is managed
|
60
59
|
# and defined by the Google Cloud resource and cannot be modified by the
|
61
60
|
# user.
|
61
|
+
# @!attribute [rw] canonical_name
|
62
|
+
# @return [::String]
|
63
|
+
# The canonical name of the resource. It's either
|
64
|
+
# "organizations/\\{organization_id}/assets/\\{asset_id}",
|
65
|
+
# "folders/\\{folder_id}/assets/\\{asset_id}" or
|
66
|
+
# "projects/\\{project_number}/assets/\\{asset_id}", depending on the closest CRM
|
67
|
+
# ancestor of the resource.
|
62
68
|
class Asset
|
63
69
|
include ::Google::Protobuf::MessageExts
|
64
70
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -96,6 +102,11 @@ module Google
|
|
96
102
|
# @!attribute [rw] resource_project_display_name
|
97
103
|
# @return [::String]
|
98
104
|
# The user defined display name for the project of this resource.
|
105
|
+
# @!attribute [rw] folders
|
106
|
+
# @return [::Array<::Google::Cloud::SecurityCenter::V1::Folder>]
|
107
|
+
# Contains a Folder message for each folder in the assets ancestry.
|
108
|
+
# The first folder is the deepest nested folder, and the last folder is the
|
109
|
+
# folder directly under the Organization.
|
99
110
|
class SecurityCenterProperties
|
100
111
|
include ::Google::Protobuf::MessageExts
|
101
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -79,10 +79,23 @@ module Google
|
|
79
79
|
# occurred. For example, if the finding represents an open firewall it would
|
80
80
|
# capture the time the detector believes the firewall became open. The
|
81
81
|
# accuracy is determined by the detector. If the finding were to be resolved
|
82
|
-
# afterward, this time would reflect when the finding was resolved.
|
82
|
+
# afterward, this time would reflect when the finding was resolved. Must not
|
83
|
+
# be set to a value greater than the current timestamp.
|
83
84
|
# @!attribute [rw] create_time
|
84
85
|
# @return [::Google::Protobuf::Timestamp]
|
85
86
|
# The time at which the finding was created in Security Command Center.
|
87
|
+
# @!attribute [rw] severity
|
88
|
+
# @return [::Google::Cloud::SecurityCenter::V1::Finding::Severity]
|
89
|
+
# The severity of the finding. This field is managed by the source that
|
90
|
+
# writes the finding.
|
91
|
+
# @!attribute [rw] canonical_name
|
92
|
+
# @return [::String]
|
93
|
+
# The canonical name of the finding. It's either
|
94
|
+
# "organizations/\\{organization_id}/sources/\\{source_id}/findings/\\{finding_id}",
|
95
|
+
# "folders/\\{folder_id}/sources/\\{source_id}/findings/\\{finding_id}" or
|
96
|
+
# "projects/\\{project_number}/sources/\\{source_id}/findings/\\{finding_id}",
|
97
|
+
# depending on the closest CRM ancestor of the resource associated with the
|
98
|
+
# finding.
|
86
99
|
class Finding
|
87
100
|
include ::Google::Protobuf::MessageExts
|
88
101
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -108,6 +121,65 @@ module Google
|
|
108
121
|
# and is no longer active.
|
109
122
|
INACTIVE = 2
|
110
123
|
end
|
124
|
+
|
125
|
+
# The severity of the finding.
|
126
|
+
module Severity
|
127
|
+
# This value is used for findings when a source doesn't write a severity
|
128
|
+
# value.
|
129
|
+
SEVERITY_UNSPECIFIED = 0
|
130
|
+
|
131
|
+
# Vulnerability:
|
132
|
+
# A critical vulnerability is easily discoverable by an external actor,
|
133
|
+
# exploitable, and results in the direct ability to execute arbitrary code,
|
134
|
+
# exfiltrate data, and otherwise gain additional access and privileges to
|
135
|
+
# cloud resources and workloads. Examples include publicly accessible
|
136
|
+
# unprotected user data, public SSH access with weak or no passwords, etc.
|
137
|
+
#
|
138
|
+
# Threat:
|
139
|
+
# Indicates a threat that is able to access, modify, or delete data or
|
140
|
+
# execute unauthorized code within existing resources.
|
141
|
+
CRITICAL = 1
|
142
|
+
|
143
|
+
# Vulnerability:
|
144
|
+
# A high risk vulnerability can be easily discovered and exploited in
|
145
|
+
# combination with other vulnerabilities in order to gain direct access and
|
146
|
+
# the ability to execute arbitrary code, exfiltrate data, and otherwise
|
147
|
+
# gain additional access and privileges to cloud resources and workloads.
|
148
|
+
# An example is a database with weak or no passwords that is only
|
149
|
+
# accessible internally. This database could easily be compromised by an
|
150
|
+
# actor that had access to the internal network.
|
151
|
+
#
|
152
|
+
# Threat:
|
153
|
+
# Indicates a threat that is able to create new computational resources in
|
154
|
+
# an environment but not able to access data or execute code in existing
|
155
|
+
# resources.
|
156
|
+
HIGH = 2
|
157
|
+
|
158
|
+
# Vulnerability:
|
159
|
+
# A medium risk vulnerability could be used by an actor to gain access to
|
160
|
+
# resources or privileges that enable them to eventually (through multiple
|
161
|
+
# steps or a complex exploit) gain access and the ability to execute
|
162
|
+
# arbitrary code or exfiltrate data. An example is a service account with
|
163
|
+
# access to more projects than it should have. If an actor gains access to
|
164
|
+
# the service account, they could potentially use that access to manipulate
|
165
|
+
# a project the service account was not intended to.
|
166
|
+
#
|
167
|
+
# Threat:
|
168
|
+
# Indicates a threat that is able to cause operational impact but may not
|
169
|
+
# access data or execute unauthorized code.
|
170
|
+
MEDIUM = 3
|
171
|
+
|
172
|
+
# Vulnerability:
|
173
|
+
# A low risk vulnerability hampers a security organization’s ability to
|
174
|
+
# detect vulnerabilities or active threats in their deployment, or prevents
|
175
|
+
# the root cause investigation of security issues. An example is monitoring
|
176
|
+
# and logs being disabled for resource configurations and access.
|
177
|
+
#
|
178
|
+
# Threat:
|
179
|
+
# Indicates a threat that has obtained minimal access to an environment but
|
180
|
+
# is not able to access data, execute code, or create resources.
|
181
|
+
LOW = 4
|
182
|
+
end
|
111
183
|
end
|
112
184
|
end
|
113
185
|
end
|