google-cloud-security_center 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.yardopts +9 -0
- data/LICENSE +201 -0
- data/README.md +69 -0
- data/lib/google/cloud/security_center.rb +141 -0
- data/lib/google/cloud/security_center/v1.rb +139 -0
- data/lib/google/cloud/security_center/v1/asset_pb.rb +37 -0
- data/lib/google/cloud/security_center/v1/credentials.rb +41 -0
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/asset.rb +96 -0
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/finding.rb +94 -0
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/organization_settings.rb +72 -0
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/security_marks.rb +44 -0
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/securitycenter_service.rb +759 -0
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/source.rb +51 -0
- data/lib/google/cloud/security_center/v1/doc/google/iam/v1/iam_policy.rb +63 -0
- data/lib/google/cloud/security_center/v1/doc/google/iam/v1/policy.rb +104 -0
- data/lib/google/cloud/security_center/v1/doc/google/longrunning/operations.rb +51 -0
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/any.rb +131 -0
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/duration.rb +91 -0
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/field_mask.rb +222 -0
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/struct.rb +74 -0
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/timestamp.rb +111 -0
- data/lib/google/cloud/security_center/v1/doc/google/rpc/status.rb +87 -0
- data/lib/google/cloud/security_center/v1/finding_pb.rb +34 -0
- data/lib/google/cloud/security_center/v1/helpers.rb +87 -0
- data/lib/google/cloud/security_center/v1/organization_settings_pb.rb +29 -0
- data/lib/google/cloud/security_center/v1/security_center_client.rb +1772 -0
- data/lib/google/cloud/security_center/v1/security_center_client_config.json +116 -0
- data/lib/google/cloud/security_center/v1/security_marks_pb.rb +17 -0
- data/lib/google/cloud/security_center/v1/securitycenter_service_pb.rb +186 -0
- data/lib/google/cloud/security_center/v1/securitycenter_service_services_pb.rb +90 -0
- data/lib/google/cloud/security_center/v1/source_pb.rb +18 -0
- metadata +172 -0
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/security_center/v1/finding.proto
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
require 'google/protobuf'
|
|
6
|
+
|
|
7
|
+
require 'google/api/annotations_pb'
|
|
8
|
+
require 'google/cloud/security_center/v1/security_marks_pb'
|
|
9
|
+
require 'google/protobuf/struct_pb'
|
|
10
|
+
require 'google/protobuf/timestamp_pb'
|
|
11
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
12
|
+
add_message "google.cloud.securitycenter.v1.Finding" do
|
|
13
|
+
optional :name, :string, 1
|
|
14
|
+
optional :parent, :string, 2
|
|
15
|
+
optional :resource_name, :string, 3
|
|
16
|
+
optional :state, :enum, 4, "google.cloud.securitycenter.v1.Finding.State"
|
|
17
|
+
optional :category, :string, 5
|
|
18
|
+
optional :external_uri, :string, 6
|
|
19
|
+
map :source_properties, :string, :message, 7, "google.protobuf.Value"
|
|
20
|
+
optional :security_marks, :message, 8, "google.cloud.securitycenter.v1.SecurityMarks"
|
|
21
|
+
optional :event_time, :message, 9, "google.protobuf.Timestamp"
|
|
22
|
+
optional :create_time, :message, 10, "google.protobuf.Timestamp"
|
|
23
|
+
end
|
|
24
|
+
add_enum "google.cloud.securitycenter.v1.Finding.State" do
|
|
25
|
+
value :STATE_UNSPECIFIED, 0
|
|
26
|
+
value :ACTIVE, 1
|
|
27
|
+
value :INACTIVE, 2
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
module Google::Cloud::SecurityCenter::V1
|
|
32
|
+
Finding = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding").msgclass
|
|
33
|
+
Finding::State = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.State").enummodule
|
|
34
|
+
end
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
# Copyright 2019 Google LLC
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License at
|
|
6
|
+
#
|
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# # limitations under the License.
|
|
14
|
+
|
|
15
|
+
module Google
|
|
16
|
+
module Cloud
|
|
17
|
+
module SecurityCenter
|
|
18
|
+
module V1
|
|
19
|
+
class SecurityCenterClient
|
|
20
|
+
|
|
21
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.asset_path.
|
|
22
|
+
# @param organization [String]
|
|
23
|
+
# @param asset [String]
|
|
24
|
+
# @return [String]
|
|
25
|
+
def asset_path organization, asset
|
|
26
|
+
self.class.asset_path organization, asset
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.asset_security_marks_path.
|
|
30
|
+
# @param organization [String]
|
|
31
|
+
# @param asset [String]
|
|
32
|
+
# @return [String]
|
|
33
|
+
def asset_security_marks_path organization, asset
|
|
34
|
+
self.class.asset_security_marks_path organization, asset
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.finding_path.
|
|
38
|
+
# @param organization [String]
|
|
39
|
+
# @param source [String]
|
|
40
|
+
# @param finding [String]
|
|
41
|
+
# @return [String]
|
|
42
|
+
def finding_path organization, source, finding
|
|
43
|
+
self.class.finding_path organization, source, finding
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.finding_security_marks_path.
|
|
47
|
+
# @param organization [String]
|
|
48
|
+
# @param source [String]
|
|
49
|
+
# @param finding [String]
|
|
50
|
+
# @return [String]
|
|
51
|
+
def finding_security_marks_path organization, source, finding
|
|
52
|
+
self.class.finding_security_marks_path organization, source, finding
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_path.
|
|
56
|
+
# @param organization [String]
|
|
57
|
+
# @return [String]
|
|
58
|
+
def organization_path organization
|
|
59
|
+
self.class.organization_path organization
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_settings_path.
|
|
63
|
+
# @param organization [String]
|
|
64
|
+
# @return [String]
|
|
65
|
+
def organization_settings_path organization
|
|
66
|
+
self.class.organization_settings_path organization
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_sources_path.
|
|
70
|
+
# @param organization [String]
|
|
71
|
+
# @return [String]
|
|
72
|
+
def organization_sources_path organization
|
|
73
|
+
self.class.organization_sources_path organization
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# Alias for Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path.
|
|
77
|
+
# @param organization [String]
|
|
78
|
+
# @param source [String]
|
|
79
|
+
# @return [String]
|
|
80
|
+
def source_path organization, source
|
|
81
|
+
self.class.source_path organization, source
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/security_center/v1/organization_settings.proto
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
require 'google/protobuf'
|
|
6
|
+
|
|
7
|
+
require 'google/api/annotations_pb'
|
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
9
|
+
add_message "google.cloud.securitycenter.v1.OrganizationSettings" do
|
|
10
|
+
optional :name, :string, 1
|
|
11
|
+
optional :enable_asset_discovery, :bool, 2
|
|
12
|
+
optional :asset_discovery_config, :message, 3, "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig"
|
|
13
|
+
end
|
|
14
|
+
add_message "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig" do
|
|
15
|
+
repeated :project_ids, :string, 1
|
|
16
|
+
optional :inclusion_mode, :enum, 2, "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode"
|
|
17
|
+
end
|
|
18
|
+
add_enum "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode" do
|
|
19
|
+
value :INCLUSION_MODE_UNSPECIFIED, 0
|
|
20
|
+
value :INCLUDE_ONLY, 1
|
|
21
|
+
value :EXCLUDE, 2
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
module Google::Cloud::SecurityCenter::V1
|
|
26
|
+
OrganizationSettings = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.OrganizationSettings").msgclass
|
|
27
|
+
OrganizationSettings::AssetDiscoveryConfig = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig").msgclass
|
|
28
|
+
OrganizationSettings::AssetDiscoveryConfig::InclusionMode = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode").enummodule
|
|
29
|
+
end
|
|
@@ -0,0 +1,1772 @@
|
|
|
1
|
+
# Copyright 2019 Google LLC
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License at
|
|
6
|
+
#
|
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
#
|
|
15
|
+
# EDITING INSTRUCTIONS
|
|
16
|
+
# This file was generated from the file
|
|
17
|
+
# https://github.com/googleapis/googleapis/blob/master/google/cloud/security_center/v1/securitycenter_service.proto,
|
|
18
|
+
# and updates to that file get reflected here through a refresh process.
|
|
19
|
+
# For the short term, the refresh process will only be runnable by Google
|
|
20
|
+
# engineers.
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
require "json"
|
|
24
|
+
require "pathname"
|
|
25
|
+
|
|
26
|
+
require "google/gax"
|
|
27
|
+
require "google/gax/operation"
|
|
28
|
+
require "google/longrunning/operations_client"
|
|
29
|
+
|
|
30
|
+
require "google/cloud/security_center/v1/securitycenter_service_pb"
|
|
31
|
+
require "google/cloud/security_center/v1/credentials"
|
|
32
|
+
|
|
33
|
+
module Google
|
|
34
|
+
module Cloud
|
|
35
|
+
module SecurityCenter
|
|
36
|
+
module V1
|
|
37
|
+
# V1 APIs for Security Center service.
|
|
38
|
+
#
|
|
39
|
+
# @!attribute [r] security_center_stub
|
|
40
|
+
# @return [Google::Cloud::SecurityCenter::V1::SecurityCenter::Stub]
|
|
41
|
+
class SecurityCenterClient
|
|
42
|
+
# @private
|
|
43
|
+
attr_reader :security_center_stub
|
|
44
|
+
|
|
45
|
+
# The default address of the service.
|
|
46
|
+
SERVICE_ADDRESS = "securitycenter.googleapis.com".freeze
|
|
47
|
+
|
|
48
|
+
# The default port of the service.
|
|
49
|
+
DEFAULT_SERVICE_PORT = 443
|
|
50
|
+
|
|
51
|
+
# The default set of gRPC interceptors.
|
|
52
|
+
GRPC_INTERCEPTORS = []
|
|
53
|
+
|
|
54
|
+
DEFAULT_TIMEOUT = 30
|
|
55
|
+
|
|
56
|
+
PAGE_DESCRIPTORS = {
|
|
57
|
+
"group_assets" => Google::Gax::PageDescriptor.new(
|
|
58
|
+
"page_token",
|
|
59
|
+
"next_page_token",
|
|
60
|
+
"group_by_results"),
|
|
61
|
+
"group_findings" => Google::Gax::PageDescriptor.new(
|
|
62
|
+
"page_token",
|
|
63
|
+
"next_page_token",
|
|
64
|
+
"group_by_results"),
|
|
65
|
+
"list_assets" => Google::Gax::PageDescriptor.new(
|
|
66
|
+
"page_token",
|
|
67
|
+
"next_page_token",
|
|
68
|
+
"list_assets_results"),
|
|
69
|
+
"list_findings" => Google::Gax::PageDescriptor.new(
|
|
70
|
+
"page_token",
|
|
71
|
+
"next_page_token",
|
|
72
|
+
"list_findings_results"),
|
|
73
|
+
"list_sources" => Google::Gax::PageDescriptor.new(
|
|
74
|
+
"page_token",
|
|
75
|
+
"next_page_token",
|
|
76
|
+
"sources")
|
|
77
|
+
}.freeze
|
|
78
|
+
|
|
79
|
+
private_constant :PAGE_DESCRIPTORS
|
|
80
|
+
|
|
81
|
+
# The scopes needed to make gRPC calls to all of the methods defined in
|
|
82
|
+
# this service.
|
|
83
|
+
ALL_SCOPES = [
|
|
84
|
+
"https://www.googleapis.com/auth/cloud-platform"
|
|
85
|
+
].freeze
|
|
86
|
+
|
|
87
|
+
class OperationsClient < Google::Longrunning::OperationsClient
|
|
88
|
+
self::SERVICE_ADDRESS = SecurityCenterClient::SERVICE_ADDRESS
|
|
89
|
+
self::GRPC_INTERCEPTORS = SecurityCenterClient::GRPC_INTERCEPTORS
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
ASSET_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
93
|
+
"organizations/{organization}/assets/{asset}"
|
|
94
|
+
)
|
|
95
|
+
|
|
96
|
+
private_constant :ASSET_PATH_TEMPLATE
|
|
97
|
+
|
|
98
|
+
ASSET_SECURITY_MARKS_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
99
|
+
"organizations/{organization}/assets/{asset}/securityMarks"
|
|
100
|
+
)
|
|
101
|
+
|
|
102
|
+
private_constant :ASSET_SECURITY_MARKS_PATH_TEMPLATE
|
|
103
|
+
|
|
104
|
+
FINDING_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
105
|
+
"organizations/{organization}/sources/{source}/findings/{finding}"
|
|
106
|
+
)
|
|
107
|
+
|
|
108
|
+
private_constant :FINDING_PATH_TEMPLATE
|
|
109
|
+
|
|
110
|
+
FINDING_SECURITY_MARKS_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
111
|
+
"organizations/{organization}/sources/{source}/findings/{finding}/securityMarks"
|
|
112
|
+
)
|
|
113
|
+
|
|
114
|
+
private_constant :FINDING_SECURITY_MARKS_PATH_TEMPLATE
|
|
115
|
+
|
|
116
|
+
ORGANIZATION_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
117
|
+
"organizations/{organization}"
|
|
118
|
+
)
|
|
119
|
+
|
|
120
|
+
private_constant :ORGANIZATION_PATH_TEMPLATE
|
|
121
|
+
|
|
122
|
+
ORGANIZATION_SETTINGS_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
123
|
+
"organizations/{organization}/organizationSettings"
|
|
124
|
+
)
|
|
125
|
+
|
|
126
|
+
private_constant :ORGANIZATION_SETTINGS_PATH_TEMPLATE
|
|
127
|
+
|
|
128
|
+
ORGANIZATION_SOURCES_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
129
|
+
"organizations/{organization}/sources/-"
|
|
130
|
+
)
|
|
131
|
+
|
|
132
|
+
private_constant :ORGANIZATION_SOURCES_PATH_TEMPLATE
|
|
133
|
+
|
|
134
|
+
SOURCE_PATH_TEMPLATE = Google::Gax::PathTemplate.new(
|
|
135
|
+
"organizations/{organization}/sources/{source}"
|
|
136
|
+
)
|
|
137
|
+
|
|
138
|
+
private_constant :SOURCE_PATH_TEMPLATE
|
|
139
|
+
|
|
140
|
+
# Returns a fully-qualified asset resource name string.
|
|
141
|
+
# @param organization [String]
|
|
142
|
+
# @param asset [String]
|
|
143
|
+
# @return [String]
|
|
144
|
+
def self.asset_path organization, asset
|
|
145
|
+
ASSET_PATH_TEMPLATE.render(
|
|
146
|
+
:"organization" => organization,
|
|
147
|
+
:"asset" => asset
|
|
148
|
+
)
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
# Returns a fully-qualified asset_security_marks resource name string.
|
|
152
|
+
# @param organization [String]
|
|
153
|
+
# @param asset [String]
|
|
154
|
+
# @return [String]
|
|
155
|
+
def self.asset_security_marks_path organization, asset
|
|
156
|
+
ASSET_SECURITY_MARKS_PATH_TEMPLATE.render(
|
|
157
|
+
:"organization" => organization,
|
|
158
|
+
:"asset" => asset
|
|
159
|
+
)
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
# Returns a fully-qualified finding resource name string.
|
|
163
|
+
# @param organization [String]
|
|
164
|
+
# @param source [String]
|
|
165
|
+
# @param finding [String]
|
|
166
|
+
# @return [String]
|
|
167
|
+
def self.finding_path organization, source, finding
|
|
168
|
+
FINDING_PATH_TEMPLATE.render(
|
|
169
|
+
:"organization" => organization,
|
|
170
|
+
:"source" => source,
|
|
171
|
+
:"finding" => finding
|
|
172
|
+
)
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
# Returns a fully-qualified finding_security_marks resource name string.
|
|
176
|
+
# @param organization [String]
|
|
177
|
+
# @param source [String]
|
|
178
|
+
# @param finding [String]
|
|
179
|
+
# @return [String]
|
|
180
|
+
def self.finding_security_marks_path organization, source, finding
|
|
181
|
+
FINDING_SECURITY_MARKS_PATH_TEMPLATE.render(
|
|
182
|
+
:"organization" => organization,
|
|
183
|
+
:"source" => source,
|
|
184
|
+
:"finding" => finding
|
|
185
|
+
)
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
# Returns a fully-qualified organization resource name string.
|
|
189
|
+
# @param organization [String]
|
|
190
|
+
# @return [String]
|
|
191
|
+
def self.organization_path organization
|
|
192
|
+
ORGANIZATION_PATH_TEMPLATE.render(
|
|
193
|
+
:"organization" => organization
|
|
194
|
+
)
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
# Returns a fully-qualified organization_settings resource name string.
|
|
198
|
+
# @param organization [String]
|
|
199
|
+
# @return [String]
|
|
200
|
+
def self.organization_settings_path organization
|
|
201
|
+
ORGANIZATION_SETTINGS_PATH_TEMPLATE.render(
|
|
202
|
+
:"organization" => organization
|
|
203
|
+
)
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
# Returns a fully-qualified organization_sources resource name string.
|
|
207
|
+
# @param organization [String]
|
|
208
|
+
# @return [String]
|
|
209
|
+
def self.organization_sources_path organization
|
|
210
|
+
ORGANIZATION_SOURCES_PATH_TEMPLATE.render(
|
|
211
|
+
:"organization" => organization
|
|
212
|
+
)
|
|
213
|
+
end
|
|
214
|
+
|
|
215
|
+
# Returns a fully-qualified source resource name string.
|
|
216
|
+
# @param organization [String]
|
|
217
|
+
# @param source [String]
|
|
218
|
+
# @return [String]
|
|
219
|
+
def self.source_path organization, source
|
|
220
|
+
SOURCE_PATH_TEMPLATE.render(
|
|
221
|
+
:"organization" => organization,
|
|
222
|
+
:"source" => source
|
|
223
|
+
)
|
|
224
|
+
end
|
|
225
|
+
|
|
226
|
+
# @param credentials [Google::Auth::Credentials, String, Hash, GRPC::Core::Channel, GRPC::Core::ChannelCredentials, Proc]
|
|
227
|
+
# Provides the means for authenticating requests made by the client. This parameter can
|
|
228
|
+
# be many types.
|
|
229
|
+
# A `Google::Auth::Credentials` uses a the properties of its represented keyfile for
|
|
230
|
+
# authenticating requests made by this client.
|
|
231
|
+
# A `String` will be treated as the path to the keyfile to be used for the construction of
|
|
232
|
+
# credentials for this client.
|
|
233
|
+
# A `Hash` will be treated as the contents of a keyfile to be used for the construction of
|
|
234
|
+
# credentials for this client.
|
|
235
|
+
# A `GRPC::Core::Channel` will be used to make calls through.
|
|
236
|
+
# A `GRPC::Core::ChannelCredentials` for the setting up the RPC client. The channel credentials
|
|
237
|
+
# should already be composed with a `GRPC::Core::CallCredentials` object.
|
|
238
|
+
# A `Proc` will be used as an updater_proc for the Grpc channel. The proc transforms the
|
|
239
|
+
# metadata for requests, generally, to give OAuth credentials.
|
|
240
|
+
# @param scopes [Array<String>]
|
|
241
|
+
# The OAuth scopes for this service. This parameter is ignored if
|
|
242
|
+
# an updater_proc is supplied.
|
|
243
|
+
# @param client_config [Hash]
|
|
244
|
+
# A Hash for call options for each method. See
|
|
245
|
+
# Google::Gax#construct_settings for the structure of
|
|
246
|
+
# this data. Falls back to the default config if not specified
|
|
247
|
+
# or the specified config is missing data points.
|
|
248
|
+
# @param timeout [Numeric]
|
|
249
|
+
# The default timeout, in seconds, for calls made through this client.
|
|
250
|
+
# @param metadata [Hash]
|
|
251
|
+
# Default metadata to be sent with each request. This can be overridden on a per call basis.
|
|
252
|
+
# @param exception_transformer [Proc]
|
|
253
|
+
# An optional proc that intercepts any exceptions raised during an API call to inject
|
|
254
|
+
# custom error handling.
|
|
255
|
+
def initialize \
|
|
256
|
+
credentials: nil,
|
|
257
|
+
scopes: ALL_SCOPES,
|
|
258
|
+
client_config: {},
|
|
259
|
+
timeout: DEFAULT_TIMEOUT,
|
|
260
|
+
metadata: nil,
|
|
261
|
+
exception_transformer: nil,
|
|
262
|
+
lib_name: nil,
|
|
263
|
+
lib_version: ""
|
|
264
|
+
# These require statements are intentionally placed here to initialize
|
|
265
|
+
# the gRPC module only when it's required.
|
|
266
|
+
# See https://github.com/googleapis/toolkit/issues/446
|
|
267
|
+
require "google/gax/grpc"
|
|
268
|
+
require "google/cloud/security_center/v1/securitycenter_service_services_pb"
|
|
269
|
+
|
|
270
|
+
credentials ||= Google::Cloud::SecurityCenter::V1::Credentials.default
|
|
271
|
+
|
|
272
|
+
@operations_client = OperationsClient.new(
|
|
273
|
+
credentials: credentials,
|
|
274
|
+
scopes: scopes,
|
|
275
|
+
client_config: client_config,
|
|
276
|
+
timeout: timeout,
|
|
277
|
+
lib_name: lib_name,
|
|
278
|
+
lib_version: lib_version,
|
|
279
|
+
)
|
|
280
|
+
|
|
281
|
+
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
|
282
|
+
updater_proc = Google::Cloud::SecurityCenter::V1::Credentials.new(credentials).updater_proc
|
|
283
|
+
end
|
|
284
|
+
if credentials.is_a?(GRPC::Core::Channel)
|
|
285
|
+
channel = credentials
|
|
286
|
+
end
|
|
287
|
+
if credentials.is_a?(GRPC::Core::ChannelCredentials)
|
|
288
|
+
chan_creds = credentials
|
|
289
|
+
end
|
|
290
|
+
if credentials.is_a?(Proc)
|
|
291
|
+
updater_proc = credentials
|
|
292
|
+
end
|
|
293
|
+
if credentials.is_a?(Google::Auth::Credentials)
|
|
294
|
+
updater_proc = credentials.updater_proc
|
|
295
|
+
end
|
|
296
|
+
|
|
297
|
+
package_version = Gem.loaded_specs['google-cloud-security_center'].version.version
|
|
298
|
+
|
|
299
|
+
google_api_client = "gl-ruby/#{RUBY_VERSION}"
|
|
300
|
+
google_api_client << " #{lib_name}/#{lib_version}" if lib_name
|
|
301
|
+
google_api_client << " gapic/#{package_version} gax/#{Google::Gax::VERSION}"
|
|
302
|
+
google_api_client << " grpc/#{GRPC::VERSION}"
|
|
303
|
+
google_api_client.freeze
|
|
304
|
+
|
|
305
|
+
headers = { :"x-goog-api-client" => google_api_client }
|
|
306
|
+
headers.merge!(metadata) unless metadata.nil?
|
|
307
|
+
client_config_file = Pathname.new(__dir__).join(
|
|
308
|
+
"security_center_client_config.json"
|
|
309
|
+
)
|
|
310
|
+
defaults = client_config_file.open do |f|
|
|
311
|
+
Google::Gax.construct_settings(
|
|
312
|
+
"google.cloud.securitycenter.v1.SecurityCenter",
|
|
313
|
+
JSON.parse(f.read),
|
|
314
|
+
client_config,
|
|
315
|
+
Google::Gax::Grpc::STATUS_CODE_NAMES,
|
|
316
|
+
timeout,
|
|
317
|
+
page_descriptors: PAGE_DESCRIPTORS,
|
|
318
|
+
errors: Google::Gax::Grpc::API_ERRORS,
|
|
319
|
+
metadata: headers
|
|
320
|
+
)
|
|
321
|
+
end
|
|
322
|
+
|
|
323
|
+
# Allow overriding the service path/port in subclasses.
|
|
324
|
+
service_path = self.class::SERVICE_ADDRESS
|
|
325
|
+
port = self.class::DEFAULT_SERVICE_PORT
|
|
326
|
+
interceptors = self.class::GRPC_INTERCEPTORS
|
|
327
|
+
@security_center_stub = Google::Gax::Grpc.create_stub(
|
|
328
|
+
service_path,
|
|
329
|
+
port,
|
|
330
|
+
chan_creds: chan_creds,
|
|
331
|
+
channel: channel,
|
|
332
|
+
updater_proc: updater_proc,
|
|
333
|
+
scopes: scopes,
|
|
334
|
+
interceptors: interceptors,
|
|
335
|
+
&Google::Cloud::SecurityCenter::V1::SecurityCenter::Stub.method(:new)
|
|
336
|
+
)
|
|
337
|
+
|
|
338
|
+
@create_source = Google::Gax.create_api_call(
|
|
339
|
+
@security_center_stub.method(:create_source),
|
|
340
|
+
defaults["create_source"],
|
|
341
|
+
exception_transformer: exception_transformer,
|
|
342
|
+
params_extractor: proc do |request|
|
|
343
|
+
{'parent' => request.parent}
|
|
344
|
+
end
|
|
345
|
+
)
|
|
346
|
+
@create_finding = Google::Gax.create_api_call(
|
|
347
|
+
@security_center_stub.method(:create_finding),
|
|
348
|
+
defaults["create_finding"],
|
|
349
|
+
exception_transformer: exception_transformer,
|
|
350
|
+
params_extractor: proc do |request|
|
|
351
|
+
{'parent' => request.parent}
|
|
352
|
+
end
|
|
353
|
+
)
|
|
354
|
+
@get_iam_policy = Google::Gax.create_api_call(
|
|
355
|
+
@security_center_stub.method(:get_iam_policy),
|
|
356
|
+
defaults["get_iam_policy"],
|
|
357
|
+
exception_transformer: exception_transformer,
|
|
358
|
+
params_extractor: proc do |request|
|
|
359
|
+
{'resource' => request.resource}
|
|
360
|
+
end
|
|
361
|
+
)
|
|
362
|
+
@get_organization_settings = Google::Gax.create_api_call(
|
|
363
|
+
@security_center_stub.method(:get_organization_settings),
|
|
364
|
+
defaults["get_organization_settings"],
|
|
365
|
+
exception_transformer: exception_transformer,
|
|
366
|
+
params_extractor: proc do |request|
|
|
367
|
+
{'name' => request.name}
|
|
368
|
+
end
|
|
369
|
+
)
|
|
370
|
+
@get_source = Google::Gax.create_api_call(
|
|
371
|
+
@security_center_stub.method(:get_source),
|
|
372
|
+
defaults["get_source"],
|
|
373
|
+
exception_transformer: exception_transformer,
|
|
374
|
+
params_extractor: proc do |request|
|
|
375
|
+
{'name' => request.name}
|
|
376
|
+
end
|
|
377
|
+
)
|
|
378
|
+
@group_assets = Google::Gax.create_api_call(
|
|
379
|
+
@security_center_stub.method(:group_assets),
|
|
380
|
+
defaults["group_assets"],
|
|
381
|
+
exception_transformer: exception_transformer,
|
|
382
|
+
params_extractor: proc do |request|
|
|
383
|
+
{'parent' => request.parent}
|
|
384
|
+
end
|
|
385
|
+
)
|
|
386
|
+
@group_findings = Google::Gax.create_api_call(
|
|
387
|
+
@security_center_stub.method(:group_findings),
|
|
388
|
+
defaults["group_findings"],
|
|
389
|
+
exception_transformer: exception_transformer,
|
|
390
|
+
params_extractor: proc do |request|
|
|
391
|
+
{'parent' => request.parent}
|
|
392
|
+
end
|
|
393
|
+
)
|
|
394
|
+
@list_assets = Google::Gax.create_api_call(
|
|
395
|
+
@security_center_stub.method(:list_assets),
|
|
396
|
+
defaults["list_assets"],
|
|
397
|
+
exception_transformer: exception_transformer,
|
|
398
|
+
params_extractor: proc do |request|
|
|
399
|
+
{'parent' => request.parent}
|
|
400
|
+
end
|
|
401
|
+
)
|
|
402
|
+
@list_findings = Google::Gax.create_api_call(
|
|
403
|
+
@security_center_stub.method(:list_findings),
|
|
404
|
+
defaults["list_findings"],
|
|
405
|
+
exception_transformer: exception_transformer,
|
|
406
|
+
params_extractor: proc do |request|
|
|
407
|
+
{'parent' => request.parent}
|
|
408
|
+
end
|
|
409
|
+
)
|
|
410
|
+
@list_sources = Google::Gax.create_api_call(
|
|
411
|
+
@security_center_stub.method(:list_sources),
|
|
412
|
+
defaults["list_sources"],
|
|
413
|
+
exception_transformer: exception_transformer,
|
|
414
|
+
params_extractor: proc do |request|
|
|
415
|
+
{'parent' => request.parent}
|
|
416
|
+
end
|
|
417
|
+
)
|
|
418
|
+
@run_asset_discovery = Google::Gax.create_api_call(
|
|
419
|
+
@security_center_stub.method(:run_asset_discovery),
|
|
420
|
+
defaults["run_asset_discovery"],
|
|
421
|
+
exception_transformer: exception_transformer,
|
|
422
|
+
params_extractor: proc do |request|
|
|
423
|
+
{'parent' => request.parent}
|
|
424
|
+
end
|
|
425
|
+
)
|
|
426
|
+
@set_finding_state = Google::Gax.create_api_call(
|
|
427
|
+
@security_center_stub.method(:set_finding_state),
|
|
428
|
+
defaults["set_finding_state"],
|
|
429
|
+
exception_transformer: exception_transformer,
|
|
430
|
+
params_extractor: proc do |request|
|
|
431
|
+
{'name' => request.name}
|
|
432
|
+
end
|
|
433
|
+
)
|
|
434
|
+
@set_iam_policy = Google::Gax.create_api_call(
|
|
435
|
+
@security_center_stub.method(:set_iam_policy),
|
|
436
|
+
defaults["set_iam_policy"],
|
|
437
|
+
exception_transformer: exception_transformer,
|
|
438
|
+
params_extractor: proc do |request|
|
|
439
|
+
{'resource' => request.resource}
|
|
440
|
+
end
|
|
441
|
+
)
|
|
442
|
+
@test_iam_permissions = Google::Gax.create_api_call(
|
|
443
|
+
@security_center_stub.method(:test_iam_permissions),
|
|
444
|
+
defaults["test_iam_permissions"],
|
|
445
|
+
exception_transformer: exception_transformer,
|
|
446
|
+
params_extractor: proc do |request|
|
|
447
|
+
{'resource' => request.resource}
|
|
448
|
+
end
|
|
449
|
+
)
|
|
450
|
+
@update_finding = Google::Gax.create_api_call(
|
|
451
|
+
@security_center_stub.method(:update_finding),
|
|
452
|
+
defaults["update_finding"],
|
|
453
|
+
exception_transformer: exception_transformer,
|
|
454
|
+
params_extractor: proc do |request|
|
|
455
|
+
{'finding.name' => request.finding.name}
|
|
456
|
+
end
|
|
457
|
+
)
|
|
458
|
+
@update_organization_settings = Google::Gax.create_api_call(
|
|
459
|
+
@security_center_stub.method(:update_organization_settings),
|
|
460
|
+
defaults["update_organization_settings"],
|
|
461
|
+
exception_transformer: exception_transformer,
|
|
462
|
+
params_extractor: proc do |request|
|
|
463
|
+
{'organization_settings.name' => request.organization_settings.name}
|
|
464
|
+
end
|
|
465
|
+
)
|
|
466
|
+
@update_source = Google::Gax.create_api_call(
|
|
467
|
+
@security_center_stub.method(:update_source),
|
|
468
|
+
defaults["update_source"],
|
|
469
|
+
exception_transformer: exception_transformer,
|
|
470
|
+
params_extractor: proc do |request|
|
|
471
|
+
{'source.name' => request.source.name}
|
|
472
|
+
end
|
|
473
|
+
)
|
|
474
|
+
@update_security_marks = Google::Gax.create_api_call(
|
|
475
|
+
@security_center_stub.method(:update_security_marks),
|
|
476
|
+
defaults["update_security_marks"],
|
|
477
|
+
exception_transformer: exception_transformer,
|
|
478
|
+
params_extractor: proc do |request|
|
|
479
|
+
{'security_marks.name' => request.security_marks.name}
|
|
480
|
+
end
|
|
481
|
+
)
|
|
482
|
+
end
|
|
483
|
+
|
|
484
|
+
# Service calls
|
|
485
|
+
|
|
486
|
+
# Creates a source.
|
|
487
|
+
#
|
|
488
|
+
# @param parent [String]
|
|
489
|
+
# Resource name of the new source's parent. Its format should be
|
|
490
|
+
# "organizations/[organization_id]".
|
|
491
|
+
# @param source [Google::Cloud::SecurityCenter::V1::Source | Hash]
|
|
492
|
+
# The Source being created, only the display_name and description will be
|
|
493
|
+
# used. All other fields will be ignored.
|
|
494
|
+
# A hash of the same form as `Google::Cloud::SecurityCenter::V1::Source`
|
|
495
|
+
# can also be provided.
|
|
496
|
+
# @param options [Google::Gax::CallOptions]
|
|
497
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
498
|
+
# retries, etc.
|
|
499
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
500
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::Source]
|
|
501
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
502
|
+
# @return [Google::Cloud::SecurityCenter::V1::Source]
|
|
503
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
504
|
+
# @example
|
|
505
|
+
# require "google/cloud/security_center"
|
|
506
|
+
#
|
|
507
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
508
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_path("[ORGANIZATION]")
|
|
509
|
+
#
|
|
510
|
+
# # TODO: Initialize `source`:
|
|
511
|
+
# source = {}
|
|
512
|
+
# response = security_center_client.create_source(formatted_parent, source)
|
|
513
|
+
|
|
514
|
+
def create_source \
|
|
515
|
+
parent,
|
|
516
|
+
source,
|
|
517
|
+
options: nil,
|
|
518
|
+
&block
|
|
519
|
+
req = {
|
|
520
|
+
parent: parent,
|
|
521
|
+
source: source
|
|
522
|
+
}.delete_if { |_, v| v.nil? }
|
|
523
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::CreateSourceRequest)
|
|
524
|
+
@create_source.call(req, options, &block)
|
|
525
|
+
end
|
|
526
|
+
|
|
527
|
+
# Creates a finding. The corresponding source must exist for finding creation
|
|
528
|
+
# to succeed.
|
|
529
|
+
#
|
|
530
|
+
# @param parent [String]
|
|
531
|
+
# Resource name of the new finding's parent. Its format should be
|
|
532
|
+
# "organizations/[organization_id]/sources/[source_id]".
|
|
533
|
+
# @param finding_id [String]
|
|
534
|
+
# Unique identifier provided by the client within the parent scope.
|
|
535
|
+
# It must be alphanumeric and less than or equal to 32 characters and
|
|
536
|
+
# greater than 0 characters in length.
|
|
537
|
+
# @param finding [Google::Cloud::SecurityCenter::V1::Finding | Hash]
|
|
538
|
+
# The Finding being created. The name and security_marks will be ignored as
|
|
539
|
+
# they are both output only fields on this resource.
|
|
540
|
+
# A hash of the same form as `Google::Cloud::SecurityCenter::V1::Finding`
|
|
541
|
+
# can also be provided.
|
|
542
|
+
# @param options [Google::Gax::CallOptions]
|
|
543
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
544
|
+
# retries, etc.
|
|
545
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
546
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::Finding]
|
|
547
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
548
|
+
# @return [Google::Cloud::SecurityCenter::V1::Finding]
|
|
549
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
550
|
+
# @example
|
|
551
|
+
# require "google/cloud/security_center"
|
|
552
|
+
#
|
|
553
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
554
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
555
|
+
#
|
|
556
|
+
# # TODO: Initialize `finding_id`:
|
|
557
|
+
# finding_id = ''
|
|
558
|
+
#
|
|
559
|
+
# # TODO: Initialize `finding`:
|
|
560
|
+
# finding = {}
|
|
561
|
+
# response = security_center_client.create_finding(formatted_parent, finding_id, finding)
|
|
562
|
+
|
|
563
|
+
def create_finding \
|
|
564
|
+
parent,
|
|
565
|
+
finding_id,
|
|
566
|
+
finding,
|
|
567
|
+
options: nil,
|
|
568
|
+
&block
|
|
569
|
+
req = {
|
|
570
|
+
parent: parent,
|
|
571
|
+
finding_id: finding_id,
|
|
572
|
+
finding: finding
|
|
573
|
+
}.delete_if { |_, v| v.nil? }
|
|
574
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::CreateFindingRequest)
|
|
575
|
+
@create_finding.call(req, options, &block)
|
|
576
|
+
end
|
|
577
|
+
|
|
578
|
+
# Gets the access control policy on the specified Source.
|
|
579
|
+
#
|
|
580
|
+
# @param resource [String]
|
|
581
|
+
# REQUIRED: The resource for which the policy is being requested.
|
|
582
|
+
# `resource` is usually specified as a path. For example, a Project
|
|
583
|
+
# resource is specified as `projects/{project}`.
|
|
584
|
+
# @param options [Google::Gax::CallOptions]
|
|
585
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
586
|
+
# retries, etc.
|
|
587
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
588
|
+
# @yieldparam result [Google::Iam::V1::Policy]
|
|
589
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
590
|
+
# @return [Google::Iam::V1::Policy]
|
|
591
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
592
|
+
# @example
|
|
593
|
+
# require "google/cloud/security_center"
|
|
594
|
+
#
|
|
595
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
596
|
+
# formatted_resource = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
597
|
+
# response = security_center_client.get_iam_policy(formatted_resource)
|
|
598
|
+
|
|
599
|
+
def get_iam_policy \
|
|
600
|
+
resource,
|
|
601
|
+
options: nil,
|
|
602
|
+
&block
|
|
603
|
+
req = {
|
|
604
|
+
resource: resource
|
|
605
|
+
}.delete_if { |_, v| v.nil? }
|
|
606
|
+
req = Google::Gax::to_proto(req, Google::Iam::V1::GetIamPolicyRequest)
|
|
607
|
+
@get_iam_policy.call(req, options, &block)
|
|
608
|
+
end
|
|
609
|
+
|
|
610
|
+
# Gets the settings for an organization.
|
|
611
|
+
#
|
|
612
|
+
# @param name [String]
|
|
613
|
+
# Name of the organization to get organization settings for. Its format is
|
|
614
|
+
# "organizations/[organization_id]/organizationSettings".
|
|
615
|
+
# @param options [Google::Gax::CallOptions]
|
|
616
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
617
|
+
# retries, etc.
|
|
618
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
619
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::OrganizationSettings]
|
|
620
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
621
|
+
# @return [Google::Cloud::SecurityCenter::V1::OrganizationSettings]
|
|
622
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
623
|
+
# @example
|
|
624
|
+
# require "google/cloud/security_center"
|
|
625
|
+
#
|
|
626
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
627
|
+
# formatted_name = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_settings_path("[ORGANIZATION]")
|
|
628
|
+
# response = security_center_client.get_organization_settings(formatted_name)
|
|
629
|
+
|
|
630
|
+
def get_organization_settings \
|
|
631
|
+
name,
|
|
632
|
+
options: nil,
|
|
633
|
+
&block
|
|
634
|
+
req = {
|
|
635
|
+
name: name
|
|
636
|
+
}.delete_if { |_, v| v.nil? }
|
|
637
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::GetOrganizationSettingsRequest)
|
|
638
|
+
@get_organization_settings.call(req, options, &block)
|
|
639
|
+
end
|
|
640
|
+
|
|
641
|
+
# Gets a source.
|
|
642
|
+
#
|
|
643
|
+
# @param name [String]
|
|
644
|
+
# Relative resource name of the source. Its format is
|
|
645
|
+
# "organizations/[organization_id]/source/[source_id]".
|
|
646
|
+
# @param options [Google::Gax::CallOptions]
|
|
647
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
648
|
+
# retries, etc.
|
|
649
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
650
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::Source]
|
|
651
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
652
|
+
# @return [Google::Cloud::SecurityCenter::V1::Source]
|
|
653
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
654
|
+
# @example
|
|
655
|
+
# require "google/cloud/security_center"
|
|
656
|
+
#
|
|
657
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
658
|
+
# formatted_name = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
659
|
+
# response = security_center_client.get_source(formatted_name)
|
|
660
|
+
|
|
661
|
+
def get_source \
|
|
662
|
+
name,
|
|
663
|
+
options: nil,
|
|
664
|
+
&block
|
|
665
|
+
req = {
|
|
666
|
+
name: name
|
|
667
|
+
}.delete_if { |_, v| v.nil? }
|
|
668
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::GetSourceRequest)
|
|
669
|
+
@get_source.call(req, options, &block)
|
|
670
|
+
end
|
|
671
|
+
|
|
672
|
+
# Filters an organization's assets and groups them by their specified
|
|
673
|
+
# properties.
|
|
674
|
+
#
|
|
675
|
+
# @param parent [String]
|
|
676
|
+
# Name of the organization to groupBy. Its format is
|
|
677
|
+
# "organizations/[organization_id]".
|
|
678
|
+
# @param group_by [String]
|
|
679
|
+
# Expression that defines what assets fields to use for grouping. The string
|
|
680
|
+
# value should follow SQL syntax: comma separated list of fields. For
|
|
681
|
+
# example:
|
|
682
|
+
# "security_center_properties.resource_project,security_center_properties.project".
|
|
683
|
+
#
|
|
684
|
+
# The following fields are supported when compare_duration is not set:
|
|
685
|
+
#
|
|
686
|
+
# * security_center_properties.resource_project
|
|
687
|
+
# * security_center_properties.resource_type
|
|
688
|
+
# * security_center_properties.resource_parent
|
|
689
|
+
#
|
|
690
|
+
# The following fields are supported when compare_duration is set:
|
|
691
|
+
#
|
|
692
|
+
# * security_center_properties.resource_type
|
|
693
|
+
# @param filter [String]
|
|
694
|
+
# Expression that defines the filter to apply across assets.
|
|
695
|
+
# The expression is a list of zero or more restrictions combined via logical
|
|
696
|
+
# operators `AND` and `OR`.
|
|
697
|
+
# Parentheses are supported, and `OR` has higher precedence than `AND`.
|
|
698
|
+
#
|
|
699
|
+
# Restrictions have the form `<field> <operator> <value>` and may have a `-`
|
|
700
|
+
# character in front of them to indicate negation. The fields map to those
|
|
701
|
+
# defined in the Asset resource. Examples include:
|
|
702
|
+
#
|
|
703
|
+
# * name
|
|
704
|
+
# * security_center_properties.resource_name
|
|
705
|
+
# * resource_properties.a_property
|
|
706
|
+
# * security_marks.marks.marka
|
|
707
|
+
#
|
|
708
|
+
# The supported operators are:
|
|
709
|
+
#
|
|
710
|
+
# * `=` for all value types.
|
|
711
|
+
# * `>`, `<`, `>=`, `<=` for integer values.
|
|
712
|
+
# * `:`, meaning substring matching, for strings.
|
|
713
|
+
#
|
|
714
|
+
# The supported value types are:
|
|
715
|
+
#
|
|
716
|
+
# * string literals in quotes.
|
|
717
|
+
# * integer literals without quotes.
|
|
718
|
+
# * boolean literals `true` and `false` without quotes.
|
|
719
|
+
#
|
|
720
|
+
# The following field and operator combinations are supported:
|
|
721
|
+
# name | '='
|
|
722
|
+
# update_time | '>', '<', '>=', '<=', '='
|
|
723
|
+
# create_time | '>', '<', '>=', '<=', '='
|
|
724
|
+
# iam_policy.policy_blob | '=', ':'
|
|
725
|
+
# resource_properties | '=', ':', '>', '<', '>=', '<='
|
|
726
|
+
# security_marks | '=', ':'
|
|
727
|
+
# security_center_properties.resource_name | '=', ':'
|
|
728
|
+
# security_center_properties.resource_type | '=', ':'
|
|
729
|
+
# security_center_properties.resource_parent | '=', ':'
|
|
730
|
+
# security_center_properties.resource_project | '=', ':'
|
|
731
|
+
# security_center_properties.resource_owners | '=', ':'
|
|
732
|
+
#
|
|
733
|
+
# For example, `resource_properties.size = 100` is a valid filter string.
|
|
734
|
+
# @param compare_duration [Google::Protobuf::Duration | Hash]
|
|
735
|
+
# When compare_duration is set, the GroupResult's "state_change" property is
|
|
736
|
+
# updated to indicate whether the asset was added, removed, or remained
|
|
737
|
+
# present during the compare_duration period of time that precedes the
|
|
738
|
+
# read_time. This is the time between (read_time - compare_duration) and
|
|
739
|
+
# read_time.
|
|
740
|
+
#
|
|
741
|
+
# The state change value is derived based on the presence of the asset at the
|
|
742
|
+
# two points in time. Intermediate state changes between the two times don't
|
|
743
|
+
# affect the result. For example, the results aren't affected if the asset is
|
|
744
|
+
# removed and re-created again.
|
|
745
|
+
#
|
|
746
|
+
# Possible "state_change" values when compare_duration is specified:
|
|
747
|
+
#
|
|
748
|
+
# * "ADDED": indicates that the asset was not present at the start of
|
|
749
|
+
# compare_duration, but present at reference_time.
|
|
750
|
+
# * "REMOVED": indicates that the asset was present at the start of
|
|
751
|
+
# compare_duration, but not present at reference_time.
|
|
752
|
+
# * "ACTIVE": indicates that the asset was present at both the
|
|
753
|
+
# start and the end of the time period defined by
|
|
754
|
+
# compare_duration and reference_time.
|
|
755
|
+
#
|
|
756
|
+
# If compare_duration is not specified, then the only possible state_change
|
|
757
|
+
# is "UNUSED", which will be the state_change set for all assets present at
|
|
758
|
+
# read_time.
|
|
759
|
+
#
|
|
760
|
+
# If this field is set then `state_change` must be a specified field in
|
|
761
|
+
# `group_by`.
|
|
762
|
+
# A hash of the same form as `Google::Protobuf::Duration`
|
|
763
|
+
# can also be provided.
|
|
764
|
+
# @param read_time [Google::Protobuf::Timestamp | Hash]
|
|
765
|
+
# Time used as a reference point when filtering assets. The filter is limited
|
|
766
|
+
# to assets existing at the supplied time and their values are those at that
|
|
767
|
+
# specific time. Absence of this field will default to the API's version of
|
|
768
|
+
# NOW.
|
|
769
|
+
# A hash of the same form as `Google::Protobuf::Timestamp`
|
|
770
|
+
# can also be provided.
|
|
771
|
+
# @param page_size [Integer]
|
|
772
|
+
# The maximum number of resources contained in the underlying API
|
|
773
|
+
# response. If page streaming is performed per-resource, this
|
|
774
|
+
# parameter does not affect the return value. If page streaming is
|
|
775
|
+
# performed per-page, this determines the maximum number of
|
|
776
|
+
# resources in a page.
|
|
777
|
+
# @param options [Google::Gax::CallOptions]
|
|
778
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
779
|
+
# retries, etc.
|
|
780
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
781
|
+
# @yieldparam result [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::GroupResult>]
|
|
782
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
783
|
+
# @return [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::GroupResult>]
|
|
784
|
+
# An enumerable of Google::Cloud::SecurityCenter::V1::GroupResult instances.
|
|
785
|
+
# See Google::Gax::PagedEnumerable documentation for other
|
|
786
|
+
# operations such as per-page iteration or access to the response
|
|
787
|
+
# object.
|
|
788
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
789
|
+
# @example
|
|
790
|
+
# require "google/cloud/security_center"
|
|
791
|
+
#
|
|
792
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
793
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_path("[ORGANIZATION]")
|
|
794
|
+
#
|
|
795
|
+
# # TODO: Initialize `group_by`:
|
|
796
|
+
# group_by = ''
|
|
797
|
+
#
|
|
798
|
+
# # Iterate over all results.
|
|
799
|
+
# security_center_client.group_assets(formatted_parent, group_by).each do |element|
|
|
800
|
+
# # Process element.
|
|
801
|
+
# end
|
|
802
|
+
#
|
|
803
|
+
# # Or iterate over results one page at a time.
|
|
804
|
+
# security_center_client.group_assets(formatted_parent, group_by).each_page do |page|
|
|
805
|
+
# # Process each page at a time.
|
|
806
|
+
# page.each do |element|
|
|
807
|
+
# # Process element.
|
|
808
|
+
# end
|
|
809
|
+
# end
|
|
810
|
+
|
|
811
|
+
def group_assets \
|
|
812
|
+
parent,
|
|
813
|
+
group_by,
|
|
814
|
+
filter: nil,
|
|
815
|
+
compare_duration: nil,
|
|
816
|
+
read_time: nil,
|
|
817
|
+
page_size: nil,
|
|
818
|
+
options: nil,
|
|
819
|
+
&block
|
|
820
|
+
req = {
|
|
821
|
+
parent: parent,
|
|
822
|
+
group_by: group_by,
|
|
823
|
+
filter: filter,
|
|
824
|
+
compare_duration: compare_duration,
|
|
825
|
+
read_time: read_time,
|
|
826
|
+
page_size: page_size
|
|
827
|
+
}.delete_if { |_, v| v.nil? }
|
|
828
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::GroupAssetsRequest)
|
|
829
|
+
@group_assets.call(req, options, &block)
|
|
830
|
+
end
|
|
831
|
+
|
|
832
|
+
# Filters an organization or source's findings and groups them by their
|
|
833
|
+
# specified properties.
|
|
834
|
+
#
|
|
835
|
+
# To group across all sources provide a `-` as the source id.
|
|
836
|
+
# Example: /v1/organizations/123/sources/-/findings
|
|
837
|
+
#
|
|
838
|
+
# @param parent [String]
|
|
839
|
+
# Name of the source to groupBy. Its format is
|
|
840
|
+
# "organizations/[organization_id]/sources/[source_id]". To groupBy across
|
|
841
|
+
# all sources provide a source_id of `-`. For example:
|
|
842
|
+
# organizations/123/sources/-
|
|
843
|
+
# @param group_by [String]
|
|
844
|
+
# Expression that defines what assets fields to use for grouping (including
|
|
845
|
+
# `state_change`). The string value should follow SQL syntax: comma separated
|
|
846
|
+
# list of fields. For example: "parent,resource_name".
|
|
847
|
+
#
|
|
848
|
+
# The following fields are supported:
|
|
849
|
+
#
|
|
850
|
+
# * resource_name
|
|
851
|
+
# * category
|
|
852
|
+
# * state
|
|
853
|
+
# * parent
|
|
854
|
+
#
|
|
855
|
+
# The following fields are supported when compare_duration is set:
|
|
856
|
+
#
|
|
857
|
+
# * state_change
|
|
858
|
+
# @param filter [String]
|
|
859
|
+
# Expression that defines the filter to apply across findings.
|
|
860
|
+
# The expression is a list of one or more restrictions combined via logical
|
|
861
|
+
# operators `AND` and `OR`.
|
|
862
|
+
# Parentheses are supported, and `OR` has higher precedence than `AND`.
|
|
863
|
+
#
|
|
864
|
+
# Restrictions have the form `<field> <operator> <value>` and may have a `-`
|
|
865
|
+
# character in front of them to indicate negation. Examples include:
|
|
866
|
+
#
|
|
867
|
+
# * name
|
|
868
|
+
# * source_properties.a_property
|
|
869
|
+
# * security_marks.marks.marka
|
|
870
|
+
#
|
|
871
|
+
# The supported operators are:
|
|
872
|
+
#
|
|
873
|
+
# * `=` for all value types.
|
|
874
|
+
# * `>`, `<`, `>=`, `<=` for integer values.
|
|
875
|
+
# * `:`, meaning substring matching, for strings.
|
|
876
|
+
#
|
|
877
|
+
# The supported value types are:
|
|
878
|
+
#
|
|
879
|
+
# * string literals in quotes.
|
|
880
|
+
# * integer literals without quotes.
|
|
881
|
+
# * boolean literals `true` and `false` without quotes.
|
|
882
|
+
#
|
|
883
|
+
# The following field and operator combinations are supported:
|
|
884
|
+
# name | `=`
|
|
885
|
+
# parent | '=', ':'
|
|
886
|
+
# resource_name | '=', ':'
|
|
887
|
+
# state | '=', ':'
|
|
888
|
+
# category | '=', ':'
|
|
889
|
+
# external_uri | '=', ':'
|
|
890
|
+
# event_time | `>`, `<`, `>=`, `<=`
|
|
891
|
+
# security_marks | '=', ':'
|
|
892
|
+
# source_properties | '=', ':', `>`, `<`, `>=`, `<=`
|
|
893
|
+
#
|
|
894
|
+
# For example, `source_properties.size = 100` is a valid filter string.
|
|
895
|
+
# @param read_time [Google::Protobuf::Timestamp | Hash]
|
|
896
|
+
# Time used as a reference point when filtering findings. The filter is
|
|
897
|
+
# limited to findings existing at the supplied time and their values are
|
|
898
|
+
# those at that specific time. Absence of this field will default to the
|
|
899
|
+
# API's version of NOW.
|
|
900
|
+
# A hash of the same form as `Google::Protobuf::Timestamp`
|
|
901
|
+
# can also be provided.
|
|
902
|
+
# @param compare_duration [Google::Protobuf::Duration | Hash]
|
|
903
|
+
# When compare_duration is set, the GroupResult's "state_change" attribute is
|
|
904
|
+
# updated to indicate whether the finding had its state changed, the
|
|
905
|
+
# finding's state remained unchanged, or if the finding was added during the
|
|
906
|
+
# compare_duration period of time that precedes the read_time. This is the
|
|
907
|
+
# time between (read_time - compare_duration) and read_time.
|
|
908
|
+
#
|
|
909
|
+
# The state_change value is derived based on the presence and state of the
|
|
910
|
+
# finding at the two points in time. Intermediate state changes between the
|
|
911
|
+
# two times don't affect the result. For example, the results aren't affected
|
|
912
|
+
# if the finding is made inactive and then active again.
|
|
913
|
+
#
|
|
914
|
+
# Possible "state_change" values when compare_duration is specified:
|
|
915
|
+
#
|
|
916
|
+
# * "CHANGED": indicates that the finding was present at the start of
|
|
917
|
+
# compare_duration, but changed its state at read_time.
|
|
918
|
+
# * "UNCHANGED": indicates that the finding was present at the start of
|
|
919
|
+
# compare_duration and did not change state at read_time.
|
|
920
|
+
# * "ADDED": indicates that the finding was not present at the start
|
|
921
|
+
# of compare_duration, but was present at read_time.
|
|
922
|
+
#
|
|
923
|
+
# If compare_duration is not specified, then the only possible state_change
|
|
924
|
+
# is "UNUSED", which will be the state_change set for all findings present
|
|
925
|
+
# at read_time.
|
|
926
|
+
#
|
|
927
|
+
# If this field is set then `state_change` must be a specified field in
|
|
928
|
+
# `group_by`.
|
|
929
|
+
# A hash of the same form as `Google::Protobuf::Duration`
|
|
930
|
+
# can also be provided.
|
|
931
|
+
# @param page_size [Integer]
|
|
932
|
+
# The maximum number of resources contained in the underlying API
|
|
933
|
+
# response. If page streaming is performed per-resource, this
|
|
934
|
+
# parameter does not affect the return value. If page streaming is
|
|
935
|
+
# performed per-page, this determines the maximum number of
|
|
936
|
+
# resources in a page.
|
|
937
|
+
# @param options [Google::Gax::CallOptions]
|
|
938
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
939
|
+
# retries, etc.
|
|
940
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
941
|
+
# @yieldparam result [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::GroupResult>]
|
|
942
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
943
|
+
# @return [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::GroupResult>]
|
|
944
|
+
# An enumerable of Google::Cloud::SecurityCenter::V1::GroupResult instances.
|
|
945
|
+
# See Google::Gax::PagedEnumerable documentation for other
|
|
946
|
+
# operations such as per-page iteration or access to the response
|
|
947
|
+
# object.
|
|
948
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
949
|
+
# @example
|
|
950
|
+
# require "google/cloud/security_center"
|
|
951
|
+
#
|
|
952
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
953
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
954
|
+
#
|
|
955
|
+
# # TODO: Initialize `group_by`:
|
|
956
|
+
# group_by = ''
|
|
957
|
+
#
|
|
958
|
+
# # Iterate over all results.
|
|
959
|
+
# security_center_client.group_findings(formatted_parent, group_by).each do |element|
|
|
960
|
+
# # Process element.
|
|
961
|
+
# end
|
|
962
|
+
#
|
|
963
|
+
# # Or iterate over results one page at a time.
|
|
964
|
+
# security_center_client.group_findings(formatted_parent, group_by).each_page do |page|
|
|
965
|
+
# # Process each page at a time.
|
|
966
|
+
# page.each do |element|
|
|
967
|
+
# # Process element.
|
|
968
|
+
# end
|
|
969
|
+
# end
|
|
970
|
+
|
|
971
|
+
def group_findings \
|
|
972
|
+
parent,
|
|
973
|
+
group_by,
|
|
974
|
+
filter: nil,
|
|
975
|
+
read_time: nil,
|
|
976
|
+
compare_duration: nil,
|
|
977
|
+
page_size: nil,
|
|
978
|
+
options: nil,
|
|
979
|
+
&block
|
|
980
|
+
req = {
|
|
981
|
+
parent: parent,
|
|
982
|
+
group_by: group_by,
|
|
983
|
+
filter: filter,
|
|
984
|
+
read_time: read_time,
|
|
985
|
+
compare_duration: compare_duration,
|
|
986
|
+
page_size: page_size
|
|
987
|
+
}.delete_if { |_, v| v.nil? }
|
|
988
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::GroupFindingsRequest)
|
|
989
|
+
@group_findings.call(req, options, &block)
|
|
990
|
+
end
|
|
991
|
+
|
|
992
|
+
# Lists an organization's assets.
|
|
993
|
+
#
|
|
994
|
+
# @param parent [String]
|
|
995
|
+
# Name of the organization assets should belong to. Its format is
|
|
996
|
+
# "organizations/[organization_id]".
|
|
997
|
+
# @param filter [String]
|
|
998
|
+
# Expression that defines the filter to apply across assets.
|
|
999
|
+
# The expression is a list of zero or more restrictions combined via logical
|
|
1000
|
+
# operators `AND` and `OR`.
|
|
1001
|
+
# Parentheses are supported, and `OR` has higher precedence than `AND`.
|
|
1002
|
+
#
|
|
1003
|
+
# Restrictions have the form `<field> <operator> <value>` and may have a `-`
|
|
1004
|
+
# character in front of them to indicate negation. The fields map to those
|
|
1005
|
+
# defined in the Asset resource. Examples include:
|
|
1006
|
+
#
|
|
1007
|
+
# * name
|
|
1008
|
+
# * security_center_properties.resource_name
|
|
1009
|
+
# * resource_properties.a_property
|
|
1010
|
+
# * security_marks.marks.marka
|
|
1011
|
+
#
|
|
1012
|
+
# The supported operators are:
|
|
1013
|
+
#
|
|
1014
|
+
# * `=` for all value types.
|
|
1015
|
+
# * `>`, `<`, `>=`, `<=` for integer values.
|
|
1016
|
+
# * `:`, meaning substring matching, for strings.
|
|
1017
|
+
#
|
|
1018
|
+
# The supported value types are:
|
|
1019
|
+
#
|
|
1020
|
+
# * string literals in quotes.
|
|
1021
|
+
# * integer literals without quotes.
|
|
1022
|
+
# * boolean literals `true` and `false` without quotes.
|
|
1023
|
+
#
|
|
1024
|
+
# The following are the allowed field and operator combinations:
|
|
1025
|
+
# name | `=`
|
|
1026
|
+
# update_time | `>`, `<`, `>=`, `<=`
|
|
1027
|
+
# iam_policy.policy_blob | '=', ':'
|
|
1028
|
+
# resource_properties | '=', ':', `>`, `<`, `>=`, `<=`
|
|
1029
|
+
# security_marks | '=', ':'
|
|
1030
|
+
# security_center_properties.resource_name | '=', ':'
|
|
1031
|
+
# security_center_properties.resource_type | '=', ':'
|
|
1032
|
+
# security_center_properties.resource_parent | '=', ':'
|
|
1033
|
+
# security_center_properties.resource_project | '=', ':'
|
|
1034
|
+
# security_center_properties.resource_owners | '=', ':'
|
|
1035
|
+
#
|
|
1036
|
+
# For example, `resource_properties.size = 100` is a valid filter string.
|
|
1037
|
+
# @param order_by [String]
|
|
1038
|
+
# Expression that defines what fields and order to use for sorting. The
|
|
1039
|
+
# string value should follow SQL syntax: comma separated list of fields. For
|
|
1040
|
+
# example: "name,resource_properties.a_property". The default sorting order
|
|
1041
|
+
# is ascending. To specify descending order for a field, a suffix " desc"
|
|
1042
|
+
# should be appended to the field name. For example: "name
|
|
1043
|
+
# desc,resource_properties.a_property". Redundant space characters in the
|
|
1044
|
+
# syntax are insignificant. "name desc,resource_properties.a_property" and "
|
|
1045
|
+
# name desc , resource_properties.a_property " are equivalent.
|
|
1046
|
+
#
|
|
1047
|
+
# The following fields are supported:
|
|
1048
|
+
# name
|
|
1049
|
+
# update_time
|
|
1050
|
+
# resource_properties
|
|
1051
|
+
# security_marks
|
|
1052
|
+
# security_center_properties.resource_name
|
|
1053
|
+
# security_center_properties.resource_parent
|
|
1054
|
+
# security_center_properties.resource_project
|
|
1055
|
+
# security_center_properties.resource_type
|
|
1056
|
+
# @param read_time [Google::Protobuf::Timestamp | Hash]
|
|
1057
|
+
# Time used as a reference point when filtering assets. The filter is limited
|
|
1058
|
+
# to assets existing at the supplied time and their values are those at that
|
|
1059
|
+
# specific time. Absence of this field will default to the API's version of
|
|
1060
|
+
# NOW.
|
|
1061
|
+
# A hash of the same form as `Google::Protobuf::Timestamp`
|
|
1062
|
+
# can also be provided.
|
|
1063
|
+
# @param compare_duration [Google::Protobuf::Duration | Hash]
|
|
1064
|
+
# When compare_duration is set, the ListAssetsResult's "state_change"
|
|
1065
|
+
# attribute is updated to indicate whether the asset was added, removed, or
|
|
1066
|
+
# remained present during the compare_duration period of time that precedes
|
|
1067
|
+
# the read_time. This is the time between (read_time - compare_duration) and
|
|
1068
|
+
# read_time.
|
|
1069
|
+
#
|
|
1070
|
+
# The state_change value is derived based on the presence of the asset at the
|
|
1071
|
+
# two points in time. Intermediate state changes between the two times don't
|
|
1072
|
+
# affect the result. For example, the results aren't affected if the asset is
|
|
1073
|
+
# removed and re-created again.
|
|
1074
|
+
#
|
|
1075
|
+
# Possible "state_change" values when compare_duration is specified:
|
|
1076
|
+
#
|
|
1077
|
+
# * "ADDED": indicates that the asset was not present at the start of
|
|
1078
|
+
# compare_duration, but present at read_time.
|
|
1079
|
+
# * "REMOVED": indicates that the asset was present at the start of
|
|
1080
|
+
# compare_duration, but not present at read_time.
|
|
1081
|
+
# * "ACTIVE": indicates that the asset was present at both the
|
|
1082
|
+
# start and the end of the time period defined by
|
|
1083
|
+
# compare_duration and read_time.
|
|
1084
|
+
#
|
|
1085
|
+
# If compare_duration is not specified, then the only possible state_change
|
|
1086
|
+
# is "UNUSED", which will be the state_change set for all assets present at
|
|
1087
|
+
# read_time.
|
|
1088
|
+
# A hash of the same form as `Google::Protobuf::Duration`
|
|
1089
|
+
# can also be provided.
|
|
1090
|
+
# @param field_mask [Google::Protobuf::FieldMask | Hash]
|
|
1091
|
+
# Optional.
|
|
1092
|
+
#
|
|
1093
|
+
# A field mask to specify the ListAssetsResult fields to be listed in the
|
|
1094
|
+
# response.
|
|
1095
|
+
# An empty field mask will list all fields.
|
|
1096
|
+
# A hash of the same form as `Google::Protobuf::FieldMask`
|
|
1097
|
+
# can also be provided.
|
|
1098
|
+
# @param page_size [Integer]
|
|
1099
|
+
# The maximum number of resources contained in the underlying API
|
|
1100
|
+
# response. If page streaming is performed per-resource, this
|
|
1101
|
+
# parameter does not affect the return value. If page streaming is
|
|
1102
|
+
# performed per-page, this determines the maximum number of
|
|
1103
|
+
# resources in a page.
|
|
1104
|
+
# @param options [Google::Gax::CallOptions]
|
|
1105
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1106
|
+
# retries, etc.
|
|
1107
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1108
|
+
# @yieldparam result [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::ListAssetsResponse::ListAssetsResult>]
|
|
1109
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1110
|
+
# @return [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::ListAssetsResponse::ListAssetsResult>]
|
|
1111
|
+
# An enumerable of Google::Cloud::SecurityCenter::V1::ListAssetsResponse::ListAssetsResult instances.
|
|
1112
|
+
# See Google::Gax::PagedEnumerable documentation for other
|
|
1113
|
+
# operations such as per-page iteration or access to the response
|
|
1114
|
+
# object.
|
|
1115
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1116
|
+
# @example
|
|
1117
|
+
# require "google/cloud/security_center"
|
|
1118
|
+
#
|
|
1119
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1120
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_path("[ORGANIZATION]")
|
|
1121
|
+
#
|
|
1122
|
+
# # Iterate over all results.
|
|
1123
|
+
# security_center_client.list_assets(formatted_parent).each do |element|
|
|
1124
|
+
# # Process element.
|
|
1125
|
+
# end
|
|
1126
|
+
#
|
|
1127
|
+
# # Or iterate over results one page at a time.
|
|
1128
|
+
# security_center_client.list_assets(formatted_parent).each_page do |page|
|
|
1129
|
+
# # Process each page at a time.
|
|
1130
|
+
# page.each do |element|
|
|
1131
|
+
# # Process element.
|
|
1132
|
+
# end
|
|
1133
|
+
# end
|
|
1134
|
+
|
|
1135
|
+
def list_assets \
|
|
1136
|
+
parent,
|
|
1137
|
+
filter: nil,
|
|
1138
|
+
order_by: nil,
|
|
1139
|
+
read_time: nil,
|
|
1140
|
+
compare_duration: nil,
|
|
1141
|
+
field_mask: nil,
|
|
1142
|
+
page_size: nil,
|
|
1143
|
+
options: nil,
|
|
1144
|
+
&block
|
|
1145
|
+
req = {
|
|
1146
|
+
parent: parent,
|
|
1147
|
+
filter: filter,
|
|
1148
|
+
order_by: order_by,
|
|
1149
|
+
read_time: read_time,
|
|
1150
|
+
compare_duration: compare_duration,
|
|
1151
|
+
field_mask: field_mask,
|
|
1152
|
+
page_size: page_size
|
|
1153
|
+
}.delete_if { |_, v| v.nil? }
|
|
1154
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::ListAssetsRequest)
|
|
1155
|
+
@list_assets.call(req, options, &block)
|
|
1156
|
+
end
|
|
1157
|
+
|
|
1158
|
+
# Lists an organization or source's findings.
|
|
1159
|
+
#
|
|
1160
|
+
# To list across all sources provide a `-` as the source id.
|
|
1161
|
+
# Example: /v1/organizations/123/sources/-/findings
|
|
1162
|
+
#
|
|
1163
|
+
# @param parent [String]
|
|
1164
|
+
# Name of the source the findings belong to. Its format is
|
|
1165
|
+
# "organizations/[organization_id]/sources/[source_id]". To list across all
|
|
1166
|
+
# sources provide a source_id of `-`. For example:
|
|
1167
|
+
# organizations/123/sources/-
|
|
1168
|
+
# @param filter [String]
|
|
1169
|
+
# Expression that defines the filter to apply across findings.
|
|
1170
|
+
# The expression is a list of one or more restrictions combined via logical
|
|
1171
|
+
# operators `AND` and `OR`.
|
|
1172
|
+
# Parentheses are supported, and `OR` has higher precedence than `AND`.
|
|
1173
|
+
#
|
|
1174
|
+
# Restrictions have the form `<field> <operator> <value>` and may have a `-`
|
|
1175
|
+
# character in front of them to indicate negation. Examples include:
|
|
1176
|
+
#
|
|
1177
|
+
# * name
|
|
1178
|
+
# * source_properties.a_property
|
|
1179
|
+
# * security_marks.marks.marka
|
|
1180
|
+
#
|
|
1181
|
+
# The supported operators are:
|
|
1182
|
+
#
|
|
1183
|
+
# * `=` for all value types.
|
|
1184
|
+
# * `>`, `<`, `>=`, `<=` for integer values.
|
|
1185
|
+
# * `:`, meaning substring matching, for strings.
|
|
1186
|
+
#
|
|
1187
|
+
# The supported value types are:
|
|
1188
|
+
#
|
|
1189
|
+
# * string literals in quotes.
|
|
1190
|
+
# * integer literals without quotes.
|
|
1191
|
+
# * boolean literals `true` and `false` without quotes.
|
|
1192
|
+
#
|
|
1193
|
+
# The following field and operator combinations are supported:
|
|
1194
|
+
# name | `=`
|
|
1195
|
+
# parent | '=', ':'
|
|
1196
|
+
# resource_name | '=', ':'
|
|
1197
|
+
# state | '=', ':'
|
|
1198
|
+
# category | '=', ':'
|
|
1199
|
+
# external_uri | '=', ':'
|
|
1200
|
+
# event_time | `>`, `<`, `>=`, `<=`
|
|
1201
|
+
# security_marks | '=', ':'
|
|
1202
|
+
# source_properties | '=', ':', `>`, `<`, `>=`, `<=`
|
|
1203
|
+
#
|
|
1204
|
+
# For example, `source_properties.size = 100` is a valid filter string.
|
|
1205
|
+
# @param order_by [String]
|
|
1206
|
+
# Expression that defines what fields and order to use for sorting. The
|
|
1207
|
+
# string value should follow SQL syntax: comma separated list of fields. For
|
|
1208
|
+
# example: "name,resource_properties.a_property". The default sorting order
|
|
1209
|
+
# is ascending. To specify descending order for a field, a suffix " desc"
|
|
1210
|
+
# should be appended to the field name. For example: "name
|
|
1211
|
+
# desc,source_properties.a_property". Redundant space characters in the
|
|
1212
|
+
# syntax are insignificant. "name desc,source_properties.a_property" and "
|
|
1213
|
+
# name desc , source_properties.a_property " are equivalent.
|
|
1214
|
+
#
|
|
1215
|
+
# The following fields are supported:
|
|
1216
|
+
# name
|
|
1217
|
+
# parent
|
|
1218
|
+
# state
|
|
1219
|
+
# category
|
|
1220
|
+
# resource_name
|
|
1221
|
+
# event_time
|
|
1222
|
+
# source_properties
|
|
1223
|
+
# security_marks
|
|
1224
|
+
# @param read_time [Google::Protobuf::Timestamp | Hash]
|
|
1225
|
+
# Time used as a reference point when filtering findings. The filter is
|
|
1226
|
+
# limited to findings existing at the supplied time and their values are
|
|
1227
|
+
# those at that specific time. Absence of this field will default to the
|
|
1228
|
+
# API's version of NOW.
|
|
1229
|
+
# A hash of the same form as `Google::Protobuf::Timestamp`
|
|
1230
|
+
# can also be provided.
|
|
1231
|
+
# @param compare_duration [Google::Protobuf::Duration | Hash]
|
|
1232
|
+
# When compare_duration is set, the ListFindingsResult's "state_change"
|
|
1233
|
+
# attribute is updated to indicate whether the finding had its state changed,
|
|
1234
|
+
# the finding's state remained unchanged, or if the finding was added in any
|
|
1235
|
+
# state during the compare_duration period of time that precedes the
|
|
1236
|
+
# read_time. This is the time between (read_time - compare_duration) and
|
|
1237
|
+
# read_time.
|
|
1238
|
+
#
|
|
1239
|
+
# The state_change value is derived based on the presence and state of the
|
|
1240
|
+
# finding at the two points in time. Intermediate state changes between the
|
|
1241
|
+
# two times don't affect the result. For example, the results aren't affected
|
|
1242
|
+
# if the finding is made inactive and then active again.
|
|
1243
|
+
#
|
|
1244
|
+
# Possible "state_change" values when compare_duration is specified:
|
|
1245
|
+
#
|
|
1246
|
+
# * "CHANGED": indicates that the finding was present at the start of
|
|
1247
|
+
# compare_duration, but changed its state at read_time.
|
|
1248
|
+
# * "UNCHANGED": indicates that the finding was present at the start of
|
|
1249
|
+
# compare_duration and did not change state at read_time.
|
|
1250
|
+
# * "ADDED": indicates that the finding was not present at the start
|
|
1251
|
+
# of compare_duration, but was present at read_time.
|
|
1252
|
+
#
|
|
1253
|
+
# If compare_duration is not specified, then the only possible state_change
|
|
1254
|
+
# is "UNUSED", which will be the state_change set for all findings present at
|
|
1255
|
+
# read_time.
|
|
1256
|
+
# A hash of the same form as `Google::Protobuf::Duration`
|
|
1257
|
+
# can also be provided.
|
|
1258
|
+
# @param field_mask [Google::Protobuf::FieldMask | Hash]
|
|
1259
|
+
# Optional.
|
|
1260
|
+
#
|
|
1261
|
+
# A field mask to specify the Finding fields to be listed in the response.
|
|
1262
|
+
# An empty field mask will list all fields.
|
|
1263
|
+
# A hash of the same form as `Google::Protobuf::FieldMask`
|
|
1264
|
+
# can also be provided.
|
|
1265
|
+
# @param page_size [Integer]
|
|
1266
|
+
# The maximum number of resources contained in the underlying API
|
|
1267
|
+
# response. If page streaming is performed per-resource, this
|
|
1268
|
+
# parameter does not affect the return value. If page streaming is
|
|
1269
|
+
# performed per-page, this determines the maximum number of
|
|
1270
|
+
# resources in a page.
|
|
1271
|
+
# @param options [Google::Gax::CallOptions]
|
|
1272
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1273
|
+
# retries, etc.
|
|
1274
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1275
|
+
# @yieldparam result [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult>]
|
|
1276
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1277
|
+
# @return [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult>]
|
|
1278
|
+
# An enumerable of Google::Cloud::SecurityCenter::V1::ListFindingsResponse::ListFindingsResult instances.
|
|
1279
|
+
# See Google::Gax::PagedEnumerable documentation for other
|
|
1280
|
+
# operations such as per-page iteration or access to the response
|
|
1281
|
+
# object.
|
|
1282
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1283
|
+
# @example
|
|
1284
|
+
# require "google/cloud/security_center"
|
|
1285
|
+
#
|
|
1286
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1287
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
1288
|
+
#
|
|
1289
|
+
# # Iterate over all results.
|
|
1290
|
+
# security_center_client.list_findings(formatted_parent).each do |element|
|
|
1291
|
+
# # Process element.
|
|
1292
|
+
# end
|
|
1293
|
+
#
|
|
1294
|
+
# # Or iterate over results one page at a time.
|
|
1295
|
+
# security_center_client.list_findings(formatted_parent).each_page do |page|
|
|
1296
|
+
# # Process each page at a time.
|
|
1297
|
+
# page.each do |element|
|
|
1298
|
+
# # Process element.
|
|
1299
|
+
# end
|
|
1300
|
+
# end
|
|
1301
|
+
|
|
1302
|
+
def list_findings \
|
|
1303
|
+
parent,
|
|
1304
|
+
filter: nil,
|
|
1305
|
+
order_by: nil,
|
|
1306
|
+
read_time: nil,
|
|
1307
|
+
compare_duration: nil,
|
|
1308
|
+
field_mask: nil,
|
|
1309
|
+
page_size: nil,
|
|
1310
|
+
options: nil,
|
|
1311
|
+
&block
|
|
1312
|
+
req = {
|
|
1313
|
+
parent: parent,
|
|
1314
|
+
filter: filter,
|
|
1315
|
+
order_by: order_by,
|
|
1316
|
+
read_time: read_time,
|
|
1317
|
+
compare_duration: compare_duration,
|
|
1318
|
+
field_mask: field_mask,
|
|
1319
|
+
page_size: page_size
|
|
1320
|
+
}.delete_if { |_, v| v.nil? }
|
|
1321
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::ListFindingsRequest)
|
|
1322
|
+
@list_findings.call(req, options, &block)
|
|
1323
|
+
end
|
|
1324
|
+
|
|
1325
|
+
# Lists all sources belonging to an organization.
|
|
1326
|
+
#
|
|
1327
|
+
# @param parent [String]
|
|
1328
|
+
# Resource name of the parent of sources to list. Its format should be
|
|
1329
|
+
# "organizations/[organization_id]".
|
|
1330
|
+
# @param page_size [Integer]
|
|
1331
|
+
# The maximum number of resources contained in the underlying API
|
|
1332
|
+
# response. If page streaming is performed per-resource, this
|
|
1333
|
+
# parameter does not affect the return value. If page streaming is
|
|
1334
|
+
# performed per-page, this determines the maximum number of
|
|
1335
|
+
# resources in a page.
|
|
1336
|
+
# @param options [Google::Gax::CallOptions]
|
|
1337
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1338
|
+
# retries, etc.
|
|
1339
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1340
|
+
# @yieldparam result [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::Source>]
|
|
1341
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1342
|
+
# @return [Google::Gax::PagedEnumerable<Google::Cloud::SecurityCenter::V1::Source>]
|
|
1343
|
+
# An enumerable of Google::Cloud::SecurityCenter::V1::Source instances.
|
|
1344
|
+
# See Google::Gax::PagedEnumerable documentation for other
|
|
1345
|
+
# operations such as per-page iteration or access to the response
|
|
1346
|
+
# object.
|
|
1347
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1348
|
+
# @example
|
|
1349
|
+
# require "google/cloud/security_center"
|
|
1350
|
+
#
|
|
1351
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1352
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_path("[ORGANIZATION]")
|
|
1353
|
+
#
|
|
1354
|
+
# # Iterate over all results.
|
|
1355
|
+
# security_center_client.list_sources(formatted_parent).each do |element|
|
|
1356
|
+
# # Process element.
|
|
1357
|
+
# end
|
|
1358
|
+
#
|
|
1359
|
+
# # Or iterate over results one page at a time.
|
|
1360
|
+
# security_center_client.list_sources(formatted_parent).each_page do |page|
|
|
1361
|
+
# # Process each page at a time.
|
|
1362
|
+
# page.each do |element|
|
|
1363
|
+
# # Process element.
|
|
1364
|
+
# end
|
|
1365
|
+
# end
|
|
1366
|
+
|
|
1367
|
+
def list_sources \
|
|
1368
|
+
parent,
|
|
1369
|
+
page_size: nil,
|
|
1370
|
+
options: nil,
|
|
1371
|
+
&block
|
|
1372
|
+
req = {
|
|
1373
|
+
parent: parent,
|
|
1374
|
+
page_size: page_size
|
|
1375
|
+
}.delete_if { |_, v| v.nil? }
|
|
1376
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::ListSourcesRequest)
|
|
1377
|
+
@list_sources.call(req, options, &block)
|
|
1378
|
+
end
|
|
1379
|
+
|
|
1380
|
+
# Runs asset discovery. The discovery is tracked with a long-running
|
|
1381
|
+
# operation.
|
|
1382
|
+
#
|
|
1383
|
+
# This API can only be called with limited frequency for an organization. If
|
|
1384
|
+
# it is called too frequently the caller will receive a TOO_MANY_REQUESTS
|
|
1385
|
+
# error.
|
|
1386
|
+
#
|
|
1387
|
+
# @param parent [String]
|
|
1388
|
+
# Name of the organization to run asset discovery for. Its format is
|
|
1389
|
+
# "organizations/[organization_id]".
|
|
1390
|
+
# @param options [Google::Gax::CallOptions]
|
|
1391
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1392
|
+
# retries, etc.
|
|
1393
|
+
# @return [Google::Gax::Operation]
|
|
1394
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1395
|
+
# @example
|
|
1396
|
+
# require "google/cloud/security_center"
|
|
1397
|
+
#
|
|
1398
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1399
|
+
# formatted_parent = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.organization_path("[ORGANIZATION]")
|
|
1400
|
+
#
|
|
1401
|
+
# # Register a callback during the method call.
|
|
1402
|
+
# operation = security_center_client.run_asset_discovery(formatted_parent) do |op|
|
|
1403
|
+
# raise op.results.message if op.error?
|
|
1404
|
+
# op_results = op.results
|
|
1405
|
+
# # Process the results.
|
|
1406
|
+
#
|
|
1407
|
+
# metadata = op.metadata
|
|
1408
|
+
# # Process the metadata.
|
|
1409
|
+
# end
|
|
1410
|
+
#
|
|
1411
|
+
# # Or use the return value to register a callback.
|
|
1412
|
+
# operation.on_done do |op|
|
|
1413
|
+
# raise op.results.message if op.error?
|
|
1414
|
+
# op_results = op.results
|
|
1415
|
+
# # Process the results.
|
|
1416
|
+
#
|
|
1417
|
+
# metadata = op.metadata
|
|
1418
|
+
# # Process the metadata.
|
|
1419
|
+
# end
|
|
1420
|
+
#
|
|
1421
|
+
# # Manually reload the operation.
|
|
1422
|
+
# operation.reload!
|
|
1423
|
+
#
|
|
1424
|
+
# # Or block until the operation completes, triggering callbacks on
|
|
1425
|
+
# # completion.
|
|
1426
|
+
# operation.wait_until_done!
|
|
1427
|
+
|
|
1428
|
+
def run_asset_discovery \
|
|
1429
|
+
parent,
|
|
1430
|
+
options: nil
|
|
1431
|
+
req = {
|
|
1432
|
+
parent: parent
|
|
1433
|
+
}.delete_if { |_, v| v.nil? }
|
|
1434
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::RunAssetDiscoveryRequest)
|
|
1435
|
+
operation = Google::Gax::Operation.new(
|
|
1436
|
+
@run_asset_discovery.call(req, options),
|
|
1437
|
+
@operations_client,
|
|
1438
|
+
Google::Protobuf::Empty,
|
|
1439
|
+
Google::Protobuf::Empty,
|
|
1440
|
+
call_options: options
|
|
1441
|
+
)
|
|
1442
|
+
operation.on_done { |operation| yield(operation) } if block_given?
|
|
1443
|
+
operation
|
|
1444
|
+
end
|
|
1445
|
+
|
|
1446
|
+
# Updates the state of a finding.
|
|
1447
|
+
#
|
|
1448
|
+
# @param name [String]
|
|
1449
|
+
# The relative resource name of the finding. See:
|
|
1450
|
+
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
|
|
1451
|
+
# Example:
|
|
1452
|
+
# "organizations/123/sources/456/finding/789".
|
|
1453
|
+
# @param state [Google::Cloud::SecurityCenter::V1::Finding::State]
|
|
1454
|
+
# The desired State of the finding.
|
|
1455
|
+
# @param start_time [Google::Protobuf::Timestamp | Hash]
|
|
1456
|
+
# The time at which the updated state takes effect.
|
|
1457
|
+
# A hash of the same form as `Google::Protobuf::Timestamp`
|
|
1458
|
+
# can also be provided.
|
|
1459
|
+
# @param options [Google::Gax::CallOptions]
|
|
1460
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1461
|
+
# retries, etc.
|
|
1462
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1463
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::Finding]
|
|
1464
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1465
|
+
# @return [Google::Cloud::SecurityCenter::V1::Finding]
|
|
1466
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1467
|
+
# @example
|
|
1468
|
+
# require "google/cloud/security_center"
|
|
1469
|
+
#
|
|
1470
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1471
|
+
# formatted_name = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.finding_path("[ORGANIZATION]", "[SOURCE]", "[FINDING]")
|
|
1472
|
+
#
|
|
1473
|
+
# # TODO: Initialize `state`:
|
|
1474
|
+
# state = :STATE_UNSPECIFIED
|
|
1475
|
+
#
|
|
1476
|
+
# # TODO: Initialize `start_time`:
|
|
1477
|
+
# start_time = {}
|
|
1478
|
+
# response = security_center_client.set_finding_state(formatted_name, state, start_time)
|
|
1479
|
+
|
|
1480
|
+
def set_finding_state \
|
|
1481
|
+
name,
|
|
1482
|
+
state,
|
|
1483
|
+
start_time,
|
|
1484
|
+
options: nil,
|
|
1485
|
+
&block
|
|
1486
|
+
req = {
|
|
1487
|
+
name: name,
|
|
1488
|
+
state: state,
|
|
1489
|
+
start_time: start_time
|
|
1490
|
+
}.delete_if { |_, v| v.nil? }
|
|
1491
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::SetFindingStateRequest)
|
|
1492
|
+
@set_finding_state.call(req, options, &block)
|
|
1493
|
+
end
|
|
1494
|
+
|
|
1495
|
+
# Sets the access control policy on the specified Source.
|
|
1496
|
+
#
|
|
1497
|
+
# @param resource [String]
|
|
1498
|
+
# REQUIRED: The resource for which the policy is being specified.
|
|
1499
|
+
# `resource` is usually specified as a path. For example, a Project
|
|
1500
|
+
# resource is specified as `projects/{project}`.
|
|
1501
|
+
# @param policy [Google::Iam::V1::Policy | Hash]
|
|
1502
|
+
# REQUIRED: The complete policy to be applied to the `resource`. The size of
|
|
1503
|
+
# the policy is limited to a few 10s of KB. An empty policy is a
|
|
1504
|
+
# valid policy but certain Cloud Platform services (such as Projects)
|
|
1505
|
+
# might reject them.
|
|
1506
|
+
# A hash of the same form as `Google::Iam::V1::Policy`
|
|
1507
|
+
# can also be provided.
|
|
1508
|
+
# @param options [Google::Gax::CallOptions]
|
|
1509
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1510
|
+
# retries, etc.
|
|
1511
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1512
|
+
# @yieldparam result [Google::Iam::V1::Policy]
|
|
1513
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1514
|
+
# @return [Google::Iam::V1::Policy]
|
|
1515
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1516
|
+
# @example
|
|
1517
|
+
# require "google/cloud/security_center"
|
|
1518
|
+
#
|
|
1519
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1520
|
+
# formatted_resource = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
1521
|
+
#
|
|
1522
|
+
# # TODO: Initialize `policy`:
|
|
1523
|
+
# policy = {}
|
|
1524
|
+
# response = security_center_client.set_iam_policy(formatted_resource, policy)
|
|
1525
|
+
|
|
1526
|
+
def set_iam_policy \
|
|
1527
|
+
resource,
|
|
1528
|
+
policy,
|
|
1529
|
+
options: nil,
|
|
1530
|
+
&block
|
|
1531
|
+
req = {
|
|
1532
|
+
resource: resource,
|
|
1533
|
+
policy: policy
|
|
1534
|
+
}.delete_if { |_, v| v.nil? }
|
|
1535
|
+
req = Google::Gax::to_proto(req, Google::Iam::V1::SetIamPolicyRequest)
|
|
1536
|
+
@set_iam_policy.call(req, options, &block)
|
|
1537
|
+
end
|
|
1538
|
+
|
|
1539
|
+
# Returns the permissions that a caller has on the specified source.
|
|
1540
|
+
#
|
|
1541
|
+
# @param resource [String]
|
|
1542
|
+
# REQUIRED: The resource for which the policy detail is being requested.
|
|
1543
|
+
# `resource` is usually specified as a path. For example, a Project
|
|
1544
|
+
# resource is specified as `projects/{project}`.
|
|
1545
|
+
# @param permissions [Array<String>]
|
|
1546
|
+
# The set of permissions to check for the `resource`. Permissions with
|
|
1547
|
+
# wildcards (such as '*' or 'storage.*') are not allowed. For more
|
|
1548
|
+
# information see
|
|
1549
|
+
# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
|
1550
|
+
# @param options [Google::Gax::CallOptions]
|
|
1551
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1552
|
+
# retries, etc.
|
|
1553
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1554
|
+
# @yieldparam result [Google::Iam::V1::TestIamPermissionsResponse]
|
|
1555
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1556
|
+
# @return [Google::Iam::V1::TestIamPermissionsResponse]
|
|
1557
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1558
|
+
# @example
|
|
1559
|
+
# require "google/cloud/security_center"
|
|
1560
|
+
#
|
|
1561
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1562
|
+
# formatted_resource = Google::Cloud::SecurityCenter::V1::SecurityCenterClient.source_path("[ORGANIZATION]", "[SOURCE]")
|
|
1563
|
+
#
|
|
1564
|
+
# # TODO: Initialize `permissions`:
|
|
1565
|
+
# permissions = []
|
|
1566
|
+
# response = security_center_client.test_iam_permissions(formatted_resource, permissions)
|
|
1567
|
+
|
|
1568
|
+
def test_iam_permissions \
|
|
1569
|
+
resource,
|
|
1570
|
+
permissions,
|
|
1571
|
+
options: nil,
|
|
1572
|
+
&block
|
|
1573
|
+
req = {
|
|
1574
|
+
resource: resource,
|
|
1575
|
+
permissions: permissions
|
|
1576
|
+
}.delete_if { |_, v| v.nil? }
|
|
1577
|
+
req = Google::Gax::to_proto(req, Google::Iam::V1::TestIamPermissionsRequest)
|
|
1578
|
+
@test_iam_permissions.call(req, options, &block)
|
|
1579
|
+
end
|
|
1580
|
+
|
|
1581
|
+
# Creates or updates a finding. The corresponding source must exist for a
|
|
1582
|
+
# finding creation to succeed.
|
|
1583
|
+
#
|
|
1584
|
+
# @param finding [Google::Cloud::SecurityCenter::V1::Finding | Hash]
|
|
1585
|
+
# The finding resource to update or create if it does not already exist.
|
|
1586
|
+
# parent, security_marks, and update_time will be ignored.
|
|
1587
|
+
#
|
|
1588
|
+
# In the case of creation, the finding id portion of the name must be
|
|
1589
|
+
# alphanumeric and less than or equal to 32 characters and greater than 0
|
|
1590
|
+
# characters in length.
|
|
1591
|
+
# A hash of the same form as `Google::Cloud::SecurityCenter::V1::Finding`
|
|
1592
|
+
# can also be provided.
|
|
1593
|
+
# @param update_mask [Google::Protobuf::FieldMask | Hash]
|
|
1594
|
+
# The FieldMask to use when updating the finding resource. This field should
|
|
1595
|
+
# not be specified when creating a finding.
|
|
1596
|
+
#
|
|
1597
|
+
# When updating a finding, an empty mask is treated as updating all mutable
|
|
1598
|
+
# fields and replacing source_properties. Individual source_properties can
|
|
1599
|
+
# be added/updated by using "source_properties.<property key>" in the field
|
|
1600
|
+
# mask.
|
|
1601
|
+
# A hash of the same form as `Google::Protobuf::FieldMask`
|
|
1602
|
+
# can also be provided.
|
|
1603
|
+
# @param options [Google::Gax::CallOptions]
|
|
1604
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1605
|
+
# retries, etc.
|
|
1606
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1607
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::Finding]
|
|
1608
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1609
|
+
# @return [Google::Cloud::SecurityCenter::V1::Finding]
|
|
1610
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1611
|
+
# @example
|
|
1612
|
+
# require "google/cloud/security_center"
|
|
1613
|
+
#
|
|
1614
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1615
|
+
#
|
|
1616
|
+
# # TODO: Initialize `finding`:
|
|
1617
|
+
# finding = {}
|
|
1618
|
+
# response = security_center_client.update_finding(finding)
|
|
1619
|
+
|
|
1620
|
+
def update_finding \
|
|
1621
|
+
finding,
|
|
1622
|
+
update_mask: nil,
|
|
1623
|
+
options: nil,
|
|
1624
|
+
&block
|
|
1625
|
+
req = {
|
|
1626
|
+
finding: finding,
|
|
1627
|
+
update_mask: update_mask
|
|
1628
|
+
}.delete_if { |_, v| v.nil? }
|
|
1629
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::UpdateFindingRequest)
|
|
1630
|
+
@update_finding.call(req, options, &block)
|
|
1631
|
+
end
|
|
1632
|
+
|
|
1633
|
+
# Updates an organization's settings.
|
|
1634
|
+
#
|
|
1635
|
+
# @param organization_settings [Google::Cloud::SecurityCenter::V1::OrganizationSettings | Hash]
|
|
1636
|
+
# The organization settings resource to update.
|
|
1637
|
+
# A hash of the same form as `Google::Cloud::SecurityCenter::V1::OrganizationSettings`
|
|
1638
|
+
# can also be provided.
|
|
1639
|
+
# @param update_mask [Google::Protobuf::FieldMask | Hash]
|
|
1640
|
+
# The FieldMask to use when updating the settings resource.
|
|
1641
|
+
#
|
|
1642
|
+
# If empty all mutable fields will be updated.
|
|
1643
|
+
# A hash of the same form as `Google::Protobuf::FieldMask`
|
|
1644
|
+
# can also be provided.
|
|
1645
|
+
# @param options [Google::Gax::CallOptions]
|
|
1646
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1647
|
+
# retries, etc.
|
|
1648
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1649
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::OrganizationSettings]
|
|
1650
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1651
|
+
# @return [Google::Cloud::SecurityCenter::V1::OrganizationSettings]
|
|
1652
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1653
|
+
# @example
|
|
1654
|
+
# require "google/cloud/security_center"
|
|
1655
|
+
#
|
|
1656
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1657
|
+
#
|
|
1658
|
+
# # TODO: Initialize `organization_settings`:
|
|
1659
|
+
# organization_settings = {}
|
|
1660
|
+
# response = security_center_client.update_organization_settings(organization_settings)
|
|
1661
|
+
|
|
1662
|
+
def update_organization_settings \
|
|
1663
|
+
organization_settings,
|
|
1664
|
+
update_mask: nil,
|
|
1665
|
+
options: nil,
|
|
1666
|
+
&block
|
|
1667
|
+
req = {
|
|
1668
|
+
organization_settings: organization_settings,
|
|
1669
|
+
update_mask: update_mask
|
|
1670
|
+
}.delete_if { |_, v| v.nil? }
|
|
1671
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::UpdateOrganizationSettingsRequest)
|
|
1672
|
+
@update_organization_settings.call(req, options, &block)
|
|
1673
|
+
end
|
|
1674
|
+
|
|
1675
|
+
# Updates a source.
|
|
1676
|
+
#
|
|
1677
|
+
# @param source [Google::Cloud::SecurityCenter::V1::Source | Hash]
|
|
1678
|
+
# The source resource to update.
|
|
1679
|
+
# A hash of the same form as `Google::Cloud::SecurityCenter::V1::Source`
|
|
1680
|
+
# can also be provided.
|
|
1681
|
+
# @param update_mask [Google::Protobuf::FieldMask | Hash]
|
|
1682
|
+
# The FieldMask to use when updating the source resource.
|
|
1683
|
+
#
|
|
1684
|
+
# If empty all mutable fields will be updated.
|
|
1685
|
+
# A hash of the same form as `Google::Protobuf::FieldMask`
|
|
1686
|
+
# can also be provided.
|
|
1687
|
+
# @param options [Google::Gax::CallOptions]
|
|
1688
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1689
|
+
# retries, etc.
|
|
1690
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1691
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::Source]
|
|
1692
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1693
|
+
# @return [Google::Cloud::SecurityCenter::V1::Source]
|
|
1694
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1695
|
+
# @example
|
|
1696
|
+
# require "google/cloud/security_center"
|
|
1697
|
+
#
|
|
1698
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1699
|
+
#
|
|
1700
|
+
# # TODO: Initialize `source`:
|
|
1701
|
+
# source = {}
|
|
1702
|
+
# response = security_center_client.update_source(source)
|
|
1703
|
+
|
|
1704
|
+
def update_source \
|
|
1705
|
+
source,
|
|
1706
|
+
update_mask: nil,
|
|
1707
|
+
options: nil,
|
|
1708
|
+
&block
|
|
1709
|
+
req = {
|
|
1710
|
+
source: source,
|
|
1711
|
+
update_mask: update_mask
|
|
1712
|
+
}.delete_if { |_, v| v.nil? }
|
|
1713
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::UpdateSourceRequest)
|
|
1714
|
+
@update_source.call(req, options, &block)
|
|
1715
|
+
end
|
|
1716
|
+
|
|
1717
|
+
# Updates security marks.
|
|
1718
|
+
#
|
|
1719
|
+
# @param security_marks [Google::Cloud::SecurityCenter::V1::SecurityMarks | Hash]
|
|
1720
|
+
# The security marks resource to update.
|
|
1721
|
+
# A hash of the same form as `Google::Cloud::SecurityCenter::V1::SecurityMarks`
|
|
1722
|
+
# can also be provided.
|
|
1723
|
+
# @param update_mask [Google::Protobuf::FieldMask | Hash]
|
|
1724
|
+
# The FieldMask to use when updating the security marks resource.
|
|
1725
|
+
#
|
|
1726
|
+
# The field mask must not contain duplicate fields.
|
|
1727
|
+
# If empty or set to "marks", all marks will be replaced. Individual
|
|
1728
|
+
# marks can be updated using "marks.<mark_key>".
|
|
1729
|
+
# A hash of the same form as `Google::Protobuf::FieldMask`
|
|
1730
|
+
# can also be provided.
|
|
1731
|
+
# @param start_time [Google::Protobuf::Timestamp | Hash]
|
|
1732
|
+
# The time at which the updated SecurityMarks take effect.
|
|
1733
|
+
# If not set uses current server time. Updates will be applied to the
|
|
1734
|
+
# SecurityMarks that are active immediately preceding this time.
|
|
1735
|
+
# A hash of the same form as `Google::Protobuf::Timestamp`
|
|
1736
|
+
# can also be provided.
|
|
1737
|
+
# @param options [Google::Gax::CallOptions]
|
|
1738
|
+
# Overrides the default settings for this call, e.g, timeout,
|
|
1739
|
+
# retries, etc.
|
|
1740
|
+
# @yield [result, operation] Access the result along with the RPC operation
|
|
1741
|
+
# @yieldparam result [Google::Cloud::SecurityCenter::V1::SecurityMarks]
|
|
1742
|
+
# @yieldparam operation [GRPC::ActiveCall::Operation]
|
|
1743
|
+
# @return [Google::Cloud::SecurityCenter::V1::SecurityMarks]
|
|
1744
|
+
# @raise [Google::Gax::GaxError] if the RPC is aborted.
|
|
1745
|
+
# @example
|
|
1746
|
+
# require "google/cloud/security_center"
|
|
1747
|
+
#
|
|
1748
|
+
# security_center_client = Google::Cloud::SecurityCenter.new(version: :v1)
|
|
1749
|
+
#
|
|
1750
|
+
# # TODO: Initialize `security_marks`:
|
|
1751
|
+
# security_marks = {}
|
|
1752
|
+
# response = security_center_client.update_security_marks(security_marks)
|
|
1753
|
+
|
|
1754
|
+
def update_security_marks \
|
|
1755
|
+
security_marks,
|
|
1756
|
+
update_mask: nil,
|
|
1757
|
+
start_time: nil,
|
|
1758
|
+
options: nil,
|
|
1759
|
+
&block
|
|
1760
|
+
req = {
|
|
1761
|
+
security_marks: security_marks,
|
|
1762
|
+
update_mask: update_mask,
|
|
1763
|
+
start_time: start_time
|
|
1764
|
+
}.delete_if { |_, v| v.nil? }
|
|
1765
|
+
req = Google::Gax::to_proto(req, Google::Cloud::SecurityCenter::V1::UpdateSecurityMarksRequest)
|
|
1766
|
+
@update_security_marks.call(req, options, &block)
|
|
1767
|
+
end
|
|
1768
|
+
end
|
|
1769
|
+
end
|
|
1770
|
+
end
|
|
1771
|
+
end
|
|
1772
|
+
end
|