google-cloud-security_center 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50d4b784ca901d3560eeb3ac3a584a4235c390a3b5be1e9d1aec690bbce104bc
-  data.tar.gz: 7c6a8ee5dad3896ddf7f8da677609f2cd47b2ff03f746bd603d4d71590c78c6a
+  metadata.gz: d381b69c5fbbb368fd9b5e2f33a5d70ac5191d6178c7c599460f42c91b7651db
+  data.tar.gz: 2c4bdf0224df6c5831de578cf9ddd775c528a5b8a2ddde78890d3b09c61643d0
 SHA512:
-  metadata.gz: d05583e510acd7a2784657544e6df0660e30231a7c406a2d1e6e39c143275090e1ac0c72d6e64576748e979c31b92fbcad76e9959302ad2b71599b7c2769285f
-  data.tar.gz: dffdc7fa0aa48673071b6e62107b933da9706e2dbbe203852b1a6bd896bdbe1562fa8befa0d965a6b248b7c7764741535244afe543a395deb3c11b996711401f
+  metadata.gz: ec0518134687aac0c09b9e17381c5419bf58bcf44a9e8e54d6733e8b653958217887ff90bf3e4e137435e51ea3630c0e0dcc49fd5fad5725c200b3af65ca419d
+  data.tar.gz: 01de529448dc8ffaf90e04b681289232b541f306da2e1150830124b9ddb2a7158e5553390102f1781c51e2a4718519e337636a4e922ba0fa29d6d0a32a3314f8

data/lib/google/cloud/security_center/v1p1beta1.rb

@@ -0,0 +1,149 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require "google/cloud/security_center/v1p1beta1/security_center_client"
+require "google/cloud/security_center/v1p1beta1/helpers"
+require "google/cloud/security_center/v1p1beta1/notification_message_pb"
+require "google/cloud/security_center/v1p1beta1/run_asset_discovery_response_pb"
+
+module Google
+  module Cloud
+    module SecurityCenter
+      # rubocop:disable LineLength
+
+      ##
+      # # Ruby Client for Cloud Security Command Center API ([Alpha](https://github.com/googleapis/google-cloud-ruby#versioning))
+      #
+      # [Cloud Security Command Center API][Product Documentation]:
+      # Cloud Security Command Center API provides access to temporal views of
+      # assets and findings within an organization.
+      # - [Product Documentation][]
+      #
+      # ## Quick Start
+      # In order to use this library, you first need to go through the following
+      # steps:
+      #
+      # 1. [Select or create a Cloud Platform project.](https://console.cloud.google.com/project)
+      # 2. [Enable billing for your project.](https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project)
+      # 3. [Enable the Cloud Security Command Center API.](https://console.cloud.google.com/apis/library/securitycenter.googleapis.com)
+      # 4. [Setup Authentication.](https://googleapis.dev/ruby/google-cloud-security_center/latest/file.AUTHENTICATION.html)
+      #
+      # ### Installation
+      # ```
+      # $ gem install google-cloud-security_center
+      # ```
+      #
+      # ### Next Steps
+      # - Read the [Cloud Security Command Center API Product documentation][Product Documentation]
+      #   to learn more about the product and see How-to Guides.
+      # - View this [repository's main README](https://github.com/googleapis/google-cloud-ruby/blob/master/README.md)
+      #   to see the full list of Cloud APIs that we cover.
+      #
+      # [Product Documentation]: https://cloud.google.com/security-command-center/
+      #
+      # ## Enabling Logging
+      #
+      # To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
+      # The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib-2.5.0/libdoc/logger/rdoc/Logger.html) as shown below,
+      # or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
+      # that will write logs to [Stackdriver Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
+      # and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
+      #
+      # Configuring a Ruby stdlib logger:
+      #
+      # ```ruby
+      # require "logger"
+      #
+      # module MyLogger
+      #   LOGGER = Logger.new $stderr, level: Logger::WARN
+      #   def logger
+      #     LOGGER
+      #   end
+      # end
+      #
+      # # Define a gRPC module-level logger method before grpc/logconfig.rb loads.
+      # module GRPC
+      #   extend MyLogger
+      # end
+      # ```
+      #
+      module V1p1beta1
+        # rubocop:enable LineLength
+
+        ##
+        # V1p1Beta1 APIs for Security Center service.
+        #
+        # @param credentials [Google::Auth::Credentials, String, Hash, GRPC::Core::Channel, GRPC::Core::ChannelCredentials, Proc]
+        #   Provides the means for authenticating requests made by the client. This parameter can
+        #   be many types.
+        #   A `Google::Auth::Credentials` uses a the properties of its represented keyfile for
+        #   authenticating requests made by this client.
+        #   A `String` will be treated as the path to the keyfile to be used for the construction of
+        #   credentials for this client.
+        #   A `Hash` will be treated as the contents of a keyfile to be used for the construction of
+        #   credentials for this client.
+        #   A `GRPC::Core::Channel` will be used to make calls through.
+        #   A `GRPC::Core::ChannelCredentials` for the setting up the RPC client. The channel credentials
+        #   should already be composed with a `GRPC::Core::CallCredentials` object.
+        #   A `Proc` will be used as an updater_proc for the Grpc channel. The proc transforms the
+        #   metadata for requests, generally, to give OAuth credentials.
+        # @param scopes [Array<String>]
+        #   The OAuth scopes for this service. This parameter is ignored if
+        #   an updater_proc is supplied.
+        # @param client_config [Hash]
+        #   A Hash for call options for each method. See
+        #   Google::Gax#construct_settings for the structure of
+        #   this data. Falls back to the default config if not specified
+        #   or the specified config is missing data points.
+        # @param timeout [Numeric]
+        #   The default timeout, in seconds, for calls made through this client.
+        # @param metadata [Hash]
+        #   Default metadata to be sent with each request. This can be overridden on a per call basis.
+        # @param service_address [String]
+        #   Override for the service hostname, or `nil` to leave as the default.
+        # @param service_port [Integer]
+        #   Override for the service port, or `nil` to leave as the default.
+        # @param exception_transformer [Proc]
+        #   An optional proc that intercepts any exceptions raised during an API call to inject
+        #   custom error handling.
+        def self.new \
+            credentials: nil,
+            scopes: nil,
+            client_config: nil,
+            timeout: nil,
+            metadata: nil,
+            service_address: nil,
+            service_port: nil,
+            exception_transformer: nil,
+            lib_name: nil,
+            lib_version: nil
+          kwargs = {
+            credentials: credentials,
+            scopes: scopes,
+            client_config: client_config,
+            timeout: timeout,
+            metadata: metadata,
+            exception_transformer: exception_transformer,
+            lib_name: lib_name,
+            service_address: service_address,
+            service_port: service_port,
+            lib_version: lib_version
+          }.select { |_, v| v != nil }
+          Google::Cloud::SecurityCenter::V1p1beta1::SecurityCenterClient.new(**kwargs)
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/security_center/v1p1beta1/asset_pb.rb

@@ -0,0 +1,41 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/security_center/v1p1beta1/asset.proto
+
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'google/api/resource_pb'
+require 'google/cloud/security_center/v1p1beta1/security_marks_pb'
+require 'google/protobuf/struct_pb'
+require 'google/protobuf/timestamp_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "google.cloud.securitycenter.v1p1beta1.Asset" do
+    optional :name, :string, 1
+    optional :security_center_properties, :message, 2, "google.cloud.securitycenter.v1p1beta1.Asset.SecurityCenterProperties"
+    map :resource_properties, :string, :message, 7, "google.protobuf.Value"
+    optional :security_marks, :message, 8, "google.cloud.securitycenter.v1p1beta1.SecurityMarks"
+    optional :create_time, :message, 9, "google.protobuf.Timestamp"
+    optional :update_time, :message, 10, "google.protobuf.Timestamp"
+    optional :iam_policy, :message, 11, "google.cloud.securitycenter.v1p1beta1.Asset.IamPolicy"
+  end
+  add_message "google.cloud.securitycenter.v1p1beta1.Asset.SecurityCenterProperties" do
+    optional :resource_name, :string, 1
+    optional :resource_type, :string, 2
+    optional :resource_parent, :string, 3
+    optional :resource_project, :string, 4
+    repeated :resource_owners, :string, 5
+    optional :resource_display_name, :string, 6
+    optional :resource_parent_display_name, :string, 7
+    optional :resource_project_display_name, :string, 8
+  end
+  add_message "google.cloud.securitycenter.v1p1beta1.Asset.IamPolicy" do
+    optional :policy_blob, :string, 1
+  end
+end
+
+module Google::Cloud::SecurityCenter::V1p1beta1
+  Asset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1p1beta1.Asset").msgclass
+  Asset::SecurityCenterProperties = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1p1beta1.Asset.SecurityCenterProperties").msgclass
+  Asset::IamPolicy = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1p1beta1.Asset.IamPolicy").msgclass
+end

data/lib/google/cloud/security_center/v1p1beta1/credentials.rb

@@ -0,0 +1,41 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require "googleauth"
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1p1beta1
+        class Credentials < Google::Auth::Credentials
+          SCOPE = [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ].freeze
+          PATH_ENV_VARS = %w(SECURITY_CENTER_CREDENTIALS
+                             SECURITY_CENTER_KEYFILE
+                             GOOGLE_CLOUD_CREDENTIALS
+                             GOOGLE_CLOUD_KEYFILE
+                             GCLOUD_KEYFILE)
+          JSON_ENV_VARS = %w(SECURITY_CENTER_CREDENTIALS_JSON
+                             SECURITY_CENTER_KEYFILE_JSON
+                             GOOGLE_CLOUD_CREDENTIALS_JSON
+                             GOOGLE_CLOUD_KEYFILE_JSON
+                             GCLOUD_KEYFILE_JSON)
+          DEFAULT_PATHS = ["~/.config/gcloud/application_default_credentials.json"]
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/asset.rb

@@ -0,0 +1,105 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Cloud
+    module Securitycenter
+      module V1p1beta1
+        # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud
+        # Platform (GCP) resource.
+        #
+        # The Asset is a Cloud SCC resource that captures information about a single
+        # GCP resource. All modifications to an Asset are only within the context of
+        # Cloud SCC and don't affect the referenced GCP resource.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     The relative resource name of this asset. See:
+        #     https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        #     Example:
+        #     "organizations/{organization_id}/assets/{asset_id}".
+        # @!attribute [rw] security_center_properties
+        #   @return [Google::Cloud::SecurityCenter::V1p1beta1::Asset::SecurityCenterProperties]
+        #     Cloud SCC managed properties. These properties are managed by
+        #     Cloud SCC and cannot be modified by the user.
+        # @!attribute [rw] resource_properties
+        #   @return [Hash{String => Google::Protobuf::Value}]
+        #     Resource managed properties. These properties are managed and defined by
+        #     the GCP resource and cannot be modified by the user.
+        # @!attribute [rw] security_marks
+        #   @return [Google::Cloud::SecurityCenter::V1p1beta1::SecurityMarks]
+        #     User specified security marks. These marks are entirely managed by the user
+        #     and come from the SecurityMarks resource that belongs to the asset.
+        # @!attribute [rw] create_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     The time at which the asset was created in Cloud SCC.
+        # @!attribute [rw] update_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     The time at which the asset was last updated, added, or deleted in Cloud
+        #     SCC.
+        # @!attribute [rw] iam_policy
+        #   @return [Google::Cloud::SecurityCenter::V1p1beta1::Asset::IamPolicy]
+        #     IAM Policy information associated with the GCP resource described by the
+        #     Cloud SCC asset. This information is managed and defined by the GCP
+        #     resource and cannot be modified by the user.
+        class Asset
+          # Cloud SCC managed properties. These properties are managed by Cloud SCC and
+          # cannot be modified by the user.
+          # @!attribute [rw] resource_name
+          #   @return [String]
+          #     The full resource name of the GCP resource this asset
+          #     represents. This field is immutable after create time. See:
+          #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+          # @!attribute [rw] resource_type
+          #   @return [String]
+          #     The type of the GCP resource. Examples include: APPLICATION,
+          #     PROJECT, and ORGANIZATION. This is a case insensitive field defined by
+          #     Cloud SCC and/or the producer of the resource and is immutable
+          #     after create time.
+          # @!attribute [rw] resource_parent
+          #   @return [String]
+          #     The full resource name of the immediate parent of the resource. See:
+          #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+          # @!attribute [rw] resource_project
+          #   @return [String]
+          #     The full resource name of the project the resource belongs to. See:
+          #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+          # @!attribute [rw] resource_owners
+          #   @return [Array<String>]
+          #     Owners of the Google Cloud resource.
+          # @!attribute [rw] resource_display_name
+          #   @return [String]
+          #     The user defined display name for this resource.
+          # @!attribute [rw] resource_parent_display_name
+          #   @return [String]
+          #     The user defined display name for the parent of this resource.
+          # @!attribute [rw] resource_project_display_name
+          #   @return [String]
+          #     The user defined display name for the project of this resource.
+          class SecurityCenterProperties; end
+
+          # IAM Policy information associated with the GCP resource described by the
+          # Cloud SCC asset. This information is managed and defined by the GCP
+          # resource and cannot be modified by the user.
+          # @!attribute [rw] policy_blob
+          #   @return [String]
+          #     The JSON representation of the Policy associated with the asset.
+          #     See https://cloud.google.com/iam/reference/rest/v1p1beta1/Policy for
+          #     format details.
+          class IamPolicy; end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/finding.rb

@@ -0,0 +1,96 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Cloud
+    module Securitycenter
+      module V1p1beta1
+        # Cloud Security Command Center (Cloud SCC) finding.
+        #
+        # A finding is a record of assessment data (security, risk, health or privacy)
+        # ingested into Cloud SCC for presentation, notification, analysis,
+        # policy testing, and enforcement. For example, an XSS vulnerability in an
+        # App Engine application is a finding.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     The relative resource name of this finding. See:
+        #     https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        #     Example:
+        #     "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
+        # @!attribute [rw] parent
+        #   @return [String]
+        #     The relative resource name of the source the finding belongs to. See:
+        #     https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        #     This field is immutable after creation time.
+        #     For example:
+        #     "organizations/{organization_id}/sources/{source_id}"
+        # @!attribute [rw] resource_name
+        #   @return [String]
+        #     For findings on Google Cloud Platform (GCP) resources, the full resource
+        #     name of the GCP resource this finding is for. See:
+        #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+        #     When the finding is for a non-GCP resource, the resourceName can be a
+        #     customer or partner defined string.
+        #     This field is immutable after creation time.
+        # @!attribute [rw] state
+        #   @return [Google::Cloud::SecurityCenter::V1p1beta1::Finding::State]
+        #     The state of the finding.
+        # @!attribute [rw] category
+        #   @return [String]
+        #     The additional taxonomy group within findings from a given source.
+        #     This field is immutable after creation time.
+        #     Example: "XSS_FLASH_INJECTION"
+        # @!attribute [rw] external_uri
+        #   @return [String]
+        #     The URI that, if available, points to a web page outside of Cloud SCC
+        #     where additional information about the finding can be found. This field is
+        #     guaranteed to be either empty or a well formed URL.
+        # @!attribute [rw] source_properties
+        #   @return [Hash{String => Google::Protobuf::Value}]
+        #     Source specific properties. These properties are managed by the source
+        #     that writes the finding. The key names in the source_properties map must be
+        #     between 1 and 255 characters, and must start with a letter and contain
+        #     alphanumeric characters or underscores only.
+        # @!attribute [rw] security_marks
+        #   @return [Google::Cloud::SecurityCenter::V1p1beta1::SecurityMarks]
+        #     Output only. User specified security marks. These marks are entirely
+        #     managed by the user and come from the SecurityMarks resource that belongs
+        #     to the finding.
+        # @!attribute [rw] event_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     The time at which the event took place. For example, if the finding
+        #     represents an open firewall it would capture the time the detector believes
+        #     the firewall became open. The accuracy is determined by the detector.
+        # @!attribute [rw] create_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     The time at which the finding was created in Cloud SCC.
+        class Finding
+          # The state of the finding.
+          module State
+            # Unspecified state.
+            STATE_UNSPECIFIED = 0
+
+            # The finding requires attention and has not been addressed yet.
+            ACTIVE = 1
+
+            # The finding has been fixed, triaged as a non-issue or otherwise addressed
+            # and is no longer active.
+            INACTIVE = 2
+          end
+        end
+      end
+    end
+  end
+end