google-cloud-security_center 0.9.0 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +3 -2
- data/AUTHENTICATION.md +51 -59
- data/LICENSE.md +203 -0
- data/MIGRATING.md +327 -0
- data/README.md +36 -25
- data/lib/{google/cloud/security_center/v1/doc/google/protobuf/empty.rb → google-cloud-security_center.rb} +4 -14
- data/lib/google/cloud/security_center.rb +87 -117
- data/lib/google/cloud/security_center/version.rb +6 -2
- metadata +63 -113
- data/LICENSE +0 -201
- data/lib/google/cloud/security_center/v1.rb +0 -149
- data/lib/google/cloud/security_center/v1/asset_pb.rb +0 -41
- data/lib/google/cloud/security_center/v1/credentials.rb +0 -41
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/asset.rb +0 -105
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/finding.rb +0 -97
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/notification_config.rb +0 -75
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/organization_settings.rb +0 -72
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/security_marks.rb +0 -45
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/securitycenter_service.rb +0 -912
- data/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/source.rb +0 -50
- data/lib/google/cloud/security_center/v1/doc/google/iam/v1/iam_policy.rb +0 -64
- data/lib/google/cloud/security_center/v1/doc/google/iam/v1/options.rb +0 -33
- data/lib/google/cloud/security_center/v1/doc/google/iam/v1/policy.rb +0 -151
- data/lib/google/cloud/security_center/v1/doc/google/longrunning/operations.rb +0 -51
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/any.rb +0 -131
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/duration.rb +0 -91
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/field_mask.rb +0 -222
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/struct.rb +0 -74
- data/lib/google/cloud/security_center/v1/doc/google/protobuf/timestamp.rb +0 -113
- data/lib/google/cloud/security_center/v1/doc/google/rpc/status.rb +0 -39
- data/lib/google/cloud/security_center/v1/doc/google/type/expr.rb +0 -45
- data/lib/google/cloud/security_center/v1/finding_pb.rb +0 -36
- data/lib/google/cloud/security_center/v1/helpers.rb +0 -88
- data/lib/google/cloud/security_center/v1/notification_config_pb.rb +0 -28
- data/lib/google/cloud/security_center/v1/notification_message_pb.rb +0 -20
- data/lib/google/cloud/security_center/v1/organization_settings_pb.rb +0 -30
- data/lib/google/cloud/security_center/v1/run_asset_discovery_response_pb.rb +0 -25
- data/lib/google/cloud/security_center/v1/security_center_client.rb +0 -2118
- data/lib/google/cloud/security_center/v1/security_center_client_config.json +0 -141
- data/lib/google/cloud/security_center/v1/security_marks_pb.rb +0 -18
- data/lib/google/cloud/security_center/v1/securitycenter_service_pb.rb +0 -230
- data/lib/google/cloud/security_center/v1/securitycenter_service_services_pb.rb +0 -100
- data/lib/google/cloud/security_center/v1/source_pb.rb +0 -19
- data/lib/google/cloud/security_center/v1p1beta1.rb +0 -149
- data/lib/google/cloud/security_center/v1p1beta1/asset_pb.rb +0 -41
- data/lib/google/cloud/security_center/v1p1beta1/credentials.rb +0 -41
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/asset.rb +0 -105
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/finding.rb +0 -96
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/notification_config.rb +0 -87
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/organization_settings.rb +0 -72
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/security_marks.rb +0 -45
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/securitycenter_service.rb +0 -923
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/cloud/securitycenter/v1p1beta1/source.rb +0 -49
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/iam/v1/iam_policy.rb +0 -64
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/iam/v1/options.rb +0 -33
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/iam/v1/policy.rb +0 -151
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/longrunning/operations.rb +0 -51
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/protobuf/any.rb +0 -131
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/protobuf/duration.rb +0 -91
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/protobuf/empty.rb +0 -29
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/protobuf/field_mask.rb +0 -222
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/protobuf/struct.rb +0 -74
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/protobuf/timestamp.rb +0 -113
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/rpc/status.rb +0 -39
- data/lib/google/cloud/security_center/v1p1beta1/doc/google/type/expr.rb +0 -45
- data/lib/google/cloud/security_center/v1p1beta1/finding_pb.rb +0 -36
- data/lib/google/cloud/security_center/v1p1beta1/helpers.rb +0 -71
- data/lib/google/cloud/security_center/v1p1beta1/notification_config_pb.rb +0 -34
- data/lib/google/cloud/security_center/v1p1beta1/notification_message_pb.rb +0 -21
- data/lib/google/cloud/security_center/v1p1beta1/organization_settings_pb.rb +0 -30
- data/lib/google/cloud/security_center/v1p1beta1/run_asset_discovery_response_pb.rb +0 -25
- data/lib/google/cloud/security_center/v1p1beta1/security_center_client.rb +0 -2093
- data/lib/google/cloud/security_center/v1p1beta1/security_center_client_config.json +0 -141
- data/lib/google/cloud/security_center/v1p1beta1/security_marks_pb.rb +0 -18
- data/lib/google/cloud/security_center/v1p1beta1/securitycenter_service_pb.rb +0 -234
- data/lib/google/cloud/security_center/v1p1beta1/securitycenter_service_services_pb.rb +0 -103
- data/lib/google/cloud/security_center/v1p1beta1/source_pb.rb +0 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3269dba7ab5c7bf40cb35ba566f9d1894a139d76ef2f5308ceb4e622504d38ad
|
4
|
+
data.tar.gz: c98a1cac873ec9dbe6f2f70c1931660c8ab6a95eec7a12e2de8d22057a0b88b5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8ddab24a02b583b236c2e8edca7455a3ef7846c714ecfeee3a62fa0276e5580bea69272219cd06342fdd2a9366107545a03242eb99cc103a597fe96232d0b0b0
|
7
|
+
data.tar.gz: abf70906b50df78dbeefd8098e7c922d6c7caf1e6e00f5561b9f16500477dffb5cf3d5c9beac6a826e5e2a46a92cb9ba1293293528e76072864caacb56d6fb32
|
data/.yardopts
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
--no-private
|
2
|
-
--title=
|
2
|
+
--title=Security Command Center API
|
3
3
|
--exclude _pb\.rb$
|
4
4
|
--markup markdown
|
5
5
|
--markup-provider redcarpet
|
@@ -8,4 +8,5 @@
|
|
8
8
|
-
|
9
9
|
README.md
|
10
10
|
AUTHENTICATION.md
|
11
|
-
|
11
|
+
MIGRATING.md
|
12
|
+
LICENSE.md
|
data/AUTHENTICATION.md
CHANGED
@@ -1,16 +1,17 @@
|
|
1
1
|
# Authentication
|
2
2
|
|
3
|
-
In general, the google-cloud-security_center library uses
|
4
|
-
Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
|
5
|
-
credentials to connect to Google Cloud services. When running within
|
6
|
-
Cloud Platform environments](#google-cloud-platform-environments)
|
7
|
-
|
3
|
+
In general, the google-cloud-security_center library uses
|
4
|
+
[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
|
5
|
+
credentials to connect to Google Cloud services. When running within
|
6
|
+
[Google Cloud Platform environments](#google-cloud-platform-environments) the
|
7
|
+
credentials will be discovered automatically. When running on other
|
8
8
|
environments, the Service Account credentials can be specified by providing the
|
9
|
-
path to the
|
10
|
-
keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
|
11
|
-
the account (or the JSON itself) in
|
12
|
-
variables](#environment-variables). Additionally, Cloud SDK
|
13
|
-
be discovered automatically, but this is only recommended
|
9
|
+
path to the
|
10
|
+
[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
|
11
|
+
for the account (or the JSON itself) in
|
12
|
+
[environment variables](#environment-variables). Additionally, Cloud SDK
|
13
|
+
credentials can also be discovered automatically, but this is only recommended
|
14
|
+
during development.
|
14
15
|
|
15
16
|
## Quickstart
|
16
17
|
|
@@ -18,7 +19,7 @@ be discovered automatically, but this is only recommended during development.
|
|
18
19
|
2. Set the [environment variable](#environment-variables).
|
19
20
|
|
20
21
|
```sh
|
21
|
-
export SECURITY_CENTER_CREDENTIALS
|
22
|
+
export SECURITY_CENTER_CREDENTIALS=path/to/keyfile.json
|
22
23
|
```
|
23
24
|
|
24
25
|
3. Initialize the client.
|
@@ -26,23 +27,14 @@ export SECURITY_CENTER_CREDENTIALS=/path/to/json`
|
|
26
27
|
```ruby
|
27
28
|
require "google/cloud/security_center"
|
28
29
|
|
29
|
-
client = Google::Cloud::SecurityCenter.
|
30
|
+
client = Google::Cloud::SecurityCenter.security_center
|
30
31
|
```
|
31
32
|
|
32
|
-
##
|
33
|
+
## Credential Lookup
|
33
34
|
|
34
35
|
The google-cloud-security_center library aims to make authentication
|
35
36
|
as simple as possible, and provides several mechanisms to configure your system
|
36
|
-
without
|
37
|
-
code.
|
38
|
-
|
39
|
-
**Project ID** is discovered in the following order:
|
40
|
-
|
41
|
-
1. Specify project ID in method arguments
|
42
|
-
2. Specify project ID in configuration
|
43
|
-
3. Discover project ID in environment variables
|
44
|
-
4. Discover GCP project ID
|
45
|
-
5. Discover project ID in credentials JSON
|
37
|
+
without requiring **Service Account Credentials** directly in code.
|
46
38
|
|
47
39
|
**Credentials** are discovered in the following order:
|
48
40
|
|
@@ -55,28 +47,24 @@ code.
|
|
55
47
|
|
56
48
|
### Google Cloud Platform environments
|
57
49
|
|
58
|
-
When running on Google Cloud Platform (GCP), including Google Compute Engine
|
59
|
-
Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
|
60
|
-
(GCF) and Cloud Run,
|
61
|
-
|
50
|
+
When running on Google Cloud Platform (GCP), including Google Compute Engine
|
51
|
+
(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
|
52
|
+
Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
|
53
|
+
Code should be written as if already authenticated.
|
62
54
|
|
63
55
|
### Environment Variables
|
64
56
|
|
65
|
-
The **
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
encouraged.
|
73
|
-
|
74
|
-
The environment variables that google-cloud-security_center checks for project ID are:
|
75
|
-
|
76
|
-
1. `SECURITY_CENTER_PROJECT`
|
77
|
-
2. `GOOGLE_CLOUD_PROJECT`
|
57
|
+
The **Credentials JSON** can be placed in environment variables instead of
|
58
|
+
declaring them directly in code. Each service has its own environment variable,
|
59
|
+
allowing for different service accounts to be used for different services. (See
|
60
|
+
the READMEs for the individual service gems for details.) The path to the
|
61
|
+
**Credentials JSON** file can be stored in the environment variable, or the
|
62
|
+
**Credentials JSON** itself can be stored for environments such as Docker
|
63
|
+
containers where writing files is difficult or not encouraged.
|
78
64
|
|
79
|
-
The environment variables that google-cloud-security_center
|
65
|
+
The environment variables that google-cloud-security_center
|
66
|
+
checks for credentials are configured on the service Credentials class (such as
|
67
|
+
`::Google::Cloud::SecurityCenter::V1::SecurityCenter::Credentials`):
|
80
68
|
|
81
69
|
1. `SECURITY_CENTER_CREDENTIALS` - Path to JSON file, or JSON contents
|
82
70
|
2. `SECURITY_CENTER_KEYFILE` - Path to JSON file, or JSON contents
|
@@ -87,25 +75,34 @@ The environment variables that google-cloud-security_center checks for credentia
|
|
87
75
|
```ruby
|
88
76
|
require "google/cloud/security_center"
|
89
77
|
|
90
|
-
ENV["SECURITY_CENTER_PROJECT"] = "my-project-id"
|
91
78
|
ENV["SECURITY_CENTER_CREDENTIALS"] = "path/to/keyfile.json"
|
92
79
|
|
93
|
-
client = Google::Cloud::SecurityCenter.
|
80
|
+
client = Google::Cloud::SecurityCenter.security_center
|
94
81
|
```
|
95
82
|
|
96
83
|
### Configuration
|
97
84
|
|
98
|
-
The **
|
85
|
+
The **Credentials JSON** can be configured instead of placing them in
|
86
|
+
environment variables. Either on an individual client initialization:
|
87
|
+
|
88
|
+
```ruby
|
89
|
+
require "google/cloud/security_center"
|
90
|
+
|
91
|
+
client = Google::Cloud::SecurityCenter.security_center do |config|
|
92
|
+
config.credentials = "path/to/keyfile.json"
|
93
|
+
end
|
94
|
+
```
|
95
|
+
|
96
|
+
Or configured globally for all clients:
|
99
97
|
|
100
98
|
```ruby
|
101
99
|
require "google/cloud/security_center"
|
102
100
|
|
103
101
|
Google::Cloud::SecurityCenter.configure do |config|
|
104
|
-
config.project_id = "my-project-id"
|
105
102
|
config.credentials = "path/to/keyfile.json"
|
106
103
|
end
|
107
104
|
|
108
|
-
client = Google::Cloud::SecurityCenter.
|
105
|
+
client = Google::Cloud::SecurityCenter.security_center
|
109
106
|
```
|
110
107
|
|
111
108
|
### Cloud SDK
|
@@ -134,24 +131,24 @@ To configure your system for this, simply:
|
|
134
131
|
|
135
132
|
## Creating a Service Account
|
136
133
|
|
137
|
-
Google Cloud requires
|
138
|
-
connect to the APIs. You will use the **
|
134
|
+
Google Cloud requires **Service Account Credentials** to
|
135
|
+
connect to the APIs. You will use the **JSON key file** to
|
139
136
|
connect to most services with google-cloud-security_center.
|
140
137
|
|
141
|
-
If you are not running this client within
|
142
|
-
environments](#google-cloud-platform-environments), you
|
143
|
-
Developers service account.
|
138
|
+
If you are not running this client within
|
139
|
+
[Google Cloud Platform environments](#google-cloud-platform-environments), you
|
140
|
+
need a Google Developers service account.
|
144
141
|
|
145
142
|
1. Visit the [Google Developers Console][dev-console].
|
146
|
-
|
147
|
-
|
143
|
+
2. Create a new project or click on an existing project.
|
144
|
+
3. Activate the slide-out navigation tray and select **API Manager**. From
|
148
145
|
here, you will enable the APIs that your application requires.
|
149
146
|
|
150
147
|
![Enable the APIs that your application requires][enable-apis]
|
151
148
|
|
152
149
|
*Note: You may need to enable billing in order to use these services.*
|
153
150
|
|
154
|
-
|
151
|
+
4. Select **Credentials** from the side navigation.
|
155
152
|
|
156
153
|
You should see a screen like one of the following.
|
157
154
|
|
@@ -170,8 +167,3 @@ Developers service account.
|
|
170
167
|
|
171
168
|
The key file you download will be used by this library to authenticate API
|
172
169
|
requests and should be stored in a secure location.
|
173
|
-
|
174
|
-
## Troubleshooting
|
175
|
-
|
176
|
-
If you're having trouble authenticating you can ask for help by following the
|
177
|
-
{file:TROUBLESHOOTING.md Troubleshooting Guide}.
|
data/LICENSE.md
ADDED
@@ -0,0 +1,203 @@
|
|
1
|
+
Apache License
|
2
|
+
==============
|
3
|
+
|
4
|
+
* Version 2.0, January 2004
|
5
|
+
* https://www.apache.org/licenses/
|
6
|
+
|
7
|
+
### TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
8
|
+
|
9
|
+
1. **Definitions.**
|
10
|
+
|
11
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
12
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
13
|
+
|
14
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
15
|
+
the copyright owner that is granting the License.
|
16
|
+
|
17
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
18
|
+
other entities that control, are controlled by, or are under common
|
19
|
+
control with that entity. For the purposes of this definition,
|
20
|
+
"control" means (i) the power, direct or indirect, to cause the
|
21
|
+
direction or management of such entity, whether by contract or
|
22
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
23
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
24
|
+
|
25
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
26
|
+
exercising permissions granted by this License.
|
27
|
+
|
28
|
+
"Source" form shall mean the preferred form for making modifications,
|
29
|
+
including but not limited to software source code, documentation
|
30
|
+
source, and configuration files.
|
31
|
+
|
32
|
+
"Object" form shall mean any form resulting from mechanical
|
33
|
+
transformation or translation of a Source form, including but
|
34
|
+
not limited to compiled object code, generated documentation,
|
35
|
+
and conversions to other media types.
|
36
|
+
|
37
|
+
"Work" shall mean the work of authorship, whether in Source or
|
38
|
+
Object form, made available under the License, as indicated by a
|
39
|
+
copyright notice that is included in or attached to the work
|
40
|
+
(an example is provided in the Appendix below).
|
41
|
+
|
42
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
43
|
+
form, that is based on (or derived from) the Work and for which the
|
44
|
+
editorial revisions, annotations, elaborations, or other modifications
|
45
|
+
represent, as a whole, an original work of authorship. For the purposes
|
46
|
+
of this License, Derivative Works shall not include works that remain
|
47
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
48
|
+
the Work and Derivative Works thereof.
|
49
|
+
|
50
|
+
"Contribution" shall mean any work of authorship, including
|
51
|
+
the original version of the Work and any modifications or additions
|
52
|
+
to that Work or Derivative Works thereof, that is intentionally
|
53
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
54
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
55
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
56
|
+
means any form of electronic, verbal, or written communication sent
|
57
|
+
to the Licensor or its representatives, including but not limited to
|
58
|
+
communication on electronic mailing lists, source code control systems,
|
59
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
60
|
+
Licensor for the purpose of discussing and improving the Work, but
|
61
|
+
excluding communication that is conspicuously marked or otherwise
|
62
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
63
|
+
|
64
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
65
|
+
on behalf of whom a Contribution has been received by Licensor and
|
66
|
+
subsequently incorporated within the Work.
|
67
|
+
|
68
|
+
2. **Grant of Copyright License.** Subject to the terms and conditions of
|
69
|
+
this License, each Contributor hereby grants to You a perpetual,
|
70
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
71
|
+
copyright license to reproduce, prepare Derivative Works of,
|
72
|
+
publicly display, publicly perform, sublicense, and distribute the
|
73
|
+
Work and such Derivative Works in Source or Object form.
|
74
|
+
|
75
|
+
3. **Grant of Patent License.** Subject to the terms and conditions of
|
76
|
+
this License, each Contributor hereby grants to You a perpetual,
|
77
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
78
|
+
(except as stated in this section) patent license to make, have made,
|
79
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
80
|
+
where such license applies only to those patent claims licensable
|
81
|
+
by such Contributor that are necessarily infringed by their
|
82
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
83
|
+
with the Work to which such Contribution(s) was submitted. If You
|
84
|
+
institute patent litigation against any entity (including a
|
85
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
86
|
+
or a Contribution incorporated within the Work constitutes direct
|
87
|
+
or contributory patent infringement, then any patent licenses
|
88
|
+
granted to You under this License for that Work shall terminate
|
89
|
+
as of the date such litigation is filed.
|
90
|
+
|
91
|
+
4. **Redistribution.** You may reproduce and distribute copies of the
|
92
|
+
Work or Derivative Works thereof in any medium, with or without
|
93
|
+
modifications, and in Source or Object form, provided that You
|
94
|
+
meet the following conditions:
|
95
|
+
|
96
|
+
* **(a)** You must give any other recipients of the Work or
|
97
|
+
Derivative Works a copy of this License; and
|
98
|
+
|
99
|
+
* **(b)** You must cause any modified files to carry prominent notices
|
100
|
+
stating that You changed the files; and
|
101
|
+
|
102
|
+
* **(c)** You must retain, in the Source form of any Derivative Works
|
103
|
+
that You distribute, all copyright, patent, trademark, and
|
104
|
+
attribution notices from the Source form of the Work,
|
105
|
+
excluding those notices that do not pertain to any part of
|
106
|
+
the Derivative Works; and
|
107
|
+
|
108
|
+
* **(d)** If the Work includes a "NOTICE" text file as part of its
|
109
|
+
distribution, then any Derivative Works that You distribute must
|
110
|
+
include a readable copy of the attribution notices contained
|
111
|
+
within such NOTICE file, excluding those notices that do not
|
112
|
+
pertain to any part of the Derivative Works, in at least one
|
113
|
+
of the following places: within a NOTICE text file distributed
|
114
|
+
as part of the Derivative Works; within the Source form or
|
115
|
+
documentation, if provided along with the Derivative Works; or,
|
116
|
+
within a display generated by the Derivative Works, if and
|
117
|
+
wherever such third-party notices normally appear. The contents
|
118
|
+
of the NOTICE file are for informational purposes only and
|
119
|
+
do not modify the License. You may add Your own attribution
|
120
|
+
notices within Derivative Works that You distribute, alongside
|
121
|
+
or as an addendum to the NOTICE text from the Work, provided
|
122
|
+
that such additional attribution notices cannot be construed
|
123
|
+
as modifying the License.
|
124
|
+
|
125
|
+
You may add Your own copyright statement to Your modifications and
|
126
|
+
may provide additional or different license terms and conditions
|
127
|
+
for use, reproduction, or distribution of Your modifications, or
|
128
|
+
for any such Derivative Works as a whole, provided Your use,
|
129
|
+
reproduction, and distribution of the Work otherwise complies with
|
130
|
+
the conditions stated in this License.
|
131
|
+
|
132
|
+
5. **Submission of Contributions.** Unless You explicitly state otherwise,
|
133
|
+
any Contribution intentionally submitted for inclusion in the Work
|
134
|
+
by You to the Licensor shall be under the terms and conditions of
|
135
|
+
this License, without any additional terms or conditions.
|
136
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
137
|
+
the terms of any separate license agreement you may have executed
|
138
|
+
with Licensor regarding such Contributions.
|
139
|
+
|
140
|
+
6. **Trademarks.** This License does not grant permission to use the trade
|
141
|
+
names, trademarks, service marks, or product names of the Licensor,
|
142
|
+
except as required for reasonable and customary use in describing the
|
143
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
144
|
+
|
145
|
+
7. **Disclaimer of Warranty.** Unless required by applicable law or
|
146
|
+
agreed to in writing, Licensor provides the Work (and each
|
147
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
148
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
149
|
+
implied, including, without limitation, any warranties or conditions
|
150
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
151
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
152
|
+
appropriateness of using or redistributing the Work and assume any
|
153
|
+
risks associated with Your exercise of permissions under this License.
|
154
|
+
|
155
|
+
8. **Limitation of Liability.** In no event and under no legal theory,
|
156
|
+
whether in tort (including negligence), contract, or otherwise,
|
157
|
+
unless required by applicable law (such as deliberate and grossly
|
158
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
159
|
+
liable to You for damages, including any direct, indirect, special,
|
160
|
+
incidental, or consequential damages of any character arising as a
|
161
|
+
result of this License or out of the use or inability to use the
|
162
|
+
Work (including but not limited to damages for loss of goodwill,
|
163
|
+
work stoppage, computer failure or malfunction, or any and all
|
164
|
+
other commercial damages or losses), even if such Contributor
|
165
|
+
has been advised of the possibility of such damages.
|
166
|
+
|
167
|
+
9. **Accepting Warranty or Additional Liability.** While redistributing
|
168
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
169
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
170
|
+
or other liability obligations and/or rights consistent with this
|
171
|
+
License. However, in accepting such obligations, You may act only
|
172
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
173
|
+
of any other Contributor, and only if You agree to indemnify,
|
174
|
+
defend, and hold each Contributor harmless for any liability
|
175
|
+
incurred by, or claims asserted against, such Contributor by reason
|
176
|
+
of your accepting any such warranty or additional liability.
|
177
|
+
|
178
|
+
_END OF TERMS AND CONDITIONS_
|
179
|
+
|
180
|
+
### APPENDIX: How to apply the Apache License to your work.
|
181
|
+
|
182
|
+
To apply the Apache License to your work, attach the following
|
183
|
+
boilerplate notice, with the fields enclosed by brackets "`[]`"
|
184
|
+
replaced with your own identifying information. (Don't include
|
185
|
+
the brackets!) The text should be enclosed in the appropriate
|
186
|
+
comment syntax for the file format. We also recommend that a
|
187
|
+
file or class name and description of purpose be included on the
|
188
|
+
same "printed page" as the copyright notice for easier
|
189
|
+
identification within third-party archives.
|
190
|
+
|
191
|
+
Copyright [yyyy] [name of copyright owner]
|
192
|
+
|
193
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
194
|
+
you may not use this file except in compliance with the License.
|
195
|
+
You may obtain a copy of the License at
|
196
|
+
|
197
|
+
https://www.apache.org/licenses/LICENSE-2.0
|
198
|
+
|
199
|
+
Unless required by applicable law or agreed to in writing, software
|
200
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
201
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
202
|
+
See the License for the specific language governing permissions and
|
203
|
+
limitations under the License.
|
data/MIGRATING.md
ADDED
@@ -0,0 +1,327 @@
|
|
1
|
+
## Migrating to google-cloud-security_center 1.0
|
2
|
+
|
3
|
+
The 1.0 release of the google-cloud-security_center client is a significant upgrade
|
4
|
+
based on a [next-gen code generator](https://github.com/googleapis/gapic-generator-ruby),
|
5
|
+
and includes substantial interface changes. Existing code written for earlier
|
6
|
+
versions of this library will likely require updates to use this version.
|
7
|
+
This document describes the changes that have been made, and what you need to
|
8
|
+
do to update your usage.
|
9
|
+
|
10
|
+
To summarize:
|
11
|
+
|
12
|
+
* The library has been broken out into three libraries. The new gems
|
13
|
+
`google-cloud-security_center-v1` and `google-cloud-security_center-v1p1beta1` contain the
|
14
|
+
actual client classes for versions V1 and V1p1beta1 of the Cloud Security Command Center
|
15
|
+
service, and the gem `google-cloud-security_center` now simply provides a
|
16
|
+
convenience wrapper. See [Library Structure](#library-structure) for more
|
17
|
+
info.
|
18
|
+
* The library uses a new configuration mechanism giving you closer control
|
19
|
+
over endpoint address, network timeouts, and retry. See
|
20
|
+
[Client Configuration](#client-configuration) for more info. Furthermore,
|
21
|
+
when creating a client object, you can customize its configuration in a
|
22
|
+
block rather than passing arguments to the constructor. See
|
23
|
+
[Creating Clients](#creating-clients) for more info.
|
24
|
+
* Previously, positional arguments were used to indicate required arguments.
|
25
|
+
Now, all method arguments are keyword arguments, with documentation that
|
26
|
+
specifies whether they are required or optional. Additionally, you can pass
|
27
|
+
a proto request object instead of separate arguments. See
|
28
|
+
[Passing Arguments](#passing-arguments) for more info.
|
29
|
+
* Previously, some client classes included helper methods for constructing
|
30
|
+
resource paths. These methods now take keyword rather than positional
|
31
|
+
arguments, and are also available in a separate paths module. See
|
32
|
+
[Resource Path Helpers](#resource-path-helpers) for more info.
|
33
|
+
* Previously, clients reported RPC errors by raising instances of
|
34
|
+
`Google::Gax::GaxError` and its subclasses. Now, RPC exceptions are of type
|
35
|
+
`Google::Cloud::Error` and its subclasses. See
|
36
|
+
[Handling Errors](#handling-errors) for more info.
|
37
|
+
* Some classes have moved into different namespaces. See
|
38
|
+
[Class Namespaces](#class-namespaces) for more info.
|
39
|
+
|
40
|
+
### Library Structure
|
41
|
+
|
42
|
+
Older 0.x releases of the `google-cloud-security_center` gem were all-in-one gems that
|
43
|
+
included potentially multiple clients for multiple versions of the Security
|
44
|
+
Command Center service. The `Google::Cloud::SecurityCenter.new` factory method would
|
45
|
+
return you an instance of a `Google::Cloud::SecurityCenter::V1::SecurityCenterClient`
|
46
|
+
object for the V1 version of the service, or a
|
47
|
+
`Google::Cloud::SecurityCenter::V1p1beta1::SecurityCenterClient` object for the
|
48
|
+
V1p1beta1 version of the service. All these classes were defined in the same gem.
|
49
|
+
|
50
|
+
With the 1.0 release, the `google-cloud-security_center` gem still provides factory
|
51
|
+
methods for obtaining clients. (The method signatures will have changed. See
|
52
|
+
[Creating Clients](#creating-clients) for details.) However, the actual client
|
53
|
+
classes have been moved into separate gems, one per service version. The
|
54
|
+
`Google::Cloud::SecurityCenter::V1::SecurityCenter::Client` class, along with its
|
55
|
+
helpers and data types, is now part of the `google-cloud-security_center-v1` gem.
|
56
|
+
Similarly, the `Google::Cloud::SecurityCenter::V1p1beta1::SecurityCenter::Client`
|
57
|
+
class is part of the `google-cloud-security_center-v1p1beta1` gem.
|
58
|
+
|
59
|
+
For normal usage, you can continue to install the `google-cloud-security_center` gem
|
60
|
+
(which will bring in the versioned client gems as dependencies) and continue to
|
61
|
+
use factory methods to create clients. However, you may alternatively choose to
|
62
|
+
install only one of the versioned gems. For example, if you know you will only
|
63
|
+
`V1` of the service, you can install `google-cloud-security_center-v1` by itself, and
|
64
|
+
construct instances of the
|
65
|
+
`Google::Cloud::SecurityCenter::V1::SecurityCenter::Client` client class directly.
|
66
|
+
|
67
|
+
### Client Configuration
|
68
|
+
|
69
|
+
In older releases, if you wanted to customize performance parameters or
|
70
|
+
low-level behavior of the client (such as credentials, timeouts, or
|
71
|
+
instrumentation), you would pass a variety of keyword arguments to the client
|
72
|
+
constructor. It was also extremely difficult to customize the default settings.
|
73
|
+
|
74
|
+
With the 1.0 release, a configuration interface provides control over these
|
75
|
+
parameters, including defaults for all instances of a client, and settings for
|
76
|
+
each specific client instance. For example, to set default credentials and
|
77
|
+
timeout for all SecurityCenter V1 clients:
|
78
|
+
|
79
|
+
```
|
80
|
+
Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.configure do |config|
|
81
|
+
config.credentials = "/path/to/credentials.json"
|
82
|
+
config.timeout = 10.0
|
83
|
+
end
|
84
|
+
```
|
85
|
+
|
86
|
+
Individual RPCs can also be configured independently. For example, to set the
|
87
|
+
timeout for the `list_findings` call:
|
88
|
+
|
89
|
+
```
|
90
|
+
Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.configure do |config|
|
91
|
+
config.rpcs.list_findings.timeout = 20.0
|
92
|
+
end
|
93
|
+
```
|
94
|
+
|
95
|
+
Defaults for certain configurations can be set for all SecurityCenter versions
|
96
|
+
globally:
|
97
|
+
|
98
|
+
```
|
99
|
+
Google::Cloud::SecurityCenter.configure do |config|
|
100
|
+
config.credentials = "/path/to/credentials.json"
|
101
|
+
config.timeout = 10.0
|
102
|
+
end
|
103
|
+
```
|
104
|
+
|
105
|
+
Finally, you can override the configuration for each client instance. See the
|
106
|
+
next section on [Creating Clients](#creating-clients) for details.
|
107
|
+
|
108
|
+
### Creating Clients
|
109
|
+
|
110
|
+
In older releases, to create a client object, you would use the
|
111
|
+
`Google::Cloud::SecurityCenter.new` class method. Keyword arguments were available to
|
112
|
+
select a service version and to configure parameters such as credentials and
|
113
|
+
timeouts.
|
114
|
+
|
115
|
+
With the 1.0 release, use the `Google::Cloud::SecurityCenter.security_center` class
|
116
|
+
method to create a client object. You may select a service version using the
|
117
|
+
`:version` keyword argument. However, other configuration parameters should be
|
118
|
+
set in a configuration block when you create the client.
|
119
|
+
|
120
|
+
Old:
|
121
|
+
```
|
122
|
+
client = Google::Cloud::SecurityCenter.new credentials: "/path/to/credentials.json"
|
123
|
+
```
|
124
|
+
|
125
|
+
New:
|
126
|
+
```
|
127
|
+
client = Google::Cloud::SecurityCenter.security_center do |config|
|
128
|
+
config.credentials = "/path/to/credentials.json"
|
129
|
+
end
|
130
|
+
```
|
131
|
+
|
132
|
+
The configuration block is optional. If you do not provide it, or you do not
|
133
|
+
set some configuration parameters, then the default configuration is used. See
|
134
|
+
[Client Configuration](#client-configuration).
|
135
|
+
|
136
|
+
### Passing Arguments
|
137
|
+
|
138
|
+
In older releases, required arguments would be passed as positional method
|
139
|
+
arguments, while most optional arguments would be passed as keyword arguments.
|
140
|
+
|
141
|
+
With the 1.0 release, all RPC arguments are passed as keyword arguments,
|
142
|
+
regardless of whether they are required or optional. For example:
|
143
|
+
|
144
|
+
Old:
|
145
|
+
```
|
146
|
+
client = Google::Cloud::SecurityCenter.new
|
147
|
+
|
148
|
+
parent = "organizations/my-org/sources/-"
|
149
|
+
ordering = "name"
|
150
|
+
|
151
|
+
# Parent is a positional argument, while order_by is a keyword argument.
|
152
|
+
response = client.list_findings parent, order_by: ordering
|
153
|
+
```
|
154
|
+
|
155
|
+
New:
|
156
|
+
```
|
157
|
+
client = Google::Cloud::SecurityCenter.security_center
|
158
|
+
|
159
|
+
parent = "organizations/my-org/sources/-"
|
160
|
+
ordering = "name"
|
161
|
+
|
162
|
+
# Both parent and order_by are keyword arguments.
|
163
|
+
response = client.list_findings parent: parent, order_by: ordering
|
164
|
+
```
|
165
|
+
|
166
|
+
In the 1.0 release, it is also possible to pass a request object, either
|
167
|
+
as a hash or as a protocol buffer.
|
168
|
+
|
169
|
+
New:
|
170
|
+
```
|
171
|
+
client = Google::Cloud::SecurityCenter.security_center
|
172
|
+
|
173
|
+
request = Google::Cloud::SecurityCenter::V1::ListFindingsRequest.new(
|
174
|
+
parent: "organizations/my-org/sources/-",
|
175
|
+
order_by: "name"
|
176
|
+
)
|
177
|
+
|
178
|
+
# Pass a request object as a positional argument:
|
179
|
+
response = client.list_findings request
|
180
|
+
```
|
181
|
+
|
182
|
+
Finally, in older releases, to provide call options, you would pass a
|
183
|
+
`Google::Gax::CallOptions` object with the `:options` keyword argument. In the
|
184
|
+
1.0 release, pass call options using a _second set_ of keyword arguments.
|
185
|
+
|
186
|
+
Old:
|
187
|
+
```
|
188
|
+
client = Google::Cloud::SecurityCenter.new
|
189
|
+
|
190
|
+
parent = "organizations/my-org/sources/-"
|
191
|
+
ordering = "name"
|
192
|
+
|
193
|
+
options = Google::Gax::CallOptions.new timeout: 10.0
|
194
|
+
|
195
|
+
response = client.list_findings parent, order_by: ordering, options: options
|
196
|
+
```
|
197
|
+
|
198
|
+
New:
|
199
|
+
```
|
200
|
+
client = Google::Cloud::SecurityCenter.security_center
|
201
|
+
|
202
|
+
parent = "organizations/my-org/sources/-"
|
203
|
+
ordering = "name"
|
204
|
+
|
205
|
+
# Use a hash to wrap the normal call arguments (or pass a request object), and
|
206
|
+
# then add further keyword arguments for the call options.
|
207
|
+
response = client.list_findings(
|
208
|
+
{ parent: parent, order_by: ordering },
|
209
|
+
timeout: 10.0
|
210
|
+
)
|
211
|
+
```
|
212
|
+
|
213
|
+
### Resource Path Helpers
|
214
|
+
|
215
|
+
The client library includes helper methods for generating the resource path
|
216
|
+
strings passed to many calls. These helpers have changed in two ways:
|
217
|
+
|
218
|
+
* In older releases, they are both _class_ methods and _instance_ methods on
|
219
|
+
the client class. In the 1.0 release, they are _instance methods only_.
|
220
|
+
However, they are also available on a separate paths module that you can
|
221
|
+
include elsewhere for convenience.
|
222
|
+
* In older releases, arguments to a resource path helper are passed as
|
223
|
+
_positional_ arguments. In the 1.0 release, they are passed as named _keyword_
|
224
|
+
arguments.
|
225
|
+
|
226
|
+
Following is an example involving using a resource path helper.
|
227
|
+
|
228
|
+
Old:
|
229
|
+
```
|
230
|
+
client = Google::Cloud::SecurityCenter.new
|
231
|
+
|
232
|
+
# Call the helper using positional arguments.
|
233
|
+
parent = client.source_path "my-org", "my-source"
|
234
|
+
|
235
|
+
response = client.list_findings parent
|
236
|
+
```
|
237
|
+
|
238
|
+
New:
|
239
|
+
```
|
240
|
+
client = Google::Cloud::SecurityCenter.security_center
|
241
|
+
|
242
|
+
# Call the helper using keyword arguments
|
243
|
+
parent = client.source_path organization: "my-org", source: "my-source"
|
244
|
+
|
245
|
+
response = client.list_findings parent: parent
|
246
|
+
```
|
247
|
+
|
248
|
+
In the 1.0 client, you can also use the paths module as a convenience module.
|
249
|
+
|
250
|
+
New:
|
251
|
+
```
|
252
|
+
# Bring the path helper methods into the current class
|
253
|
+
include Google::Cloud::SecurityCenter::V1::SecurityCenterService::Paths
|
254
|
+
|
255
|
+
def foo
|
256
|
+
client = Google::Cloud::SecurityCenter.security_center
|
257
|
+
|
258
|
+
# Call the included helper method
|
259
|
+
parent = source_path organization: "my-org", source: "my-source"
|
260
|
+
|
261
|
+
response = client.list_findings parent: parent
|
262
|
+
|
263
|
+
# Do something with response...
|
264
|
+
end
|
265
|
+
```
|
266
|
+
|
267
|
+
### Handling Errors
|
268
|
+
|
269
|
+
The client reports standard
|
270
|
+
[gRPC error codes](https://github.com/grpc/grpc/blob/master/doc/statuscodes.md)
|
271
|
+
by raising exceptions. In older releases, these exceptions were located in the
|
272
|
+
`Google::Gax` namespace and were subclasses of the `Google::Gax::GaxError` base
|
273
|
+
exception class, defined in the `google-gax` gem. However, these classes were
|
274
|
+
different from the standard exceptions (subclasses of `Google::Cloud::Error`)
|
275
|
+
thrown by other client libraries such as `google-cloud-storage`.
|
276
|
+
|
277
|
+
The 1.0 client library now uses the `Google::Cloud::Error` exception hierarchy,
|
278
|
+
for consistency across all the Google Cloud client libraries. In general, these
|
279
|
+
exceptions have the same name as their counterparts from older releases, but
|
280
|
+
are located in the `Google::Cloud` namespace rather than the `Google::Gax`
|
281
|
+
namespace.
|
282
|
+
|
283
|
+
Old:
|
284
|
+
```
|
285
|
+
client = Google::Cloud::SecurityCenter.new
|
286
|
+
|
287
|
+
parent = "organizations/my-org/sources/-"
|
288
|
+
ordering = "name"
|
289
|
+
|
290
|
+
begin
|
291
|
+
response = client.list_findings parent, order_by: ordering
|
292
|
+
rescue Google::Gax::Error => e
|
293
|
+
# Handle exceptions that subclass Google::Gax::Error
|
294
|
+
end
|
295
|
+
```
|
296
|
+
|
297
|
+
New:
|
298
|
+
```
|
299
|
+
client = Google::Cloud::SecurityCenter.security_center
|
300
|
+
|
301
|
+
parent = "organizations/my-org/sources/-"
|
302
|
+
ordering = "name"
|
303
|
+
|
304
|
+
begin
|
305
|
+
response = client.list_findings parent: parent, order_by: ordering
|
306
|
+
rescue Google::Cloud::Error => e
|
307
|
+
# Handle exceptions that subclass Google::Cloud::Error
|
308
|
+
end
|
309
|
+
```
|
310
|
+
|
311
|
+
### Class Namespaces
|
312
|
+
|
313
|
+
In older releases, the client object was of class
|
314
|
+
`Google::Cloud::SecurityCenter::V1::SecurityCenterClient`.
|
315
|
+
In the 1.0 release, the client object is of class
|
316
|
+
`Google::Cloud::SecurityCenter::V1::SecurityCenter::Client`.
|
317
|
+
Note that most users will use the `Google::Cloud::SecurityCenter.security_center`
|
318
|
+
factory method to create instances of the client object, so you may not need to
|
319
|
+
reference the actual class directly.
|
320
|
+
See [Creating Clients](#creating-clients).
|
321
|
+
|
322
|
+
In older releases, the credentials object was of class
|
323
|
+
`Google::Cloud::SecurityCenter::V1::Credentials`.
|
324
|
+
In the 1.0 release, the credentials object is of class
|
325
|
+
`Google::Cloud::SecurityCenter::V1::SecurityCenter::Credentials`.
|
326
|
+
Again, most users will not need to reference this class directly.
|
327
|
+
See [Client Configuration](#client-configuration).
|