From ec3abd252822ae8bd5c7da92c135be2516394f3a Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 20 May 2021 02:52:23 +0200 Subject: [PATCH 01/13] chore(deps): update dependency google-cloud-securitycenter to v1.2.0 (#149) --- samples/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt index 52dd0a4e..7671171e 100644 --- a/samples/snippets/requirements.txt +++ b/samples/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-pubsub==2.4.1 -google-cloud-securitycenter==1.1.0 \ No newline at end of file +google-cloud-securitycenter==1.2.0 \ No newline at end of file From e67ec8b823e6a55a977e6bbb5daae169b27c2348 Mon Sep 17 00:00:00 2001 From: Dan Lee <71398022+dandhlee@users.noreply.github.com> Date: Wed, 19 May 2021 20:58:00 -0400 Subject: [PATCH 02/13] test: log message.data for debugging (#126) * test: log message.data for debugging Flaky test from #124 suggests that `message.data` might have been deformed somehow. Adding a logging for the data passed to help debug next time something goes wrong. * chore: update for lint * chore: update message formatting * chore: remove extra print * chore: making lint happy --- samples/snippets/snippets_notification_receiver.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/samples/snippets/snippets_notification_receiver.py b/samples/snippets/snippets_notification_receiver.py index ec0d947d..5e291c65 100644 --- a/samples/snippets/snippets_notification_receiver.py +++ b/samples/snippets/snippets_notification_receiver.py @@ -29,7 +29,9 @@ def receive_notifications(project_id, subscription_name): # TODO: subscription_name = "your-subscription-name" def callback(message): - print("Received message") + + # Print the data received for debugging purpose if needed + print(f"Received message: {message.data}") notification_msg = NotificationMessage.from_json(message.data) From 2667eba3ee8acdb9703e63b30024d9450b18da62 Mon Sep 17 00:00:00 2001 From: "google-cloud-policy-bot[bot]" <80869356+google-cloud-policy-bot[bot]@users.noreply.github.com> Date: Wed, 19 May 2021 21:01:54 -0400 Subject: [PATCH 03/13] chore: add SECURITY.md (#132) Co-authored-by: google-cloud-policy-bot[bot] <80869356+google-cloud-policy-bot[bot]@users.noreply.github.com> --- SECURITY.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..8b58ae9c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,7 @@ +# Security Policy + +To report a security issue, please use [g.co/vulnz](https://g.co/vulnz). + +The Google Security Team will respond within 5 working days of your report on g.co/vulnz. + +We use g.co/vulnz for our intake, and do coordination and disclosure here using GitHub Security Advisory to privately discuss and fix the issue. From 2daa7f1c343f319fe144eebc272e8f76aadb3037 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 19 May 2021 21:11:28 -0400 Subject: [PATCH 04/13] chore: new owl bot post processor docker image (#144) gcr.io/repo-automation-bots/owlbot-python:latest@sha256:4c981a6b6f2b8914a448d7b3a01688365be03e3ed26dfee399a6aa77fb112eaa Co-authored-by: Owl Bot --- .github/.OwlBot.lock.yaml | 2 +- .pre-commit-config.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index bab398e1..864c1765 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:1f18bfeb1629a6fd4c9301d4174c672cae5ac7ba611a5c8d204d6010e61f6f0d + digest: sha256:4c981a6b6f2b8914a448d7b3a01688365be03e3ed26dfee399a6aa77fb112eaa diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1bbd7878..4f00c7cf 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -26,6 +26,6 @@ repos: hooks: - id: black - repo: https://gitlab.com/pycqa/flake8 - rev: 3.9.1 + rev: 3.9.2 hooks: - id: flake8 From 250a2a358951e62d088665ecf14219708a8975d9 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 20 May 2021 03:11:54 +0200 Subject: [PATCH 05/13] chore(deps): update dependency google-cloud-pubsub to v2.5.0 (#138) Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com> --- samples/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt index 7671171e..61ca4671 100644 --- a/samples/snippets/requirements.txt +++ b/samples/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-pubsub==2.4.1 +google-cloud-pubsub==2.5.0 google-cloud-securitycenter==1.2.0 \ No newline at end of file From a9836680db5ca69ee8e3983dbf5a03414397e850 Mon Sep 17 00:00:00 2001 From: Anthony Date: Wed, 19 May 2021 18:18:43 -0700 Subject: [PATCH 06/13] docs: remove unused region tags (#108) * add securitycenter prefix to samples, wrap published samples and replace unpublished entirely. * Fix unmatched region tags * Fix more unmatched region tags * fix lint issue with function antipattern * docs: standardize new tags with most-used tag from other languages * fix conflicting tag by making more explicit to the contained function * remove obviated region tags * more Co-authored-by: gcf-merge-on-green[bot] <60162190+gcf-merge-on-green[bot]@users.noreply.github.com> --- samples/snippets/snippets_findings.py | 34 ------------------- samples/snippets/snippets_list_assets.py | 8 ----- .../snippets/snippets_notification_configs.py | 10 ------ .../snippets_notification_receiver.py | 2 -- samples/snippets/snippets_orgs.py | 4 --- samples/snippets/snippets_security_marks.py | 12 ------- 6 files changed, 70 deletions(-) diff --git a/samples/snippets/snippets_findings.py b/samples/snippets/snippets_findings.py index 92175b05..a9484653 100644 --- a/samples/snippets/snippets_findings.py +++ b/samples/snippets/snippets_findings.py @@ -20,7 +20,6 @@ def create_source(organization_id): """Create a new findings source. """ # [START securitycenter_create_source] - # [START create_source] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -38,14 +37,12 @@ def create_source(organization_id): } ) print("Created Source: {}".format(created.name)) - # [END create_source] # [END securitycenter_create_source] def get_source(source_name): """Gets an existing source.""" # [START securitycenter_get_source] - # [START get_source] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -59,7 +56,6 @@ def get_source(source_name): source = client.get_source(request={"name": source_name}) print("Source: {}".format(source)) - # [END get_source] # [END securitycenter_get_source] return source @@ -67,7 +63,6 @@ def get_source(source_name): def update_source(source_name): """Updates a source's display name.""" # [START securitycenter_update_source] - # [START update_source] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -89,7 +84,6 @@ def update_source(source_name): } ) print("Updated Source: {}".format(updated)) - # [END update_source] # [END securitycenter_update_source] return updated @@ -98,7 +92,6 @@ def add_user_to_source(source_name): """Gives a user findingsEditor permission to the source.""" user_email = "csccclienttest@gmail.com" # [START securitycenter_set_source_iam] - # [START update_source_iam] from google.cloud import securitycenter from google.iam.v1 import policy_pb2 @@ -131,7 +124,6 @@ def add_user_to_source(source_name): print("Updated Policy: {}".format(updated)) - # [END update_source_iam] # [END securitycenter_set_source_iam] return binding, updated @@ -140,7 +132,6 @@ def list_source(organization_id): """Lists finding sources.""" i = -1 # [START securitycenter_list_sources] - # [START list_sources] from google.cloud import securitycenter # Create a new client. @@ -152,7 +143,6 @@ def list_source(organization_id): # Call the API and print out each existing source. for i, source in enumerate(client.list_sources(request={"parent": org_name})): print(i, source) - # [END list_sources] # [END securitycenter_list_sources] return i @@ -160,7 +150,6 @@ def list_source(organization_id): def create_finding(source_name): """Creates a new finding.""" # [START securitycenter_create_finding] - # [START create_finding] from google.cloud import securitycenter from google.cloud.securitycenter_v1 import CreateFindingRequest, Finding import datetime @@ -203,7 +192,6 @@ def create_finding(source_name): request=request ) print(created_finding) - # [END create_finding] # [END securitycenter_create_finding] return created_finding @@ -211,7 +199,6 @@ def create_finding(source_name): def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ # [START securitycenter_create_finding_with_source_properties] - # [START create_finding_with_properties] import datetime from google.cloud import securitycenter @@ -261,13 +248,11 @@ def create_finding_with_source_properties(source_name): } ) print(created_finding) - # [END create_finding_with_properties] # [END securitycenter_create_finding_with_source_properties] def update_finding(source_name): # [START securitycenter_update_finding_source_properties] - # [START update_finding] import datetime from google.cloud import securitycenter @@ -309,14 +294,12 @@ def update_finding(source_name): updated_finding.source_properties, updated_finding.event_time ) ) - # [END update_finding] # [END securitycenter_update_finding_source_properties] def update_finding_state(source_name): """Demonstrate updating only a finding state.""" # [START securitycenter_update_finding_state] - # [START update_finding_state] import datetime from google.cloud import securitycenter @@ -340,7 +323,6 @@ def update_finding_state(source_name): } ) print(f"New state: {new_finding.state}") - # [END update_finding_state] # [END securitycenter_update_finding_state] @@ -348,7 +330,6 @@ def trouble_shoot(source_name): """Demonstrate calling test_iam_permissions to determine if the service account has the correct permisions.""" # [START securitycenter_test_iam] - # [START test_iam_permissions] from google.cloud import securitycenter # Create a client. @@ -373,11 +354,9 @@ def trouble_shoot(source_name): len(permission_response.permissions) > 0 ) ) - # [END test_iam_permissions] # [END securitycenter_test_iam] assert len(permission_response.permissions) > 0 # [START securitycenter_test_iam] - # [START test_iam_permissions] # Check for permissions necessary to call set_finding_state. permission_response = client.test_iam_permissions( request={ @@ -388,7 +367,6 @@ def trouble_shoot(source_name): print( "Permision to update state? {}".format(len(permission_response.permissions) > 0) ) - # [END test_iam_permissions] # [END securitycenter_test_iam] return permission_response assert len(permission_response.permissions) > 0 @@ -396,7 +374,6 @@ def trouble_shoot(source_name): def list_all_findings(organization_id): # [START securitycenter_list_all_findings] - # [START list_all_findings] from google.cloud import securitycenter # Create a client. @@ -415,14 +392,12 @@ def list_all_findings(organization_id): i, finding_result.finding.name, finding_result.finding.resource_name ) ) - # [END list_all_findings] # [END securitycenter_list_all_findings] return i def list_filtered_findings(source_name): # [START securitycenter_list_filtered_findings] - # [START list_filtered_findings] from google.cloud import securitycenter # Create a new client. @@ -447,14 +422,12 @@ def list_filtered_findings(source_name): i, finding_result.finding.name, finding_result.finding.resource_name ) ) - # [END list_filtered_findings] # [END securitycenter_list_filtered_findings] return i def list_findings_at_time(source_name): # [START securitycenter_list_findings_at_time] - # [START list_findings_at_a_time] from google.cloud import securitycenter from datetime import timedelta, datetime @@ -470,11 +443,9 @@ def list_findings_at_time(source_name): # You an also use a wild-card "-" for all sources: # source_name = "organizations/111122222444/sources/-" five_days_ago = str(datetime.now() - timedelta(days=5)) - # [END list_findings_at_a_time] # [END securitycenter_list_findings_at_time] i = -1 # [START securitycenter_list_findings_at_time] - # [START list_findings_at_a_time] finding_result_iterator = client.list_findings( request={"parent": source_name, "filter": five_days_ago} @@ -485,7 +456,6 @@ def list_findings_at_time(source_name): i, finding_result.finding.name, finding_result.finding.resource_name ) ) - # [END list_findings_at_a_time] # [END securitycenter_list_findings_at_time] return i @@ -493,7 +463,6 @@ def list_findings_at_time(source_name): def get_iam_policy(source_name): """Gives a user findingsEditor permission to the source.""" # [START securitycenter_get_source_iam] - # [START get_source_iam] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -507,7 +476,6 @@ def get_iam_policy(source_name): # Get the old policy so we can do an incremental update. policy = client.get_iam_policy(request={"resource": source_name}) print("Policy: {}".format(policy)) - # [END get_source_iam] # [END securitycenter_get_source_iam] @@ -515,7 +483,6 @@ def group_all_findings(organization_id): """Demonstrates grouping all findings across an organization.""" i = 0 # [START securitycenter_group_all_findings] - # [START group_all_findings] from google.cloud import securitycenter # Create a client. @@ -532,7 +499,6 @@ def group_all_findings(organization_id): ) for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) - # [END group_all_findings] # [END securitycenter_group_all_findings] return i diff --git a/samples/snippets/snippets_list_assets.py b/samples/snippets/snippets_list_assets.py index 7665ea01..e0099e54 100644 --- a/samples/snippets/snippets_list_assets.py +++ b/samples/snippets/snippets_list_assets.py @@ -21,7 +21,6 @@ def list_all_assets(organization_id): """Demonstrate listing and printing all assets.""" i = 0 # [START securitycenter_list_all_assets] - # [START demo_list_all_assets] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -33,7 +32,6 @@ def list_all_assets(organization_id): asset_iterator = client.list_assets(request={"parent": org_name}) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_all_assets] # [END securitycenter_list_all_assets] return i @@ -42,7 +40,6 @@ def list_assets_with_filters(organization_id): """Demonstrate listing assets with a filter.""" i = 0 # [START securitycenter_list_assets_with_filter] - # [START demo_list_assets_with_filter] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -61,7 +58,6 @@ def list_assets_with_filters(organization_id): ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_assets_with_filter] # [END securitycenter_list_assets_with_filter] return i @@ -70,7 +66,6 @@ def list_assets_with_filters_and_read_time(organization_id): """Demonstrate listing assets with a filter.""" i = 0 # [START securitycenter_list_assets_at_time] - # [START demo_list_assets_with_filter_and_time] from datetime import datetime, timedelta from google.cloud import securitycenter @@ -99,7 +94,6 @@ def list_assets_with_filters_and_read_time(organization_id): ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_assets_with_filter_and_time] # [END securitycenter_list_assets_at_time] return i @@ -108,7 +102,6 @@ def list_point_in_time_changes(organization_id): """Demonstrate listing assets along with their state changes.""" i = 0 # [START securitycenter_list_assets_and_changes] - # [START demo_list_assets_changes] from datetime import timedelta from google.cloud import securitycenter @@ -137,7 +130,6 @@ def list_point_in_time_changes(organization_id): for i, asset in enumerate(asset_iterator): print(i, asset) - # [END demo_list_assets_changes] # [END securitycenter_list_assets_and_changes] return i diff --git a/samples/snippets/snippets_notification_configs.py b/samples/snippets/snippets_notification_configs.py index c03f927c..a0cb9413 100644 --- a/samples/snippets/snippets_notification_configs.py +++ b/samples/snippets/snippets_notification_configs.py @@ -19,7 +19,6 @@ def create_notification_config(organization_id, notification_config_id, pubsub_topic): # [START securitycenter_create_notification_config] - # [START scc_create_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -44,7 +43,6 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t ) print(created_notification_config) - # [END scc_create_notification_config] # [END securitycenter_create_notification_config] return created_notification_config @@ -52,7 +50,6 @@ def create_notification_config(organization_id, notification_config_id, pubsub_t def delete_notification_config(organization_id, notification_config_id): # [START securitycenter_delete_notification_config] - # [START scc_delete_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -66,7 +63,6 @@ def delete_notification_config(organization_id, notification_config_id): client.delete_notification_config(request={"name": notification_config_name}) print("Deleted notification config: {}".format(notification_config_name)) - # [END scc_delete_notification_config] # [END securitycenter_delete_notification_config] return True @@ -74,7 +70,6 @@ def delete_notification_config(organization_id, notification_config_id): def get_notification_config(organization_id, notification_config_id): # [START securitycenter_get_notification_config] - # [START scc_get_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -90,7 +85,6 @@ def get_notification_config(organization_id, notification_config_id): request={"name": notification_config_name} ) print("Got notification config: {}".format(notification_config)) - # [END scc_get_notification_config] # [END securitycenter_get_notification_config] return notification_config @@ -98,7 +92,6 @@ def get_notification_config(organization_id, notification_config_id): def list_notification_configs(organization_id): # [START securitycenter_list_notification_configs] - # [START scc_list_notification_configs] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() @@ -111,14 +104,12 @@ def list_notification_configs(organization_id): ) for i, config in enumerate(notification_configs_iterator): print("{}: notification_config: {}".format(i, config)) - # [END scc_list_notification_configs] # [END securitycenter_list_notification_configs]] return notification_configs_iterator def update_notification_config(organization_id, notification_config_id, pubsub_topic): # [START securitycenter_update_notification_config] - # [START scc_update_notification_config] from google.cloud import securitycenter as securitycenter from google.protobuf import field_mask_pb2 @@ -155,6 +146,5 @@ def update_notification_config(organization_id, notification_config_id, pubsub_t ) print(updated_notification_config) - # [END scc_update_notification_config] # [END securitycenter_update_notification_config] return updated_notification_config diff --git a/samples/snippets/snippets_notification_receiver.py b/samples/snippets/snippets_notification_receiver.py index 5e291c65..9c4368a0 100644 --- a/samples/snippets/snippets_notification_receiver.py +++ b/samples/snippets/snippets_notification_receiver.py @@ -18,7 +18,6 @@ def receive_notifications(project_id, subscription_name): # [START securitycenter_receive_notifications] - # [START scc_receive_notifications] # Requires https://cloud.google.com/pubsub/docs/quickstart-client-libraries#pubsub-client-libraries-python import concurrent @@ -55,6 +54,5 @@ def callback(message): streaming_pull_future.result(timeout=1) # Block for 1 second except concurrent.futures.TimeoutError: streaming_pull_future.cancel() - # [END scc_receive_notifications] # [END securitycenter_receive_notifications] return True diff --git a/samples/snippets/snippets_orgs.py b/samples/snippets/snippets_orgs.py index b155d768..1164b639 100644 --- a/samples/snippets/snippets_orgs.py +++ b/samples/snippets/snippets_orgs.py @@ -19,7 +19,6 @@ def get_settings(organization_id): """Example showing how to retreive current organization settings.""" # [START securitycenter_get_org_settings] - # [START get_org_settings] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -30,7 +29,6 @@ def get_settings(organization_id): org_settings = client.get_organization_settings(request={"name": org_settings_name}) print(org_settings) - # [END get_org_settings] # [END securitycenter_get_org_settings] @@ -38,7 +36,6 @@ def update_asset_discovery_org_settings(organization_id): """Example showing how to update the asset discovery configuration for an organization.""" # [START securitycenter_enable_asset_discovery] - # [START update_org_settings] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -62,6 +59,5 @@ def update_asset_discovery_org_settings(organization_id): } ) print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) - # [END update_org_settings] # [END securitycenter_enable_asset_discovery] return updated diff --git a/samples/snippets/snippets_security_marks.py b/samples/snippets/snippets_security_marks.py index 7a3de409..3107f948 100644 --- a/samples/snippets/snippets_security_marks.py +++ b/samples/snippets/snippets_security_marks.py @@ -19,7 +19,6 @@ def add_to_asset(asset_name): """Add new security marks to an asset.""" # [START securitycenter_add_security_marks] - # [START add_marks_to_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -44,7 +43,6 @@ def add_to_asset(asset_name): } ) print(updated_marks) - # [END add_marks_to_asset] # [END securitycenter_add_security_marks] return updated_marks, marks @@ -54,7 +52,6 @@ def clear_from_asset(asset_name): # Make sure they are there first add_to_asset(asset_name) # [START securitycenter_delete_security_marks] - # [START clear_marks_asset] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -80,7 +77,6 @@ def clear_from_asset(asset_name): } ) print(updated_marks) - # [END clear_marks_asset] # [END securitycenter_delete_security_marks] return updated_marks @@ -90,7 +86,6 @@ def delete_and_update_marks(asset_name): # Make sure they are there first add_to_asset(asset_name) # [START securitycenter_add_delete_security_marks] - # [START delete_and_update_marks] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -111,7 +106,6 @@ def delete_and_update_marks(asset_name): } ) print(updated_marks) - # [END delete_and_update_marks] # [END securitycenter_add_delete_security_marks] return updated_marks @@ -119,7 +113,6 @@ def delete_and_update_marks(asset_name): def add_to_finding(finding_name): """Adds security marks to a finding. """ # [START securitycenter_add_finding_security_marks] - # [START add_marks_to_finding] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 @@ -144,7 +137,6 @@ def add_to_finding(finding_name): "update_mask": field_mask, } ) - # [END add_marks_to_finding] # [END securitycenter_add_finding_security_marks] return updated_marks, marks @@ -154,7 +146,6 @@ def list_assets_with_query_marks(organization_id, asset_name): add_to_asset(asset_name) i = -1 # [START securitycenter_list_assets_with_security_marks] - # [START demo_list_assets_with_security_marks] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -175,7 +166,6 @@ def list_assets_with_query_marks(organization_id, asset_name): ) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) - # [END demo_list_assets_with_security_marks] # [END securitycenter_list_assets_with_security_marks] return i @@ -186,7 +176,6 @@ def list_findings_with_query_marks(source_name, finding_name): add_to_finding(finding_name) i = -1 # [START securitycenter_list_findings_with_security_marks] - # [START demo_list_findings_with_security_marks] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() @@ -205,7 +194,6 @@ def list_findings_with_query_marks(source_name, finding_name): ) for i, finding_result in enumerate(finding_iterator): print(i, finding_result) - # [END demo_list_findings_with_security_marks] # [END securitycenter_list_findings_with_security_marks] # one finding should have been updated with keys, and one should be # untouched. From c69e70cd83e223443c0468d509cd8b209c7cecb0 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Thu, 20 May 2021 14:29:11 -0400 Subject: [PATCH 07/13] chore: fix string replacement in owlbot.py (#151) * chore: fix string replacement in owlbot.py * chore: clean up excessive hash characters --- owlbot.py | 17 +++++++++-------- .../securitycenter_v1/test_security_center.py | 4 ++-- .../test_security_center.py | 4 ++-- .../test_security_center.py | 4 ++-- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/owlbot.py b/owlbot.py index e3f81fc4..43fcd8d8 100644 --- a/owlbot.py +++ b/owlbot.py @@ -29,18 +29,19 @@ r"\g<1>settings resource.\n" r"\g<1>If empty all mutable fields will be updated.", ) + + # Comment out broken assertion in unit test + # https://github.com/googleapis/gapic-generator-python/issues/897 + s.replace( + library / "tests/**/*.py", + "assert args\[0\]\.start_time == timestamp_pb2\.Timestamp\(seconds=751\)", + "# assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751)" + ) + s.move(library, excludes=["README.rst", "docs/index.rst", "setup.py"]) s.remove_staging_dirs() -# Comment out broken assertion in unit test -# https://github.com/googleapis/gapic-generator-python/issues/897 -s.replace( - "tests/**/*.py", - "assert args\[0\]\.start_time == timestamp_pb2\.Timestamp\(seconds=751\)", - "# assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751)" -) - # ---------------------------------------------------------------------------- # Add templated files # ---------------------------------------------------------------------------- diff --git a/tests/unit/gapic/securitycenter_v1/test_security_center.py b/tests/unit/gapic/securitycenter_v1/test_security_center.py index 077678ef..e3dad43b 100644 --- a/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -4817,7 +4817,7 @@ def test_set_finding_state_flattened(): _, args, _ = call.mock_calls[0] assert args[0].name == "name_value" assert args[0].state == finding.Finding.State.ACTIVE - # # # # # # # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) + # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) def test_set_finding_state_flattened_error(): @@ -4862,7 +4862,7 @@ async def test_set_finding_state_flattened_async(): _, args, _ = call.mock_calls[0] assert args[0].name == "name_value" assert args[0].state == finding.Finding.State.ACTIVE - # # # # # # # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) + # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) @pytest.mark.asyncio diff --git a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py index 4c680dd9..9a1e43ee 100644 --- a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py @@ -3622,7 +3622,7 @@ def test_set_finding_state_flattened(): _, args, _ = call.mock_calls[0] assert args[0].name == "name_value" assert args[0].state == finding.Finding.State.ACTIVE - # # # # # # # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) + # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) def test_set_finding_state_flattened_error(): @@ -3667,7 +3667,7 @@ async def test_set_finding_state_flattened_async(): _, args, _ = call.mock_calls[0] assert args[0].name == "name_value" assert args[0].state == finding.Finding.State.ACTIVE - # # # # # # # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) + # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) @pytest.mark.asyncio diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py index 6c45b6cc..75748c4d 100644 --- a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py @@ -4975,7 +4975,7 @@ def test_set_finding_state_flattened(): _, args, _ = call.mock_calls[0] assert args[0].name == "name_value" assert args[0].state == finding.Finding.State.ACTIVE - # # # # # # # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) + # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) def test_set_finding_state_flattened_error(): @@ -5020,7 +5020,7 @@ async def test_set_finding_state_flattened_async(): _, args, _ = call.mock_calls[0] assert args[0].name == "name_value" assert args[0].state == finding.Finding.State.ACTIVE - # # # # # # # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) + # assert args[0].start_time == timestamp_pb2.Timestamp(seconds=751) @pytest.mark.asyncio From b9c892a16c15e89ca67687ce3a6b64490fc61c6f Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Fri, 21 May 2021 08:48:04 -0400 Subject: [PATCH 08/13] feat: bump release level to production/stable (#147) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #146 🦕 --- .repo-metadata.json | 2 +- README.rst | 10 +++++----- setup.py | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.repo-metadata.json b/.repo-metadata.json index 45315ed4..dbe6b680 100644 --- a/.repo-metadata.json +++ b/.repo-metadata.json @@ -4,7 +4,7 @@ "product_documentation": "https://cloud.google.com/security-command-center", "client_documentation": "https://googleapis.dev/python/securitycenter/latest", "issue_tracker": "https://issuetracker.google.com/savedsearches/559748", - "release_level": "alpha", + "release_level": "ga", "language": "python", "library_type": "GAPIC_AUTO", "repo": "googleapis/python-securitycenter", diff --git a/README.rst b/README.rst index ff02d2e4..93cac0da 100644 --- a/README.rst +++ b/README.rst @@ -1,14 +1,14 @@ -Python Client for Cloud Security Command Center API (`Alpha`_) -============================================================== -|alpha| |pypi| |versions| +Python Client for Cloud Security Command Center API +=================================================== +|GA| |pypi| |versions| `Cloud Security Command Center API`_: The public Cloud Security Command Center API. - `Client Library Documentation`_ - `Product Documentation`_ -.. |alpha| image:: https://img.shields.io/badge/support-alpha-orange.svg - :target: https://github.com/googleapis/google-cloud-python/blob/master/README.rst#alpha-support +.. |GA| image:: https://img.shields.io/badge/support-ga-gold.svg + :target: https://github.com/googleapis/google-cloud-python/blob/master/README.rst#general-availability .. |pypi| image:: https://img.shields.io/pypi/v/google-cloud-securitycenter.svg :target: https://pypi.org/project/google-cloud-securitycenter/ .. |versions| image:: https://img.shields.io/pypi/pyversions/google-cloud-securitycenter.svg diff --git a/setup.py b/setup.py index 9636ca1b..9c42fcaa 100644 --- a/setup.py +++ b/setup.py @@ -22,7 +22,7 @@ name = "google-cloud-securitycenter" description = "Cloud Security Command Center API client library" version = "1.2.0" -release_status = "Development Status :: 3 - Alpha" +release_status = "Development Status :: 5 - Production/Stable" dependencies = [ "google-api-core[grpc] >= 1.22.2, < 2.0.0dev", "grpc-google-iam-v1 >= 0.12.3, < 0.13dev", From 4497edade9d2c3fb44bc1896dbdc9cdcab3a89d3 Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Sat, 22 May 2021 01:06:02 -0600 Subject: [PATCH 09/13] chore: delete unused *.proto files (#152) `.proto` files were initially copied when we still used the monolithic gapic-generator and the generated`_pb2.py` files were not human readable. These files no longer serve a purpose and can be removed. --- .../cloud/securitycenter_v1/proto/asset.proto | 121 -- .../securitycenter_v1/proto/finding.proto | 176 --- .../proto/notification_config.proto | 96 -- .../proto/notification_message.proto | 45 - .../proto/organization_settings.proto | 82 -- .../securitycenter_v1/proto/resource.proto | 46 - .../proto/run_asset_discovery_response.proto | 52 - .../proto/security_marks.proto | 56 - .../proto/securitycenter_service.proto | 1264 ---------------- .../securitycenter_v1/proto/source.proto | 60 - .../securitycenter_v1beta1/proto/asset.proto | 93 -- .../proto/finding.proto | 110 -- .../proto/organization_settings.proto | 79 - .../proto/run_asset_discovery_response.proto | 49 - .../proto/security_marks.proto | 53 - .../proto/securitycenter_service.proto | 824 ----------- .../securitycenter_v1beta1/proto/source.proto | 56 - .../proto/asset.proto | 121 -- .../proto/finding.proto | 135 -- .../proto/notification_config.proto | 108 -- .../proto/notification_message.proto | 45 - .../proto/organization_settings.proto | 82 -- .../proto/resource.proto | 46 - .../proto/run_asset_discovery_response.proto | 52 - .../proto/security_marks.proto | 56 - .../proto/securitycenter_service.proto | 1268 ----------------- .../proto/source.proto | 59 - 27 files changed, 5234 deletions(-) delete mode 100644 google/cloud/securitycenter_v1/proto/asset.proto delete mode 100644 google/cloud/securitycenter_v1/proto/finding.proto delete mode 100644 google/cloud/securitycenter_v1/proto/notification_config.proto delete mode 100644 google/cloud/securitycenter_v1/proto/notification_message.proto delete mode 100644 google/cloud/securitycenter_v1/proto/organization_settings.proto delete mode 100644 google/cloud/securitycenter_v1/proto/resource.proto delete mode 100644 google/cloud/securitycenter_v1/proto/run_asset_discovery_response.proto delete mode 100644 google/cloud/securitycenter_v1/proto/security_marks.proto delete mode 100644 google/cloud/securitycenter_v1/proto/securitycenter_service.proto delete mode 100644 google/cloud/securitycenter_v1/proto/source.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/asset.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/finding.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/organization_settings.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/run_asset_discovery_response.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/security_marks.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto delete mode 100644 google/cloud/securitycenter_v1beta1/proto/source.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/asset.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/finding.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/notification_config.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/notification_message.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/organization_settings.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/resource.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/run_asset_discovery_response.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/security_marks.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/securitycenter_service.proto delete mode 100644 google/cloud/securitycenter_v1p1beta1/proto/source.proto diff --git a/google/cloud/securitycenter_v1/proto/asset.proto b/google/cloud/securitycenter_v1/proto/asset.proto deleted file mode 100644 index eb07c049..00000000 --- a/google/cloud/securitycenter_v1/proto/asset.proto +++ /dev/null @@ -1,121 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1/security_marks.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// Security Command Center representation of a Google Cloud -// resource. -// -// The Asset is a Security Command Center resource that captures information -// about a single Google Cloud resource. All modifications to an Asset are only -// within the context of Security Command Center and don't affect the referenced -// Google Cloud resource. -message Asset { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Asset" - pattern: "organizations/{organization}/assets/{asset}" - }; - - // Security Command Center managed properties. These properties are managed by - // Security Command Center and cannot be modified by the user. - message SecurityCenterProperties { - // The full resource name of the Google Cloud resource this asset - // represents. This field is immutable after create time. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_name = 1; - - // The type of the Google Cloud resource. Examples include: APPLICATION, - // PROJECT, and ORGANIZATION. This is a case insensitive field defined by - // Security Command Center and/or the producer of the resource and is - // immutable after create time. - string resource_type = 2; - - // The full resource name of the immediate parent of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_parent = 3; - - // The full resource name of the project the resource belongs to. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_project = 4; - - // Owners of the Google Cloud resource. - repeated string resource_owners = 5; - - // The user defined display name for this resource. - string resource_display_name = 6; - - // The user defined display name for the parent of this resource. - string resource_parent_display_name = 7; - - // The user defined display name for the project of this resource. - string resource_project_display_name = 8; - } - - // Cloud IAM Policy information associated with the Google Cloud resource - // described by the Security Command Center asset. This information is managed - // and defined by the Google Cloud resource and cannot be modified by the - // user. - message IamPolicy { - // The JSON representation of the Policy associated with the asset. - // See https://cloud.google.com/iam/reference/rest/v1/Policy for format - // details. - string policy_blob = 1; - } - - // The relative resource name of this asset. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/assets/{asset_id}". - string name = 1; - - // Security Command Center managed properties. These properties are managed by - // Security Command Center and cannot be modified by the user. - SecurityCenterProperties security_center_properties = 2; - - // Resource managed properties. These properties are managed and defined by - // the Google Cloud resource and cannot be modified by the user. - map resource_properties = 7; - - // User specified security marks. These marks are entirely managed by the user - // and come from the SecurityMarks resource that belongs to the asset. - SecurityMarks security_marks = 8; - - // The time at which the asset was created in Security Command Center. - google.protobuf.Timestamp create_time = 9; - - // The time at which the asset was last updated, added, or deleted in Security - // Command Center. - google.protobuf.Timestamp update_time = 10; - - // Cloud IAM Policy information associated with the Google Cloud resource - // described by the Security Command Center asset. This information is managed - // and defined by the Google Cloud resource and cannot be modified by the - // user. - IamPolicy iam_policy = 11; -} diff --git a/google/cloud/securitycenter_v1/proto/finding.proto b/google/cloud/securitycenter_v1/proto/finding.proto deleted file mode 100644 index dcc62f8b..00000000 --- a/google/cloud/securitycenter_v1/proto/finding.proto +++ /dev/null @@ -1,176 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1/security_marks.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// Security Command Center finding. -// -// A finding is a record of assessment data like security, risk, health, or -// privacy, that is ingested into Security Command Center for presentation, -// notification, analysis, policy testing, and enforcement. For example, a -// cross-site scripting (XSS) vulnerability in an App Engine application is a -// finding. -message Finding { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Finding" - pattern: "organizations/{organization}/sources/{source}/findings/{finding}" - }; - - // The state of the finding. - enum State { - // Unspecified state. - STATE_UNSPECIFIED = 0; - - // The finding requires attention and has not been addressed yet. - ACTIVE = 1; - - // The finding has been fixed, triaged as a non-issue or otherwise addressed - // and is no longer active. - INACTIVE = 2; - } - - // The severity of the finding. - enum Severity { - // This value is used for findings when a source doesn't write a severity - // value. - SEVERITY_UNSPECIFIED = 0; - - // Vulnerability: - // A critical vulnerability is easily discoverable by an external actor, - // exploitable, and results in the direct ability to execute arbitrary code, - // exfiltrate data, and otherwise gain additional access and privileges to - // cloud resources and workloads. Examples include publicly accessible - // unprotected user data, public SSH access with weak or no passwords, etc. - // - // Threat: - // Indicates a threat that is able to access, modify, or delete data or - // execute unauthorized code within existing resources. - CRITICAL = 1; - - // Vulnerability: - // A high risk vulnerability can be easily discovered and exploited in - // combination with other vulnerabilities in order to gain direct access and - // the ability to execute arbitrary code, exfiltrate data, and otherwise - // gain additional access and privileges to cloud resources and workloads. - // An example is a database with weak or no passwords that is only - // accessible internally. This database could easily be compromised by an - // actor that had access to the internal network. - // - // Threat: - // Indicates a threat that is able to create new computational resources in - // an environment but not able to access data or execute code in existing - // resources. - HIGH = 2; - - // Vulnerability: - // A medium risk vulnerability could be used by an actor to gain access to - // resources or privileges that enable them to eventually (through multiple - // steps or a complex exploit) gain access and the ability to execute - // arbitrary code or exfiltrate data. An example is a service account with - // access to more projects than it should have. If an actor gains access to - // the service account, they could potentially use that access to manipulate - // a project the service account was not intended to. - // - // Threat: - // Indicates a threat that is able to cause operational impact but may not - // access data or execute unauthorized code. - MEDIUM = 3; - - // Vulnerability: - // A low risk vulnerability hampers a security organization’s ability to - // detect vulnerabilities or active threats in their deployment, or prevents - // the root cause investigation of security issues. An example is monitoring - // and logs being disabled for resource configurations and access. - // - // Threat: - // Indicates a threat that has obtained minimal access to an environment but - // is not able to access data, execute code, or create resources. - LOW = 4; - } - - // The relative resource name of this finding. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}" - string name = 1; - - // The relative resource name of the source the finding belongs to. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // This field is immutable after creation time. - // For example: - // "organizations/{organization_id}/sources/{source_id}" - string parent = 2; - - // For findings on Google Cloud resources, the full resource - // name of the Google Cloud resource this finding is for. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - // When the finding is for a non-Google Cloud resource, the resourceName can - // be a customer or partner defined string. This field is immutable after - // creation time. - string resource_name = 3; - - // The state of the finding. - State state = 4; - - // The additional taxonomy group within findings from a given source. - // This field is immutable after creation time. - // Example: "XSS_FLASH_INJECTION" - string category = 5; - - // The URI that, if available, points to a web page outside of Security - // Command Center where additional information about the finding can be found. - // This field is guaranteed to be either empty or a well formed URL. - string external_uri = 6; - - // Source specific properties. These properties are managed by the source - // that writes the finding. The key names in the source_properties map must be - // between 1 and 255 characters, and must start with a letter and contain - // alphanumeric characters or underscores only. - map source_properties = 7; - - // Output only. User specified security marks. These marks are entirely - // managed by the user and come from the SecurityMarks resource that belongs - // to the finding. - SecurityMarks security_marks = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // The time at which the event took place, or when an update to the finding - // occurred. For example, if the finding represents an open firewall it would - // capture the time the detector believes the firewall became open. The - // accuracy is determined by the detector. If the finding were to be resolved - // afterward, this time would reflect when the finding was resolved. - google.protobuf.Timestamp event_time = 9; - - // The time at which the finding was created in Security Command Center. - google.protobuf.Timestamp create_time = 10; - - // The severity of the finding. This field is managed by the source that - // writes the finding. - Severity severity = 12; -} diff --git a/google/cloud/securitycenter_v1/proto/notification_config.proto b/google/cloud/securitycenter_v1/proto/notification_config.proto deleted file mode 100644 index 1a9676d9..00000000 --- a/google/cloud/securitycenter_v1/proto/notification_config.proto +++ /dev/null @@ -1,96 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_outer_classname = "NotificationConfigProto"; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; -option (google.api.resource_definition) = { - type: "pubsub.googleapis.com/Topic" - pattern: "projects/{project}/topics/{topic}" -}; - -// Cloud Security Command Center (Cloud SCC) notification configs. -// -// A notification config is a Cloud SCC resource that contains the configuration -// to send notifications for create/update events of findings, assets and etc. -message NotificationConfig { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/NotificationConfig" - pattern: "organizations/{organization}/notificationConfigs/{notification_config}" - }; - - // The config for streaming-based notifications, which send each event as soon - // as it is detected. - message StreamingConfig { - // Expression that defines the filter to apply across create/update events - // of assets or findings as specified by the event type. The expression is a - // list of zero or more restrictions combined via logical operators `AND` - // and `OR`. Parentheses are supported, and `OR` has higher precedence than - // `AND`. - // - // Restrictions have the form ` ` and may have a - // `-` character in front of them to indicate negation. The fields map to - // those defined in the corresponding resource. - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - string filter = 1; - } - - // The relative resource name of this notification config. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/notificationConfigs/notify_public_bucket". - string name = 1; - - // The description of the notification config (max of 1024 characters). - string description = 2; - - // The Pub/Sub topic to send notifications to. Its format is - // "projects/[project_id]/topics/[topic]". - string pubsub_topic = 3 [(google.api.resource_reference) = { - type: "pubsub.googleapis.com/Topic" - }]; - - // Output only. The service account that needs "pubsub.topics.publish" - // permission to publish to the Pub/Sub topic. - string service_account = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // The config for triggering notifications. - oneof notify_config { - // The config for triggering streaming-based notifications. - StreamingConfig streaming_config = 5; - } -} diff --git a/google/cloud/securitycenter_v1/proto/notification_message.proto b/google/cloud/securitycenter_v1/proto/notification_message.proto deleted file mode 100644 index 08b6b7c8..00000000 --- a/google/cloud/securitycenter_v1/proto/notification_message.proto +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/cloud/securitycenter/v1/finding.proto"; -import "google/cloud/securitycenter/v1/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_outer_classname = "NotificationMessageProto"; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// Cloud SCC's Notification -message NotificationMessage { - // Name of the notification config that generated current notification. - string notification_config_name = 1; - - // Notification Event. - oneof event { - // If it's a Finding based notification config, this field will be - // populated. - Finding finding = 2; - } - - // The Cloud resource tied to this notification's Finding. - Resource resource = 3; -} diff --git a/google/cloud/securitycenter_v1/proto/organization_settings.proto b/google/cloud/securitycenter_v1/proto/organization_settings.proto deleted file mode 100644 index 66b659bc..00000000 --- a/google/cloud/securitycenter_v1/proto/organization_settings.proto +++ /dev/null @@ -1,82 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// User specified settings that are attached to the Security Command -// Center organization. -message OrganizationSettings { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/OrganizationSettings" - pattern: "organizations/{organization}/organizationSettings" - }; - - // The configuration used for Asset Discovery runs. - message AssetDiscoveryConfig { - // The mode of inclusion when running Asset Discovery. - // Asset discovery can be limited by explicitly identifying projects to be - // included or excluded. If INCLUDE_ONLY is set, then only those projects - // within the organization and their children are discovered during asset - // discovery. If EXCLUDE is set, then projects that don't match those - // projects are discovered during asset discovery. If neither are set, then - // all projects within the organization are discovered during asset - // discovery. - enum InclusionMode { - // Unspecified. Setting the mode with this value will disable - // inclusion/exclusion filtering for Asset Discovery. - INCLUSION_MODE_UNSPECIFIED = 0; - - // Asset Discovery will capture only the resources within the projects - // specified. All other resources will be ignored. - INCLUDE_ONLY = 1; - - // Asset Discovery will ignore all resources under the projects specified. - // All other resources will be retrieved. - EXCLUDE = 2; - } - - // The project ids to use for filtering asset discovery. - repeated string project_ids = 1; - - // The mode to use for filtering asset discovery. - InclusionMode inclusion_mode = 2; - } - - // The relative resource name of the settings. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/organizationSettings". - string name = 1; - - // A flag that indicates if Asset Discovery should be enabled. If the flag is - // set to `true`, then discovery of assets will occur. If it is set to `false, - // all historical assets will remain, but discovery of future assets will not - // occur. - bool enable_asset_discovery = 2; - - // The configuration used for Asset Discovery runs. - AssetDiscoveryConfig asset_discovery_config = 3; -} diff --git a/google/cloud/securitycenter_v1/proto/resource.proto b/google/cloud/securitycenter_v1/proto/resource.proto deleted file mode 100644 index 855e6973..00000000 --- a/google/cloud/securitycenter_v1/proto/resource.proto +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_outer_classname = "ResourceProto"; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// Information related to the Google Cloud resource. -message Resource { - // The full resource name of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string name = 1; - - // The full resource name of project that the resource belongs to. - string project = 2; - - // The human readable name of project that the resource belongs to. - string project_display_name = 3; - - // The full resource name of resource's parent. - string parent = 4; - - // The human readable name of resource's parent. - string parent_display_name = 5; -} diff --git a/google/cloud/securitycenter_v1/proto/run_asset_discovery_response.proto b/google/cloud/securitycenter_v1/proto/run_asset_discovery_response.proto deleted file mode 100644 index 4f09d9c0..00000000 --- a/google/cloud/securitycenter_v1/proto/run_asset_discovery_response.proto +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// Response of asset discovery run -message RunAssetDiscoveryResponse { - // The state of an asset discovery run. - enum State { - // Asset discovery run state was unspecified. - STATE_UNSPECIFIED = 0; - - // Asset discovery run completed successfully. - COMPLETED = 1; - - // Asset discovery run was cancelled with tasks still pending, as another - // run for the same organization was started with a higher priority. - SUPERSEDED = 2; - - // Asset discovery run was killed and terminated. - TERMINATED = 3; - } - - // The state of an asset discovery run. - State state = 1; - - // The duration between asset discovery run start and end - google.protobuf.Duration duration = 2; -} diff --git a/google/cloud/securitycenter_v1/proto/security_marks.proto b/google/cloud/securitycenter_v1/proto/security_marks.proto deleted file mode 100644 index 47a4a150..00000000 --- a/google/cloud/securitycenter_v1/proto/security_marks.proto +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// User specified security marks that are attached to the parent Security -// Command Center resource. Security marks are scoped within a Security Command -// Center organization -- they can be modified and viewed by all users who have -// proper permissions on the organization. -message SecurityMarks { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/SecurityMarks" - pattern: "organizations/{organization}/assets/{asset}/securityMarks" - pattern: "organizations/{organization}/sources/{source}/findings/{finding}/securityMarks" - }; - - // The relative resource name of the SecurityMarks. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Examples: - // "organizations/{organization_id}/assets/{asset_id}/securityMarks" - // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks". - string name = 1; - - // Mutable user specified security marks belonging to the parent resource. - // Constraints are as follows: - // - // * Keys and values are treated as case insensitive - // * Keys must be between 1 - 256 characters (inclusive) - // * Keys must be letters, numbers, underscores, or dashes - // * Values have leading and trailing whitespace trimmed, remaining - // characters must be between 1 - 4096 characters (inclusive) - map marks = 2; -} diff --git a/google/cloud/securitycenter_v1/proto/securitycenter_service.proto b/google/cloud/securitycenter_v1/proto/securitycenter_service.proto deleted file mode 100644 index 07f2f99d..00000000 --- a/google/cloud/securitycenter_v1/proto/securitycenter_service.proto +++ /dev/null @@ -1,1264 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto"; -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1/asset.proto"; -import "google/cloud/securitycenter/v1/finding.proto"; -import "google/cloud/securitycenter/v1/notification_config.proto"; -import "google/cloud/securitycenter/v1/organization_settings.proto"; -import "google/cloud/securitycenter/v1/security_marks.proto"; -import "google/cloud/securitycenter/v1/source.proto"; -import "google/iam/v1/iam_policy.proto"; -import "google/iam/v1/policy.proto"; -import "google/longrunning/operations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// V1 APIs for Security Center service. -service SecurityCenter { - option (google.api.default_host) = "securitycenter.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Creates a source. - rpc CreateSource(CreateSourceRequest) returns (Source) { - option (google.api.http) = { - post: "/v1/{parent=organizations/*}/sources" - body: "source" - }; - option (google.api.method_signature) = "parent,source"; - } - - // Creates a finding. The corresponding source must exist for finding creation - // to succeed. - rpc CreateFinding(CreateFindingRequest) returns (Finding) { - option (google.api.http) = { - post: "/v1/{parent=organizations/*/sources/*}/findings" - body: "finding" - }; - option (google.api.method_signature) = "parent,finding_id,finding"; - } - - // Creates a notification config. - rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) { - option (google.api.http) = { - post: "/v1/{parent=organizations/*}/notificationConfigs" - body: "notification_config" - }; - option (google.api.method_signature) = "parent,config_id,notification_config"; - option (google.api.method_signature) = "parent,notification_config"; - } - - // Deletes a notification config. - rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v1/{name=organizations/*/notificationConfigs/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets the access control policy on the specified Source. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { - option (google.api.http) = { - post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy" - body: "*" - }; - option (google.api.method_signature) = "resource"; - } - - // Gets a notification config. - rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) { - option (google.api.http) = { - get: "/v1/{name=organizations/*/notificationConfigs/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets the settings for an organization. - rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { - option (google.api.http) = { - get: "/v1/{name=organizations/*/organizationSettings}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets a source. - rpc GetSource(GetSourceRequest) returns (Source) { - option (google.api.http) = { - get: "/v1/{name=organizations/*/sources/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Filters an organization's assets and groups them by their specified - // properties. - rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) { - option (google.api.http) = { - post: "/v1/{parent=organizations/*}/assets:group" - body: "*" - }; - } - - // Filters an organization or source's findings and groups them by their - // specified properties. - // - // To group across all sources provide a `-` as the source id. - // Example: /v1/organizations/{organization_id}/sources/-/findings - rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) { - option (google.api.http) = { - post: "/v1/{parent=organizations/*/sources/*}/findings:group" - body: "*" - }; - option (google.api.method_signature) = "parent,group_by"; - } - - // Lists an organization's assets. - rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { - option (google.api.http) = { - get: "/v1/{parent=organizations/*}/assets" - }; - } - - // Lists an organization or source's findings. - // - // To list across all sources provide a `-` as the source id. - // Example: /v1/organizations/{organization_id}/sources/-/findings - rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { - option (google.api.http) = { - get: "/v1/{parent=organizations/*/sources/*}/findings" - }; - } - - // Lists notification configs. - rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) { - option (google.api.http) = { - get: "/v1/{parent=organizations/*}/notificationConfigs" - }; - option (google.api.method_signature) = "parent"; - } - - // Lists all sources belonging to an organization. - rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { - option (google.api.http) = { - get: "/v1/{parent=organizations/*}/sources" - }; - option (google.api.method_signature) = "parent"; - } - - // Runs asset discovery. The discovery is tracked with a long-running - // operation. - // - // This API can only be called with limited frequency for an organization. If - // it is called too frequently the caller will receive a TOO_MANY_REQUESTS - // error. - rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1/{parent=organizations/*}/assets:runDiscovery" - body: "*" - }; - option (google.api.method_signature) = "parent"; - option (google.longrunning.operation_info) = { - response_type: "google.cloud.securitycenter.v1.RunAssetDiscoveryResponse" - metadata_type: "google.protobuf.Empty" - }; - } - - // Updates the state of a finding. - rpc SetFindingState(SetFindingStateRequest) returns (Finding) { - option (google.api.http) = { - post: "/v1/{name=organizations/*/sources/*/findings/*}:setState" - body: "*" - }; - option (google.api.method_signature) = "name,state,start_time"; - } - - // Sets the access control policy on the specified Source. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { - option (google.api.http) = { - post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy" - body: "*" - }; - option (google.api.method_signature) = "resource,policy"; - } - - // Returns the permissions that a caller has on the specified source. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { - option (google.api.http) = { - post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions" - body: "*" - }; - option (google.api.method_signature) = "resource,permissions"; - } - - // Creates or updates a finding. The corresponding source must exist for a - // finding creation to succeed. - rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { - option (google.api.http) = { - patch: "/v1/{finding.name=organizations/*/sources/*/findings/*}" - body: "finding" - }; - option (google.api.method_signature) = "finding"; - } - - // Updates a notification config. The following update - // fields are allowed: description, pubsub_topic, streaming_config.filter - rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) { - option (google.api.http) = { - patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}" - body: "notification_config" - }; - option (google.api.method_signature) = "notification_config"; - option (google.api.method_signature) = "notification_config,update_mask"; - } - - // Updates an organization's settings. - rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { - option (google.api.http) = { - patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}" - body: "organization_settings" - }; - option (google.api.method_signature) = "organization_settings"; - } - - // Updates a source. - rpc UpdateSource(UpdateSourceRequest) returns (Source) { - option (google.api.http) = { - patch: "/v1/{source.name=organizations/*/sources/*}" - body: "source" - }; - option (google.api.method_signature) = "source"; - } - - // Updates security marks. - rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) { - option (google.api.http) = { - patch: "/v1/{security_marks.name=organizations/*/assets/*/securityMarks}" - body: "security_marks" - additional_bindings { - patch: "/v1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}" - body: "security_marks" - } - }; - option (google.api.method_signature) = "security_marks"; - } -} - -// Request message for creating a finding. -message CreateFindingRequest { - // Required. Resource name of the new finding's parent. Its format should be - // "organizations/[organization_id]/sources/[source_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Required. Unique identifier provided by the client within the parent scope. - // It must be alphanumeric and less than or equal to 32 characters and - // greater than 0 characters in length. - string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The Finding being created. The name and security_marks will be ignored as - // they are both output only fields on this resource. - Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for creating a notification config. -message CreateNotificationConfigRequest { - // Required. Resource name of the new notification config's parent. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Required. - // Unique identifier provided by the client within the parent scope. - // It must be between 1 and 128 characters, and contains alphanumeric - // characters, underscores or hyphens only. - string config_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The notification config being created. The name and the service account - // will be ignored as they are both output only fields on this resource. - NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for creating a source. -message CreateSourceRequest { - // Required. Resource name of the new source's parent. Its format should be - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Required. The Source being created, only the display_name and description will be - // used. All other fields will be ignored. - Source source = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for deleting a notification config. -message DeleteNotificationConfigRequest { - // Required. Name of the notification config to delete. Its format is - // "organizations/[organization_id]/notificationConfigs/[config_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/NotificationConfig" - } - ]; -} - -// Request message for getting a notification config. -message GetNotificationConfigRequest { - // Required. Name of the notification config to get. Its format is - // "organizations/[organization_id]/notificationConfigs/[config_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/NotificationConfig" - } - ]; -} - -// Request message for getting organization settings. -message GetOrganizationSettingsRequest { - // Required. Name of the organization to get organization settings for. Its format is - // "organizations/[organization_id]/organizationSettings". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/OrganizationSettings" - } - ]; -} - -// Request message for getting a source. -message GetSourceRequest { - // Required. Relative resource name of the source. Its format is - // "organizations/[organization_id]/source/[source_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; -} - -// Request message for grouping by assets. -message GroupAssetsRequest { - // Required. Name of the organization to groupBy. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Expression that defines the filter to apply across assets. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. The fields map to those - // defined in the Asset resource. Examples include: - // - // * name - // * security_center_properties.resource_name - // * resource_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following field and operator combinations are supported: - // - // * name: `=` - // * update_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `update_time = "2019-06-10T16:07:18-07:00"` - // `update_time = 1560208038000` - // - // * create_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `create_time = "2019-06-10T16:07:18-07:00"` - // `create_time = 1560208038000` - // - // * iam_policy.policy_blob: `=`, `:` - // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // * security_marks.marks: `=`, `:` - // * security_center_properties.resource_name: `=`, `:` - // * security_center_properties.resource_display_name: `=`, `:` - // * security_center_properties.resource_type: `=`, `:` - // * security_center_properties.resource_parent: `=`, `:` - // * security_center_properties.resource_parent_display_name: `=`, `:` - // * security_center_properties.resource_project: `=`, `:` - // * security_center_properties.resource_project_display_name: `=`, `:` - // * security_center_properties.resource_owners: `=`, `:` - // - // For example, `resource_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `resource_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-resource_properties.my_property : ""` - string filter = 2; - - // Required. Expression that defines what assets fields to use for grouping. The string - // value should follow SQL syntax: comma separated list of fields. For - // example: - // "security_center_properties.resource_project,security_center_properties.project". - // - // The following fields are supported when compare_duration is not set: - // - // * security_center_properties.resource_project - // * security_center_properties.resource_project_display_name - // * security_center_properties.resource_type - // * security_center_properties.resource_parent - // * security_center_properties.resource_parent_display_name - // - // The following fields are supported when compare_duration is set: - // - // * security_center_properties.resource_type - // * security_center_properties.resource_project_display_name - // * security_center_properties.resource_parent_display_name - string group_by = 3 [(google.api.field_behavior) = REQUIRED]; - - // When compare_duration is set, the GroupResult's "state_change" property is - // updated to indicate whether the asset was added, removed, or remained - // present during the compare_duration period of time that precedes the - // read_time. This is the time between (read_time - compare_duration) and - // read_time. - // - // The state change value is derived based on the presence of the asset at the - // two points in time. Intermediate state changes between the two times don't - // affect the result. For example, the results aren't affected if the asset is - // removed and re-created again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "ADDED": indicates that the asset was not present at the start of - // compare_duration, but present at reference_time. - // * "REMOVED": indicates that the asset was present at the start of - // compare_duration, but not present at reference_time. - // * "ACTIVE": indicates that the asset was present at both the - // start and the end of the time period defined by - // compare_duration and reference_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all assets present at - // read_time. - // - // If this field is set then `state_change` must be a specified field in - // `group_by`. - google.protobuf.Duration compare_duration = 4; - - // Time used as a reference point when filtering assets. The filter is limited - // to assets existing at the supplied time and their values are those at that - // specific time. Absence of this field will default to the API's version of - // NOW. - google.protobuf.Timestamp read_time = 5; - - // The value returned by the last `GroupAssetsResponse`; indicates - // that this is a continuation of a prior `GroupAssets` call, and that the - // system should return the next page of data. - string page_token = 7; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 8; -} - -// Response message for grouping by assets. -message GroupAssetsResponse { - // Group results. There exists an element for each existing unique - // combination of property/values. The element contains a count for the number - // of times those specific property/values appear. - repeated GroupResult group_by_results = 1; - - // Time used for executing the groupBy request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of results matching the query. - int32 total_size = 4; -} - -// Request message for grouping by findings. -message GroupFindingsRequest { - // Required. Name of the source to groupBy. Its format is - // "organizations/[organization_id]/sources/[source_id]". To groupBy across - // all sources provide a source_id of `-`. For example: - // organizations/{organization_id}/sources/- - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Expression that defines the filter to apply across findings. - // The expression is a list of one or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. Examples include: - // - // * name - // * source_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following field and operator combinations are supported: - // - // * name: `=` - // * parent: `=`, `:` - // * resource_name: `=`, `:` - // * state: `=`, `:` - // * category: `=`, `:` - // * external_uri: `=`, `:` - // * event_time: `=`, `>`, `<`, `>=`, `<=` - // * severity: `=`, `:` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `event_time = "2019-06-10T16:07:18-07:00"` - // `event_time = 1560208038000` - // - // * security_marks.marks: `=`, `:` - // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // - // For example, `source_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `source_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-source_properties.my_property : ""` - string filter = 2; - - // Required. Expression that defines what assets fields to use for grouping (including - // `state_change`). The string value should follow SQL syntax: comma separated - // list of fields. For example: "parent,resource_name". - // - // The following fields are supported: - // - // * resource_name - // * category - // * state - // * parent - // * severity - // - // The following fields are supported when compare_duration is set: - // - // * state_change - string group_by = 3 [(google.api.field_behavior) = REQUIRED]; - - // Time used as a reference point when filtering findings. The filter is - // limited to findings existing at the supplied time and their values are - // those at that specific time. Absence of this field will default to the - // API's version of NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the GroupResult's "state_change" attribute is - // updated to indicate whether the finding had its state changed, the - // finding's state remained unchanged, or if the finding was added during the - // compare_duration period of time that precedes the read_time. This is the - // time between (read_time - compare_duration) and read_time. - // - // The state_change value is derived based on the presence and state of the - // finding at the two points in time. Intermediate state changes between the - // two times don't affect the result. For example, the results aren't affected - // if the finding is made inactive and then active again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "CHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration, but changed its - // state at read_time. - // * "UNCHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration and did not change - // state at read_time. - // * "ADDED": indicates that the finding did not match the given filter or - // was not present at the start of compare_duration, but was - // present at read_time. - // * "REMOVED": indicates that the finding was present and matched the - // filter at the start of compare_duration, but did not match - // the filter at read_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all findings present - // at read_time. - // - // If this field is set then `state_change` must be a specified field in - // `group_by`. - google.protobuf.Duration compare_duration = 5; - - // The value returned by the last `GroupFindingsResponse`; indicates - // that this is a continuation of a prior `GroupFindings` call, and - // that the system should return the next page of data. - string page_token = 7; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 8; -} - -// Response message for group by findings. -message GroupFindingsResponse { - // Group results. There exists an element for each existing unique - // combination of property/values. The element contains a count for the number - // of times those specific property/values appear. - repeated GroupResult group_by_results = 1; - - // Time used for executing the groupBy request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of results matching the query. - int32 total_size = 4; -} - -// Result containing the properties and count of a groupBy request. -message GroupResult { - // Properties matching the groupBy fields in the request. - map properties = 1; - - // Total count of resources for the given properties. - int64 count = 2; -} - -// Request message for listing notification configs. -message ListNotificationConfigsRequest { - // Required. Name of the organization to list notification configs. - // Its format is "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // The value returned by the last `ListNotificationConfigsResponse`; indicates - // that this is a continuation of a prior `ListNotificationConfigs` call, and - // that the system should return the next page of data. - string page_token = 2; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 3; -} - -// Response message for listing notification configs. -message ListNotificationConfigsResponse { - // Notification configs belonging to the requested parent. - repeated NotificationConfig notification_configs = 1; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 2; -} - -// Request message for listing sources. -message ListSourcesRequest { - // Required. Resource name of the parent of sources to list. Its format should - // be "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // The value returned by the last `ListSourcesResponse`; indicates - // that this is a continuation of a prior `ListSources` call, and - // that the system should return the next page of data. - string page_token = 2; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 7; -} - -// Response message for listing sources. -message ListSourcesResponse { - // Sources belonging to the requested parent. - repeated Source sources = 1; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 2; -} - -// Request message for listing assets. -message ListAssetsRequest { - // Required. Name of the organization assets should belong to. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Expression that defines the filter to apply across assets. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. The fields map to those - // defined in the Asset resource. Examples include: - // - // * name - // * security_center_properties.resource_name - // * resource_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following are the allowed field and operator combinations: - // - // * name: `=` - // * update_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `update_time = "2019-06-10T16:07:18-07:00"` - // `update_time = 1560208038000` - // - // * create_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `create_time = "2019-06-10T16:07:18-07:00"` - // `create_time = 1560208038000` - // - // * iam_policy.policy_blob: `=`, `:` - // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // * security_marks.marks: `=`, `:` - // * security_center_properties.resource_name: `=`, `:` - // * security_center_properties.resource_display_name: `=`, `:` - // * security_center_properties.resource_type: `=`, `:` - // * security_center_properties.resource_parent: `=`, `:` - // * security_center_properties.resource_parent_display_name: `=`, `:` - // * security_center_properties.resource_project: `=`, `:` - // * security_center_properties.resource_project_display_name: `=`, `:` - // * security_center_properties.resource_owners: `=`, `:` - // - // For example, `resource_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `resource_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-resource_properties.my_property : ""` - string filter = 2; - - // Expression that defines what fields and order to use for sorting. The - // string value should follow SQL syntax: comma separated list of fields. For - // example: "name,resource_properties.a_property". The default sorting order - // is ascending. To specify descending order for a field, a suffix " desc" - // should be appended to the field name. For example: "name - // desc,resource_properties.a_property". Redundant space characters in the - // syntax are insignificant. "name desc,resource_properties.a_property" and " - // name desc , resource_properties.a_property " are equivalent. - // - // The following fields are supported: - // name - // update_time - // resource_properties - // security_marks.marks - // security_center_properties.resource_name - // security_center_properties.resource_display_name - // security_center_properties.resource_parent - // security_center_properties.resource_parent_display_name - // security_center_properties.resource_project - // security_center_properties.resource_project_display_name - // security_center_properties.resource_type - string order_by = 3; - - // Time used as a reference point when filtering assets. The filter is limited - // to assets existing at the supplied time and their values are those at that - // specific time. Absence of this field will default to the API's version of - // NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the ListAssetsResult's "state_change" - // attribute is updated to indicate whether the asset was added, removed, or - // remained present during the compare_duration period of time that precedes - // the read_time. This is the time between (read_time - compare_duration) and - // read_time. - // - // The state_change value is derived based on the presence of the asset at the - // two points in time. Intermediate state changes between the two times don't - // affect the result. For example, the results aren't affected if the asset is - // removed and re-created again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "ADDED": indicates that the asset was not present at the start of - // compare_duration, but present at read_time. - // * "REMOVED": indicates that the asset was present at the start of - // compare_duration, but not present at read_time. - // * "ACTIVE": indicates that the asset was present at both the - // start and the end of the time period defined by - // compare_duration and read_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all assets present at - // read_time. - google.protobuf.Duration compare_duration = 5; - - // A field mask to specify the ListAssetsResult fields to be listed in the - // response. - // An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7; - - // The value returned by the last `ListAssetsResponse`; indicates - // that this is a continuation of a prior `ListAssets` call, and - // that the system should return the next page of data. - string page_token = 8; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 9; -} - -// Response message for listing assets. -message ListAssetsResponse { - // Result containing the Asset and its State. - message ListAssetsResult { - // The change in state of the asset. - // - // When querying across two points in time this describes - // the change between the two points: ADDED, REMOVED, or ACTIVE. - // If there was no compare_duration supplied in the request the state change - // will be: UNUSED - enum StateChange { - // State change is unused, this is the canonical default for this enum. - UNUSED = 0; - - // Asset was added between the points in time. - ADDED = 1; - - // Asset was removed between the points in time. - REMOVED = 2; - - // Asset was present at both point(s) in time. - ACTIVE = 3; - } - - // Asset matching the search request. - Asset asset = 1; - - // State change of the asset between the points in time. - StateChange state_change = 2; - } - - // Assets matching the list request. - repeated ListAssetsResult list_assets_results = 1; - - // Time used for executing the list request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of assets matching the query. - int32 total_size = 4; -} - -// Request message for listing findings. -message ListFindingsRequest { - // Required. Name of the source the findings belong to. Its format is - // "organizations/[organization_id]/sources/[source_id]". To list across all - // sources provide a source_id of `-`. For example: - // organizations/{organization_id}/sources/- - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Expression that defines the filter to apply across findings. - // The expression is a list of one or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. Examples include: - // - // * name - // * source_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following field and operator combinations are supported: - // - // * name: `=` - // * parent: `=`, `:` - // * resource_name: `=`, `:` - // * state: `=`, `:` - // * category: `=`, `:` - // * external_uri: `=`, `:` - // * event_time: `=`, `>`, `<`, `>=`, `<=` - // * severity: `=`, `:` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `event_time = "2019-06-10T16:07:18-07:00"` - // `event_time = 1560208038000` - // - // security_marks.marks: `=`, `:` - // source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // - // For example, `source_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `source_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-source_properties.my_property : ""` - string filter = 2; - - // Expression that defines what fields and order to use for sorting. The - // string value should follow SQL syntax: comma separated list of fields. For - // example: "name,resource_properties.a_property". The default sorting order - // is ascending. To specify descending order for a field, a suffix " desc" - // should be appended to the field name. For example: "name - // desc,source_properties.a_property". Redundant space characters in the - // syntax are insignificant. "name desc,source_properties.a_property" and " - // name desc , source_properties.a_property " are equivalent. - // - // The following fields are supported: - // name - // parent - // state - // category - // resource_name - // event_time - // source_properties - // security_marks.marks - string order_by = 3; - - // Time used as a reference point when filtering findings. The filter is - // limited to findings existing at the supplied time and their values are - // those at that specific time. Absence of this field will default to the - // API's version of NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the ListFindingsResult's "state_change" - // attribute is updated to indicate whether the finding had its state changed, - // the finding's state remained unchanged, or if the finding was added in any - // state during the compare_duration period of time that precedes the - // read_time. This is the time between (read_time - compare_duration) and - // read_time. - // - // The state_change value is derived based on the presence and state of the - // finding at the two points in time. Intermediate state changes between the - // two times don't affect the result. For example, the results aren't affected - // if the finding is made inactive and then active again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "CHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration, but changed its - // state at read_time. - // * "UNCHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration and did not change - // state at read_time. - // * "ADDED": indicates that the finding did not match the given filter or - // was not present at the start of compare_duration, but was - // present at read_time. - // * "REMOVED": indicates that the finding was present and matched the - // filter at the start of compare_duration, but did not match - // the filter at read_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all findings present at - // read_time. - google.protobuf.Duration compare_duration = 5; - - // A field mask to specify the Finding fields to be listed in the response. - // An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7; - - // The value returned by the last `ListFindingsResponse`; indicates - // that this is a continuation of a prior `ListFindings` call, and - // that the system should return the next page of data. - string page_token = 8; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 9; -} - -// Response message for listing findings. -message ListFindingsResponse { - // Result containing the Finding and its StateChange. - message ListFindingsResult { - // Information related to the Google Cloud resource that is - // associated with this finding. - message Resource { - // The full resource name of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string name = 1; - - // The full resource name of project that the resource belongs to. - string project_name = 2; - - // The human readable name of project that the resource belongs to. - string project_display_name = 3; - - // The full resource name of resource's parent. - string parent_name = 4; - - // The human readable name of resource's parent. - string parent_display_name = 5; - } - - // The change in state of the finding. - // - // When querying across two points in time this describes - // the change in the finding between the two points: CHANGED, UNCHANGED, - // ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that - // the finding at timestamp does not match the filter specified, but it did - // at timestamp - compare_duration. If there was no compare_duration - // supplied in the request the state change will be: UNUSED - enum StateChange { - // State change is unused, this is the canonical default for this enum. - UNUSED = 0; - - // The finding has changed state in some way between the points in time - // and existed at both points. - CHANGED = 1; - - // The finding has not changed state between the points in time and - // existed at both points. - UNCHANGED = 2; - - // The finding was created between the points in time. - ADDED = 3; - - // The finding at timestamp does not match the filter specified, but it - // did at timestamp - compare_duration. - REMOVED = 4; - } - - // Finding matching the search request. - Finding finding = 1; - - // State change of the finding between the points in time. - StateChange state_change = 2; - - // Output only. Resource that is associated with this finding. - Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; - } - - // Findings matching the list request. - repeated ListFindingsResult list_findings_results = 1; - - // Time used for executing the list request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of findings matching the query. - int32 total_size = 4; -} - -// Request message for updating a finding's state. -message SetFindingStateRequest { - // Required. The relative resource name of the finding. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Finding" - } - ]; - - // Required. The desired State of the finding. - Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The time at which the updated state takes effect. - google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for running asset discovery for an organization. -message RunAssetDiscoveryRequest { - // Required. Name of the organization to run asset discovery for. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; -} - -// Request message for updating or creating a finding. -message UpdateFindingRequest { - // Required. The finding resource to update or create if it does not already exist. - // parent, security_marks, and update_time will be ignored. - // - // In the case of creation, the finding id portion of the name must be - // alphanumeric and less than or equal to 32 characters and greater than 0 - // characters in length. - Finding finding = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the finding resource. This field should - // not be specified when creating a finding. - // - // When updating a finding, an empty mask is treated as updating all mutable - // fields and replacing source_properties. Individual source_properties can - // be added/updated by using "source_properties." in the field - // mask. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a notification config. -message UpdateNotificationConfigRequest { - // Required. The notification config to update. - NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the notification config. - // - // If empty all mutable fields will be updated. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating an organization's settings. -message UpdateOrganizationSettingsRequest { - // Required. The organization settings resource to update. - OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the settings resource. - // - // If empty all mutable fields will be updated. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a source. -message UpdateSourceRequest { - // Required. The source resource to update. - Source source = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the source resource. - // - // If empty all mutable fields will be updated. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a SecurityMarks resource. -message UpdateSecurityMarksRequest { - // Required. The security marks resource to update. - SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the security marks resource. - // - // The field mask must not contain duplicate fields. - // If empty or set to "marks", all marks will be replaced. Individual - // marks can be updated using "marks.". - google.protobuf.FieldMask update_mask = 2; - - // The time at which the updated SecurityMarks take effect. - // If not set uses current server time. Updates will be applied to the - // SecurityMarks that are active immediately preceding this time. - google.protobuf.Timestamp start_time = 3; -} diff --git a/google/cloud/securitycenter_v1/proto/source.proto b/google/cloud/securitycenter_v1/proto/source.proto deleted file mode 100644 index e7b1a183..00000000 --- a/google/cloud/securitycenter_v1/proto/source.proto +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1"; - -// Security Command Center finding source. A finding source -// is an entity or a mechanism that can produce a finding. A source is like a -// container of findings that come from the same scanner, logger, monitor, and -// other tools. -message Source { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Source" - pattern: "organizations/{organization}/sources/{source}" - }; - - // The relative resource name of this source. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}" - string name = 1; - - // The source's display name. - // A source's display name must be unique amongst its siblings, for example, - // two sources with the same parent can't share the same display name. - // The display name must have a length between 1 and 64 characters - // (inclusive). - string display_name = 2; - - // The description of the source (max of 1024 characters). - // Example: - // "Web Security Scanner is a web security scanner for common - // vulnerabilities in App Engine applications. It can automatically - // scan and detect four common vulnerabilities, including cross-site-scripting - // (XSS), Flash injection, mixed content (HTTP in HTTPS), and - // outdated or insecure libraries." - string description = 3; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/asset.proto b/google/cloud/securitycenter_v1beta1/proto/asset.proto deleted file mode 100644 index b73f7d5b..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/asset.proto +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1beta1/security_marks.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; -import "google/api/annotations.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// Security Command Center representation of a Google Cloud -// resource. -// -// The Asset is a Security Command Center resource that captures information -// about a single Google Cloud resource. All modifications to an Asset are only -// within the context of Security Command Center and don't affect the referenced -// Google Cloud resource. -message Asset { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Asset" - pattern: "organizations/{organization}/assets/{asset}" - }; - - // Security Command Center managed properties. These properties are managed by - // Security Command Center and cannot be modified by the user. - message SecurityCenterProperties { - // Immutable. The full resource name of the Google Cloud resource this asset - // represents. This field is immutable after create time. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_name = 1 [(google.api.field_behavior) = IMMUTABLE]; - - // The type of the Google Cloud resource. Examples include: APPLICATION, - // PROJECT, and ORGANIZATION. This is a case insensitive field defined by - // Security Command Center and/or the producer of the resource and is - // immutable after create time. - string resource_type = 2; - - // The full resource name of the immediate parent of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_parent = 3; - - // The full resource name of the project the resource belongs to. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_project = 4; - - // Owners of the Google Cloud resource. - repeated string resource_owners = 5; - } - - // The relative resource name of this asset. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/assets/{asset_id}". - string name = 1; - - // Security Command Center managed properties. These properties are managed by - // Security Command Center and cannot be modified by the user. - SecurityCenterProperties security_center_properties = 2; - - // Resource managed properties. These properties are managed and defined by - // the Google Cloud resource and cannot be modified by the user. - map resource_properties = 7; - - // User specified security marks. These marks are entirely managed by the user - // and come from the SecurityMarks resource that belongs to the asset. - SecurityMarks security_marks = 8; - - // The time at which the asset was created in Security Command Center. - google.protobuf.Timestamp create_time = 9; - - // The time at which the asset was last updated, added, or deleted in Security - // Command Center. - google.protobuf.Timestamp update_time = 10; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/finding.proto b/google/cloud/securitycenter_v1beta1/proto/finding.proto deleted file mode 100644 index 647b3b43..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/finding.proto +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/api/annotations.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1beta1/security_marks.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// Security Command Center finding. -// -// A finding is a record of assessment data (security, risk, health or privacy) -// ingested into Security Command Center for presentation, notification, -// analysis, policy testing, and enforcement. For example, an XSS vulnerability -// in an App Engine application is a finding. -message Finding { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Finding" - pattern: "organizations/{organization}/sources/{source}/findings/{finding}" - }; - - // The state of the finding. - enum State { - // Unspecified state. - STATE_UNSPECIFIED = 0; - - // The finding requires attention and has not been addressed yet. - ACTIVE = 1; - - // The finding has been fixed, triaged as a non-issue or otherwise addressed - // and is no longer active. - INACTIVE = 2; - } - - // The relative resource name of this finding. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}" - string name = 1; - - // Immutable. The relative resource name of the source the finding belongs to. - // See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // This field is immutable after creation time. - // For example: - // "organizations/{organization_id}/sources/{source_id}" - string parent = 2 [(google.api.field_behavior) = IMMUTABLE]; - - // For findings on Google Cloud resources, the full resource - // name of the Google Cloud resource this finding is for. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - // When the finding is for a non-Google Cloud resource, the resourceName can - // be a customer or partner defined string. This field is immutable after - // creation time. - string resource_name = 3; - - // The state of the finding. - State state = 4; - - // The additional taxonomy group within findings from a given source. - // This field is immutable after creation time. - // Example: "XSS_FLASH_INJECTION" - string category = 5; - - // The URI that, if available, points to a web page outside of Security - // Command Center where additional information about the finding can be found. - // This field is guaranteed to be either empty or a well formed URL. - string external_uri = 6; - - // Source specific properties. These properties are managed by the source - // that writes the finding. The key names in the source_properties map must be - // between 1 and 255 characters, and must start with a letter and contain - // alphanumeric characters or underscores only. - map source_properties = 7; - - // Output only. User specified security marks. These marks are entirely - // managed by the user and come from the SecurityMarks resource that belongs - // to the finding. - SecurityMarks security_marks = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // The time at which the event took place, or when an update to the finding - // occurred. For example, if the finding represents an open firewall it would - // capture the time the detector believes the firewall became open. The - // accuracy is determined by the detector. If the finding were to be resolved - // afterward, this time would reflect when the finding was resolved. - google.protobuf.Timestamp event_time = 9; - - // The time at which the finding was created in Security Command Center. - google.protobuf.Timestamp create_time = 10; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto b/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto deleted file mode 100644 index 88b2008a..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/api/resource.proto"; -import "google/api/annotations.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// User specified settings that are attached to the Security Command -// Center organization. -message OrganizationSettings { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/OrganizationSettings" - pattern: "organizations/{organization}/organizationSettings" - }; - - // The configuration used for Asset Discovery runs. - message AssetDiscoveryConfig { - // The mode of inclusion when running Asset Discovery. - // Asset discovery can be limited by explicitly identifying projects to be - // included or excluded. If INCLUDE_ONLY is set, then only those projects - // within the organization and their children are discovered during asset - // discovery. If EXCLUDE is set, then projects that don't match those - // projects are discovered during asset discovery. If neither are set, then - // all projects within the organization are discovered during asset - // discovery. - enum InclusionMode { - // Unspecified. Setting the mode with this value will disable - // inclusion/exclusion filtering for Asset Discovery. - INCLUSION_MODE_UNSPECIFIED = 0; - - // Asset Discovery will capture only the resources within the projects - // specified. All other resources will be ignored. - INCLUDE_ONLY = 1; - - // Asset Discovery will ignore all resources under the projects specified. - // All other resources will be retrieved. - EXCLUDE = 2; - } - - // The project ids to use for filtering asset discovery. - repeated string project_ids = 1; - - // The mode to use for filtering asset discovery. - InclusionMode inclusion_mode = 2; - } - - // The relative resource name of the settings. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/organizationSettings". - string name = 1; - - // A flag that indicates if Asset Discovery should be enabled. If the flag is - // set to `true`, then discovery of assets will occur. If it is set to `false, - // all historical assets will remain, but discovery of future assets will not - // occur. - bool enable_asset_discovery = 2; - - // The configuration used for Asset Discovery runs. - AssetDiscoveryConfig asset_discovery_config = 3; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/run_asset_discovery_response.proto b/google/cloud/securitycenter_v1beta1/proto/run_asset_discovery_response.proto deleted file mode 100644 index 20d3b25b..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/run_asset_discovery_response.proto +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/protobuf/duration.proto"; -import "google/api/annotations.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// Response of asset discovery run -message RunAssetDiscoveryResponse { - // The state of an asset discovery run. - enum State { - // Asset discovery run state was unspecified. - STATE_UNSPECIFIED = 0; - - // Asset discovery run completed successfully. - COMPLETED = 1; - - // Asset discovery run was cancelled with tasks still pending, as another - // run for the same organization was started with a higher priority. - SUPERSEDED = 2; - - // Asset discovery run was killed and terminated. - TERMINATED = 3; - } - - // The state of an asset discovery run. - State state = 1; - - // The duration between asset discovery run start and end - google.protobuf.Duration duration = 2; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/security_marks.proto b/google/cloud/securitycenter_v1beta1/proto/security_marks.proto deleted file mode 100644 index 2547c306..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/security_marks.proto +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/api/resource.proto"; -import "google/api/annotations.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// User specified security marks that are attached to the parent Security -// Command Center resource. Security marks are scoped within a Security Command -// Center organization -- they can be modified and viewed by all users who have -// proper permissions on the organization. -message SecurityMarks { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/SecurityMarks" - pattern: "organizations/{organization}/assets/{asset}/securityMarks" - pattern: "organizations/{organization}/sources/{source}/findings/{finding}/securityMarks" - }; - - // The relative resource name of the SecurityMarks. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Examples: - // "organizations/{organization_id}/assets/{asset_id}/securityMarks" - // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks". - string name = 1; - - // Mutable user specified security marks belonging to the parent resource. - // Constraints are as follows: - // - // * Keys and values are treated as case insensitive - // * Keys must be between 1 - 256 characters (inclusive) - // * Keys must be letters, numbers, underscores, or dashes - // * Values have leading and trailing whitespace trimmed, remaining - // characters must be between 1 - 4096 characters (inclusive) - map marks = 2; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto b/google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto deleted file mode 100644 index 351c1f4a..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto +++ /dev/null @@ -1,824 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1beta1/asset.proto"; -import "google/cloud/securitycenter/v1beta1/finding.proto"; -import "google/cloud/securitycenter/v1beta1/organization_settings.proto"; -import "google/cloud/securitycenter/v1beta1/security_marks.proto"; -import "google/cloud/securitycenter/v1beta1/source.proto"; -import "google/iam/v1/iam_policy.proto"; -import "google/iam/v1/policy.proto"; -import "google/longrunning/operations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// V1 Beta APIs for Security Center service. -service SecurityCenter { - option (google.api.default_host) = "securitycenter.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Creates a source. - rpc CreateSource(CreateSourceRequest) returns (Source) { - option (google.api.http) = { - post: "/v1beta1/{parent=organizations/*}/sources" - body: "source" - }; - option (google.api.method_signature) = "parent,source"; - } - - // Creates a finding. The corresponding source must exist for finding creation - // to succeed. - rpc CreateFinding(CreateFindingRequest) returns (Finding) { - option (google.api.http) = { - post: "/v1beta1/{parent=organizations/*/sources/*}/findings" - body: "finding" - }; - option (google.api.method_signature) = "parent,finding_id,finding"; - } - - // Gets the access control policy on the specified Source. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { - option (google.api.http) = { - post: "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy" - body: "*" - }; - option (google.api.method_signature) = "resource"; - } - - // Gets the settings for an organization. - rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { - option (google.api.http) = { - get: "/v1beta1/{name=organizations/*/organizationSettings}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets a source. - rpc GetSource(GetSourceRequest) returns (Source) { - option (google.api.http) = { - get: "/v1beta1/{name=organizations/*/sources/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Filters an organization's assets and groups them by their specified - // properties. - rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) { - option (google.api.http) = { - post: "/v1beta1/{parent=organizations/*}/assets:group" - body: "*" - }; - } - - // Filters an organization or source's findings and groups them by their - // specified properties. - // - // To group across all sources provide a `-` as the source id. - // Example: /v1beta1/organizations/{organization_id}/sources/-/findings - rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) { - option (google.api.http) = { - post: "/v1beta1/{parent=organizations/*/sources/*}/findings:group" - body: "*" - }; - option (google.api.method_signature) = "parent,group_by"; - } - - // Lists an organization's assets. - rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=organizations/*}/assets" - }; - } - - // Lists an organization or source's findings. - // - // To list across all sources provide a `-` as the source id. - // Example: /v1beta1/organizations/{organization_id}/sources/-/findings - rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=organizations/*/sources/*}/findings" - }; - } - - // Lists all sources belonging to an organization. - rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=organizations/*}/sources" - }; - option (google.api.method_signature) = "parent"; - } - - // Runs asset discovery. The discovery is tracked with a long-running - // operation. - // - // This API can only be called with limited frequency for an organization. If - // it is called too frequently the caller will receive a TOO_MANY_REQUESTS - // error. - rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1beta1/{parent=organizations/*}/assets:runDiscovery" - body: "*" - }; - option (google.api.method_signature) = "parent"; - option (google.longrunning.operation_info) = { - response_type: "google.protobuf.Empty" - metadata_type: "google.protobuf.Empty" - }; - } - - // Updates the state of a finding. - rpc SetFindingState(SetFindingStateRequest) returns (Finding) { - option (google.api.http) = { - post: "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState" - body: "*" - }; - option (google.api.method_signature) = "name,state,start_time"; - } - - // Sets the access control policy on the specified Source. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { - option (google.api.http) = { - post: "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy" - body: "*" - }; - option (google.api.method_signature) = "resource,policy"; - } - - // Returns the permissions that a caller has on the specified source. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { - option (google.api.http) = { - post: "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions" - body: "*" - }; - option (google.api.method_signature) = "resource,permissions"; - } - - // Creates or updates a finding. The corresponding source must exist for a - // finding creation to succeed. - rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { - option (google.api.http) = { - patch: "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}" - body: "finding" - }; - option (google.api.method_signature) = "finding"; - } - - // Updates an organization's settings. - rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { - option (google.api.http) = { - patch: "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}" - body: "organization_settings" - }; - option (google.api.method_signature) = "organization_settings"; - } - - // Updates a source. - rpc UpdateSource(UpdateSourceRequest) returns (Source) { - option (google.api.http) = { - patch: "/v1beta1/{source.name=organizations/*/sources/*}" - body: "source" - }; - option (google.api.method_signature) = "source"; - } - - // Updates security marks. - rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) { - option (google.api.http) = { - patch: "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}" - body: "security_marks" - additional_bindings { - patch: "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}" - body: "security_marks" - } - }; - option (google.api.method_signature) = "security_marks"; - } -} - -// Request message for creating a finding. -message CreateFindingRequest { - // Required. Resource name of the new finding's parent. Its format should be - // "organizations/[organization_id]/sources/[source_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Required. Unique identifier provided by the client within the parent scope. - // It must be alphanumeric and less than or equal to 32 characters and - // greater than 0 characters in length. - string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The Finding being created. The name and security_marks will be ignored as - // they are both output only fields on this resource. - Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for creating a source. -message CreateSourceRequest { - // Required. Resource name of the new source's parent. Its format should be - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Required. The Source being created, only the display_name and description will be - // used. All other fields will be ignored. - Source source = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for getting organization settings. -message GetOrganizationSettingsRequest { - // Required. Name of the organization to get organization settings for. Its format is - // "organizations/[organization_id]/organizationSettings". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/OrganizationSettings" - } - ]; -} - -// Request message for getting a source. -message GetSourceRequest { - // Required. Relative resource name of the source. Its format is - // "organizations/[organization_id]/source/[source_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; -} - -// Request message for grouping by assets. -message GroupAssetsRequest { - // Required. Name of the organization to groupBy. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Expression that defines the filter to apply across assets. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are not supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. The fields map to those - // defined in the Asset resource. Examples include: - // - // * name - // * security_center_properties.resource_name - // * resource_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // For example, `resource_properties.size = 100` is a valid filter string. - string filter = 2; - - // Required. Expression that defines what assets fields to use for grouping. The string - // value should follow SQL syntax: comma separated list of fields. For - // example: - // "security_center_properties.resource_project,security_center_properties.project". - // - // The following fields are supported when compare_duration is not set: - // - // * security_center_properties.resource_project - // * security_center_properties.resource_type - // * security_center_properties.resource_parent - // - // The following fields are supported when compare_duration is set: - // - // * security_center_properties.resource_type - string group_by = 3 [(google.api.field_behavior) = REQUIRED]; - - // When compare_duration is set, the Asset's "state" property is updated to - // indicate whether the asset was added, removed, or remained present during - // the compare_duration period of time that precedes the read_time. This is - // the time between (read_time - compare_duration) and read_time. - // - // The state value is derived based on the presence of the asset at the two - // points in time. Intermediate state changes between the two times don't - // affect the result. For example, the results aren't affected if the asset is - // removed and re-created again. - // - // Possible "state" values when compare_duration is specified: - // - // * "ADDED": indicates that the asset was not present before - // compare_duration, but present at reference_time. - // * "REMOVED": indicates that the asset was present at the start of - // compare_duration, but not present at reference_time. - // * "ACTIVE": indicates that the asset was present at both the - // start and the end of the time period defined by - // compare_duration and reference_time. - // - // This field is ignored if `state` is not a field in `group_by`. - google.protobuf.Duration compare_duration = 4; - - // Time used as a reference point when filtering assets. The filter is limited - // to assets existing at the supplied time and their values are those at that - // specific time. Absence of this field will default to the API's version of - // NOW. - google.protobuf.Timestamp read_time = 5; - - // The value returned by the last `GroupAssetsResponse`; indicates - // that this is a continuation of a prior `GroupAssets` call, and that the - // system should return the next page of data. - string page_token = 7; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 8; -} - -// Response message for grouping by assets. -message GroupAssetsResponse { - // Group results. There exists an element for each existing unique - // combination of property/values. The element contains a count for the number - // of times those specific property/values appear. - repeated GroupResult group_by_results = 1; - - // Time used for executing the groupBy request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; -} - -// Request message for grouping by findings. -message GroupFindingsRequest { - // Required. Name of the source to groupBy. Its format is - // "organizations/[organization_id]/sources/[source_id]". To groupBy across - // all sources provide a source_id of `-`. For example: - // organizations/{organization_id}/sources/- - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Expression that defines the filter to apply across findings. - // The expression is a list of one or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are not supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. Examples include: - // - // * name - // * source_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // For example, `source_properties.size = 100` is a valid filter string. - string filter = 2; - - // Required. Expression that defines what assets fields to use for grouping (including - // `state`). The string value should follow SQL syntax: comma separated list - // of fields. For example: - // "parent,resource_name". - // - // The following fields are supported: - // - // * resource_name - // * category - // * state - // * parent - string group_by = 3 [(google.api.field_behavior) = REQUIRED]; - - // Time used as a reference point when filtering findings. The filter is - // limited to findings existing at the supplied time and their values are - // those at that specific time. Absence of this field will default to the - // API's version of NOW. - google.protobuf.Timestamp read_time = 4; - - // The value returned by the last `GroupFindingsResponse`; indicates - // that this is a continuation of a prior `GroupFindings` call, and - // that the system should return the next page of data. - string page_token = 5; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 6; -} - -// Response message for group by findings. -message GroupFindingsResponse { - // Group results. There exists an element for each existing unique - // combination of property/values. The element contains a count for the number - // of times those specific property/values appear. - repeated GroupResult group_by_results = 1; - - // Time used for executing the groupBy request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; -} - -// Result containing the properties and count of a groupBy request. -message GroupResult { - // Properties matching the groupBy fields in the request. - map properties = 1; - - // Total count of resources for the given properties. - int64 count = 2; -} - -// Request message for listing sources. -message ListSourcesRequest { - // Required. Resource name of the parent of sources to list. Its format should be - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // The value returned by the last `ListSourcesResponse`; indicates - // that this is a continuation of a prior `ListSources` call, and - // that the system should return the next page of data. - string page_token = 2; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 7; -} - -// Response message for listing sources. -message ListSourcesResponse { - // Sources belonging to the requested parent. - repeated Source sources = 1; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 2; -} - -// Request message for listing assets. -message ListAssetsRequest { - // Required. Name of the organization assets should belong to. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Expression that defines the filter to apply across assets. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are not supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. The fields map to those - // defined in the Asset resource. Examples include: - // - // * name - // * security_center_properties.resource_name - // * resource_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // For example, `resource_properties.size = 100` is a valid filter string. - string filter = 2; - - // Expression that defines what fields and order to use for sorting. The - // string value should follow SQL syntax: comma separated list of fields. For - // example: "name,resource_properties.a_property". The default sorting order - // is ascending. To specify descending order for a field, a suffix " desc" - // should be appended to the field name. For example: "name - // desc,resource_properties.a_property". Redundant space characters in the - // syntax are insignificant. "name desc,resource_properties.a_property" and " - // name desc , resource_properties.a_property " are equivalent. - string order_by = 3; - - // Time used as a reference point when filtering assets. The filter is limited - // to assets existing at the supplied time and their values are those at that - // specific time. Absence of this field will default to the API's version of - // NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the ListAssetResult's "state" attribute is - // updated to indicate whether the asset was added, removed, or remained - // present during the compare_duration period of time that precedes the - // read_time. This is the time between (read_time - - // compare_duration) and read_time. - // - // The state value is derived based on the presence of the asset at the two - // points in time. Intermediate state changes between the two times don't - // affect the result. For example, the results aren't affected if the asset is - // removed and re-created again. - // - // Possible "state" values when compare_duration is specified: - // - // * "ADDED": indicates that the asset was not present before - // compare_duration, but present at read_time. - // * "REMOVED": indicates that the asset was present at the start of - // compare_duration, but not present at read_time. - // * "ACTIVE": indicates that the asset was present at both the - // start and the end of the time period defined by - // compare_duration and read_time. - // - // If compare_duration is not specified, then the only possible state is - // "UNUSED", which indicates that the asset is present at read_time. - google.protobuf.Duration compare_duration = 5; - - // Optional. A field mask to specify the ListAssetsResult fields to be listed in the - // response. - // An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7 [(google.api.field_behavior) = OPTIONAL]; - - // The value returned by the last `ListAssetsResponse`; indicates - // that this is a continuation of a prior `ListAssets` call, and - // that the system should return the next page of data. - string page_token = 8; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 9; -} - -// Response message for listing assets. -message ListAssetsResponse { - // Result containing the Asset and its State. - message ListAssetsResult { - // State of the asset. - // - // When querying across two points in time this describes - // the change between the two points: ADDED, REMOVED, or ACTIVE. - // If there was no compare_duration supplied in the request the state should - // be: UNUSED - enum State { - // Unspecified state. - STATE_UNSPECIFIED = 0; - - // Request did not specify use of this field in the result. - UNUSED = 1; - - // Asset was added between the points in time. - ADDED = 2; - - // Asset was removed between the points in time. - REMOVED = 3; - - // Asset was active at both point(s) in time. - ACTIVE = 4; - } - - // Asset matching the search request. - Asset asset = 1; - - // State of the asset. - State state = 2; - } - - // Assets matching the list request. - repeated ListAssetsResult list_assets_results = 1; - - // Time used for executing the list request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of assets matching the query. - int32 total_size = 4; -} - -// Request message for listing findings. -message ListFindingsRequest { - // Required. Name of the source the findings belong to. Its format is - // "organizations/[organization_id]/sources/[source_id]". To list across all - // sources provide a source_id of `-`. For example: - // organizations/{organization_id}/sources/- - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Expression that defines the filter to apply across findings. - // The expression is a list of one or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are not supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. Examples include: - // - // * name - // * source_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // For example, `source_properties.size = 100` is a valid filter string. - string filter = 2; - - // Expression that defines what fields and order to use for sorting. The - // string value should follow SQL syntax: comma separated list of fields. For - // example: "name,resource_properties.a_property". The default sorting order - // is ascending. To specify descending order for a field, a suffix " desc" - // should be appended to the field name. For example: "name - // desc,source_properties.a_property". Redundant space characters in the - // syntax are insignificant. "name desc,source_properties.a_property" and " - // name desc , source_properties.a_property " are equivalent. - string order_by = 3; - - // Time used as a reference point when filtering findings. The filter is - // limited to findings existing at the supplied time and their values are - // those at that specific time. Absence of this field will default to the - // API's version of NOW. - google.protobuf.Timestamp read_time = 4; - - // Optional. A field mask to specify the Finding fields to be listed in the response. - // An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 5 [(google.api.field_behavior) = OPTIONAL]; - - // The value returned by the last `ListFindingsResponse`; indicates - // that this is a continuation of a prior `ListFindings` call, and - // that the system should return the next page of data. - string page_token = 6; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 7; -} - -// Response message for listing findings. -message ListFindingsResponse { - // Findings matching the list request. - repeated Finding findings = 1; - - // Time used for executing the list request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of findings matching the query. - int32 total_size = 4; -} - -// Request message for updating a finding's state. -message SetFindingStateRequest { - // Required. The relative resource name of the finding. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Finding" - } - ]; - - // Required. The desired State of the finding. - Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The time at which the updated state takes effect. - google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for running asset discovery for an organization. -message RunAssetDiscoveryRequest { - // Required. Name of the organization to run asset discovery for. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; -} - -// Request message for updating or creating a finding. -message UpdateFindingRequest { - // Required. The finding resource to update or create if it does not already exist. - // parent, security_marks, and update_time will be ignored. - // - // In the case of creation, the finding id portion of the name must - // alphanumeric and less than or equal to 32 characters and greater than 0 - // characters in length. - Finding finding = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the finding resource. This field should - // not be specified when creating a finding. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating an organization's settings. -message UpdateOrganizationSettingsRequest { - // Required. The organization settings resource to update. - OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the settings resource. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a source. -message UpdateSourceRequest { - // Required. The source resource to update. - Source source = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the source resource. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a SecurityMarks resource. -message UpdateSecurityMarksRequest { - // Required. The security marks resource to update. - SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the security marks resource. - google.protobuf.FieldMask update_mask = 2; - - // The time at which the updated SecurityMarks take effect. - google.protobuf.Timestamp start_time = 3; -} diff --git a/google/cloud/securitycenter_v1beta1/proto/source.proto b/google/cloud/securitycenter_v1beta1/proto/source.proto deleted file mode 100644 index fb1e6c6a..00000000 --- a/google/cloud/securitycenter_v1beta1/proto/source.proto +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1beta1; - -import "google/api/resource.proto"; -import "google/api/annotations.proto"; - -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1beta1"; - -// Security Command Center finding source. A finding source -// is an entity or a mechanism that can produce a finding. A source is like a -// container of findings that come from the same scanner, logger, monitor, etc. -message Source { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Source" - pattern: "organizations/{organization}/sources/{source}" - }; - - // The relative resource name of this source. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}" - string name = 1; - - // The source's display name. - // A source's display name must be unique amongst its siblings, for example, - // two sources with the same parent can't share the same display name. - // The display name must have a length between 1 and 64 characters - // (inclusive). - string display_name = 2; - - // The description of the source (max of 1024 characters). - // Example: - // "Web Security Scanner is a web security scanner for common - // vulnerabilities in App Engine applications. It can automatically - // scan and detect four common vulnerabilities, including cross-site-scripting - // (XSS), Flash injection, mixed content (HTTP in HTTPS), and - // outdated/insecure libraries." - string description = 3; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/asset.proto b/google/cloud/securitycenter_v1p1beta1/proto/asset.proto deleted file mode 100644 index bfcae368..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/asset.proto +++ /dev/null @@ -1,121 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1p1beta1/security_marks.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// Security Command Center representation of a Google Cloud -// resource. -// -// The Asset is a Security Command Center resource that captures information -// about a single Google Cloud resource. All modifications to an Asset are only -// within the context of Security Command Center and don't affect the referenced -// Google Cloud resource. -message Asset { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Asset" - pattern: "organizations/{organization}/assets/{asset}" - }; - - // Security Command Center managed properties. These properties are managed by - // Security Command Center and cannot be modified by the user. - message SecurityCenterProperties { - // The full resource name of the Google Cloud resource this asset - // represents. This field is immutable after create time. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_name = 1; - - // The type of the Google Cloud resource. Examples include: APPLICATION, - // PROJECT, and ORGANIZATION. This is a case insensitive field defined by - // Security Command Center and/or the producer of the resource and is - // immutable after create time. - string resource_type = 2; - - // The full resource name of the immediate parent of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_parent = 3; - - // The full resource name of the project the resource belongs to. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string resource_project = 4; - - // Owners of the Google Cloud resource. - repeated string resource_owners = 5; - - // The user defined display name for this resource. - string resource_display_name = 6; - - // The user defined display name for the parent of this resource. - string resource_parent_display_name = 7; - - // The user defined display name for the project of this resource. - string resource_project_display_name = 8; - } - - // Cloud IAM Policy information associated with the Google Cloud resource - // described by the Security Command Center asset. This information is managed - // and defined by the Google Cloud resource and cannot be modified by the - // user. - message IamPolicy { - // The JSON representation of the Policy associated with the asset. - // See https://cloud.google.com/iam/docs/reference/rest/v1/Policy for - // format details. - string policy_blob = 1; - } - - // The relative resource name of this asset. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/assets/{asset_id}". - string name = 1; - - // Security Command Center managed properties. These properties are managed by - // Security Command Center and cannot be modified by the user. - SecurityCenterProperties security_center_properties = 2; - - // Resource managed properties. These properties are managed and defined by - // the Google Cloud resource and cannot be modified by the user. - map resource_properties = 7; - - // User specified security marks. These marks are entirely managed by the user - // and come from the SecurityMarks resource that belongs to the asset. - SecurityMarks security_marks = 8; - - // The time at which the asset was created in Security Command Center. - google.protobuf.Timestamp create_time = 9; - - // The time at which the asset was last updated, added, or deleted in Cloud - // SCC. - google.protobuf.Timestamp update_time = 10; - - // Cloud IAM Policy information associated with the Google Cloud resource - // described by the Security Command Center asset. This information is managed - // and defined by the Google Cloud resource and cannot be modified by the - // user. - IamPolicy iam_policy = 11; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/finding.proto b/google/cloud/securitycenter_v1p1beta1/proto/finding.proto deleted file mode 100644 index 551f1cee..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/finding.proto +++ /dev/null @@ -1,135 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1p1beta1/security_marks.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// Security Command Center finding. -// -// A finding is a record of assessment data (security, risk, health or privacy) -// ingested into Security Command Center for presentation, notification, -// analysis, policy testing, and enforcement. For example, an XSS vulnerability -// in an App Engine application is a finding. -message Finding { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Finding" - pattern: "organizations/{organization}/sources/{source}/findings/{finding}" - }; - - // The state of the finding. - enum State { - // Unspecified state. - STATE_UNSPECIFIED = 0; - - // The finding requires attention and has not been addressed yet. - ACTIVE = 1; - - // The finding has been fixed, triaged as a non-issue or otherwise addressed - // and is no longer active. - INACTIVE = 2; - } - - // The severity of the finding. This field is managed by the source that - // writes the finding. - enum Severity { - // No severity specified. The default value. - SEVERITY_UNSPECIFIED = 0; - - // Critical severity. - CRITICAL = 1; - - // High severity. - HIGH = 2; - - // Medium severity. - MEDIUM = 3; - - // Low severity. - LOW = 4; - } - - // The relative resource name of this finding. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}" - string name = 1; - - // The relative resource name of the source the finding belongs to. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // This field is immutable after creation time. - // For example: - // "organizations/{organization_id}/sources/{source_id}" - string parent = 2; - - // For findings on Google Cloud resources, the full resource - // name of the Google Cloud resource this finding is for. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - // When the finding is for a non-Google Cloud resource, the resourceName can - // be a customer or partner defined string. This field is immutable after - // creation time. - string resource_name = 3; - - // The state of the finding. - State state = 4; - - // The additional taxonomy group within findings from a given source. - // This field is immutable after creation time. - // Example: "XSS_FLASH_INJECTION" - string category = 5; - - // The URI that, if available, points to a web page outside of Security - // Command Center where additional information about the finding can be found. - // This field is guaranteed to be either empty or a well formed URL. - string external_uri = 6; - - // Source specific properties. These properties are managed by the source - // that writes the finding. The key names in the source_properties map must be - // between 1 and 255 characters, and must start with a letter and contain - // alphanumeric characters or underscores only. - map source_properties = 7; - - // Output only. User specified security marks. These marks are entirely - // managed by the user and come from the SecurityMarks resource that belongs - // to the finding. - SecurityMarks security_marks = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // The time at which the event took place, or when an update to the finding - // occurred. For example, if the finding represents an open firewall it would - // capture the time the detector believes the firewall became open. The - // accuracy is determined by the detector. If the finding were to be resolved - // afterward, this time would reflect when the finding was resolved. - google.protobuf.Timestamp event_time = 9; - - // The time at which the finding was created in Security Command Center. - google.protobuf.Timestamp create_time = 10; - - // The severity of the finding. This field is managed by the source that - // writes the finding. - Severity severity = 13; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/notification_config.proto b/google/cloud/securitycenter_v1p1beta1/proto/notification_config.proto deleted file mode 100644 index 6f9e5966..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/notification_config.proto +++ /dev/null @@ -1,108 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -option (google.api.resource_definition) = { - type: "pubsub.googleapis.com/Topic" - pattern: "projects/{project}/topics/{topic}" -}; - -// Security Command Center notification configs. -// -// A notification config is a Security Command Center resource that contains the -// configuration to send notifications for create/update events of findings, -// assets and etc. -message NotificationConfig { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/NotificationConfig" - pattern: "organizations/{organization}/notificationConfigs/{notification_config}" - }; - - // The config for streaming-based notifications, which send each event as soon - // as it is detected. - message StreamingConfig { - // Expression that defines the filter to apply across create/update events - // of assets or findings as specified by the event type. The expression is a - // list of zero or more restrictions combined via logical operators `AND` - // and `OR`. Parentheses are supported, and `OR` has higher precedence than - // `AND`. - // - // Restrictions have the form ` ` and may have a - // `-` character in front of them to indicate negation. The fields map to - // those defined in the corresponding resource. - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - string filter = 1; - } - - // The type of events. - enum EventType { - // Unspecified event type. - EVENT_TYPE_UNSPECIFIED = 0; - - // Events for findings. - FINDING = 1; - } - - // The relative resource name of this notification config. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/notificationConfigs/notify_public_bucket". - string name = 1; - - // The description of the notification config (max of 1024 characters). - string description = 2; - - // The type of events the config is for, e.g. FINDING. - EventType event_type = 3; - - // The Pub/Sub topic to send notifications to. Its format is - // "projects/[project_id]/topics/[topic]". - string pubsub_topic = 4 [ - (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } - ]; - - // Output only. The service account that needs "pubsub.topics.publish" - // permission to publish to the Pub/Sub topic. - string service_account = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // The config for triggering notifications. - oneof notify_config { - // The config for triggering streaming-based notifications. - StreamingConfig streaming_config = 6; - } -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/notification_message.proto b/google/cloud/securitycenter_v1p1beta1/proto/notification_message.proto deleted file mode 100644 index fd3c23b6..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/notification_message.proto +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/cloud/securitycenter/v1p1beta1/asset.proto"; -import "google/cloud/securitycenter/v1p1beta1/finding.proto"; -import "google/cloud/securitycenter/v1p1beta1/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// Security Command Center's Notification -message NotificationMessage { - // Name of the notification config that generated current notification. - string notification_config_name = 1; - - // Notification Event. - oneof event { - // If it's a Finding based notification config, this field will be - // populated. - Finding finding = 2; - } - - // The Cloud resource tied to the notification. - Resource resource = 3; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/organization_settings.proto b/google/cloud/securitycenter_v1p1beta1/proto/organization_settings.proto deleted file mode 100644 index 1be72dd7..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/organization_settings.proto +++ /dev/null @@ -1,82 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// User specified settings that are attached to the Security Command -// Center organization. -message OrganizationSettings { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/OrganizationSettings" - pattern: "organizations/{organization}/organizationSettings" - }; - - // The configuration used for Asset Discovery runs. - message AssetDiscoveryConfig { - // The mode of inclusion when running Asset Discovery. - // Asset discovery can be limited by explicitly identifying projects to be - // included or excluded. If INCLUDE_ONLY is set, then only those projects - // within the organization and their children are discovered during asset - // discovery. If EXCLUDE is set, then projects that don't match those - // projects are discovered during asset discovery. If neither are set, then - // all projects within the organization are discovered during asset - // discovery. - enum InclusionMode { - // Unspecified. Setting the mode with this value will disable - // inclusion/exclusion filtering for Asset Discovery. - INCLUSION_MODE_UNSPECIFIED = 0; - - // Asset Discovery will capture only the resources within the projects - // specified. All other resources will be ignored. - INCLUDE_ONLY = 1; - - // Asset Discovery will ignore all resources under the projects specified. - // All other resources will be retrieved. - EXCLUDE = 2; - } - - // The project ids to use for filtering asset discovery. - repeated string project_ids = 1; - - // The mode to use for filtering asset discovery. - InclusionMode inclusion_mode = 2; - } - - // The relative resource name of the settings. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/organizationSettings". - string name = 1; - - // A flag that indicates if Asset Discovery should be enabled. If the flag is - // set to `true`, then discovery of assets will occur. If it is set to `false, - // all historical assets will remain, but discovery of future assets will not - // occur. - bool enable_asset_discovery = 2; - - // The configuration used for Asset Discovery runs. - AssetDiscoveryConfig asset_discovery_config = 3; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/resource.proto b/google/cloud/securitycenter_v1p1beta1/proto/resource.proto deleted file mode 100644 index 6b857099..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/resource.proto +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_outer_classname = "ResourceProto"; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// Information related to the Google Cloud resource. -message Resource { - // The full resource name of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string name = 1; - - // The full resource name of project that the resource belongs to. - string project = 2; - - // The human readable name of project that the resource belongs to. - string project_display_name = 3; - - // The full resource name of resource's parent. - string parent = 4; - - // The human readable name of resource's parent. - string parent_display_name = 5; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/run_asset_discovery_response.proto b/google/cloud/securitycenter_v1p1beta1/proto/run_asset_discovery_response.proto deleted file mode 100644 index 720ffc4f..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/run_asset_discovery_response.proto +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// Response of asset discovery run -message RunAssetDiscoveryResponse { - // The state of an asset discovery run. - enum State { - // Asset discovery run state was unspecified. - STATE_UNSPECIFIED = 0; - - // Asset discovery run completed successfully. - COMPLETED = 1; - - // Asset discovery run was cancelled with tasks still pending, as another - // run for the same organization was started with a higher priority. - SUPERSEDED = 2; - - // Asset discovery run was killed and terminated. - TERMINATED = 3; - } - - // The state of an asset discovery run. - State state = 1; - - // The duration between asset discovery run start and end - google.protobuf.Duration duration = 2; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/security_marks.proto b/google/cloud/securitycenter_v1p1beta1/proto/security_marks.proto deleted file mode 100644 index 11a1dd85..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/security_marks.proto +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// User specified security marks that are attached to the parent Security -// Command Center resource. Security marks are scoped within a Security Command -// Center organization -- they can be modified and viewed by all users who have -// proper permissions on the organization. -message SecurityMarks { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/SecurityMarks" - pattern: "organizations/{organization}/assets/{asset}/securityMarks" - pattern: "organizations/{organization}/sources/{source}/findings/{finding}/securityMarks" - }; - - // The relative resource name of the SecurityMarks. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Examples: - // "organizations/{organization_id}/assets/{asset_id}/securityMarks" - // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks". - string name = 1; - - // Mutable user specified security marks belonging to the parent resource. - // Constraints are as follows: - // - // * Keys and values are treated as case insensitive - // * Keys must be between 1 - 256 characters (inclusive) - // * Keys must be letters, numbers, underscores, or dashes - // * Values have leading and trailing whitespace trimmed, remaining - // characters must be between 1 - 4096 characters (inclusive) - map marks = 2; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/securitycenter_service.proto b/google/cloud/securitycenter_v1p1beta1/proto/securitycenter_service.proto deleted file mode 100644 index f8f1580f..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/securitycenter_service.proto +++ /dev/null @@ -1,1268 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import public "google/cloud/securitycenter/v1p1beta1/notification_message.proto"; -import public "google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto"; -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/securitycenter/v1p1beta1/asset.proto"; -import "google/cloud/securitycenter/v1p1beta1/finding.proto"; -import "google/cloud/securitycenter/v1p1beta1/notification_config.proto"; -import "google/cloud/securitycenter/v1p1beta1/organization_settings.proto"; -import "google/cloud/securitycenter/v1p1beta1/security_marks.proto"; -import "google/cloud/securitycenter/v1p1beta1/source.proto"; -import "google/iam/v1/iam_policy.proto"; -import "google/iam/v1/policy.proto"; -import "google/longrunning/operations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// V1p1Beta1 APIs for Security Center service. -service SecurityCenter { - option (google.api.default_host) = "securitycenter.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Creates a source. - rpc CreateSource(CreateSourceRequest) returns (Source) { - option (google.api.http) = { - post: "/v1p1beta1/{parent=organizations/*}/sources" - body: "source" - }; - option (google.api.method_signature) = "parent,source"; - } - - // Creates a finding. The corresponding source must exist for finding - // creation to succeed. - rpc CreateFinding(CreateFindingRequest) returns (Finding) { - option (google.api.http) = { - post: "/v1p1beta1/{parent=organizations/*/sources/*}/findings" - body: "finding" - }; - option (google.api.method_signature) = "parent,finding_id,finding"; - option (google.api.method_signature) = "parent,finding,finding_id"; - } - - // Creates a notification config. - rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) { - option (google.api.http) = { - post: "/v1p1beta1/{parent=organizations/*}/notificationConfigs" - body: "notification_config" - }; - option (google.api.method_signature) = "parent,config_id,notification_config"; - option (google.api.method_signature) = "parent,notification_config"; - } - - // Deletes a notification config. - rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v1p1beta1/{name=organizations/*/notificationConfigs/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets the access control policy on the specified Source. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { - option (google.api.http) = { - post: "/v1p1beta1/{resource=organizations/*/sources/*}:getIamPolicy" - body: "*" - }; - option (google.api.method_signature) = "resource"; - } - - // Gets a notification config. - rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) { - option (google.api.http) = { - get: "/v1p1beta1/{name=organizations/*/notificationConfigs/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets the settings for an organization. - rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { - option (google.api.http) = { - get: "/v1p1beta1/{name=organizations/*/organizationSettings}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets a source. - rpc GetSource(GetSourceRequest) returns (Source) { - option (google.api.http) = { - get: "/v1p1beta1/{name=organizations/*/sources/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Filters an organization's assets and groups them by their specified - // properties. - rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) { - option (google.api.http) = { - post: "/v1p1beta1/{parent=organizations/*}/assets:group" - body: "*" - }; - } - - // Filters an organization or source's findings and groups them by their - // specified properties. - // - // To group across all sources provide a `-` as the source id. - // Example: /v1p1beta1/organizations/{organization_id}/sources/-/findings - rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) { - option (google.api.http) = { - post: "/v1p1beta1/{parent=organizations/*/sources/*}/findings:group" - body: "*" - }; - option (google.api.method_signature) = "parent,group_by"; - } - - // Lists an organization's assets. - rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { - option (google.api.http) = { - get: "/v1p1beta1/{parent=organizations/*}/assets" - }; - option (google.api.method_signature) = "parent"; - } - - // Lists an organization or source's findings. - // - // To list across all sources provide a `-` as the source id. - // Example: /v1p1beta1/organizations/{organization_id}/sources/-/findings - rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { - option (google.api.http) = { - get: "/v1p1beta1/{parent=organizations/*/sources/*}/findings" - }; - option (google.api.method_signature) = "parent"; - } - - // Lists notification configs. - rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) { - option (google.api.http) = { - get: "/v1p1beta1/{parent=organizations/*}/notificationConfigs" - }; - option (google.api.method_signature) = "parent"; - } - - // Lists all sources belonging to an organization. - rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { - option (google.api.http) = { - get: "/v1p1beta1/{parent=organizations/*}/sources" - }; - option (google.api.method_signature) = "parent"; - } - - // Runs asset discovery. The discovery is tracked with a long-running - // operation. - // - // This API can only be called with limited frequency for an organization. If - // it is called too frequently the caller will receive a TOO_MANY_REQUESTS - // error. - rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1p1beta1/{parent=organizations/*}/assets:runDiscovery" - body: "*" - }; - option (google.api.method_signature) = "parent"; - option (google.longrunning.operation_info) = { - response_type: "google.cloud.securitycenter.v1p1beta1.RunAssetDiscoveryResponse" - metadata_type: "google.protobuf.Empty" - }; - } - - // Updates the state of a finding. - rpc SetFindingState(SetFindingStateRequest) returns (Finding) { - option (google.api.http) = { - post: "/v1p1beta1/{name=organizations/*/sources/*/findings/*}:setState" - body: "*" - }; - option (google.api.method_signature) = "name,state,start_time"; - } - - // Sets the access control policy on the specified Source. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { - option (google.api.http) = { - post: "/v1p1beta1/{resource=organizations/*/sources/*}:setIamPolicy" - body: "*" - }; - option (google.api.method_signature) = "resource,policy"; - } - - // Returns the permissions that a caller has on the specified source. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { - option (google.api.http) = { - post: "/v1p1beta1/{resource=organizations/*/sources/*}:testIamPermissions" - body: "*" - }; - option (google.api.method_signature) = "resource,permissions"; - } - - // Creates or updates a finding. The corresponding source must exist for a - // finding creation to succeed. - rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { - option (google.api.http) = { - patch: "/v1p1beta1/{finding.name=organizations/*/sources/*/findings/*}" - body: "finding" - }; - option (google.api.method_signature) = "finding"; - option (google.api.method_signature) = "finding,update_mask"; - } - - // Updates a notification config. The following update - // fields are allowed: description, pubsub_topic, streaming_config.filter - rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) { - option (google.api.http) = { - patch: "/v1p1beta1/{notification_config.name=organizations/*/notificationConfigs/*}" - body: "notification_config" - }; - option (google.api.method_signature) = "notification_config"; - option (google.api.method_signature) = "notification_config,update_mask"; - } - - // Updates an organization's settings. - rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { - option (google.api.http) = { - patch: "/v1p1beta1/{organization_settings.name=organizations/*/organizationSettings}" - body: "organization_settings" - }; - option (google.api.method_signature) = "organization_settings"; - } - - // Updates a source. - rpc UpdateSource(UpdateSourceRequest) returns (Source) { - option (google.api.http) = { - patch: "/v1p1beta1/{source.name=organizations/*/sources/*}" - body: "source" - }; - option (google.api.method_signature) = "source"; - option (google.api.method_signature) = "source,update_mask"; - } - - // Updates security marks. - rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) { - option (google.api.http) = { - patch: "/v1p1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}" - body: "security_marks" - additional_bindings { - patch: "/v1p1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}" - body: "security_marks" - } - }; - option (google.api.method_signature) = "security_marks"; - option (google.api.method_signature) = "security_marks,update_mask"; - } -} - -// Request message for creating a finding. -message CreateFindingRequest { - // Required. Resource name of the new finding's parent. Its format should be - // "organizations/[organization_id]/sources/[source_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Required. Unique identifier provided by the client within the parent scope. - string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The Finding being created. The name and security_marks will be ignored as - // they are both output only fields on this resource. - Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for creating a notification config. -message CreateNotificationConfigRequest { - // Required. Resource name of the new notification config's parent. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Required. Unique identifier provided by the client within the parent scope. - // It must be between 1 and 128 characters, and contains alphanumeric - // characters, underscores or hyphens only. - string config_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The notification config being created. The name and the service account - // will be ignored as they are both output only fields on this resource. - NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for creating a source. -message CreateSourceRequest { - // Required. Resource name of the new source's parent. Its format should be - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Required. The Source being created, only the display_name and description will be - // used. All other fields will be ignored. - Source source = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for deleting a notification config. -message DeleteNotificationConfigRequest { - // Required. Name of the notification config to delete. Its format is - // "organizations/[organization_id]/notificationConfigs/[config_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/NotificationConfig" - } - ]; -} - -// Request message for getting a notification config. -message GetNotificationConfigRequest { - // Required. Name of the notification config to get. Its format is - // "organizations/[organization_id]/notificationConfigs/[config_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/NotificationConfig" - } - ]; -} - -// Request message for getting organization settings. -message GetOrganizationSettingsRequest { - // Required. Name of the organization to get organization settings for. Its format is - // "organizations/[organization_id]/organizationSettings". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/OrganizationSettings" - } - ]; -} - -// Request message for getting a source. -message GetSourceRequest { - // Required. Relative resource name of the source. Its format is - // "organizations/[organization_id]/source/[source_id]". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; -} - -// Request message for grouping by assets. -message GroupAssetsRequest { - // Required. Name of the organization to groupBy. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Expression that defines the filter to apply across assets. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. The fields map to those - // defined in the Asset resource. Examples include: - // - // * name - // * security_center_properties.resource_name - // * resource_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following field and operator combinations are supported: - // - // * name: `=` - // * update_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `update_time = "2019-06-10T16:07:18-07:00"` - // `update_time = 1560208038000` - // - // * create_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `create_time = "2019-06-10T16:07:18-07:00"` - // `create_time = 1560208038000` - // - // * iam_policy.policy_blob: `=`, `:` - // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // * security_marks.marks: `=`, `:` - // * security_center_properties.resource_name: `=`, `:` - // * security_center_properties.resource_name_display_name: `=`, `:` - // * security_center_properties.resource_type: `=`, `:` - // * security_center_properties.resource_parent: `=`, `:` - // * security_center_properties.resource_parent_display_name: `=`, `:` - // * security_center_properties.resource_project: `=`, `:` - // * security_center_properties.resource_project_display_name: `=`, `:` - // * security_center_properties.resource_owners: `=`, `:` - // - // For example, `resource_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `resource_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-resource_properties.my_property : ""` - string filter = 2; - - // Required. Expression that defines what assets fields to use for grouping. The string - // value should follow SQL syntax: comma separated list of fields. For - // example: - // "security_center_properties.resource_project,security_center_properties.project". - // - // The following fields are supported when compare_duration is not set: - // - // * security_center_properties.resource_project - // * security_center_properties.resource_project_display_name - // * security_center_properties.resource_type - // * security_center_properties.resource_parent - // * security_center_properties.resource_parent_display_name - // - // The following fields are supported when compare_duration is set: - // - // * security_center_properties.resource_type - // * security_center_properties.resource_project_display_name - // * security_center_properties.resource_parent_display_name - string group_by = 3 [(google.api.field_behavior) = REQUIRED]; - - // When compare_duration is set, the GroupResult's "state_change" property is - // updated to indicate whether the asset was added, removed, or remained - // present during the compare_duration period of time that precedes the - // read_time. This is the time between (read_time - compare_duration) and - // read_time. - // - // The state change value is derived based on the presence of the asset at the - // two points in time. Intermediate state changes between the two times don't - // affect the result. For example, the results aren't affected if the asset is - // removed and re-created again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "ADDED": indicates that the asset was not present at the start of - // compare_duration, but present at reference_time. - // * "REMOVED": indicates that the asset was present at the start of - // compare_duration, but not present at reference_time. - // * "ACTIVE": indicates that the asset was present at both the - // start and the end of the time period defined by - // compare_duration and reference_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all assets present at - // read_time. - // - // If this field is set then `state_change` must be a specified field in - // `group_by`. - google.protobuf.Duration compare_duration = 4; - - // Time used as a reference point when filtering assets. The filter is limited - // to assets existing at the supplied time and their values are those at that - // specific time. Absence of this field will default to the API's version of - // NOW. - google.protobuf.Timestamp read_time = 5; - - // The value returned by the last `GroupAssetsResponse`; indicates - // that this is a continuation of a prior `GroupAssets` call, and that the - // system should return the next page of data. - string page_token = 7; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 8; -} - -// Response message for grouping by assets. -message GroupAssetsResponse { - // Group results. There exists an element for each existing unique - // combination of property/values. The element contains a count for the number - // of times those specific property/values appear. - repeated GroupResult group_by_results = 1; - - // Time used for executing the groupBy request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of results matching the query. - int32 total_size = 4; -} - -// Request message for grouping by findings. -message GroupFindingsRequest { - // Required. Name of the source to groupBy. Its format is - // "organizations/[organization_id]/sources/[source_id]". To groupBy across - // all sources provide a source_id of `-`. For example: - // organizations/{organization_id}/sources/- - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Expression that defines the filter to apply across findings. - // The expression is a list of one or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. Examples include: - // - // * name - // * source_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following field and operator combinations are supported: - // - // * name: `=` - // * parent: `=`, `:` - // * resource_name: `=`, `:` - // * state: `=`, `:` - // * category: `=`, `:` - // * external_uri: `=`, `:` - // * event_time: `=`, `>`, `<`, `>=`, `<=` - // * severity: `=`, `:` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `event_time = "2019-06-10T16:07:18-07:00"` - // `event_time = 1560208038000` - // - // * security_marks.marks: `=`, `:` - // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // - // For example, `source_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `source_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-source_properties.my_property : ""` - string filter = 2; - - // Required. Expression that defines what assets fields to use for grouping (including - // `state_change`). The string value should follow SQL syntax: comma separated - // list of fields. For example: "parent,resource_name". - // - // The following fields are supported: - // - // * resource_name - // * category - // * state - // * parent - // * severity - // - // The following fields are supported when compare_duration is set: - // - // * state_change - string group_by = 3 [(google.api.field_behavior) = REQUIRED]; - - // Time used as a reference point when filtering findings. The filter is - // limited to findings existing at the supplied time and their values are - // those at that specific time. Absence of this field will default to the - // API's version of NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the GroupResult's "state_change" attribute is - // updated to indicate whether the finding had its state changed, the - // finding's state remained unchanged, or if the finding was added during the - // compare_duration period of time that precedes the read_time. This is the - // time between (read_time - compare_duration) and read_time. - // - // The state_change value is derived based on the presence and state of the - // finding at the two points in time. Intermediate state changes between the - // two times don't affect the result. For example, the results aren't affected - // if the finding is made inactive and then active again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "CHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration, but changed its - // state at read_time. - // * "UNCHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration and did not change - // state at read_time. - // * "ADDED": indicates that the finding did not match the given filter or - // was not present at the start of compare_duration, but was - // present at read_time. - // * "REMOVED": indicates that the finding was present and matched the - // filter at the start of compare_duration, but did not match - // the filter at read_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all findings present - // at read_time. - // - // If this field is set then `state_change` must be a specified field in - // `group_by`. - google.protobuf.Duration compare_duration = 5; - - // The value returned by the last `GroupFindingsResponse`; indicates - // that this is a continuation of a prior `GroupFindings` call, and - // that the system should return the next page of data. - string page_token = 7; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 8; -} - -// Response message for group by findings. -message GroupFindingsResponse { - // Group results. There exists an element for each existing unique - // combination of property/values. The element contains a count for the number - // of times those specific property/values appear. - repeated GroupResult group_by_results = 1; - - // Time used for executing the groupBy request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of results matching the query. - int32 total_size = 4; -} - -// Result containing the properties and count of a groupBy request. -message GroupResult { - // Properties matching the groupBy fields in the request. - map properties = 1; - - // Total count of resources for the given properties. - int64 count = 2; -} - -// Request message for listing notification configs. -message ListNotificationConfigsRequest { - // Required. Name of the organization to list notification configs. - // Its format is "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // The value returned by the last `ListNotificationConfigsResponse`; indicates - // that this is a continuation of a prior `ListNotificationConfigs` call, and - // that the system should return the next page of data. - string page_token = 2; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 3; -} - -// Response message for listing notification configs. -message ListNotificationConfigsResponse { - // Notification configs belonging to the requested parent. - repeated NotificationConfig notification_configs = 1; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 2; -} - -// Request message for listing sources. -message ListSourcesRequest { - // Required. Resource name of the parent of sources to list. Its format should be - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // The value returned by the last `ListSourcesResponse`; indicates - // that this is a continuation of a prior `ListSources` call, and - // that the system should return the next page of data. - string page_token = 2; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 7; -} - -// Response message for listing sources. -message ListSourcesResponse { - // Sources belonging to the requested parent. - repeated Source sources = 1; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 2; -} - -// Request message for listing assets. -message ListAssetsRequest { - // Required. Name of the organization assets should belong to. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; - - // Expression that defines the filter to apply across assets. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. The fields map to those - // defined in the Asset resource. Examples include: - // - // * name - // * security_center_properties.resource_name - // * resource_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following are the allowed field and operator combinations: - // - // * name: `=` - // * update_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `update_time = "2019-06-10T16:07:18-07:00"` - // `update_time = 1560208038000` - // - // * create_time: `=`, `>`, `<`, `>=`, `<=` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `create_time = "2019-06-10T16:07:18-07:00"` - // `create_time = 1560208038000` - // - // * iam_policy.policy_blob: `=`, `:` - // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // * security_marks.marks: `=`, `:` - // * security_center_properties.resource_name: `=`, `:` - // * security_center_properties.resource_display_name: `=`, `:` - // * security_center_properties.resource_type: `=`, `:` - // * security_center_properties.resource_parent: `=`, `:` - // * security_center_properties.resource_parent_display_name: `=`, `:` - // * security_center_properties.resource_project: `=`, `:` - // * security_center_properties.resource_project_display_name: `=`, `:` - // * security_center_properties.resource_owners: `=`, `:` - // - // For example, `resource_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `resource_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-resource_properties.my_property : ""` - string filter = 2; - - // Expression that defines what fields and order to use for sorting. The - // string value should follow SQL syntax: comma separated list of fields. For - // example: "name,resource_properties.a_property". The default sorting order - // is ascending. To specify descending order for a field, a suffix " desc" - // should be appended to the field name. For example: "name - // desc,resource_properties.a_property". Redundant space characters in the - // syntax are insignificant. "name desc,resource_properties.a_property" and " - // name desc , resource_properties.a_property " are equivalent. - // - // The following fields are supported: - // name - // update_time - // resource_properties - // security_marks.marks - // security_center_properties.resource_name - // security_center_properties.resource_display_name - // security_center_properties.resource_parent - // security_center_properties.resource_parent_display_name - // security_center_properties.resource_project - // security_center_properties.resource_project_display_name - // security_center_properties.resource_type - string order_by = 3; - - // Time used as a reference point when filtering assets. The filter is limited - // to assets existing at the supplied time and their values are those at that - // specific time. Absence of this field will default to the API's version of - // NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the ListAssetsResult's "state_change" - // attribute is updated to indicate whether the asset was added, removed, or - // remained present during the compare_duration period of time that precedes - // the read_time. This is the time between (read_time - compare_duration) and - // read_time. - // - // The state_change value is derived based on the presence of the asset at the - // two points in time. Intermediate state changes between the two times don't - // affect the result. For example, the results aren't affected if the asset is - // removed and re-created again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "ADDED": indicates that the asset was not present at the start of - // compare_duration, but present at read_time. - // * "REMOVED": indicates that the asset was present at the start of - // compare_duration, but not present at read_time. - // * "ACTIVE": indicates that the asset was present at both the - // start and the end of the time period defined by - // compare_duration and read_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all assets present at - // read_time. - google.protobuf.Duration compare_duration = 5; - - // A field mask to specify the ListAssetsResult fields to be listed in the - // response. - // An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7; - - // The value returned by the last `ListAssetsResponse`; indicates - // that this is a continuation of a prior `ListAssets` call, and - // that the system should return the next page of data. - string page_token = 8; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 9; -} - -// Response message for listing assets. -message ListAssetsResponse { - // Result containing the Asset and its State. - message ListAssetsResult { - // The change in state of the asset. - // - // When querying across two points in time this describes - // the change between the two points: ADDED, REMOVED, or ACTIVE. - // If there was no compare_duration supplied in the request the state change - // will be: UNUSED - enum StateChange { - // State change is unused, this is the canonical default for this enum. - UNUSED = 0; - - // Asset was added between the points in time. - ADDED = 1; - - // Asset was removed between the points in time. - REMOVED = 2; - - // Asset was present at both point(s) in time. - ACTIVE = 3; - } - - // Asset matching the search request. - Asset asset = 1; - - // State change of the asset between the points in time. - StateChange state_change = 2; - } - - // Assets matching the list request. - repeated ListAssetsResult list_assets_results = 1; - - // Time used for executing the list request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of assets matching the query. - int32 total_size = 4; -} - -// Request message for listing findings. -message ListFindingsRequest { - // Required. Name of the source the findings belong to. Its format is - // "organizations/[organization_id]/sources/[source_id]". To list across all - // sources provide a source_id of `-`. For example: - // organizations/{organization_id}/sources/- - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Source" - } - ]; - - // Expression that defines the filter to apply across findings. - // The expression is a list of one or more restrictions combined via logical - // operators `AND` and `OR`. - // Parentheses are supported, and `OR` has higher precedence than `AND`. - // - // Restrictions have the form ` ` and may have a `-` - // character in front of them to indicate negation. Examples include: - // - // * name - // * source_properties.a_property - // * security_marks.marks.marka - // - // The supported operators are: - // - // * `=` for all value types. - // * `>`, `<`, `>=`, `<=` for integer values. - // * `:`, meaning substring matching, for strings. - // - // The supported value types are: - // - // * string literals in quotes. - // * integer literals without quotes. - // * boolean literals `true` and `false` without quotes. - // - // The following field and operator combinations are supported: - // - // * name: `=` - // * parent: `=`, `:` - // * resource_name: `=`, `:` - // * state: `=`, `:` - // * category: `=`, `:` - // * external_uri: `=`, `:` - // * event_time: `=`, `>`, `<`, `>=`, `<=` - // * severity: `=`, `:` - // - // Usage: This should be milliseconds since epoch or an RFC3339 string. - // Examples: - // `event_time = "2019-06-10T16:07:18-07:00"` - // `event_time = 1560208038000` - // - // security_marks.marks: `=`, `:` - // source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` - // - // For example, `source_properties.size = 100` is a valid filter string. - // - // Use a partial match on the empty string to filter based on a property - // existing: `source_properties.my_property : ""` - // - // Use a negated partial match on the empty string to filter based on a - // property not existing: `-source_properties.my_property : ""` - string filter = 2; - - // Expression that defines what fields and order to use for sorting. The - // string value should follow SQL syntax: comma separated list of fields. For - // example: "name,resource_properties.a_property". The default sorting order - // is ascending. To specify descending order for a field, a suffix " desc" - // should be appended to the field name. For example: "name - // desc,source_properties.a_property". Redundant space characters in the - // syntax are insignificant. "name desc,source_properties.a_property" and " - // name desc , source_properties.a_property " are equivalent. - // - // The following fields are supported: - // name - // parent - // state - // category - // resource_name - // event_time - // source_properties - // security_marks.marks - string order_by = 3; - - // Time used as a reference point when filtering findings. The filter is - // limited to findings existing at the supplied time and their values are - // those at that specific time. Absence of this field will default to the - // API's version of NOW. - google.protobuf.Timestamp read_time = 4; - - // When compare_duration is set, the ListFindingsResult's "state_change" - // attribute is updated to indicate whether the finding had its state changed, - // the finding's state remained unchanged, or if the finding was added in any - // state during the compare_duration period of time that precedes the - // read_time. This is the time between (read_time - compare_duration) and - // read_time. - // - // The state_change value is derived based on the presence and state of the - // finding at the two points in time. Intermediate state changes between the - // two times don't affect the result. For example, the results aren't affected - // if the finding is made inactive and then active again. - // - // Possible "state_change" values when compare_duration is specified: - // - // * "CHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration, but changed its - // state at read_time. - // * "UNCHANGED": indicates that the finding was present and matched the given - // filter at the start of compare_duration and did not change - // state at read_time. - // * "ADDED": indicates that the finding did not match the given filter or - // was not present at the start of compare_duration, but was - // present at read_time. - // * "REMOVED": indicates that the finding was present and matched the - // filter at the start of compare_duration, but did not match - // the filter at read_time. - // - // If compare_duration is not specified, then the only possible state_change - // is "UNUSED", which will be the state_change set for all findings present at - // read_time. - google.protobuf.Duration compare_duration = 5; - - // A field mask to specify the Finding fields to be listed in the response. - // An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7; - - // The value returned by the last `ListFindingsResponse`; indicates - // that this is a continuation of a prior `ListFindings` call, and - // that the system should return the next page of data. - string page_token = 8; - - // The maximum number of results to return in a single response. Default is - // 10, minimum is 1, maximum is 1000. - int32 page_size = 9; -} - -// Response message for listing findings. -message ListFindingsResponse { - // Result containing the Finding and its StateChange. - message ListFindingsResult { - // Information related to the Google Cloud resource that is - // associated with this finding. - message Resource { - // The full resource name of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name - string name = 1; - - // The full resource name of project that the resource belongs to. - string project_name = 2; - - // The human readable name of project that the resource belongs to. - string project_display_name = 3; - - // The full resource name of resource's parent. - string parent_name = 4; - - // The human readable name of resource's parent. - string parent_display_name = 5; - } - - // The change in state of the finding. - // - // When querying across two points in time this describes - // the change in the finding between the two points: CHANGED, UNCHANGED, - // ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that - // the finding at timestamp does not match the filter specified, but it did - // at timestamp - compare_duration. If there was no compare_duration - // supplied in the request the state change will be: UNUSED - enum StateChange { - // State change is unused, this is the canonical default for this enum. - UNUSED = 0; - - // The finding has changed state in some way between the points in time - // and existed at both points. - CHANGED = 1; - - // The finding has not changed state between the points in time and - // existed at both points. - UNCHANGED = 2; - - // The finding was created between the points in time. - ADDED = 3; - - // The finding at timestamp does not match the filter specified, but it - // did at timestamp - compare_duration. - REMOVED = 4; - } - - // Finding matching the search request. - Finding finding = 1; - - // State change of the finding between the points in time. - StateChange state_change = 2; - - // Output only. Resource that is associated with this finding. - Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; - } - - // Findings matching the list request. - repeated ListFindingsResult list_findings_results = 1; - - // Time used for executing the list request. - google.protobuf.Timestamp read_time = 2; - - // Token to retrieve the next page of results, or empty if there are no more - // results. - string next_page_token = 3; - - // The total number of findings matching the query. - int32 total_size = 4; -} - -// Request message for updating a finding's state. -message SetFindingStateRequest { - // Required. The relative resource name of the finding. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "securitycenter.googleapis.com/Finding" - } - ]; - - // Required. The desired State of the finding. - Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The time at which the updated state takes effect. - google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request message for running asset discovery for an organization. -message RunAssetDiscoveryRequest { - // Required. Name of the organization to run asset discovery for. Its format is - // "organizations/[organization_id]". - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" - } - ]; -} - -// Request message for updating or creating a finding. -message UpdateFindingRequest { - // Required. The finding resource to update or create if it does not already exist. - // parent, security_marks, and update_time will be ignored. - // - // In the case of creation, the finding id portion of the name must be - // alphanumeric and less than or equal to 32 characters and greater than 0 - // characters in length. - Finding finding = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the finding resource. This field should - // not be specified when creating a finding. - // - // When updating a finding, an empty mask is treated as updating all mutable - // fields and replacing source_properties. Individual source_properties can - // be added/updated by using "source_properties." in the field - // mask. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a notification config. -message UpdateNotificationConfigRequest { - // Required. The notification config to update. - NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the notification config. - // - // If empty all mutable fields will be updated. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating an organization's settings. -message UpdateOrganizationSettingsRequest { - // Required. The organization settings resource to update. - OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the settings resource. - // - // If empty all mutable fields will be updated. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a source. -message UpdateSourceRequest { - // Required. The source resource to update. - Source source = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the source resource. - // - // If empty all mutable fields will be updated. - google.protobuf.FieldMask update_mask = 2; -} - -// Request message for updating a SecurityMarks resource. -message UpdateSecurityMarksRequest { - // Required. The security marks resource to update. - SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED]; - - // The FieldMask to use when updating the security marks resource. - // - // The field mask must not contain duplicate fields. - // If empty or set to "marks", all marks will be replaced. Individual - // marks can be updated using "marks.". - google.protobuf.FieldMask update_mask = 2; - - // The time at which the updated SecurityMarks take effect. - // If not set uses current server time. Updates will be applied to the - // SecurityMarks that are active immediately preceding this time. - google.protobuf.Timestamp start_time = 3; -} diff --git a/google/cloud/securitycenter_v1p1beta1/proto/source.proto b/google/cloud/securitycenter_v1p1beta1/proto/source.proto deleted file mode 100644 index 0e940df6..00000000 --- a/google/cloud/securitycenter_v1p1beta1/proto/source.proto +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.securitycenter.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/resource.proto"; - -option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; -option java_multiple_files = true; -option java_package = "com.google.cloud.securitycenter.v1p1beta1"; -option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; -option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// Security Command Center finding source. A finding source -// is an entity or a mechanism that can produce a finding. A source is like a -// container of findings that come from the same scanner, logger, monitor, etc. -message Source { - option (google.api.resource) = { - type: "securitycenter.googleapis.com/Source" - pattern: "organizations/{organization}/sources/{source}" - }; - - // The relative resource name of this source. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Example: - // "organizations/{organization_id}/sources/{source_id}" - string name = 1; - - // The source's display name. - // A source's display name must be unique amongst its siblings, for example, - // two sources with the same parent can't share the same display name. - // The display name must have a length between 1 and 64 characters - // (inclusive). - string display_name = 2; - - // The description of the source (max of 1024 characters). - // Example: - // "Web Security Scanner is a web security scanner for common - // vulnerabilities in App Engine applications. It can automatically - // scan and detect four common vulnerabilities, including cross-site-scripting - // (XSS), Flash injection, mixed content (HTTP in HTTPS), and - // outdated/insecure libraries." - string description = 3; -} From 77477a6b19a6b7b6e2294d7e347438e7b71e9a67 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sat, 22 May 2021 09:18:21 +0000 Subject: [PATCH 10/13] chore: new owl bot post processor docker image (#155) gcr.io/repo-automation-bots/owlbot-python:latest@sha256:3c3a445b3ddc99ccd5d31edc4b4519729635d20693900db32c4f587ed51f7479 --- .github/.OwlBot.lock.yaml | 2 +- noxfile.py | 6 ++++-- samples/snippets/noxfile.py | 8 +++++++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 864c1765..46e3f021 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:4c981a6b6f2b8914a448d7b3a01688365be03e3ed26dfee399a6aa77fb112eaa + digest: sha256:3c3a445b3ddc99ccd5d31edc4b4519729635d20693900db32c4f587ed51f7479 diff --git a/noxfile.py b/noxfile.py index 70417e8c..03aa2f58 100644 --- a/noxfile.py +++ b/noxfile.py @@ -179,7 +179,7 @@ def docs(session): """Build the docs for this library.""" session.install("-e", ".") - session.install("sphinx", "alabaster", "recommonmark") + session.install("sphinx==4.0.1", "alabaster", "recommonmark") shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) session.run( @@ -201,7 +201,9 @@ def docfx(session): """Build the docfx yaml files for this library.""" session.install("-e", ".") - session.install("sphinx", "alabaster", "recommonmark", "gcp-sphinx-docfx-yaml") + session.install( + "sphinx==4.0.1", "alabaster", "recommonmark", "gcp-sphinx-docfx-yaml" + ) shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) session.run( diff --git a/samples/snippets/noxfile.py b/samples/snippets/noxfile.py index 956cdf4f..5ff9e1db 100644 --- a/samples/snippets/noxfile.py +++ b/samples/snippets/noxfile.py @@ -50,7 +50,10 @@ # to use your own Cloud project. 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', - + # If you need to use a specific version of pip, + # change pip_version_override to the string representation + # of the version number, for example, "20.2.4" + "pip_version_override": None, # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. 'envs': {}, @@ -170,6 +173,9 @@ def blacken(session: nox.sessions.Session) -> None: def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") """Runs py.test for a particular project.""" if os.path.exists("requirements.txt"): if os.path.exists("constraints.txt"): From 9d8f234efc737206ccd5230b149cf2514714e219 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 27 May 2021 19:16:02 +0000 Subject: [PATCH 11/13] chore: new owl bot post processor docker image (#156) gcr.io/repo-automation-bots/owlbot-python:latest@sha256:0856ca711da1fd5ec9d6d7da6c50aa0bbf550fb94acb47b55159a640791987bf --- .github/.OwlBot.lock.yaml | 2 +- docs/multiprocessing.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 46e3f021..127c2cdf 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:3c3a445b3ddc99ccd5d31edc4b4519729635d20693900db32c4f587ed51f7479 + digest: sha256:0856ca711da1fd5ec9d6d7da6c50aa0bbf550fb94acb47b55159a640791987bf diff --git a/docs/multiprocessing.rst b/docs/multiprocessing.rst index 1cb29d4c..536d17b2 100644 --- a/docs/multiprocessing.rst +++ b/docs/multiprocessing.rst @@ -1,7 +1,7 @@ .. note:: - Because this client uses :mod:`grpcio` library, it is safe to + Because this client uses :mod:`grpc` library, it is safe to share instances across threads. In multiprocessing scenarios, the best practice is to create client instances *after* the invocation of - :func:`os.fork` by :class:`multiprocessing.Pool` or + :func:`os.fork` by :class:`multiprocessing.pool.Pool` or :class:`multiprocessing.Process`. From 607568735b607a54253465a42a08351b3d4e00d8 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 28 May 2021 10:34:02 +0000 Subject: [PATCH 12/13] chore: new owl bot post processor docker image (#157) Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:c66ba3c8d7bc8566f47df841f98cd0097b28fff0b1864c86f5817f4c8c3e8600 --- .github/.OwlBot.lock.yaml | 2 +- docs/conf.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 127c2cdf..4ef44149 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:0856ca711da1fd5ec9d6d7da6c50aa0bbf550fb94acb47b55159a640791987bf + digest: sha256:c66ba3c8d7bc8566f47df841f98cd0097b28fff0b1864c86f5817f4c8c3e8600 \ No newline at end of file diff --git a/docs/conf.py b/docs/conf.py index 63a2bbd0..e6de66a1 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -363,6 +363,7 @@ "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None,), "grpc": ("https://grpc.github.io/grpc/python/", None), "proto-plus": ("https://proto-plus-python.readthedocs.io/en/latest/", None), + "protobuf": ("https://googleapis.dev/python/protobuf/latest/", None), } From bef14473766870d6193e1f680741c28354a1e00c Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Tue, 1 Jun 2021 10:46:01 +0000 Subject: [PATCH 13/13] chore: release 1.3.0 (#154) :robot: I have created a release \*beep\* \*boop\* --- ## [1.3.0](https://www.github.com/googleapis/python-securitycenter/compare/v1.2.0...v1.3.0) (2021-05-28) ### Features * bump release level to production/stable ([#147](https://www.github.com/googleapis/python-securitycenter/issues/147)) ([b9c892a](https://www.github.com/googleapis/python-securitycenter/commit/b9c892a16c15e89ca67687ce3a6b64490fc61c6f)) ### Documentation * remove unused region tags ([#108](https://www.github.com/googleapis/python-securitycenter/issues/108)) ([a983668](https://www.github.com/googleapis/python-securitycenter/commit/a9836680db5ca69ee8e3983dbf5a03414397e850)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --- CHANGELOG.md | 12 ++++++++++++ setup.py | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4894d414..08f1a31b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,18 @@ [1]: https://pypi.org/project/google-cloud-securitycenter/#history +## [1.3.0](https://www.github.com/googleapis/python-securitycenter/compare/v1.2.0...v1.3.0) (2021-05-28) + + +### Features + +* bump release level to production/stable ([#147](https://www.github.com/googleapis/python-securitycenter/issues/147)) ([b9c892a](https://www.github.com/googleapis/python-securitycenter/commit/b9c892a16c15e89ca67687ce3a6b64490fc61c6f)) + + +### Documentation + +* remove unused region tags ([#108](https://www.github.com/googleapis/python-securitycenter/issues/108)) ([a983668](https://www.github.com/googleapis/python-securitycenter/commit/a9836680db5ca69ee8e3983dbf5a03414397e850)) + ## [1.2.0](https://www.github.com/googleapis/python-securitycenter/compare/v1.1.0...v1.2.0) (2021-05-19) diff --git a/setup.py b/setup.py index 9c42fcaa..e427615b 100644 --- a/setup.py +++ b/setup.py @@ -21,7 +21,7 @@ name = "google-cloud-securitycenter" description = "Cloud Security Command Center API client library" -version = "1.2.0" +version = "1.3.0" release_status = "Development Status :: 5 - Production/Stable" dependencies = [ "google-api-core[grpc] >= 1.22.2, < 2.0.0dev",