diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset.proto b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset.proto new file mode 100644 index 000000000000..3dd5b358141d --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset.proto @@ -0,0 +1,86 @@ +// Copyright 2018 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.securitycenter.v1beta1; + +import "google/api/annotations.proto"; +import "google/cloud/securitycenter/v1beta1/security_marks.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; +option java_multiple_files = true; +option java_package = "com.google.cloud.securitycenter.v1beta1"; + +// Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud +// Platform (GCP) resource. +// +// The Asset is a Cloud SCC resource that captures information about a single +// GCP resource. All modifications to an Asset are only within the context of +// Cloud SCC and don't affect the referenced GCP resource. +message Asset { + // Cloud SCC managed properties. These properties are managed by Cloud SCC and + // cannot be modified by the user. + message SecurityCenterProperties { + // The full resource name of the GCP resource this asset + // represents. This field is immutable after create time. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + string resource_name = 1; + + // The type of the GCP resource. Examples include: APPLICATION, + // PROJECT, and ORGANIZATION. This is a case insensitive field defined by + // Cloud SCC and/or the producer of the resource and is immutable + // after create time. + string resource_type = 2; + + // The full resource name of the immediate parent of the resource. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + string resource_parent = 3; + + // The full resource name of the project the resource belongs to. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + string resource_project = 4; + + // Owners of the Google Cloud resource. + repeated string resource_owners = 5; + } + + // The relative resource name of this asset. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Example: + // "organizations/123/assets/456". + string name = 1; + + // Cloud SCC managed properties. These properties are managed by + // Cloud SCC and cannot be modified by the user. + SecurityCenterProperties security_center_properties = 2; + + // Resource managed properties. These properties are managed and defined by + // the GCP resource and cannot be modified by the user. + map resource_properties = 7; + + // User specified security marks. These marks are entirely managed by the user + // and come from the SecurityMarks resource that belongs to the asset. + SecurityMarks security_marks = 8; + + // The time at which the asset was created in Cloud SCC. + google.protobuf.Timestamp create_time = 9; + + // The time at which the asset was last updated, added, or deleted in Cloud + // SCC. + google.protobuf.Timestamp update_time = 10; +} diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py index fc37a148ba90..731547f80d06 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py @@ -452,3 +452,4 @@ DESCRIPTOR._options = None _ASSET_RESOURCEPROPERTIESENTRY._options = None # @@protoc_insertion_point(module_scope) +# -*- coding: utf-8 -*- diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding.proto b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding.proto new file mode 100644 index 000000000000..21dfdd5616e2 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding.proto @@ -0,0 +1,99 @@ +// Copyright 2018 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.securitycenter.v1beta1; + +import "google/api/annotations.proto"; +import "google/cloud/securitycenter/v1beta1/security_marks.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; +option java_multiple_files = true; +option java_package = "com.google.cloud.securitycenter.v1beta1"; + +// Cloud Security Command Center (Cloud SCC) finding. +// +// A finding is a record of assessment data (security, risk, health or privacy) +// ingested into Cloud SCC for presentation, notification, analysis, +// policy testing, and enforcement. For example, an XSS vulnerability in an +// App Engine application is a finding. +message Finding { + // The state of the finding. + enum State { + // Unspecified state. + STATE_UNSPECIFIED = 0; + + // The finding requires attention and has not been addressed yet. + ACTIVE = 1; + + // The finding has been fixed, triaged as a non-issue or otherwise addressed + // and is no longer active. + INACTIVE = 2; + } + + // The relative resource name of this finding. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Example: + // "organizations/123/sources/456/findings/789" + string name = 1; + + // The relative resource name of the source the finding belongs to. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // This field is immutable after creation time. + // For example: + // "organizations/123/sources/456" + string parent = 2; + + // The full resource name of the Google Cloud Platform (GCP) resource this + // finding is for. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + // This field is immutable after creation time. + string resource_name = 3; + + // The state of the finding. + State state = 4; + + // The additional taxonomy group within findings from a given source. + // This field is immutable after creation time. + // Example: "XSS_FLASH_INJECTION" + string category = 5; + + // The URI that, if available, points to a web page outside of Cloud SCC + // where additional information about the finding can be found. This field is + // guaranteed to be either empty or a well formed URL. + string external_uri = 6; + + // Source specific properties. These properties are managed by the source + // that writes the finding. The key names in the source_properties map must be + // between 1 and 255 characters, and must start with a letter and contain + // alphanumeric characters or underscores only. + map source_properties = 7; + + // Output only. User specified security marks. These marks are entirely + // managed by the user and come from the SecurityMarks resource that belongs + // to the finding. + SecurityMarks security_marks = 8; + + // The time at which the event took place. For example, if the finding + // represents an open firewall it would capture the time the open firewall was + // detected. + google.protobuf.Timestamp event_time = 9; + + // The time at which the finding was created in Cloud SCC. + google.protobuf.Timestamp create_time = 10; +} diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py index a85a20232890..84b1fddb2252 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py @@ -425,3 +425,4 @@ DESCRIPTOR._options = None _FINDING_SOURCEPROPERTIESENTRY._options = None # @@protoc_insertion_point(module_scope) +# -*- coding: utf-8 -*- diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto new file mode 100644 index 000000000000..cc9f1c3ce3e4 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto @@ -0,0 +1,75 @@ +// Copyright 2018 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.securitycenter.v1beta1; + +import "google/api/annotations.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; +option java_multiple_files = true; +option java_package = "com.google.cloud.securitycenter.v1beta1"; + + +// User specified settings that are attached to the Cloud Security Command +// Center (Cloud SCC) organization. +message OrganizationSettings { + // The configuration used for Asset Discovery runs. + message AssetDiscoveryConfig { + // The mode of inclusion when running Asset Discovery. + // Asset discovery can be limited by explicitly identifying projects to be + // included or excluded. If INCLUDE_ONLY is set, then only those projects + // within the organization and their children are discovered during asset + // discovery. If EXCLUDE is set, then projects that don't match those + // projects are discovered during asset discovery. If neither are set, then + // all projects within the organization are discovered during asset + // discovery. + enum InclusionMode { + // Unspecified. Setting the mode with this value will disable + // inclusion/exclusion filtering for Asset Discovery. + INCLUSION_MODE_UNSPECIFIED = 0; + + // Asset Discovery will capture only the resources within the projects + // specified. All other resources will be ignored. + INCLUDE_ONLY = 1; + + // Asset Discovery will ignore all resources under the projects specified. + // All other resources will be retrieved. + EXCLUDE = 2; + } + + // The project ids to use for filtering asset discovery. + repeated string project_ids = 1; + + // The mode to use for filtering asset discovery. + InclusionMode inclusion_mode = 2; + } + + // The relative resource name of the settings. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Example: + // "organizations/123/organizationSettings". + string name = 1; + + // A flag that indicates if Asset Discovery should be enabled. If the flag is + // set to `true`, then discovery of assets will occur. If it is set to `false, + // all historical assets will remain, but discovery of future assets will not + // occur. + bool enable_asset_discovery = 2; + + // The configuration used for Asset Discovery runs. + AssetDiscoveryConfig asset_discovery_config = 3; +} diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py index e7c1588af71e..429a09afa73a 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py @@ -253,3 +253,4 @@ DESCRIPTOR._options = None # @@protoc_insertion_point(module_scope) +# -*- coding: utf-8 -*- diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks.proto b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks.proto new file mode 100644 index 000000000000..02eb9ed23f7a --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks.proto @@ -0,0 +1,46 @@ +// Copyright 2018 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.securitycenter.v1beta1; + +import "google/api/annotations.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; +option java_multiple_files = true; +option java_package = "com.google.cloud.securitycenter.v1beta1"; + + +// User specified security marks that are attached to the parent Cloud Security +// Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud +// SCC organization -- they can be modified and viewed by all users who have +// proper permissions on the organization. +message SecurityMarks { + // The relative resource name of the SecurityMarks. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Examples: + // "organizations/123/assets/456/securityMarks" + // "organizations/123/sources/456/findings/789/securityMarks". + string name = 1; + + // Mutable user specified security marks belonging to the parent resource. + // Constraints are as follows: + // - Keys and values are treated as case insensitive + // - Keys must be alphanumeric and between 1 - 256 characters (inclusive) + // - Values have leading and trailing whitespace trimmed, remaining + // characters must be between 1 - 4096 characters (inclusive) + map marks = 2; +} diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py index dcee636baff8..8f872f1b9bc7 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py @@ -194,3 +194,4 @@ DESCRIPTOR._options = None _SECURITYMARKS_MARKSENTRY._options = None # @@protoc_insertion_point(module_scope) +# -*- coding: utf-8 -*- diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto new file mode 100644 index 000000000000..dafce562dc7e --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto @@ -0,0 +1,755 @@ +// Copyright 2018 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.securitycenter.v1beta1; + +import "google/api/annotations.proto"; +import "google/cloud/securitycenter/v1beta1/asset.proto"; +import "google/cloud/securitycenter/v1beta1/finding.proto"; +import "google/cloud/securitycenter/v1beta1/organization_settings.proto"; +import "google/cloud/securitycenter/v1beta1/security_marks.proto"; +import "google/cloud/securitycenter/v1beta1/source.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/longrunning/operations.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; +option java_multiple_files = true; +option java_package = "com.google.cloud.securitycenter.v1beta1"; + +// V1 Beta APIs for Security Center service. +service SecurityCenter { + // Creates a source. + rpc CreateSource(CreateSourceRequest) returns (Source) { + option (google.api.http) = { + post: "/v1beta1/{parent=organizations/*}/sources" + body: "source" + }; + } + + // Creates a finding. The corresponding source must exist for finding creation + // to succeed. + rpc CreateFinding(CreateFindingRequest) returns (Finding) { + option (google.api.http) = { + post: "/v1beta1/{parent=organizations/*/sources/*}/findings" + body: "finding" + }; + } + + // Gets the access control policy on the specified Source. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) + returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy" + body: "*" + }; + } + + // Gets the settings for an organization. + rpc GetOrganizationSettings(GetOrganizationSettingsRequest) + returns (OrganizationSettings) { + option (google.api.http) = { + get: "/v1beta1/{name=organizations/*/organizationSettings}" + }; + } + + // Gets a source. + rpc GetSource(GetSourceRequest) returns (Source) { + option (google.api.http) = { + get: "/v1beta1/{name=organizations/*/sources/*}" + }; + } + + // Filters an organization's assets and groups them by their specified + // properties. + rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) { + option (google.api.http) = { + post: "/v1beta1/{parent=organizations/*}/assets:group" + body: "*" + }; + } + + // Filters an organization or source's findings and groups them by their + // specified properties. + // + // To group across all sources provide a `-` as the source id. + // Example: /v1beta1/organizations/123/sources/-/findings + rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) { + option (google.api.http) = { + post: "/v1beta1/{parent=organizations/*/sources/*}/findings:group" + body: "*" + }; + } + + // Lists an organization's assets. + rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=organizations/*}/assets" + }; + } + + // Lists an organization or source's findings. + // + // To list across all sources provide a `-` as the source id. + // Example: /v1beta1/organizations/123/sources/-/findings + rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=organizations/*/sources/*}/findings" + }; + } + + // Lists all sources belonging to an organization. + rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=organizations/*}/sources" + }; + } + + // Runs asset discovery. The discovery is tracked with a long-running + // operation. + // + // This API can only be called with limited frequency for an organization. If + // it is called too frequently the caller will receive a TOO_MANY_REQUESTS + // error. + rpc RunAssetDiscovery(RunAssetDiscoveryRequest) + returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1beta1/{parent=organizations/*}/assets:runDiscovery" + body: "*" + }; + } + + // Updates the state of a finding. + rpc SetFindingState(SetFindingStateRequest) returns (Finding) { + option (google.api.http) = { + post: "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState" + body: "*" + }; + } + + // Sets the access control policy on the specified Source. + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) + returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy" + body: "*" + }; + } + + // Returns the permissions that a caller has on the specified source. + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) + returns (google.iam.v1.TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions" + body: "*" + }; + } + + // Creates or updates a finding. The corresponding source must exist for a + // finding creation to succeed. + rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { + option (google.api.http) = { + patch: "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}" + body: "finding" + }; + } + + // Updates an organization's settings. + rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) + returns (OrganizationSettings) { + option (google.api.http) = { + patch: "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}" + body: "organization_settings" + }; + } + + // Updates a source. + rpc UpdateSource(UpdateSourceRequest) returns (Source) { + option (google.api.http) = { + patch: "/v1beta1/{source.name=organizations/*/sources/*}" + body: "source" + }; + } + + // Updates security marks. + rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) { + option (google.api.http) = { + patch: "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}" + body: "security_marks" + additional_bindings { + patch: "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}" + body: "security_marks" + } + }; + } +} + +// Request message for creating a finding. +message CreateFindingRequest { + // Resource name of the new finding's parent. Its format should be + // "organizations/[organization_id]/sources/[source_id]". + string parent = 1; + + // Unique identifier provided by the client within the parent scope. + // It must be alphanumeric and less than or equal to 32 characters and + // greater than 0 characters in length. + string finding_id = 2; + + // The Finding being created. The name and security_marks will be ignored as + // they are both output only fields on this resource. + Finding finding = 3; +} + +// Request message for creating a source. +message CreateSourceRequest { + // Resource name of the new source's parent. Its format should be + // "organizations/[organization_id]". + string parent = 1; + + // The Source being created, only the display_name and description will be + // used. All other fields will be ignored. + Source source = 2; +} + +// Request message for getting organization settings. +message GetOrganizationSettingsRequest { + // Name of the organization to get organization settings for. Its format is + // "organizations/[organization_id]/organizationSettings". + string name = 1; +} + +// Request message for getting a source. +message GetSourceRequest { + // Relative resource name of the source. Its format is + // "organizations/[organization_id]/source/[source_id]". + string name = 1; +} + +// Request message for grouping by assets. +message GroupAssetsRequest { + // Name of the organization to groupBy. Its format is + // "organizations/[organization_id]". + string parent = 1; + + // Expression that defines the filter to apply across assets. + // The expression is a list of zero or more restrictions combined via logical + // operators `AND` and `OR`. + // Parentheses are not supported, and `OR` has higher precedence than `AND`. + // + // Restrictions have the form ` ` and may have a `-` + // character in front of them to indicate negation. The fields map to those + // defined in the Asset resource. Examples include: + // + // * name + // * security_center_properties.resource_name + // * resource_properties.a_property + // * security_marks.marks.marka + // + // The supported operators are: + // + // * `=` for all value types. + // * `>`, `<`, `>=`, `<=` for integer values. + // * `:`, meaning substring matching, for strings. + // + // The supported value types are: + // + // * string literals in quotes. + // * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + // + // For example, `resource_properties.size = 100` is a valid filter string. + string filter = 2; + + // Expression that defines what assets fields to use for grouping. The string + // value should follow SQL syntax: comma separated list of fields. For + // example: + // "security_center_properties.resource_project,security_center_properties.project". + // + // The following fields are supported when compare_duration is not set: + // + // * security_center_properties.resource_project + // * security_center_properties.resource_type + // * security_center_properties.resource_parent + // + // The following fields are supported when compare_duration is set: + // + // * security_center_properties.resource_type + string group_by = 3; + + // When compare_duration is set, the Asset's "state" property is updated to + // indicate whether the asset was added, removed, or remained present during + // the compare_duration period of time that precedes the read_time. This is + // the time between (read_time - compare_duration) and read_time. + // + // The state value is derived based on the presence of the asset at the two + // points in time. Intermediate state changes between the two times don't + // affect the result. For example, the results aren't affected if the asset is + // removed and re-created again. + // + // Possible "state" values when compare_duration is specified: + // + // * "ADDED": indicates that the asset was not present before + // compare_duration, but present at reference_time. + // * "REMOVED": indicates that the asset was present at the start of + // compare_duration, but not present at reference_time. + // * "ACTIVE": indicates that the asset was present at both the + // start and the end of the time period defined by + // compare_duration and reference_time. + // + // This field is ignored if `state` is not a field in `group_by`. + google.protobuf.Duration compare_duration = 4; + + // Time used as a reference point when filtering assets. The filter is limited + // to assets existing at the supplied time and their values are those at that + // specific time. Absence of this field will default to the API's version of + // NOW. + google.protobuf.Timestamp read_time = 5; + + // The value returned by the last `GroupAssetsResponse`; indicates + // that this is a continuation of a prior `GroupAssets` call, and that the + // system should return the next page of data. + string page_token = 7; + + // The maximum number of results to return in a single response. Default is + // 10, minimum is 1, maximum is 1000. + int32 page_size = 8; +} + +// Response message for grouping by assets. +message GroupAssetsResponse { + // Group results. There exists an element for each existing unique + // combination of property/values. The element contains a count for the number + // of times those specific property/values appear. + repeated GroupResult group_by_results = 1; + + // Time used for executing the groupBy request. + google.protobuf.Timestamp read_time = 2; + + // Token to retrieve the next page of results, or empty if there are no more + // results. + string next_page_token = 3; +} + +// Request message for grouping by findings. +message GroupFindingsRequest { + // Name of the source to groupBy. Its format is + // "organizations/[organization_id]/sources/[source_id]". To groupBy across + // all sources provide a source_id of `-`. For example: + // organizations/123/sources/- + string parent = 1; + + // Expression that defines the filter to apply across findings. + // The expression is a list of one or more restrictions combined via logical + // operators `AND` and `OR`. + // Parentheses are not supported, and `OR` has higher precedence than `AND`. + // + // Restrictions have the form ` ` and may have a `-` + // character in front of them to indicate negation. Examples include: + // + // * name + // * source_properties.a_property + // * security_marks.marks.marka + // + // The supported operators are: + // + // * `=` for all value types. + // * `>`, `<`, `>=`, `<=` for integer values. + // * `:`, meaning substring matching, for strings. + // + // The supported value types are: + // + // * string literals in quotes. + // * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + // + // For example, `source_properties.size = 100` is a valid filter string. + string filter = 2; + + // Expression that defines what assets fields to use for grouping (including + // `state`). The string value should follow SQL syntax: comma separated list + // of fields. For example: + // "parent,resource_name". + // + // The following fields are supported: + // + // * resource_name + // * category + // * state + // * parent + string group_by = 3; + + // Time used as a reference point when filtering findings. The filter is + // limited to findings existing at the supplied time and their values are + // those at that specific time. Absence of this field will default to the + // API's version of NOW. + google.protobuf.Timestamp read_time = 4; + + // The value returned by the last `GroupFindingsResponse`; indicates + // that this is a continuation of a prior `GroupFindings` call, and + // that the system should return the next page of data. + string page_token = 5; + + // The maximum number of results to return in a single response. Default is + // 10, minimum is 1, maximum is 1000. + int32 page_size = 6; +} + +// Response message for group by findings. +message GroupFindingsResponse { + // Group results. There exists an element for each existing unique + // combination of property/values. The element contains a count for the number + // of times those specific property/values appear. + repeated GroupResult group_by_results = 1; + + // Time used for executing the groupBy request. + google.protobuf.Timestamp read_time = 2; + + // Token to retrieve the next page of results, or empty if there are no more + // results. + string next_page_token = 3; +} + +// Result containing the properties and count of a groupBy request. +message GroupResult { + // Properties matching the groupBy fields in the request. + map properties = 1; + + // Total count of resources for the given properties. + int64 count = 2; +} + +// Request message for listing sources. +message ListSourcesRequest { + // Resource name of the parent of sources to list. Its format should be + // "organizations/[organization_id]". + string parent = 1; + + // The value returned by the last `ListSourcesResponse`; indicates + // that this is a continuation of a prior `ListSources` call, and + // that the system should return the next page of data. + string page_token = 2; + + // The maximum number of results to return in a single response. Default is + // 10, minimum is 1, maximum is 1000. + int32 page_size = 7; +} + +// Response message for listing sources. +message ListSourcesResponse { + // Sources belonging to the requested parent. + repeated Source sources = 1; + + // Token to retrieve the next page of results, or empty if there are no more + // results. + string next_page_token = 2; +} + +// Request message for listing assets. +message ListAssetsRequest { + // Name of the organization assets should belong to. Its format is + // "organizations/[organization_id]". + string parent = 1; + + // Expression that defines the filter to apply across assets. + // The expression is a list of zero or more restrictions combined via logical + // operators `AND` and `OR`. + // Parentheses are not supported, and `OR` has higher precedence than `AND`. + // + // Restrictions have the form ` ` and may have a `-` + // character in front of them to indicate negation. The fields map to those + // defined in the Asset resource. Examples include: + // + // * name + // * security_center_properties.resource_name + // * resource_properties.a_property + // * security_marks.marks.marka + // + // The supported operators are: + // + // * `=` for all value types. + // * `>`, `<`, `>=`, `<=` for integer values. + // * `:`, meaning substring matching, for strings. + // + // The supported value types are: + // + // * string literals in quotes. + // * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + // + // For example, `resource_properties.size = 100` is a valid filter string. + string filter = 2; + + // Expression that defines what fields and order to use for sorting. The + // string value should follow SQL syntax: comma separated list of fields. For + // example: "name,resource_properties.a_property". The default sorting order + // is ascending. To specify descending order for a field, a suffix " desc" + // should be appended to the field name. For example: "name + // desc,resource_properties.a_property". Redundant space characters in the + // syntax are insignificant. "name desc,resource_properties.a_property" and " + // name desc , resource_properties.a_property " are equivalent. + string order_by = 3; + + // Time used as a reference point when filtering assets. The filter is limited + // to assets existing at the supplied time and their values are those at that + // specific time. Absence of this field will default to the API's version of + // NOW. + google.protobuf.Timestamp read_time = 4; + + // When compare_duration is set, the ListAssetResult's "state" attribute is + // updated to indicate whether the asset was added, removed, or remained + // present during the compare_duration period of time that precedes the + // read_time. This is the time between (read_time - + // compare_duration) and read_time. + // + // The state value is derived based on the presence of the asset at the two + // points in time. Intermediate state changes between the two times don't + // affect the result. For example, the results aren't affected if the asset is + // removed and re-created again. + // + // Possible "state" values when compare_duration is specified: + // + // * "ADDED": indicates that the asset was not present before + // compare_duration, but present at read_time. + // * "REMOVED": indicates that the asset was present at the start of + // compare_duration, but not present at read_time. + // * "ACTIVE": indicates that the asset was present at both the + // start and the end of the time period defined by + // compare_duration and read_time. + // + // If compare_duration is not specified, then the only possible state is + // "UNUSED", which indicates that the asset is present at read_time. + google.protobuf.Duration compare_duration = 5; + + // Optional. + // + // A field mask to specify the ListAssetsResult fields to be listed in the + // response. + // An empty field mask will list all fields. + google.protobuf.FieldMask field_mask = 7; + + // The value returned by the last `ListAssetsResponse`; indicates + // that this is a continuation of a prior `ListAssets` call, and + // that the system should return the next page of data. + string page_token = 8; + + // The maximum number of results to return in a single response. Default is + // 10, minimum is 1, maximum is 1000. + int32 page_size = 9; +} + +// Response message for listing assets. +message ListAssetsResponse { + // Result containing the Asset and its State. + message ListAssetsResult { + // State of the asset. + // + // When querying across two points in time this describes + // the change between the two points: ADDED, REMOVED, or ACTIVE. + // If there was no compare_duration supplied in the request the state should + // be: UNUSED + enum State { + // Unspecified state. + STATE_UNSPECIFIED = 0; + + // Request did not specify use of this field in the result. + UNUSED = 1; + + // Asset was added between the points in time. + ADDED = 2; + + // Asset was removed between the points in time. + REMOVED = 3; + + // Asset was active at both point(s) in time. + ACTIVE = 4; + } + + // Asset matching the search request. + Asset asset = 1; + + // State of the asset. + State state = 2; + } + + // Assets matching the list request. + repeated ListAssetsResult list_assets_results = 1; + + // Time used for executing the list request. + google.protobuf.Timestamp read_time = 2; + + // Token to retrieve the next page of results, or empty if there are no more + // results. + string next_page_token = 3; + + // The total number of assets matching the query. + int32 total_size = 4; +} + +// Request message for listing findings. +message ListFindingsRequest { + // Name of the source the findings belong to. Its format is + // "organizations/[organization_id]/sources/[source_id]". To list across all + // sources provide a source_id of `-`. For example: + // organizations/123/sources/- + string parent = 1; + + // Expression that defines the filter to apply across findings. + // The expression is a list of one or more restrictions combined via logical + // operators `AND` and `OR`. + // Parentheses are not supported, and `OR` has higher precedence than `AND`. + // + // Restrictions have the form ` ` and may have a `-` + // character in front of them to indicate negation. Examples include: + // + // * name + // * source_properties.a_property + // * security_marks.marks.marka + // + // The supported operators are: + // + // * `=` for all value types. + // * `>`, `<`, `>=`, `<=` for integer values. + // * `:`, meaning substring matching, for strings. + // + // The supported value types are: + // + // * string literals in quotes. + // * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + // + // For example, `source_properties.size = 100` is a valid filter string. + string filter = 2; + + // Expression that defines what fields and order to use for sorting. The + // string value should follow SQL syntax: comma separated list of fields. For + // example: "name,resource_properties.a_property". The default sorting order + // is ascending. To specify descending order for a field, a suffix " desc" + // should be appended to the field name. For example: "name + // desc,source_properties.a_property". Redundant space characters in the + // syntax are insignificant. "name desc,source_properties.a_property" and " + // name desc , source_properties.a_property " are equivalent. + string order_by = 3; + + // Time used as a reference point when filtering findings. The filter is + // limited to findings existing at the supplied time and their values are + // those at that specific time. Absence of this field will default to the + // API's version of NOW. + google.protobuf.Timestamp read_time = 4; + + // Optional. + // + // A field mask to specify the Finding fields to be listed in the response. + // An empty field mask will list all fields. + google.protobuf.FieldMask field_mask = 5; + + // The value returned by the last `ListFindingsResponse`; indicates + // that this is a continuation of a prior `ListFindings` call, and + // that the system should return the next page of data. + string page_token = 6; + + // The maximum number of results to return in a single response. Default is + // 10, minimum is 1, maximum is 1000. + int32 page_size = 7; +} + +// Response message for listing findings. +message ListFindingsResponse { + // Findings matching the list request. + repeated Finding findings = 1; + + // Time used for executing the list request. + google.protobuf.Timestamp read_time = 2; + + // Token to retrieve the next page of results, or empty if there are no more + // results. + string next_page_token = 3; + + // The total number of findings matching the query. + int32 total_size = 4; +} + +// Request message for updating a finding's state. +message SetFindingStateRequest { + // The relative resource name of the finding. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Example: + // "organizations/123/sources/456/finding/789". + string name = 1; + + // The desired State of the finding. + Finding.State state = 2; + + // The time at which the updated state takes effect. + google.protobuf.Timestamp start_time = 3; +} + +// Request message for running asset discovery for an organization. +message RunAssetDiscoveryRequest { + // Name of the organization to run asset discovery for. Its format is + // "organizations/[organization_id]". + string parent = 1; +} + +// Request message for updating or creating a finding. +message UpdateFindingRequest { + // The finding resource to update or create if it does not already exist. + // parent, security_marks, and update_time will be ignored. + // + // In the case of creation, the finding id portion of the name must + // alphanumeric and less than or equal to 32 characters and greater than 0 + // characters in length. + Finding finding = 1; + + // The FieldMask to use when updating the finding resource. This field should + // not be specified when creating a finding. + google.protobuf.FieldMask update_mask = 2; +} + +// Request message for updating an organization's settings. +message UpdateOrganizationSettingsRequest { + // The organization settings resource to update. + OrganizationSettings organization_settings = 1; + + // The FieldMask to use when updating the settings resource. + google.protobuf.FieldMask update_mask = 2; +} + +// Request message for updating a source. +message UpdateSourceRequest { + // The source resource to update. + Source source = 1; + + // The FieldMask to use when updating the source resource. + google.protobuf.FieldMask update_mask = 2; +} + +// Request message for updating a SecurityMarks resource. +message UpdateSecurityMarksRequest { + // The security marks resource to update. + SecurityMarks security_marks = 1; + + // The FieldMask to use when updating the security marks resource. + google.protobuf.FieldMask update_mask = 2; + + // The time at which the updated SecurityMarks take effect. + google.protobuf.Timestamp start_time = 3; +} diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py index 42d309b63cdb..a19b846dcddc 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py @@ -2972,3 +2972,4 @@ DESCRIPTOR.services_by_name["SecurityCenter"] = _SECURITYCENTER # @@protoc_insertion_point(module_scope) +# -*- coding: utf-8 -*- diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source.proto b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source.proto new file mode 100644 index 000000000000..cc1fae6eaa66 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source.proto @@ -0,0 +1,53 @@ +// Copyright 2018 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.securitycenter.v1beta1; + +import "google/api/annotations.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter"; +option java_multiple_files = true; +option java_package = "com.google.cloud.securitycenter.v1beta1"; + +// Cloud Security Command Center's (Cloud SCC) finding source. A finding source +// is an entity or a mechanism that can produce a finding. A source is like a +// container of findings that come from the same scanner, logger, monitor, etc. +message Source { + // The relative resource name of this source. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Example: + // "organizations/123/sources/456" + string name = 1; + + // The source's display name. + // A source's display name must be unique amongst its siblings, for example, + // two sources with the same parent can't share the same display name. + // The display name must start and end with a letter or digit, may contain + // letters, digits, spaces, hyphens, and underscores, and can be no longer + // than 32 characters. This is captured by the regular expression: + // [\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?. + string display_name = 2; + + // The description of the source (max of 1024 characters). + // Example: + // "Cloud Security Scanner is a web security scanner for common + // vulnerabilities in App Engine applications. It can automatically + // scan and detect four common vulnerabilities, including cross-site-scripting + // (XSS), Flash injection, mixed content (HTTP in HTTPS), and + // outdated/insecure libraries." + string description = 3; +} diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2.py index 0fa2b9c2771d..0f2aa9806de1 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2.py @@ -151,3 +151,4 @@ DESCRIPTOR._options = None # @@protoc_insertion_point(module_scope) +# -*- coding: utf-8 -*- diff --git a/packages/google-cloud-securitycenter/synth.metadata b/packages/google-cloud-securitycenter/synth.metadata index a24e49204a2c..8b1afbccccde 100644 --- a/packages/google-cloud-securitycenter/synth.metadata +++ b/packages/google-cloud-securitycenter/synth.metadata @@ -1,19 +1,19 @@ { - "updateTime": "2019-01-17T13:26:19.304173Z", + "updateTime": "2019-01-24T17:26:45.120902Z", "sources": [ { "generator": { "name": "artman", - "version": "0.16.6", - "dockerImage": "googleapis/artman@sha256:12722f2ca3fbc3b53cc6aa5f0e569d7d221b46bd876a2136497089dec5e3634e" + "version": "0.16.7", + "dockerImage": "googleapis/artman@sha256:d6c8ced606eb49973ca95d2af7c55a681acc042db0f87d135968349e7bf6dd80" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "0ac60e21a1aa86c07c1836865b35308ba8178b05", - "internalRef": "229626798" + "sha": "9aac88a22468b1e291937f55fa1ef237adfdc63e", + "internalRef": "230568136" } }, { diff --git a/packages/google-cloud-securitycenter/synth.py b/packages/google-cloud-securitycenter/synth.py index 4f1d60325ce4..1cc37cd3c887 100644 --- a/packages/google-cloud-securitycenter/synth.py +++ b/packages/google-cloud-securitycenter/synth.py @@ -22,7 +22,7 @@ # ---------------------------------------------------------------------------- # Generate securitycenter GAPIC layer # ---------------------------------------------------------------------------- -library = gapic.py_library("securitycenter", "v1beta1") +library = gapic.py_library("securitycenter", "v1beta1", include_protos=True,) s.move( library,