diff --git a/generated/google/apis/cloudshell_v1.rb b/generated/google/apis/cloudshell_v1.rb index e1d9a610a..686059fee 100644 --- a/generated/google/apis/cloudshell_v1.rb +++ b/generated/google/apis/cloudshell_v1.rb @@ -26,7 +26,7 @@ module Google # @see https://cloud.google.com/shell/docs/ module CloudshellV1 VERSION = 'V1' - REVISION = '20191102' + REVISION = '20200203' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/cloudshell_v1alpha1.rb b/generated/google/apis/cloudshell_v1alpha1.rb index 459b2de59..f0f18c4ab 100644 --- a/generated/google/apis/cloudshell_v1alpha1.rb +++ b/generated/google/apis/cloudshell_v1alpha1.rb @@ -26,7 +26,7 @@ module Google # @see https://cloud.google.com/shell/docs/ module CloudshellV1alpha1 VERSION = 'V1alpha1' - REVISION = '20191102' + REVISION = '20200203' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/cloudtrace_v1.rb b/generated/google/apis/cloudtrace_v1.rb index dd0873ba1..6e5ac78b6 100644 --- a/generated/google/apis/cloudtrace_v1.rb +++ b/generated/google/apis/cloudtrace_v1.rb @@ -29,7 +29,7 @@ module Google # @see https://cloud.google.com/trace module CloudtraceV1 VERSION = 'V1' - REVISION = '20190917' + REVISION = '20200128' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/cloudtrace_v1/service.rb b/generated/google/apis/cloudtrace_v1/service.rb index 4de376052..158824fdc 100644 --- a/generated/google/apis/cloudtrace_v1/service.rb +++ b/generated/google/apis/cloudtrace_v1/service.rb @@ -56,6 +56,8 @@ module Google # in the existing trace and its spans are overwritten by the provided values, # and any new fields provided are merged with the existing trace data. If the # ID does not match, a new trace is created. + # In this case, writing traces is not consider an active developer + # method since traces are machine generated. # @param [String] project_id # Required. ID of the Cloud project where the trace data is stored. # @param [Google::Apis::CloudtraceV1::Traces] traces_object @@ -89,6 +91,8 @@ module Google end # Gets a single trace by its ID. + # In this case, getting for traces is considered an active developer method, + # even though it is technically a read-only method. # @param [String] project_id # Required. ID of the Cloud project where the trace data is stored. # @param [String] trace_id @@ -122,6 +126,8 @@ module Google end # Returns of a list of traces that match the specified filter conditions. + # In this case, listing for traces is considered an active developer method, + # even though it is technically a read-only method. # @param [String] project_id # Required. ID of the Cloud project where the trace data is stored. # @param [String] end_time diff --git a/generated/google/apis/cloudtrace_v2.rb b/generated/google/apis/cloudtrace_v2.rb index 90e55322b..2ef165a81 100644 --- a/generated/google/apis/cloudtrace_v2.rb +++ b/generated/google/apis/cloudtrace_v2.rb @@ -29,7 +29,7 @@ module Google # @see https://cloud.google.com/trace module CloudtraceV2 VERSION = 'V2' - REVISION = '20191202' + REVISION = '20200128' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/cloudtrace_v2/service.rb b/generated/google/apis/cloudtrace_v2/service.rb index 990b2ef5b..ceea31cdd 100644 --- a/generated/google/apis/cloudtrace_v2/service.rb +++ b/generated/google/apis/cloudtrace_v2/service.rb @@ -53,6 +53,8 @@ module Google # Sends new spans to new or existing traces. You cannot update # existing spans. + # In this case, writing traces is not consider an active developer + # method since traces are machine generated. # @param [String] name # Required. The name of the project where the spans belong. The format is # `projects/[PROJECT_ID]`. @@ -87,6 +89,8 @@ module Google end # Creates a new span. + # In this case, writing traces is not consider an active developer + # method since traces are machine generated. # @param [String] name # The resource name of the span in the following format: # projects/[PROJECT_ID]/traces/[TRACE_ID]/spans/SPAN_ID is a unique diff --git a/generated/google/apis/securitycenter_v1.rb b/generated/google/apis/securitycenter_v1.rb index cea2da22b..8bb304315 100644 --- a/generated/google/apis/securitycenter_v1.rb +++ b/generated/google/apis/securitycenter_v1.rb @@ -26,7 +26,7 @@ module Google # @see https://console.cloud.google.com/apis/api/securitycenter.googleapis.com/overview module SecuritycenterV1 VERSION = 'V1' - REVISION = '20200117' + REVISION = '20200131' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/securitycenter_v1/classes.rb b/generated/google/apis/securitycenter_v1/classes.rb index 24ce28b98..35fa81f94 100644 --- a/generated/google/apis/securitycenter_v1/classes.rb +++ b/generated/google/apis/securitycenter_v1/classes.rb @@ -593,6 +593,399 @@ module Google end end + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + class GoogleCloudSecuritycenterV1p1beta1Asset + include Google::Apis::Core::Hashable + + # The time at which the asset was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + # Corresponds to the JSON property `iamPolicy` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1IamPolicy] + attr_accessor :iam_policy + + # The relative resource name of this asset. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/assets/`asset_id`". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Resource managed properties. These properties are managed and defined by + # the GCP resource and cannot be modified by the user. + # Corresponds to the JSON property `resourceProperties` + # @return [Hash] + attr_accessor :resource_properties + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + # Corresponds to the JSON property `securityCenterProperties` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties] + attr_accessor :security_center_properties + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # The time at which the asset was last updated, added, or deleted in Cloud + # SCC. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @iam_policy = args[:iam_policy] if args.key?(:iam_policy) + @name = args[:name] if args.key?(:name) + @resource_properties = args[:resource_properties] if args.key?(:resource_properties) + @security_center_properties = args[:security_center_properties] if args.key?(:security_center_properties) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + class GoogleCloudSecuritycenterV1p1beta1Finding + include Google::Apis::Core::Hashable + + # The additional taxonomy group within findings from a given source. + # This field is immutable after creation time. + # Example: "XSS_FLASH_INJECTION" + # Corresponds to the JSON property `category` + # @return [String] + attr_accessor :category + + # The time at which the finding was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # The time at which the event took place. For example, if the finding + # represents an open firewall it would capture the time the detector believes + # the firewall became open. The accuracy is determined by the detector. + # Corresponds to the JSON property `eventTime` + # @return [String] + attr_accessor :event_time + + # The URI that, if available, points to a web page outside of Cloud SCC + # where additional information about the finding can be found. This field is + # guaranteed to be either empty or a well formed URL. + # Corresponds to the JSON property `externalUri` + # @return [String] + attr_accessor :external_uri + + # The relative resource name of this finding. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The relative resource name of the source the finding belongs to. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # This field is immutable after creation time. + # For example: + # "organizations/`organization_id`/sources/`source_id`" + # Corresponds to the JSON property `parent` + # @return [String] + attr_accessor :parent + + # For findings on Google Cloud Platform (GCP) resources, the full resource + # name of the GCP resource this finding is for. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # When the finding is for a non-GCP resource, the resourceName can be a + # customer or partner defined string. + # This field is immutable after creation time. + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # Source specific properties. These properties are managed by the source + # that writes the finding. The key names in the source_properties map must be + # between 1 and 255 characters, and must start with a letter and contain + # alphanumeric characters or underscores only. + # Corresponds to the JSON property `sourceProperties` + # @return [Hash] + attr_accessor :source_properties + + # The state of the finding. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @category = args[:category] if args.key?(:category) + @create_time = args[:create_time] if args.key?(:create_time) + @event_time = args[:event_time] if args.key?(:event_time) + @external_uri = args[:external_uri] if args.key?(:external_uri) + @name = args[:name] if args.key?(:name) + @parent = args[:parent] if args.key?(:parent) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @source_properties = args[:source_properties] if args.key?(:source_properties) + @state = args[:state] if args.key?(:state) + end + end + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + include Google::Apis::Core::Hashable + + # The JSON representation of the Policy associated with the asset. + # See https://cloud.google.com/iam/reference/rest/v1p1beta1/Policy for + # format details. + # Corresponds to the JSON property `policyBlob` + # @return [String] + attr_accessor :policy_blob + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @policy_blob = args[:policy_blob] if args.key?(:policy_blob) + end + end + + # Cloud SCC's Notification + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + include Google::Apis::Core::Hashable + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + # Corresponds to the JSON property `finding` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1Finding] + attr_accessor :finding + + # Name of the notification config that generated current notification. + # Corresponds to the JSON property `notificationConfigName` + # @return [String] + attr_accessor :notification_config_name + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + # Corresponds to the JSON property `temporalAsset` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset] + attr_accessor :temporal_asset + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @finding = args[:finding] if args.key?(:finding) + @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name) + @temporal_asset = args[:temporal_asset] if args.key?(:temporal_asset) + end + end + + # Response of asset discovery run + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + include Google::Apis::Core::Hashable + + # The duration between asset discovery run start and end + # Corresponds to the JSON property `duration` + # @return [String] + attr_accessor :duration + + # The state of an asset discovery run. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @duration = args[:duration] if args.key?(:duration) + @state = args[:state] if args.key?(:state) + end + end + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + include Google::Apis::Core::Hashable + + # The user defined display name for this resource. + # Corresponds to the JSON property `resourceDisplayName` + # @return [String] + attr_accessor :resource_display_name + + # The full resource name of the GCP resource this asset + # represents. This field is immutable after create time. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # Owners of the Google Cloud resource. + # Corresponds to the JSON property `resourceOwners` + # @return [Array] + attr_accessor :resource_owners + + # The full resource name of the immediate parent of the resource. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceParent` + # @return [String] + attr_accessor :resource_parent + + # The user defined display name for the parent of this resource. + # Corresponds to the JSON property `resourceParentDisplayName` + # @return [String] + attr_accessor :resource_parent_display_name + + # The full resource name of the project the resource belongs to. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceProject` + # @return [String] + attr_accessor :resource_project + + # The user defined display name for the project of this resource. + # Corresponds to the JSON property `resourceProjectDisplayName` + # @return [String] + attr_accessor :resource_project_display_name + + # The type of the GCP resource. Examples include: APPLICATION, + # PROJECT, and ORGANIZATION. This is a case insensitive field defined by + # Cloud SCC and/or the producer of the resource and is immutable + # after create time. + # Corresponds to the JSON property `resourceType` + # @return [String] + attr_accessor :resource_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @resource_display_name = args[:resource_display_name] if args.key?(:resource_display_name) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @resource_owners = args[:resource_owners] if args.key?(:resource_owners) + @resource_parent = args[:resource_parent] if args.key?(:resource_parent) + @resource_parent_display_name = args[:resource_parent_display_name] if args.key?(:resource_parent_display_name) + @resource_project = args[:resource_project] if args.key?(:resource_project) + @resource_project_display_name = args[:resource_project_display_name] if args.key?(:resource_project_display_name) + @resource_type = args[:resource_type] if args.key?(:resource_type) + end + end + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + include Google::Apis::Core::Hashable + + # Mutable user specified security marks belonging to the parent resource. + # Constraints are as follows: + # * Keys and values are treated as case insensitive + # * Keys must be between 1 - 256 characters (inclusive) + # * Keys must be letters, numbers, underscores, or dashes + # * Values have leading and trailing whitespace trimmed, remaining + # characters must be between 1 - 4096 characters (inclusive) + # Corresponds to the JSON property `marks` + # @return [Hash] + attr_accessor :marks + + # The relative resource name of the SecurityMarks. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Examples: + # "organizations/`organization_id`/assets/`asset_id`/securityMarks" + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @marks = args[:marks] if args.key?(:marks) + @name = args[:name] if args.key?(:name) + end + end + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + include Google::Apis::Core::Hashable + + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + # Corresponds to the JSON property `asset` + # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1Asset] + attr_accessor :asset + + # Represents if the asset was created/updated/deleted. + # Corresponds to the JSON property `changeType` + # @return [String] + attr_accessor :change_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @asset = args[:asset] if args.key?(:asset) + @change_type = args[:change_type] if args.key?(:change_type) + end + end + # Request message for grouping by assets. class GroupAssetsRequest include Google::Apis::Core::Hashable diff --git a/generated/google/apis/securitycenter_v1/representations.rb b/generated/google/apis/securitycenter_v1/representations.rb index d9e17d25e..2bb32ea50 100644 --- a/generated/google/apis/securitycenter_v1/representations.rb +++ b/generated/google/apis/securitycenter_v1/representations.rb @@ -94,6 +94,54 @@ module Google include Google::Apis::Core::JsonObjectSupport end + class GoogleCloudSecuritycenterV1p1beta1Asset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class GroupAssetsRequest class Representation < Google::Apis::Core::JsonRepresentation; end @@ -359,6 +407,96 @@ module Google end end + class GoogleCloudSecuritycenterV1p1beta1Asset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :create_time, as: 'createTime' + property :iam_policy, as: 'iamPolicy', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1IamPolicy, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1IamPolicy::Representation + + property :name, as: 'name' + hash :resource_properties, as: 'resourceProperties' + property :security_center_properties, as: 'securityCenterProperties', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties::Representation + + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + property :update_time, as: 'updateTime' + end + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :category, as: 'category' + property :create_time, as: 'createTime' + property :event_time, as: 'eventTime' + property :external_uri, as: 'externalUri' + property :name, as: 'name' + property :parent, as: 'parent' + property :resource_name, as: 'resourceName' + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + hash :source_properties, as: 'sourceProperties' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :policy_blob, as: 'policyBlob' + end + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :finding, as: 'finding', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1Finding, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + + property :notification_config_name, as: 'notificationConfigName' + property :temporal_asset, as: 'temporalAsset', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset::Representation + + end + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :duration, as: 'duration' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :resource_display_name, as: 'resourceDisplayName' + property :resource_name, as: 'resourceName' + collection :resource_owners, as: 'resourceOwners' + property :resource_parent, as: 'resourceParent' + property :resource_parent_display_name, as: 'resourceParentDisplayName' + property :resource_project, as: 'resourceProject' + property :resource_project_display_name, as: 'resourceProjectDisplayName' + property :resource_type, as: 'resourceType' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + # @private + class Representation < Google::Apis::Core::JsonRepresentation + hash :marks, as: 'marks' + property :name, as: 'name' + end + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :asset, as: 'asset', class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1Asset, decorator: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1p1beta1Asset::Representation + + property :change_type, as: 'changeType' + end + end + class GroupAssetsRequest # @private class Representation < Google::Apis::Core::JsonRepresentation diff --git a/generated/google/apis/securitycenter_v1beta1.rb b/generated/google/apis/securitycenter_v1beta1.rb index 88a54d7ab..7e1dc511d 100644 --- a/generated/google/apis/securitycenter_v1beta1.rb +++ b/generated/google/apis/securitycenter_v1beta1.rb @@ -26,7 +26,7 @@ module Google # @see https://console.cloud.google.com/apis/api/securitycenter.googleapis.com/overview module SecuritycenterV1beta1 VERSION = 'V1beta1' - REVISION = '20200117' + REVISION = '20200131' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/securitycenter_v1beta1/classes.rb b/generated/google/apis/securitycenter_v1beta1/classes.rb index cc1ed009a..2e1161c7c 100644 --- a/generated/google/apis/securitycenter_v1beta1/classes.rb +++ b/generated/google/apis/securitycenter_v1beta1/classes.rb @@ -598,6 +598,399 @@ module Google end end + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + class GoogleCloudSecuritycenterV1p1beta1Asset + include Google::Apis::Core::Hashable + + # The time at which the asset was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + # Corresponds to the JSON property `iamPolicy` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1IamPolicy] + attr_accessor :iam_policy + + # The relative resource name of this asset. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/assets/`asset_id`". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Resource managed properties. These properties are managed and defined by + # the GCP resource and cannot be modified by the user. + # Corresponds to the JSON property `resourceProperties` + # @return [Hash] + attr_accessor :resource_properties + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + # Corresponds to the JSON property `securityCenterProperties` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties] + attr_accessor :security_center_properties + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # The time at which the asset was last updated, added, or deleted in Cloud + # SCC. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @iam_policy = args[:iam_policy] if args.key?(:iam_policy) + @name = args[:name] if args.key?(:name) + @resource_properties = args[:resource_properties] if args.key?(:resource_properties) + @security_center_properties = args[:security_center_properties] if args.key?(:security_center_properties) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + class GoogleCloudSecuritycenterV1p1beta1Finding + include Google::Apis::Core::Hashable + + # The additional taxonomy group within findings from a given source. + # This field is immutable after creation time. + # Example: "XSS_FLASH_INJECTION" + # Corresponds to the JSON property `category` + # @return [String] + attr_accessor :category + + # The time at which the finding was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # The time at which the event took place. For example, if the finding + # represents an open firewall it would capture the time the detector believes + # the firewall became open. The accuracy is determined by the detector. + # Corresponds to the JSON property `eventTime` + # @return [String] + attr_accessor :event_time + + # The URI that, if available, points to a web page outside of Cloud SCC + # where additional information about the finding can be found. This field is + # guaranteed to be either empty or a well formed URL. + # Corresponds to the JSON property `externalUri` + # @return [String] + attr_accessor :external_uri + + # The relative resource name of this finding. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The relative resource name of the source the finding belongs to. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # This field is immutable after creation time. + # For example: + # "organizations/`organization_id`/sources/`source_id`" + # Corresponds to the JSON property `parent` + # @return [String] + attr_accessor :parent + + # For findings on Google Cloud Platform (GCP) resources, the full resource + # name of the GCP resource this finding is for. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # When the finding is for a non-GCP resource, the resourceName can be a + # customer or partner defined string. + # This field is immutable after creation time. + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # Source specific properties. These properties are managed by the source + # that writes the finding. The key names in the source_properties map must be + # between 1 and 255 characters, and must start with a letter and contain + # alphanumeric characters or underscores only. + # Corresponds to the JSON property `sourceProperties` + # @return [Hash] + attr_accessor :source_properties + + # The state of the finding. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @category = args[:category] if args.key?(:category) + @create_time = args[:create_time] if args.key?(:create_time) + @event_time = args[:event_time] if args.key?(:event_time) + @external_uri = args[:external_uri] if args.key?(:external_uri) + @name = args[:name] if args.key?(:name) + @parent = args[:parent] if args.key?(:parent) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @source_properties = args[:source_properties] if args.key?(:source_properties) + @state = args[:state] if args.key?(:state) + end + end + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + include Google::Apis::Core::Hashable + + # The JSON representation of the Policy associated with the asset. + # See https://cloud.google.com/iam/reference/rest/v1p1beta1/Policy for + # format details. + # Corresponds to the JSON property `policyBlob` + # @return [String] + attr_accessor :policy_blob + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @policy_blob = args[:policy_blob] if args.key?(:policy_blob) + end + end + + # Cloud SCC's Notification + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + include Google::Apis::Core::Hashable + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + # Corresponds to the JSON property `finding` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] + attr_accessor :finding + + # Name of the notification config that generated current notification. + # Corresponds to the JSON property `notificationConfigName` + # @return [String] + attr_accessor :notification_config_name + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + # Corresponds to the JSON property `temporalAsset` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset] + attr_accessor :temporal_asset + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @finding = args[:finding] if args.key?(:finding) + @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name) + @temporal_asset = args[:temporal_asset] if args.key?(:temporal_asset) + end + end + + # Response of asset discovery run + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + include Google::Apis::Core::Hashable + + # The duration between asset discovery run start and end + # Corresponds to the JSON property `duration` + # @return [String] + attr_accessor :duration + + # The state of an asset discovery run. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @duration = args[:duration] if args.key?(:duration) + @state = args[:state] if args.key?(:state) + end + end + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + include Google::Apis::Core::Hashable + + # The user defined display name for this resource. + # Corresponds to the JSON property `resourceDisplayName` + # @return [String] + attr_accessor :resource_display_name + + # The full resource name of the GCP resource this asset + # represents. This field is immutable after create time. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # Owners of the Google Cloud resource. + # Corresponds to the JSON property `resourceOwners` + # @return [Array] + attr_accessor :resource_owners + + # The full resource name of the immediate parent of the resource. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceParent` + # @return [String] + attr_accessor :resource_parent + + # The user defined display name for the parent of this resource. + # Corresponds to the JSON property `resourceParentDisplayName` + # @return [String] + attr_accessor :resource_parent_display_name + + # The full resource name of the project the resource belongs to. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceProject` + # @return [String] + attr_accessor :resource_project + + # The user defined display name for the project of this resource. + # Corresponds to the JSON property `resourceProjectDisplayName` + # @return [String] + attr_accessor :resource_project_display_name + + # The type of the GCP resource. Examples include: APPLICATION, + # PROJECT, and ORGANIZATION. This is a case insensitive field defined by + # Cloud SCC and/or the producer of the resource and is immutable + # after create time. + # Corresponds to the JSON property `resourceType` + # @return [String] + attr_accessor :resource_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @resource_display_name = args[:resource_display_name] if args.key?(:resource_display_name) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @resource_owners = args[:resource_owners] if args.key?(:resource_owners) + @resource_parent = args[:resource_parent] if args.key?(:resource_parent) + @resource_parent_display_name = args[:resource_parent_display_name] if args.key?(:resource_parent_display_name) + @resource_project = args[:resource_project] if args.key?(:resource_project) + @resource_project_display_name = args[:resource_project_display_name] if args.key?(:resource_project_display_name) + @resource_type = args[:resource_type] if args.key?(:resource_type) + end + end + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + include Google::Apis::Core::Hashable + + # Mutable user specified security marks belonging to the parent resource. + # Constraints are as follows: + # * Keys and values are treated as case insensitive + # * Keys must be between 1 - 256 characters (inclusive) + # * Keys must be letters, numbers, underscores, or dashes + # * Values have leading and trailing whitespace trimmed, remaining + # characters must be between 1 - 4096 characters (inclusive) + # Corresponds to the JSON property `marks` + # @return [Hash] + attr_accessor :marks + + # The relative resource name of the SecurityMarks. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Examples: + # "organizations/`organization_id`/assets/`asset_id`/securityMarks" + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @marks = args[:marks] if args.key?(:marks) + @name = args[:name] if args.key?(:name) + end + end + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + include Google::Apis::Core::Hashable + + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + # Corresponds to the JSON property `asset` + # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1Asset] + attr_accessor :asset + + # Represents if the asset was created/updated/deleted. + # Corresponds to the JSON property `changeType` + # @return [String] + attr_accessor :change_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @asset = args[:asset] if args.key?(:asset) + @change_type = args[:change_type] if args.key?(:change_type) + end + end + # Request message for grouping by assets. class GroupAssetsRequest include Google::Apis::Core::Hashable diff --git a/generated/google/apis/securitycenter_v1beta1/representations.rb b/generated/google/apis/securitycenter_v1beta1/representations.rb index 3175655b2..48017bcc1 100644 --- a/generated/google/apis/securitycenter_v1beta1/representations.rb +++ b/generated/google/apis/securitycenter_v1beta1/representations.rb @@ -100,6 +100,54 @@ module Google include Google::Apis::Core::JsonObjectSupport end + class GoogleCloudSecuritycenterV1p1beta1Asset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class GroupAssetsRequest class Representation < Google::Apis::Core::JsonRepresentation; end @@ -351,6 +399,96 @@ module Google end end + class GoogleCloudSecuritycenterV1p1beta1Asset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :create_time, as: 'createTime' + property :iam_policy, as: 'iamPolicy', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1IamPolicy, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1IamPolicy::Representation + + property :name, as: 'name' + hash :resource_properties, as: 'resourceProperties' + property :security_center_properties, as: 'securityCenterProperties', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties::Representation + + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + property :update_time, as: 'updateTime' + end + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :category, as: 'category' + property :create_time, as: 'createTime' + property :event_time, as: 'eventTime' + property :external_uri, as: 'externalUri' + property :name, as: 'name' + property :parent, as: 'parent' + property :resource_name, as: 'resourceName' + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + hash :source_properties, as: 'sourceProperties' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :policy_blob, as: 'policyBlob' + end + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :finding, as: 'finding', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1Finding, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + + property :notification_config_name, as: 'notificationConfigName' + property :temporal_asset, as: 'temporalAsset', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset::Representation + + end + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :duration, as: 'duration' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :resource_display_name, as: 'resourceDisplayName' + property :resource_name, as: 'resourceName' + collection :resource_owners, as: 'resourceOwners' + property :resource_parent, as: 'resourceParent' + property :resource_parent_display_name, as: 'resourceParentDisplayName' + property :resource_project, as: 'resourceProject' + property :resource_project_display_name, as: 'resourceProjectDisplayName' + property :resource_type, as: 'resourceType' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + # @private + class Representation < Google::Apis::Core::JsonRepresentation + hash :marks, as: 'marks' + property :name, as: 'name' + end + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :asset, as: 'asset', class: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1Asset, decorator: Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV1p1beta1Asset::Representation + + property :change_type, as: 'changeType' + end + end + class GroupAssetsRequest # @private class Representation < Google::Apis::Core::JsonRepresentation diff --git a/generated/google/apis/securitycenter_v1p1alpha1.rb b/generated/google/apis/securitycenter_v1p1alpha1.rb index 146705b20..9ea56f6a7 100644 --- a/generated/google/apis/securitycenter_v1p1alpha1.rb +++ b/generated/google/apis/securitycenter_v1p1alpha1.rb @@ -26,7 +26,7 @@ module Google # @see https://console.cloud.google.com/apis/api/securitycenter.googleapis.com/overview module SecuritycenterV1p1alpha1 VERSION = 'V1p1alpha1' - REVISION = '20190603' + REVISION = '20200131' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/securitycenter_v1p1alpha1/classes.rb b/generated/google/apis/securitycenter_v1p1alpha1/classes.rb index aa2ff9569..2e2c68b2e 100644 --- a/generated/google/apis/securitycenter_v1p1alpha1/classes.rb +++ b/generated/google/apis/securitycenter_v1p1alpha1/classes.rb @@ -91,6 +91,399 @@ module Google end end + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + class GoogleCloudSecuritycenterV1p1beta1Asset + include Google::Apis::Core::Hashable + + # The time at which the asset was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + # Corresponds to the JSON property `iamPolicy` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1IamPolicy] + attr_accessor :iam_policy + + # The relative resource name of this asset. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/assets/`asset_id`". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Resource managed properties. These properties are managed and defined by + # the GCP resource and cannot be modified by the user. + # Corresponds to the JSON property `resourceProperties` + # @return [Hash] + attr_accessor :resource_properties + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + # Corresponds to the JSON property `securityCenterProperties` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties] + attr_accessor :security_center_properties + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # The time at which the asset was last updated, added, or deleted in Cloud + # SCC. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @iam_policy = args[:iam_policy] if args.key?(:iam_policy) + @name = args[:name] if args.key?(:name) + @resource_properties = args[:resource_properties] if args.key?(:resource_properties) + @security_center_properties = args[:security_center_properties] if args.key?(:security_center_properties) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + class GoogleCloudSecuritycenterV1p1beta1Finding + include Google::Apis::Core::Hashable + + # The additional taxonomy group within findings from a given source. + # This field is immutable after creation time. + # Example: "XSS_FLASH_INJECTION" + # Corresponds to the JSON property `category` + # @return [String] + attr_accessor :category + + # The time at which the finding was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # The time at which the event took place. For example, if the finding + # represents an open firewall it would capture the time the detector believes + # the firewall became open. The accuracy is determined by the detector. + # Corresponds to the JSON property `eventTime` + # @return [String] + attr_accessor :event_time + + # The URI that, if available, points to a web page outside of Cloud SCC + # where additional information about the finding can be found. This field is + # guaranteed to be either empty or a well formed URL. + # Corresponds to the JSON property `externalUri` + # @return [String] + attr_accessor :external_uri + + # The relative resource name of this finding. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The relative resource name of the source the finding belongs to. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # This field is immutable after creation time. + # For example: + # "organizations/`organization_id`/sources/`source_id`" + # Corresponds to the JSON property `parent` + # @return [String] + attr_accessor :parent + + # For findings on Google Cloud Platform (GCP) resources, the full resource + # name of the GCP resource this finding is for. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # When the finding is for a non-GCP resource, the resourceName can be a + # customer or partner defined string. + # This field is immutable after creation time. + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # Source specific properties. These properties are managed by the source + # that writes the finding. The key names in the source_properties map must be + # between 1 and 255 characters, and must start with a letter and contain + # alphanumeric characters or underscores only. + # Corresponds to the JSON property `sourceProperties` + # @return [Hash] + attr_accessor :source_properties + + # The state of the finding. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @category = args[:category] if args.key?(:category) + @create_time = args[:create_time] if args.key?(:create_time) + @event_time = args[:event_time] if args.key?(:event_time) + @external_uri = args[:external_uri] if args.key?(:external_uri) + @name = args[:name] if args.key?(:name) + @parent = args[:parent] if args.key?(:parent) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @source_properties = args[:source_properties] if args.key?(:source_properties) + @state = args[:state] if args.key?(:state) + end + end + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + include Google::Apis::Core::Hashable + + # The JSON representation of the Policy associated with the asset. + # See https://cloud.google.com/iam/reference/rest/v1p1beta1/Policy for + # format details. + # Corresponds to the JSON property `policyBlob` + # @return [String] + attr_accessor :policy_blob + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @policy_blob = args[:policy_blob] if args.key?(:policy_blob) + end + end + + # Cloud SCC's Notification + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + include Google::Apis::Core::Hashable + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + # Corresponds to the JSON property `finding` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1Finding] + attr_accessor :finding + + # Name of the notification config that generated current notification. + # Corresponds to the JSON property `notificationConfigName` + # @return [String] + attr_accessor :notification_config_name + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + # Corresponds to the JSON property `temporalAsset` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset] + attr_accessor :temporal_asset + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @finding = args[:finding] if args.key?(:finding) + @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name) + @temporal_asset = args[:temporal_asset] if args.key?(:temporal_asset) + end + end + + # Response of asset discovery run + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + include Google::Apis::Core::Hashable + + # The duration between asset discovery run start and end + # Corresponds to the JSON property `duration` + # @return [String] + attr_accessor :duration + + # The state of an asset discovery run. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @duration = args[:duration] if args.key?(:duration) + @state = args[:state] if args.key?(:state) + end + end + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + include Google::Apis::Core::Hashable + + # The user defined display name for this resource. + # Corresponds to the JSON property `resourceDisplayName` + # @return [String] + attr_accessor :resource_display_name + + # The full resource name of the GCP resource this asset + # represents. This field is immutable after create time. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # Owners of the Google Cloud resource. + # Corresponds to the JSON property `resourceOwners` + # @return [Array] + attr_accessor :resource_owners + + # The full resource name of the immediate parent of the resource. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceParent` + # @return [String] + attr_accessor :resource_parent + + # The user defined display name for the parent of this resource. + # Corresponds to the JSON property `resourceParentDisplayName` + # @return [String] + attr_accessor :resource_parent_display_name + + # The full resource name of the project the resource belongs to. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceProject` + # @return [String] + attr_accessor :resource_project + + # The user defined display name for the project of this resource. + # Corresponds to the JSON property `resourceProjectDisplayName` + # @return [String] + attr_accessor :resource_project_display_name + + # The type of the GCP resource. Examples include: APPLICATION, + # PROJECT, and ORGANIZATION. This is a case insensitive field defined by + # Cloud SCC and/or the producer of the resource and is immutable + # after create time. + # Corresponds to the JSON property `resourceType` + # @return [String] + attr_accessor :resource_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @resource_display_name = args[:resource_display_name] if args.key?(:resource_display_name) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @resource_owners = args[:resource_owners] if args.key?(:resource_owners) + @resource_parent = args[:resource_parent] if args.key?(:resource_parent) + @resource_parent_display_name = args[:resource_parent_display_name] if args.key?(:resource_parent_display_name) + @resource_project = args[:resource_project] if args.key?(:resource_project) + @resource_project_display_name = args[:resource_project_display_name] if args.key?(:resource_project_display_name) + @resource_type = args[:resource_type] if args.key?(:resource_type) + end + end + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + include Google::Apis::Core::Hashable + + # Mutable user specified security marks belonging to the parent resource. + # Constraints are as follows: + # * Keys and values are treated as case insensitive + # * Keys must be between 1 - 256 characters (inclusive) + # * Keys must be letters, numbers, underscores, or dashes + # * Values have leading and trailing whitespace trimmed, remaining + # characters must be between 1 - 4096 characters (inclusive) + # Corresponds to the JSON property `marks` + # @return [Hash] + attr_accessor :marks + + # The relative resource name of the SecurityMarks. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Examples: + # "organizations/`organization_id`/assets/`asset_id`/securityMarks" + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @marks = args[:marks] if args.key?(:marks) + @name = args[:name] if args.key?(:name) + end + end + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + include Google::Apis::Core::Hashable + + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + # Corresponds to the JSON property `asset` + # @return [Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1Asset] + attr_accessor :asset + + # Represents if the asset was created/updated/deleted. + # Corresponds to the JSON property `changeType` + # @return [String] + attr_accessor :change_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @asset = args[:asset] if args.key?(:asset) + @change_type = args[:change_type] if args.key?(:change_type) + end + end + # The response message for Operations.ListOperations. class ListOperationsResponse include Google::Apis::Core::Hashable diff --git a/generated/google/apis/securitycenter_v1p1alpha1/representations.rb b/generated/google/apis/securitycenter_v1p1alpha1/representations.rb index 61db6d911..dfb8ff0d1 100644 --- a/generated/google/apis/securitycenter_v1p1alpha1/representations.rb +++ b/generated/google/apis/securitycenter_v1p1alpha1/representations.rb @@ -40,6 +40,54 @@ module Google include Google::Apis::Core::JsonObjectSupport end + class GoogleCloudSecuritycenterV1p1beta1Asset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class ListOperationsResponse class Representation < Google::Apis::Core::JsonRepresentation; end @@ -80,6 +128,96 @@ module Google end end + class GoogleCloudSecuritycenterV1p1beta1Asset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :create_time, as: 'createTime' + property :iam_policy, as: 'iamPolicy', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1IamPolicy, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1IamPolicy::Representation + + property :name, as: 'name' + hash :resource_properties, as: 'resourceProperties' + property :security_center_properties, as: 'securityCenterProperties', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties::Representation + + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + property :update_time, as: 'updateTime' + end + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :category, as: 'category' + property :create_time, as: 'createTime' + property :event_time, as: 'eventTime' + property :external_uri, as: 'externalUri' + property :name, as: 'name' + property :parent, as: 'parent' + property :resource_name, as: 'resourceName' + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + hash :source_properties, as: 'sourceProperties' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :policy_blob, as: 'policyBlob' + end + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :finding, as: 'finding', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1Finding, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + + property :notification_config_name, as: 'notificationConfigName' + property :temporal_asset, as: 'temporalAsset', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset::Representation + + end + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :duration, as: 'duration' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :resource_display_name, as: 'resourceDisplayName' + property :resource_name, as: 'resourceName' + collection :resource_owners, as: 'resourceOwners' + property :resource_parent, as: 'resourceParent' + property :resource_parent_display_name, as: 'resourceParentDisplayName' + property :resource_project, as: 'resourceProject' + property :resource_project_display_name, as: 'resourceProjectDisplayName' + property :resource_type, as: 'resourceType' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + # @private + class Representation < Google::Apis::Core::JsonRepresentation + hash :marks, as: 'marks' + property :name, as: 'name' + end + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :asset, as: 'asset', class: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1Asset, decorator: Google::Apis::SecuritycenterV1p1alpha1::GoogleCloudSecuritycenterV1p1beta1Asset::Representation + + property :change_type, as: 'changeType' + end + end + class ListOperationsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation diff --git a/generated/google/apis/securitycenter_v1p1beta1.rb b/generated/google/apis/securitycenter_v1p1beta1.rb index 547fff499..6f01d2845 100644 --- a/generated/google/apis/securitycenter_v1p1beta1.rb +++ b/generated/google/apis/securitycenter_v1p1beta1.rb @@ -26,7 +26,7 @@ module Google # @see https://console.cloud.google.com/apis/api/securitycenter.googleapis.com/overview module SecuritycenterV1p1beta1 VERSION = 'V1p1beta1' - REVISION = '20200102' + REVISION = '20200131' # View and manage your data across Google Cloud Platform services AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' diff --git a/generated/google/apis/securitycenter_v1p1beta1/classes.rb b/generated/google/apis/securitycenter_v1p1beta1/classes.rb index 9d5dafd99..4c9e51764 100644 --- a/generated/google/apis/securitycenter_v1p1beta1/classes.rb +++ b/generated/google/apis/securitycenter_v1p1beta1/classes.rb @@ -22,6 +22,230 @@ module Google module Apis module SecuritycenterV1p1beta1 + # The configuration used for Asset Discovery runs. + class AssetDiscoveryConfig + include Google::Apis::Core::Hashable + + # The mode to use for filtering asset discovery. + # Corresponds to the JSON property `inclusionMode` + # @return [String] + attr_accessor :inclusion_mode + + # The project ids to use for filtering asset discovery. + # Corresponds to the JSON property `projectIds` + # @return [Array] + attr_accessor :project_ids + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @inclusion_mode = args[:inclusion_mode] if args.key?(:inclusion_mode) + @project_ids = args[:project_ids] if args.key?(:project_ids) + end + end + + # Specifies the audit configuration for a service. + # The configuration determines which permission types are logged, and what + # identities, if any, are exempted from logging. + # An AuditConfig must have one or more AuditLogConfigs. + # If there are AuditConfigs for both `allServices` and a specific service, + # the union of the two AuditConfigs is used for that service: the log_types + # specified in each AuditConfig are enabled, and the exempted_members in each + # AuditLogConfig are exempted. + # Example Policy with multiple AuditConfigs: + # ` + # "audit_configs": [ + # ` + # "service": "allServices" + # "audit_log_configs": [ + # ` + # "log_type": "DATA_READ", + # "exempted_members": [ + # "user:jose@example.com" + # ] + # `, + # ` + # "log_type": "DATA_WRITE", + # `, + # ` + # "log_type": "ADMIN_READ", + # ` + # ] + # `, + # ` + # "service": "sampleservice.googleapis.com" + # "audit_log_configs": [ + # ` + # "log_type": "DATA_READ", + # `, + # ` + # "log_type": "DATA_WRITE", + # "exempted_members": [ + # "user:aliya@example.com" + # ] + # ` + # ] + # ` + # ] + # ` + # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ + # logging. It also exempts jose@example.com from DATA_READ logging, and + # aliya@example.com from DATA_WRITE logging. + class AuditConfig + include Google::Apis::Core::Hashable + + # The configuration for logging of each type of permission. + # Corresponds to the JSON property `auditLogConfigs` + # @return [Array] + attr_accessor :audit_log_configs + + # Specifies a service that will be enabled for audit logging. + # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. + # `allServices` is a special value that covers all services. + # Corresponds to the JSON property `service` + # @return [String] + attr_accessor :service + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs) + @service = args[:service] if args.key?(:service) + end + end + + # Provides the configuration for logging a type of permissions. + # Example: + # ` + # "audit_log_configs": [ + # ` + # "log_type": "DATA_READ", + # "exempted_members": [ + # "user:jose@example.com" + # ] + # `, + # ` + # "log_type": "DATA_WRITE", + # ` + # ] + # ` + # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting + # jose@example.com from DATA_READ logging. + class AuditLogConfig + include Google::Apis::Core::Hashable + + # Specifies the identities that do not cause logging for this type of + # permission. + # Follows the same format of Binding.members. + # Corresponds to the JSON property `exemptedMembers` + # @return [Array] + attr_accessor :exempted_members + + # The log type that this config enables. + # Corresponds to the JSON property `logType` + # @return [String] + attr_accessor :log_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @exempted_members = args[:exempted_members] if args.key?(:exempted_members) + @log_type = args[:log_type] if args.key?(:log_type) + end + end + + # Associates `members` with a `role`. + class Binding + include Google::Apis::Core::Hashable + + # Represents a textual expression in the Common Expression Language (CEL) + # syntax. CEL is a C-like expression language. The syntax and semantics of CEL + # are documented at https://github.com/google/cel-spec. + # Example (Comparison): + # title: "Summary size limit" + # description: "Determines if a summary is less than 100 chars" + # expression: "document.summary.size() < 100" + # Example (Equality): + # title: "Requestor is owner" + # description: "Determines if requestor is the document owner" + # expression: "document.owner == request.auth.claims.email" + # Example (Logic): + # title: "Public documents" + # description: "Determine whether the document should be publicly visible" + # expression: "document.type != 'private' && document.type != 'internal'" + # Example (Data Manipulation): + # title: "Notification string" + # description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" + # The exact variables and functions that may be referenced within an expression + # are determined by the service that evaluates it. See the service + # documentation for additional information. + # Corresponds to the JSON property `condition` + # @return [Google::Apis::SecuritycenterV1p1beta1::Expr] + attr_accessor :condition + + # Specifies the identities requesting access for a Cloud Platform resource. + # `members` can have the following values: + # * `allUsers`: A special identifier that represents anyone who is + # on the internet; with or without a Google account. + # * `allAuthenticatedUsers`: A special identifier that represents anyone + # who is authenticated with a Google account or a service account. + # * `user:`emailid``: An email address that represents a specific Google + # account. For example, `alice@example.com` . + # * `serviceAccount:`emailid``: An email address that represents a service + # account. For example, `my-other-app@appspot.gserviceaccount.com`. + # * `group:`emailid``: An email address that represents a Google group. + # For example, `admins@example.com`. + # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique + # identifier) representing a user that has been recently deleted. For + # example, `alice@example.com?uid=123456789012345678901`. If the user is + # recovered, this value reverts to `user:`emailid`` and the recovered user + # retains the role in the binding. + # * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus + # unique identifier) representing a service account that has been recently + # deleted. For example, + # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. + # If the service account is undeleted, this value reverts to + # `serviceAccount:`emailid`` and the undeleted service account retains the + # role in the binding. + # * `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique + # identifier) representing a Google group that has been recently + # deleted. For example, `admins@example.com?uid=123456789012345678901`. If + # the group is recovered, this value reverts to `group:`emailid`` and the + # recovered group retains the role in the binding. + # * `domain:`domain``: The G Suite domain (primary) that represents all the + # users of that domain. For example, `google.com` or `example.com`. + # Corresponds to the JSON property `members` + # @return [Array] + attr_accessor :members + + # Role that is assigned to `members`. + # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + # Corresponds to the JSON property `role` + # @return [String] + attr_accessor :role + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @condition = args[:condition] if args.key?(:condition) + @members = args[:members] if args.key?(:members) + @role = args[:role] if args.key?(:role) + end + end + # A generic empty message that you can re-use to avoid defining duplicated # empty messages in your APIs. A typical example is to use it as the request # or the response type of an API method. For instance: @@ -41,6 +265,112 @@ module Google end end + # Represents a textual expression in the Common Expression Language (CEL) + # syntax. CEL is a C-like expression language. The syntax and semantics of CEL + # are documented at https://github.com/google/cel-spec. + # Example (Comparison): + # title: "Summary size limit" + # description: "Determines if a summary is less than 100 chars" + # expression: "document.summary.size() < 100" + # Example (Equality): + # title: "Requestor is owner" + # description: "Determines if requestor is the document owner" + # expression: "document.owner == request.auth.claims.email" + # Example (Logic): + # title: "Public documents" + # description: "Determine whether the document should be publicly visible" + # expression: "document.type != 'private' && document.type != 'internal'" + # Example (Data Manipulation): + # title: "Notification string" + # description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" + # The exact variables and functions that may be referenced within an expression + # are determined by the service that evaluates it. See the service + # documentation for additional information. + class Expr + include Google::Apis::Core::Hashable + + # Optional. Description of the expression. This is a longer text which + # describes the expression, e.g. when hovered over it in a UI. + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # Textual representation of an expression in Common Expression Language + # syntax. + # Corresponds to the JSON property `expression` + # @return [String] + attr_accessor :expression + + # Optional. String indicating the location of the expression for error + # reporting, e.g. a file name and a position in the file. + # Corresponds to the JSON property `location` + # @return [String] + attr_accessor :location + + # Optional. Title for the expression, i.e. a short string describing + # its purpose. This can be used e.g. in UIs which allow to enter the + # expression. + # Corresponds to the JSON property `title` + # @return [String] + attr_accessor :title + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @description = args[:description] if args.key?(:description) + @expression = args[:expression] if args.key?(:expression) + @location = args[:location] if args.key?(:location) + @title = args[:title] if args.key?(:title) + end + end + + # Request message for `GetIamPolicy` method. + class GetIamPolicyRequest + include Google::Apis::Core::Hashable + + # Encapsulates settings provided to GetIamPolicy. + # Corresponds to the JSON property `options` + # @return [Google::Apis::SecuritycenterV1p1beta1::GetPolicyOptions] + attr_accessor :options + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @options = args[:options] if args.key?(:options) + end + end + + # Encapsulates settings provided to GetIamPolicy. + class GetPolicyOptions + include Google::Apis::Core::Hashable + + # Optional. The policy format version to be returned. + # Valid values are 0, 1, and 3. Requests specifying an invalid value will be + # rejected. + # Requests for policies with any conditional bindings must specify version 3. + # Policies without any conditional bindings may specify any valid value or + # leave the field unset. + # Corresponds to the JSON property `requestedPolicyVersion` + # @return [Fixnum] + attr_accessor :requested_policy_version + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version) + end + end + # Response of asset discovery run class GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse include Google::Apis::Core::Hashable @@ -91,6 +421,920 @@ module Google end end + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + class GoogleCloudSecuritycenterV1p1beta1Asset + include Google::Apis::Core::Hashable + + # The time at which the asset was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + # Corresponds to the JSON property `iamPolicy` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1IamPolicy] + attr_accessor :iam_policy + + # The relative resource name of this asset. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/assets/`asset_id`". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Resource managed properties. These properties are managed and defined by + # the GCP resource and cannot be modified by the user. + # Corresponds to the JSON property `resourceProperties` + # @return [Hash] + attr_accessor :resource_properties + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + # Corresponds to the JSON property `securityCenterProperties` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties] + attr_accessor :security_center_properties + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # The time at which the asset was last updated, added, or deleted in Cloud + # SCC. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @iam_policy = args[:iam_policy] if args.key?(:iam_policy) + @name = args[:name] if args.key?(:name) + @resource_properties = args[:resource_properties] if args.key?(:resource_properties) + @security_center_properties = args[:security_center_properties] if args.key?(:security_center_properties) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + class GoogleCloudSecuritycenterV1p1beta1Finding + include Google::Apis::Core::Hashable + + # The additional taxonomy group within findings from a given source. + # This field is immutable after creation time. + # Example: "XSS_FLASH_INJECTION" + # Corresponds to the JSON property `category` + # @return [String] + attr_accessor :category + + # The time at which the finding was created in Cloud SCC. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # The time at which the event took place. For example, if the finding + # represents an open firewall it would capture the time the detector believes + # the firewall became open. The accuracy is determined by the detector. + # Corresponds to the JSON property `eventTime` + # @return [String] + attr_accessor :event_time + + # The URI that, if available, points to a web page outside of Cloud SCC + # where additional information about the finding can be found. This field is + # guaranteed to be either empty or a well formed URL. + # Corresponds to the JSON property `externalUri` + # @return [String] + attr_accessor :external_uri + + # The relative resource name of this finding. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The relative resource name of the source the finding belongs to. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # This field is immutable after creation time. + # For example: + # "organizations/`organization_id`/sources/`source_id`" + # Corresponds to the JSON property `parent` + # @return [String] + attr_accessor :parent + + # For findings on Google Cloud Platform (GCP) resources, the full resource + # name of the GCP resource this finding is for. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # When the finding is for a non-GCP resource, the resourceName can be a + # customer or partner defined string. + # This field is immutable after creation time. + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + attr_accessor :security_marks + + # Source specific properties. These properties are managed by the source + # that writes the finding. The key names in the source_properties map must be + # between 1 and 255 characters, and must start with a letter and contain + # alphanumeric characters or underscores only. + # Corresponds to the JSON property `sourceProperties` + # @return [Hash] + attr_accessor :source_properties + + # The state of the finding. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @category = args[:category] if args.key?(:category) + @create_time = args[:create_time] if args.key?(:create_time) + @event_time = args[:event_time] if args.key?(:event_time) + @external_uri = args[:external_uri] if args.key?(:external_uri) + @name = args[:name] if args.key?(:name) + @parent = args[:parent] if args.key?(:parent) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @source_properties = args[:source_properties] if args.key?(:source_properties) + @state = args[:state] if args.key?(:state) + end + end + + # IAM Policy information associated with the GCP resource described by the + # Cloud SCC asset. This information is managed and defined by the GCP + # resource and cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + include Google::Apis::Core::Hashable + + # The JSON representation of the Policy associated with the asset. + # See https://cloud.google.com/iam/reference/rest/v1p1beta1/Policy for + # format details. + # Corresponds to the JSON property `policyBlob` + # @return [String] + attr_accessor :policy_blob + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @policy_blob = args[:policy_blob] if args.key?(:policy_blob) + end + end + + # Cloud SCC's Notification + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + include Google::Apis::Core::Hashable + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + # Corresponds to the JSON property `finding` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] + attr_accessor :finding + + # Name of the notification config that generated current notification. + # Corresponds to the JSON property `notificationConfigName` + # @return [String] + attr_accessor :notification_config_name + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + # Corresponds to the JSON property `temporalAsset` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset] + attr_accessor :temporal_asset + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @finding = args[:finding] if args.key?(:finding) + @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name) + @temporal_asset = args[:temporal_asset] if args.key?(:temporal_asset) + end + end + + # Response of asset discovery run + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + include Google::Apis::Core::Hashable + + # The duration between asset discovery run start and end + # Corresponds to the JSON property `duration` + # @return [String] + attr_accessor :duration + + # The state of an asset discovery run. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @duration = args[:duration] if args.key?(:duration) + @state = args[:state] if args.key?(:state) + end + end + + # Cloud SCC managed properties. These properties are managed by Cloud SCC and + # cannot be modified by the user. + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + include Google::Apis::Core::Hashable + + # The user defined display name for this resource. + # Corresponds to the JSON property `resourceDisplayName` + # @return [String] + attr_accessor :resource_display_name + + # The full resource name of the GCP resource this asset + # represents. This field is immutable after create time. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # Owners of the Google Cloud resource. + # Corresponds to the JSON property `resourceOwners` + # @return [Array] + attr_accessor :resource_owners + + # The full resource name of the immediate parent of the resource. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceParent` + # @return [String] + attr_accessor :resource_parent + + # The user defined display name for the parent of this resource. + # Corresponds to the JSON property `resourceParentDisplayName` + # @return [String] + attr_accessor :resource_parent_display_name + + # The full resource name of the project the resource belongs to. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `resourceProject` + # @return [String] + attr_accessor :resource_project + + # The user defined display name for the project of this resource. + # Corresponds to the JSON property `resourceProjectDisplayName` + # @return [String] + attr_accessor :resource_project_display_name + + # The type of the GCP resource. Examples include: APPLICATION, + # PROJECT, and ORGANIZATION. This is a case insensitive field defined by + # Cloud SCC and/or the producer of the resource and is immutable + # after create time. + # Corresponds to the JSON property `resourceType` + # @return [String] + attr_accessor :resource_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @resource_display_name = args[:resource_display_name] if args.key?(:resource_display_name) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @resource_owners = args[:resource_owners] if args.key?(:resource_owners) + @resource_parent = args[:resource_parent] if args.key?(:resource_parent) + @resource_parent_display_name = args[:resource_parent_display_name] if args.key?(:resource_parent_display_name) + @resource_project = args[:resource_project] if args.key?(:resource_project) + @resource_project_display_name = args[:resource_project_display_name] if args.key?(:resource_project_display_name) + @resource_type = args[:resource_type] if args.key?(:resource_type) + end + end + + # User specified security marks that are attached to the parent Cloud Security + # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud + # SCC organization -- they can be modified and viewed by all users who have + # proper permissions on the organization. + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + include Google::Apis::Core::Hashable + + # Mutable user specified security marks belonging to the parent resource. + # Constraints are as follows: + # * Keys and values are treated as case insensitive + # * Keys must be between 1 - 256 characters (inclusive) + # * Keys must be letters, numbers, underscores, or dashes + # * Values have leading and trailing whitespace trimmed, remaining + # characters must be between 1 - 4096 characters (inclusive) + # Corresponds to the JSON property `marks` + # @return [Hash] + attr_accessor :marks + + # The relative resource name of the SecurityMarks. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Examples: + # "organizations/`organization_id`/assets/`asset_id`/securityMarks" + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @marks = args[:marks] if args.key?(:marks) + @name = args[:name] if args.key?(:name) + end + end + + # Wrapper over asset object that also captures the state change for the asset + # e.g. if it was a newly created asset vs updated or deleted asset. + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + include Google::Apis::Core::Hashable + + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + # Corresponds to the JSON property `asset` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Asset] + attr_accessor :asset + + # Represents if the asset was created/updated/deleted. + # Corresponds to the JSON property `changeType` + # @return [String] + attr_accessor :change_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @asset = args[:asset] if args.key?(:asset) + @change_type = args[:change_type] if args.key?(:change_type) + end + end + + # Request message for grouping by assets. + class GroupAssetsRequest + include Google::Apis::Core::Hashable + + # When compare_duration is set, the GroupResult's "state_change" property is + # updated to indicate whether the asset was added, removed, or remained + # present during the compare_duration period of time that precedes the + # read_time. This is the time between (read_time - compare_duration) and + # read_time. + # The state change value is derived based on the presence of the asset at the + # two points in time. Intermediate state changes between the two times don't + # affect the result. For example, the results aren't affected if the asset is + # removed and re-created again. + # Possible "state_change" values when compare_duration is specified: + # * "ADDED": indicates that the asset was not present at the start of + # compare_duration, but present at reference_time. + # * "REMOVED": indicates that the asset was present at the start of + # compare_duration, but not present at reference_time. + # * "ACTIVE": indicates that the asset was present at both the + # start and the end of the time period defined by + # compare_duration and reference_time. + # If compare_duration is not specified, then the only possible state_change + # is "UNUSED", which will be the state_change set for all assets present at + # read_time. + # If this field is set then `state_change` must be a specified field in + # `group_by`. + # Corresponds to the JSON property `compareDuration` + # @return [String] + attr_accessor :compare_duration + + # Expression that defines the filter to apply across assets. + # The expression is a list of zero or more restrictions combined via logical + # operators `AND` and `OR`. + # Parentheses are supported, and `OR` has higher precedence than `AND`. + # Restrictions have the form ` ` and may have a `-` + # character in front of them to indicate negation. The fields map to those + # defined in the Asset resource. Examples include: + # * name + # * security_center_properties.resource_name + # * resource_properties.a_property + # * security_marks.marks.marka + # The supported operators are: + # * `=` for all value types. + # * `>`, `<`, `>=`, `<=` for integer values. + # * `:`, meaning substring matching, for strings. + # The supported value types are: + # * string literals in quotes. + # * integer literals without quotes. + # * boolean literals `true` and `false` without quotes. + # The following field and operator combinations are supported: + # * name: `=` + # * update_time: `=`, `>`, `<`, `>=`, `<=` + # Usage: This should be milliseconds since epoch or an RFC3339 string. + # Examples: + # "update_time = \"2019-06-10T16:07:18-07:00\"" + # "update_time = 1560208038000" + # * create_time: `=`, `>`, `<`, `>=`, `<=` + # Usage: This should be milliseconds since epoch or an RFC3339 string. + # Examples: + # "create_time = \"2019-06-10T16:07:18-07:00\"" + # "create_time = 1560208038000" + # * iam_policy.policy_blob: `=`, `:` + # * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` + # * security_marks.marks: `=`, `:` + # * security_center_properties.resource_name: `=`, `:` + # * security_center_properties.resource_name_display_name: `=`, `:` + # * security_center_properties.resource_type: `=`, `:` + # * security_center_properties.resource_parent: `=`, `:` + # * security_center_properties.resource_parent_display_name: `=`, `:` + # * security_center_properties.resource_project: `=`, `:` + # * security_center_properties.resource_project_display_name: `=`, `:` + # * security_center_properties.resource_owners: `=`, `:` + # For example, `resource_properties.size = 100` is a valid filter string. + # Corresponds to the JSON property `filter` + # @return [String] + attr_accessor :filter + + # Required. Expression that defines what assets fields to use for grouping. The + # string + # value should follow SQL syntax: comma separated list of fields. For + # example: + # "security_center_properties.resource_project,security_center_properties. + # project". + # The following fields are supported when compare_duration is not set: + # * security_center_properties.resource_project + # * security_center_properties.resource_project_display_name + # * security_center_properties.resource_type + # * security_center_properties.resource_parent + # * security_center_properties.resource_parent_display_name + # The following fields are supported when compare_duration is set: + # * security_center_properties.resource_type + # * security_center_properties.resource_project_display_name + # * security_center_properties.resource_parent_display_name + # Corresponds to the JSON property `groupBy` + # @return [String] + attr_accessor :group_by + + # The maximum number of results to return in a single response. Default is + # 10, minimum is 1, maximum is 1000. + # Corresponds to the JSON property `pageSize` + # @return [Fixnum] + attr_accessor :page_size + + # The value returned by the last `GroupAssetsResponse`; indicates + # that this is a continuation of a prior `GroupAssets` call, and that the + # system should return the next page of data. + # Corresponds to the JSON property `pageToken` + # @return [String] + attr_accessor :page_token + + # Time used as a reference point when filtering assets. The filter is limited + # to assets existing at the supplied time and their values are those at that + # specific time. Absence of this field will default to the API's version of + # NOW. + # Corresponds to the JSON property `readTime` + # @return [String] + attr_accessor :read_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @compare_duration = args[:compare_duration] if args.key?(:compare_duration) + @filter = args[:filter] if args.key?(:filter) + @group_by = args[:group_by] if args.key?(:group_by) + @page_size = args[:page_size] if args.key?(:page_size) + @page_token = args[:page_token] if args.key?(:page_token) + @read_time = args[:read_time] if args.key?(:read_time) + end + end + + # Response message for grouping by assets. + class GroupAssetsResponse + include Google::Apis::Core::Hashable + + # Group results. There exists an element for each existing unique + # combination of property/values. The element contains a count for the number + # of times those specific property/values appear. + # Corresponds to the JSON property `groupByResults` + # @return [Array] + attr_accessor :group_by_results + + # Token to retrieve the next page of results, or empty if there are no more + # results. + # Corresponds to the JSON property `nextPageToken` + # @return [String] + attr_accessor :next_page_token + + # Time used for executing the groupBy request. + # Corresponds to the JSON property `readTime` + # @return [String] + attr_accessor :read_time + + # The total number of results matching the query. + # Corresponds to the JSON property `totalSize` + # @return [Fixnum] + attr_accessor :total_size + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @group_by_results = args[:group_by_results] if args.key?(:group_by_results) + @next_page_token = args[:next_page_token] if args.key?(:next_page_token) + @read_time = args[:read_time] if args.key?(:read_time) + @total_size = args[:total_size] if args.key?(:total_size) + end + end + + # Request message for grouping by findings. + class GroupFindingsRequest + include Google::Apis::Core::Hashable + + # When compare_duration is set, the GroupResult's "state_change" attribute is + # updated to indicate whether the finding had its state changed, the + # finding's state remained unchanged, or if the finding was added during the + # compare_duration period of time that precedes the read_time. This is the + # time between (read_time - compare_duration) and read_time. + # The state_change value is derived based on the presence and state of the + # finding at the two points in time. Intermediate state changes between the + # two times don't affect the result. For example, the results aren't affected + # if the finding is made inactive and then active again. + # Possible "state_change" values when compare_duration is specified: + # * "CHANGED": indicates that the finding was present at the start of + # compare_duration, but changed its state at read_time. + # * "UNCHANGED": indicates that the finding was present at the start of + # compare_duration and did not change state at read_time. + # * "ADDED": indicates that the finding was not present at the start + # of compare_duration, but was present at read_time. + # If compare_duration is not specified, then the only possible state_change + # is "UNUSED", which will be the state_change set for all findings present + # at read_time. + # If this field is set then `state_change` must be a specified field in + # `group_by`. + # Corresponds to the JSON property `compareDuration` + # @return [String] + attr_accessor :compare_duration + + # Expression that defines the filter to apply across findings. + # The expression is a list of one or more restrictions combined via logical + # operators `AND` and `OR`. + # Parentheses are supported, and `OR` has higher precedence than `AND`. + # Restrictions have the form ` ` and may have a `-` + # character in front of them to indicate negation. Examples include: + # * name + # * source_properties.a_property + # * security_marks.marks.marka + # The supported operators are: + # * `=` for all value types. + # * `>`, `<`, `>=`, `<=` for integer values. + # * `:`, meaning substring matching, for strings. + # The supported value types are: + # * string literals in quotes. + # * integer literals without quotes. + # * boolean literals `true` and `false` without quotes. + # The following field and operator combinations are supported: + # * name: `=` + # * parent: `=`, `:` + # * resource_name: `=`, `:` + # * state: `=`, `:` + # * category: `=`, `:` + # * external_uri: `=`, `:` + # * event_time: `=`, `>`, `<`, `>=`, `<=` + # Usage: This should be milliseconds since epoch or an RFC3339 string. + # Examples: + # "event_time = \"2019-06-10T16:07:18-07:00\"" + # "event_time = 1560208038000" + # * security_marks.marks: `=`, `:` + # * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` + # For example, `source_properties.size = 100` is a valid filter string. + # Corresponds to the JSON property `filter` + # @return [String] + attr_accessor :filter + + # Required. Expression that defines what assets fields to use for grouping ( + # including + # `state_change`). The string value should follow SQL syntax: comma separated + # list of fields. For example: "parent,resource_name". + # The following fields are supported: + # * resource_name + # * category + # * state + # * parent + # The following fields are supported when compare_duration is set: + # * state_change + # Corresponds to the JSON property `groupBy` + # @return [String] + attr_accessor :group_by + + # The maximum number of results to return in a single response. Default is + # 10, minimum is 1, maximum is 1000. + # Corresponds to the JSON property `pageSize` + # @return [Fixnum] + attr_accessor :page_size + + # The value returned by the last `GroupFindingsResponse`; indicates + # that this is a continuation of a prior `GroupFindings` call, and + # that the system should return the next page of data. + # Corresponds to the JSON property `pageToken` + # @return [String] + attr_accessor :page_token + + # Time used as a reference point when filtering findings. The filter is + # limited to findings existing at the supplied time and their values are + # those at that specific time. Absence of this field will default to the + # API's version of NOW. + # Corresponds to the JSON property `readTime` + # @return [String] + attr_accessor :read_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @compare_duration = args[:compare_duration] if args.key?(:compare_duration) + @filter = args[:filter] if args.key?(:filter) + @group_by = args[:group_by] if args.key?(:group_by) + @page_size = args[:page_size] if args.key?(:page_size) + @page_token = args[:page_token] if args.key?(:page_token) + @read_time = args[:read_time] if args.key?(:read_time) + end + end + + # Response message for group by findings. + class GroupFindingsResponse + include Google::Apis::Core::Hashable + + # Group results. There exists an element for each existing unique + # combination of property/values. The element contains a count for the number + # of times those specific property/values appear. + # Corresponds to the JSON property `groupByResults` + # @return [Array] + attr_accessor :group_by_results + + # Token to retrieve the next page of results, or empty if there are no more + # results. + # Corresponds to the JSON property `nextPageToken` + # @return [String] + attr_accessor :next_page_token + + # Time used for executing the groupBy request. + # Corresponds to the JSON property `readTime` + # @return [String] + attr_accessor :read_time + + # The total number of results matching the query. + # Corresponds to the JSON property `totalSize` + # @return [Fixnum] + attr_accessor :total_size + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @group_by_results = args[:group_by_results] if args.key?(:group_by_results) + @next_page_token = args[:next_page_token] if args.key?(:next_page_token) + @read_time = args[:read_time] if args.key?(:read_time) + @total_size = args[:total_size] if args.key?(:total_size) + end + end + + # Result containing the properties and count of a groupBy request. + class GroupResult + include Google::Apis::Core::Hashable + + # Total count of resources for the given properties. + # Corresponds to the JSON property `count` + # @return [Fixnum] + attr_accessor :count + + # Properties matching the groupBy fields in the request. + # Corresponds to the JSON property `properties` + # @return [Hash] + attr_accessor :properties + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @count = args[:count] if args.key?(:count) + @properties = args[:properties] if args.key?(:properties) + end + end + + # Response message for listing assets. + class ListAssetsResponse + include Google::Apis::Core::Hashable + + # Assets matching the list request. + # Corresponds to the JSON property `listAssetsResults` + # @return [Array] + attr_accessor :list_assets_results + + # Token to retrieve the next page of results, or empty if there are no more + # results. + # Corresponds to the JSON property `nextPageToken` + # @return [String] + attr_accessor :next_page_token + + # Time used for executing the list request. + # Corresponds to the JSON property `readTime` + # @return [String] + attr_accessor :read_time + + # The total number of assets matching the query. + # Corresponds to the JSON property `totalSize` + # @return [Fixnum] + attr_accessor :total_size + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @list_assets_results = args[:list_assets_results] if args.key?(:list_assets_results) + @next_page_token = args[:next_page_token] if args.key?(:next_page_token) + @read_time = args[:read_time] if args.key?(:read_time) + @total_size = args[:total_size] if args.key?(:total_size) + end + end + + # Result containing the Asset and its State. + class ListAssetsResult + include Google::Apis::Core::Hashable + + # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud + # Platform (GCP) resource. + # The Asset is a Cloud SCC resource that captures information about a single + # GCP resource. All modifications to an Asset are only within the context of + # Cloud SCC and don't affect the referenced GCP resource. + # Corresponds to the JSON property `asset` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Asset] + attr_accessor :asset + + # State change of the asset between the points in time. + # Corresponds to the JSON property `stateChange` + # @return [String] + attr_accessor :state_change + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @asset = args[:asset] if args.key?(:asset) + @state_change = args[:state_change] if args.key?(:state_change) + end + end + + # Response message for listing findings. + class ListFindingsResponse + include Google::Apis::Core::Hashable + + # Findings matching the list request. + # Corresponds to the JSON property `listFindingsResults` + # @return [Array] + attr_accessor :list_findings_results + + # Token to retrieve the next page of results, or empty if there are no more + # results. + # Corresponds to the JSON property `nextPageToken` + # @return [String] + attr_accessor :next_page_token + + # Time used for executing the list request. + # Corresponds to the JSON property `readTime` + # @return [String] + attr_accessor :read_time + + # The total number of findings matching the query. + # Corresponds to the JSON property `totalSize` + # @return [Fixnum] + attr_accessor :total_size + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @list_findings_results = args[:list_findings_results] if args.key?(:list_findings_results) + @next_page_token = args[:next_page_token] if args.key?(:next_page_token) + @read_time = args[:read_time] if args.key?(:read_time) + @total_size = args[:total_size] if args.key?(:total_size) + end + end + + # Result containing the Finding and its StateChange. + class ListFindingsResult + include Google::Apis::Core::Hashable + + # Cloud Security Command Center (Cloud SCC) finding. + # A finding is a record of assessment data (security, risk, health or privacy) + # ingested into Cloud SCC for presentation, notification, analysis, + # policy testing, and enforcement. For example, an XSS vulnerability in an + # App Engine application is a finding. + # Corresponds to the JSON property `finding` + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] + attr_accessor :finding + + # Information related to the Google Cloud Platform (GCP) resource that is + # associated with this finding. + # Corresponds to the JSON property `resource` + # @return [Google::Apis::SecuritycenterV1p1beta1::Resource] + attr_accessor :resource + + # State change of the finding between the points in time. + # Corresponds to the JSON property `stateChange` + # @return [String] + attr_accessor :state_change + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @finding = args[:finding] if args.key?(:finding) + @resource = args[:resource] if args.key?(:resource) + @state_change = args[:state_change] if args.key?(:state_change) + end + end + + # Response message for listing notification configs. + class ListNotificationConfigsResponse + include Google::Apis::Core::Hashable + + # Token to retrieve the next page of results, or empty if there are no more + # results. + # Corresponds to the JSON property `nextPageToken` + # @return [String] + attr_accessor :next_page_token + + # Notification configs belonging to the requested parent. + # Corresponds to the JSON property `notificationConfigs` + # @return [Array] + attr_accessor :notification_configs + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @next_page_token = args[:next_page_token] if args.key?(:next_page_token) + @notification_configs = args[:notification_configs] if args.key?(:notification_configs) + end + end + # The response message for Operations.ListOperations. class ListOperationsResponse include Google::Apis::Core::Hashable @@ -116,6 +1360,89 @@ module Google end end + # Response message for listing sources. + class ListSourcesResponse + include Google::Apis::Core::Hashable + + # Token to retrieve the next page of results, or empty if there are no more + # results. + # Corresponds to the JSON property `nextPageToken` + # @return [String] + attr_accessor :next_page_token + + # Sources belonging to the requested parent. + # Corresponds to the JSON property `sources` + # @return [Array] + attr_accessor :sources + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @next_page_token = args[:next_page_token] if args.key?(:next_page_token) + @sources = args[:sources] if args.key?(:sources) + end + end + + # Cloud Security Command Center (Cloud SCC) notification configs. + # A notification config is a Cloud SCC resource that contains the configuration + # to send notifications for create/update events of findings, assets and etc. + class NotificationConfig + include Google::Apis::Core::Hashable + + # The description of the notification config (max of 1024 characters). + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # The type of events the config is for, e.g. FINDING. + # Corresponds to the JSON property `eventType` + # @return [String] + attr_accessor :event_type + + # The relative resource name of this notification config. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/notificationConfigs/notify_public_bucket". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The PubSub topic to send notifications to. Its format is + # "projects/[project_id]/topics/[topic]". + # Corresponds to the JSON property `pubsubTopic` + # @return [String] + attr_accessor :pubsub_topic + + # Output only. The service account that needs "pubsub.topics.publish" + # permission to publish to the PubSub topic. + # Corresponds to the JSON property `serviceAccount` + # @return [String] + attr_accessor :service_account + + # The config for streaming-based notifications, which send each event as soon + # as it is detected. + # Corresponds to the JSON property `streamingConfig` + # @return [Google::Apis::SecuritycenterV1p1beta1::StreamingConfig] + attr_accessor :streaming_config + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @description = args[:description] if args.key?(:description) + @event_type = args[:event_type] if args.key?(:event_type) + @name = args[:name] if args.key?(:name) + @pubsub_topic = args[:pubsub_topic] if args.key?(:pubsub_topic) + @service_account = args[:service_account] if args.key?(:service_account) + @streaming_config = args[:streaming_config] if args.key?(:streaming_config) + end + end + # This resource represents a long-running operation that is the result of a # network API call. class Operation @@ -180,6 +1507,378 @@ module Google end end + # User specified settings that are attached to the Cloud Security Command + # Center (Cloud SCC) organization. + class OrganizationSettings + include Google::Apis::Core::Hashable + + # The configuration used for Asset Discovery runs. + # Corresponds to the JSON property `assetDiscoveryConfig` + # @return [Google::Apis::SecuritycenterV1p1beta1::AssetDiscoveryConfig] + attr_accessor :asset_discovery_config + + # A flag that indicates if Asset Discovery should be enabled. If the flag is + # set to `true`, then discovery of assets will occur. If it is set to `false, + # all historical assets will remain, but discovery of future assets will not + # occur. + # Corresponds to the JSON property `enableAssetDiscovery` + # @return [Boolean] + attr_accessor :enable_asset_discovery + alias_method :enable_asset_discovery?, :enable_asset_discovery + + # The relative resource name of the settings. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/organizationSettings". + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @asset_discovery_config = args[:asset_discovery_config] if args.key?(:asset_discovery_config) + @enable_asset_discovery = args[:enable_asset_discovery] if args.key?(:enable_asset_discovery) + @name = args[:name] if args.key?(:name) + end + end + + # An Identity and Access Management (IAM) policy, which specifies access + # controls for Google Cloud resources. + # A `Policy` is a collection of `bindings`. A `binding` binds one or more + # `members` to a single `role`. Members can be user accounts, service accounts, + # Google groups, and domains (such as G Suite). A `role` is a named list of + # permissions; each `role` can be an IAM predefined role or a user-created + # custom role. + # Optionally, a `binding` can specify a `condition`, which is a logical + # expression that allows access to a resource only if the expression evaluates + # to `true`. A condition can add constraints based on attributes of the + # request, the resource, or both. + # **JSON example:** + # ` + # "bindings": [ + # ` + # "role": "roles/resourcemanager.organizationAdmin", + # "members": [ + # "user:mike@example.com", + # "group:admins@example.com", + # "domain:google.com", + # "serviceAccount:my-project-id@appspot.gserviceaccount.com" + # ] + # `, + # ` + # "role": "roles/resourcemanager.organizationViewer", + # "members": ["user:eve@example.com"], + # "condition": ` + # "title": "expirable access", + # "description": "Does not grant access after Sep 2020", + # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z') + # ", + # ` + # ` + # ], + # "etag": "BwWWja0YfJA=", + # "version": 3 + # ` + # **YAML example:** + # bindings: + # - members: + # - user:mike@example.com + # - group:admins@example.com + # - domain:google.com + # - serviceAccount:my-project-id@appspot.gserviceaccount.com + # role: roles/resourcemanager.organizationAdmin + # - members: + # - user:eve@example.com + # role: roles/resourcemanager.organizationViewer + # condition: + # title: expirable access + # description: Does not grant access after Sep 2020 + # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + # - etag: BwWWja0YfJA= + # - version: 3 + # For a description of IAM and its features, see the + # [IAM documentation](https://cloud.google.com/iam/docs/). + class Policy + include Google::Apis::Core::Hashable + + # Specifies cloud audit logging configuration for this policy. + # Corresponds to the JSON property `auditConfigs` + # @return [Array] + attr_accessor :audit_configs + + # Associates a list of `members` to a `role`. Optionally, may specify a + # `condition` that determines how and when the `bindings` are applied. Each + # of the `bindings` must contain at least one member. + # Corresponds to the JSON property `bindings` + # @return [Array] + attr_accessor :bindings + + # `etag` is used for optimistic concurrency control as a way to help + # prevent simultaneous updates of a policy from overwriting each other. + # It is strongly suggested that systems make use of the `etag` in the + # read-modify-write cycle to perform policy updates in order to avoid race + # conditions: An `etag` is returned in the response to `getIamPolicy`, and + # systems are expected to put that etag in the request to `setIamPolicy` to + # ensure that their change will be applied to the same version of the policy. + # **Important:** If you use IAM Conditions, you must include the `etag` field + # whenever you call `setIamPolicy`. If you omit this field, then IAM allows + # you to overwrite a version `3` policy with a version `1` policy, and all of + # the conditions in the version `3` policy are lost. + # Corresponds to the JSON property `etag` + # NOTE: Values are automatically base64 encoded/decoded in the client library. + # @return [String] + attr_accessor :etag + + # Specifies the format of the policy. + # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value + # are rejected. + # Any operation that affects conditional role bindings must specify version + # `3`. This requirement applies to the following operations: + # * Getting a policy that includes a conditional role binding + # * Adding a conditional role binding to a policy + # * Changing a conditional role binding in a policy + # * Removing any role binding, with or without a condition, from a policy + # that includes conditions + # **Important:** If you use IAM Conditions, you must include the `etag` field + # whenever you call `setIamPolicy`. If you omit this field, then IAM allows + # you to overwrite a version `3` policy with a version `1` policy, and all of + # the conditions in the version `3` policy are lost. + # If a policy does not include any conditions, operations on that policy may + # specify any valid version or leave the field unset. + # Corresponds to the JSON property `version` + # @return [Fixnum] + attr_accessor :version + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @audit_configs = args[:audit_configs] if args.key?(:audit_configs) + @bindings = args[:bindings] if args.key?(:bindings) + @etag = args[:etag] if args.key?(:etag) + @version = args[:version] if args.key?(:version) + end + end + + # Information related to the Google Cloud Platform (GCP) resource that is + # associated with this finding. + class Resource + include Google::Apis::Core::Hashable + + # The full resource name of the resource. See: + # https://cloud.google.com/apis/design/resource_names#full_resource_name + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The human readable name of resource's parent. + # Corresponds to the JSON property `parentDisplayName` + # @return [String] + attr_accessor :parent_display_name + + # The full resource name of resource's parent. + # Corresponds to the JSON property `parentName` + # @return [String] + attr_accessor :parent_name + + # The human readable name of project that the resource belongs to. + # Corresponds to the JSON property `projectDisplayName` + # @return [String] + attr_accessor :project_display_name + + # The full resource name of project that the resource belongs to. + # Corresponds to the JSON property `projectName` + # @return [String] + attr_accessor :project_name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name) + @parent_name = args[:parent_name] if args.key?(:parent_name) + @project_display_name = args[:project_display_name] if args.key?(:project_display_name) + @project_name = args[:project_name] if args.key?(:project_name) + end + end + + # Request message for running asset discovery for an organization. + class RunAssetDiscoveryRequest + include Google::Apis::Core::Hashable + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + end + end + + # Request message for updating a finding's state. + class SetFindingStateRequest + include Google::Apis::Core::Hashable + + # Required. The time at which the updated state takes effect. + # Corresponds to the JSON property `startTime` + # @return [String] + attr_accessor :start_time + + # Required. The desired State of the finding. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @start_time = args[:start_time] if args.key?(:start_time) + @state = args[:state] if args.key?(:state) + end + end + + # Request message for `SetIamPolicy` method. + class SetIamPolicyRequest + include Google::Apis::Core::Hashable + + # An Identity and Access Management (IAM) policy, which specifies access + # controls for Google Cloud resources. + # A `Policy` is a collection of `bindings`. A `binding` binds one or more + # `members` to a single `role`. Members can be user accounts, service accounts, + # Google groups, and domains (such as G Suite). A `role` is a named list of + # permissions; each `role` can be an IAM predefined role or a user-created + # custom role. + # Optionally, a `binding` can specify a `condition`, which is a logical + # expression that allows access to a resource only if the expression evaluates + # to `true`. A condition can add constraints based on attributes of the + # request, the resource, or both. + # **JSON example:** + # ` + # "bindings": [ + # ` + # "role": "roles/resourcemanager.organizationAdmin", + # "members": [ + # "user:mike@example.com", + # "group:admins@example.com", + # "domain:google.com", + # "serviceAccount:my-project-id@appspot.gserviceaccount.com" + # ] + # `, + # ` + # "role": "roles/resourcemanager.organizationViewer", + # "members": ["user:eve@example.com"], + # "condition": ` + # "title": "expirable access", + # "description": "Does not grant access after Sep 2020", + # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z') + # ", + # ` + # ` + # ], + # "etag": "BwWWja0YfJA=", + # "version": 3 + # ` + # **YAML example:** + # bindings: + # - members: + # - user:mike@example.com + # - group:admins@example.com + # - domain:google.com + # - serviceAccount:my-project-id@appspot.gserviceaccount.com + # role: roles/resourcemanager.organizationAdmin + # - members: + # - user:eve@example.com + # role: roles/resourcemanager.organizationViewer + # condition: + # title: expirable access + # description: Does not grant access after Sep 2020 + # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + # - etag: BwWWja0YfJA= + # - version: 3 + # For a description of IAM and its features, see the + # [IAM documentation](https://cloud.google.com/iam/docs/). + # Corresponds to the JSON property `policy` + # @return [Google::Apis::SecuritycenterV1p1beta1::Policy] + attr_accessor :policy + + # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only + # the fields in the mask will be modified. If no mask is provided, the + # following default mask is used: + # paths: "bindings, etag" + # This field is only used by Cloud IAM. + # Corresponds to the JSON property `updateMask` + # @return [String] + attr_accessor :update_mask + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @policy = args[:policy] if args.key?(:policy) + @update_mask = args[:update_mask] if args.key?(:update_mask) + end + end + + # Cloud Security Command Center's (Cloud SCC) finding source. A finding source + # is an entity or a mechanism that can produce a finding. A source is like a + # container of findings that come from the same scanner, logger, monitor, etc. + class Source + include Google::Apis::Core::Hashable + + # The description of the source (max of 1024 characters). + # Example: + # "Cloud Security Scanner is a web security scanner for common + # vulnerabilities in App Engine applications. It can automatically + # scan and detect four common vulnerabilities, including cross-site-scripting + # (XSS), Flash injection, mixed content (HTTP in HTTPS), and + # outdated/insecure libraries." + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # The source's display name. + # A source's display name must be unique amongst its siblings, for example, + # two sources with the same parent can't share the same display name. + # The display name must have a length between 1 and 64 characters + # (inclusive). + # Corresponds to the JSON property `displayName` + # @return [String] + attr_accessor :display_name + + # The relative resource name of this source. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @description = args[:description] if args.key?(:description) + @display_name = args[:display_name] if args.key?(:display_name) + @name = args[:name] if args.key?(:name) + end + end + # The `Status` type defines a logical error model that is suitable for # different programming environments, including REST APIs and RPC APIs. It is # used by [gRPC](https://github.com/grpc). Each `Status` message contains @@ -218,6 +1917,83 @@ module Google @message = args[:message] if args.key?(:message) end end + + # The config for streaming-based notifications, which send each event as soon + # as it is detected. + class StreamingConfig + include Google::Apis::Core::Hashable + + # Expression that defines the filter to apply across create/update events + # of assets or findings as specified by the event type. The expression is a + # list of zero or more restrictions combined via logical operators `AND` + # and `OR`. Parentheses are supported, and `OR` has higher precedence than + # `AND`. + # Restrictions have the form ` ` and may have a + # `-` character in front of them to indicate negation. The fields map to + # those defined in the corresponding resource. + # The supported operators are: + # * `=` for all value types. + # * `>`, `<`, `>=`, `<=` for integer values. + # * `:`, meaning substring matching, for strings. + # The supported value types are: + # * string literals in quotes. + # * integer literals without quotes. + # * boolean literals `true` and `false` without quotes. + # Corresponds to the JSON property `filter` + # @return [String] + attr_accessor :filter + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @filter = args[:filter] if args.key?(:filter) + end + end + + # Request message for `TestIamPermissions` method. + class TestIamPermissionsRequest + include Google::Apis::Core::Hashable + + # The set of permissions to check for the `resource`. Permissions with + # wildcards (such as '*' or 'storage.*') are not allowed. For more + # information see + # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + # Corresponds to the JSON property `permissions` + # @return [Array] + attr_accessor :permissions + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @permissions = args[:permissions] if args.key?(:permissions) + end + end + + # Response message for `TestIamPermissions` method. + class TestIamPermissionsResponse + include Google::Apis::Core::Hashable + + # A subset of `TestPermissionsRequest.permissions` that the caller is + # allowed. + # Corresponds to the JSON property `permissions` + # @return [Array] + attr_accessor :permissions + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @permissions = args[:permissions] if args.key?(:permissions) + end + end end end end diff --git a/generated/google/apis/securitycenter_v1p1beta1/representations.rb b/generated/google/apis/securitycenter_v1p1beta1/representations.rb index 42ef8306e..8734c0316 100644 --- a/generated/google/apis/securitycenter_v1p1beta1/representations.rb +++ b/generated/google/apis/securitycenter_v1p1beta1/representations.rb @@ -22,12 +22,54 @@ module Google module Apis module SecuritycenterV1p1beta1 + class AssetDiscoveryConfig + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class AuditConfig + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class AuditLogConfig + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class Binding + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class Empty class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end + class Expr + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GetIamPolicyRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GetPolicyOptions + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse class Representation < Google::Apis::Core::JsonRepresentation; end @@ -40,30 +82,270 @@ module Google include Google::Apis::Core::JsonObjectSupport end + class GoogleCloudSecuritycenterV1p1beta1Asset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GroupAssetsRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GroupAssetsResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GroupFindingsRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GroupFindingsResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class GroupResult + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class ListAssetsResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class ListAssetsResult + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class ListFindingsResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class ListFindingsResult + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class ListNotificationConfigsResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class ListOperationsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end + class ListSourcesResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class NotificationConfig + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class Operation class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end + class OrganizationSettings + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class Policy + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class Resource + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class RunAssetDiscoveryRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class SetFindingStateRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class SetIamPolicyRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class Source + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + class Status class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end + class StreamingConfig + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class TestIamPermissionsRequest + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class TestIamPermissionsResponse + class Representation < Google::Apis::Core::JsonRepresentation; end + + include Google::Apis::Core::JsonObjectSupport + end + + class AssetDiscoveryConfig + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :inclusion_mode, as: 'inclusionMode' + collection :project_ids, as: 'projectIds' + end + end + + class AuditConfig + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :audit_log_configs, as: 'auditLogConfigs', class: Google::Apis::SecuritycenterV1p1beta1::AuditLogConfig, decorator: Google::Apis::SecuritycenterV1p1beta1::AuditLogConfig::Representation + + property :service, as: 'service' + end + end + + class AuditLogConfig + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :exempted_members, as: 'exemptedMembers' + property :log_type, as: 'logType' + end + end + + class Binding + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :condition, as: 'condition', class: Google::Apis::SecuritycenterV1p1beta1::Expr, decorator: Google::Apis::SecuritycenterV1p1beta1::Expr::Representation + + collection :members, as: 'members' + property :role, as: 'role' + end + end + class Empty # @private class Representation < Google::Apis::Core::JsonRepresentation end end + class Expr + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :description, as: 'description' + property :expression, as: 'expression' + property :location, as: 'location' + property :title, as: 'title' + end + end + + class GetIamPolicyRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :options, as: 'options', class: Google::Apis::SecuritycenterV1p1beta1::GetPolicyOptions, decorator: Google::Apis::SecuritycenterV1p1beta1::GetPolicyOptions::Representation + + end + end + + class GetPolicyOptions + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :requested_policy_version, as: 'requestedPolicyVersion' + end + end + class GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse # @private class Representation < Google::Apis::Core::JsonRepresentation @@ -80,6 +362,201 @@ module Google end end + class GoogleCloudSecuritycenterV1p1beta1Asset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :create_time, as: 'createTime' + property :iam_policy, as: 'iamPolicy', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1IamPolicy, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1IamPolicy::Representation + + property :name, as: 'name' + hash :resource_properties, as: 'resourceProperties' + property :security_center_properties, as: 'securityCenterProperties', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties::Representation + + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + property :update_time, as: 'updateTime' + end + end + + class GoogleCloudSecuritycenterV1p1beta1Finding + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :category, as: 'category' + property :create_time, as: 'createTime' + property :event_time, as: 'eventTime' + property :external_uri, as: 'externalUri' + property :name, as: 'name' + property :parent, as: 'parent' + property :resource_name, as: 'resourceName' + property :security_marks, as: 'securityMarks', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + + hash :source_properties, as: 'sourceProperties' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1IamPolicy + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :policy_blob, as: 'policyBlob' + end + end + + class GoogleCloudSecuritycenterV1p1beta1NotificationMessage + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :finding, as: 'finding', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + + property :notification_config_name, as: 'notificationConfigName' + property :temporal_asset, as: 'temporalAsset', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1TemporalAsset::Representation + + end + end + + class GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :duration, as: 'duration' + property :state, as: 'state' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :resource_display_name, as: 'resourceDisplayName' + property :resource_name, as: 'resourceName' + collection :resource_owners, as: 'resourceOwners' + property :resource_parent, as: 'resourceParent' + property :resource_parent_display_name, as: 'resourceParentDisplayName' + property :resource_project, as: 'resourceProject' + property :resource_project_display_name, as: 'resourceProjectDisplayName' + property :resource_type, as: 'resourceType' + end + end + + class GoogleCloudSecuritycenterV1p1beta1SecurityMarks + # @private + class Representation < Google::Apis::Core::JsonRepresentation + hash :marks, as: 'marks' + property :name, as: 'name' + end + end + + class GoogleCloudSecuritycenterV1p1beta1TemporalAsset + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :asset, as: 'asset', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Asset, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Asset::Representation + + property :change_type, as: 'changeType' + end + end + + class GroupAssetsRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :compare_duration, as: 'compareDuration' + property :filter, as: 'filter' + property :group_by, as: 'groupBy' + property :page_size, as: 'pageSize' + property :page_token, as: 'pageToken' + property :read_time, as: 'readTime' + end + end + + class GroupAssetsResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :group_by_results, as: 'groupByResults', class: Google::Apis::SecuritycenterV1p1beta1::GroupResult, decorator: Google::Apis::SecuritycenterV1p1beta1::GroupResult::Representation + + property :next_page_token, as: 'nextPageToken' + property :read_time, as: 'readTime' + property :total_size, as: 'totalSize' + end + end + + class GroupFindingsRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :compare_duration, as: 'compareDuration' + property :filter, as: 'filter' + property :group_by, as: 'groupBy' + property :page_size, as: 'pageSize' + property :page_token, as: 'pageToken' + property :read_time, as: 'readTime' + end + end + + class GroupFindingsResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :group_by_results, as: 'groupByResults', class: Google::Apis::SecuritycenterV1p1beta1::GroupResult, decorator: Google::Apis::SecuritycenterV1p1beta1::GroupResult::Representation + + property :next_page_token, as: 'nextPageToken' + property :read_time, as: 'readTime' + property :total_size, as: 'totalSize' + end + end + + class GroupResult + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :count, :numeric_string => true, as: 'count' + hash :properties, as: 'properties' + end + end + + class ListAssetsResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :list_assets_results, as: 'listAssetsResults', class: Google::Apis::SecuritycenterV1p1beta1::ListAssetsResult, decorator: Google::Apis::SecuritycenterV1p1beta1::ListAssetsResult::Representation + + property :next_page_token, as: 'nextPageToken' + property :read_time, as: 'readTime' + property :total_size, as: 'totalSize' + end + end + + class ListAssetsResult + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :asset, as: 'asset', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Asset, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Asset::Representation + + property :state_change, as: 'stateChange' + end + end + + class ListFindingsResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :list_findings_results, as: 'listFindingsResults', class: Google::Apis::SecuritycenterV1p1beta1::ListFindingsResult, decorator: Google::Apis::SecuritycenterV1p1beta1::ListFindingsResult::Representation + + property :next_page_token, as: 'nextPageToken' + property :read_time, as: 'readTime' + property :total_size, as: 'totalSize' + end + end + + class ListFindingsResult + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :finding, as: 'finding', class: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding, decorator: Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + + property :resource, as: 'resource', class: Google::Apis::SecuritycenterV1p1beta1::Resource, decorator: Google::Apis::SecuritycenterV1p1beta1::Resource::Representation + + property :state_change, as: 'stateChange' + end + end + + class ListNotificationConfigsResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :next_page_token, as: 'nextPageToken' + collection :notification_configs, as: 'notificationConfigs', class: Google::Apis::SecuritycenterV1p1beta1::NotificationConfig, decorator: Google::Apis::SecuritycenterV1p1beta1::NotificationConfig::Representation + + end + end + class ListOperationsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation @@ -89,6 +566,28 @@ module Google end end + class ListSourcesResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :next_page_token, as: 'nextPageToken' + collection :sources, as: 'sources', class: Google::Apis::SecuritycenterV1p1beta1::Source, decorator: Google::Apis::SecuritycenterV1p1beta1::Source::Representation + + end + end + + class NotificationConfig + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :description, as: 'description' + property :event_type, as: 'eventType' + property :name, as: 'name' + property :pubsub_topic, as: 'pubsubTopic' + property :service_account, as: 'serviceAccount' + property :streaming_config, as: 'streamingConfig', class: Google::Apis::SecuritycenterV1p1beta1::StreamingConfig, decorator: Google::Apis::SecuritycenterV1p1beta1::StreamingConfig::Representation + + end + end + class Operation # @private class Representation < Google::Apis::Core::JsonRepresentation @@ -101,6 +600,71 @@ module Google end end + class OrganizationSettings + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :asset_discovery_config, as: 'assetDiscoveryConfig', class: Google::Apis::SecuritycenterV1p1beta1::AssetDiscoveryConfig, decorator: Google::Apis::SecuritycenterV1p1beta1::AssetDiscoveryConfig::Representation + + property :enable_asset_discovery, as: 'enableAssetDiscovery' + property :name, as: 'name' + end + end + + class Policy + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :audit_configs, as: 'auditConfigs', class: Google::Apis::SecuritycenterV1p1beta1::AuditConfig, decorator: Google::Apis::SecuritycenterV1p1beta1::AuditConfig::Representation + + collection :bindings, as: 'bindings', class: Google::Apis::SecuritycenterV1p1beta1::Binding, decorator: Google::Apis::SecuritycenterV1p1beta1::Binding::Representation + + property :etag, :base64 => true, as: 'etag' + property :version, as: 'version' + end + end + + class Resource + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :name, as: 'name' + property :parent_display_name, as: 'parentDisplayName' + property :parent_name, as: 'parentName' + property :project_display_name, as: 'projectDisplayName' + property :project_name, as: 'projectName' + end + end + + class RunAssetDiscoveryRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + end + end + + class SetFindingStateRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :start_time, as: 'startTime' + property :state, as: 'state' + end + end + + class SetIamPolicyRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :policy, as: 'policy', class: Google::Apis::SecuritycenterV1p1beta1::Policy, decorator: Google::Apis::SecuritycenterV1p1beta1::Policy::Representation + + property :update_mask, as: 'updateMask' + end + end + + class Source + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :description, as: 'description' + property :display_name, as: 'displayName' + property :name, as: 'name' + end + end + class Status # @private class Representation < Google::Apis::Core::JsonRepresentation @@ -109,6 +673,27 @@ module Google property :message, as: 'message' end end + + class StreamingConfig + # @private + class Representation < Google::Apis::Core::JsonRepresentation + property :filter, as: 'filter' + end + end + + class TestIamPermissionsRequest + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :permissions, as: 'permissions' + end + end + + class TestIamPermissionsResponse + # @private + class Representation < Google::Apis::Core::JsonRepresentation + collection :permissions, as: 'permissions' + end + end end end end diff --git a/generated/google/apis/securitycenter_v1p1beta1/service.rb b/generated/google/apis/securitycenter_v1p1beta1/service.rb index 6c58ad1e6..d63f84440 100644 --- a/generated/google/apis/securitycenter_v1p1beta1/service.rb +++ b/generated/google/apis/securitycenter_v1p1beta1/service.rb @@ -48,6 +48,524 @@ module Google @batch_path = 'batch' end + # Gets the settings for an organization. + # @param [String] name + # Required. Name of the organization to get organization settings for. Its + # format is + # "organizations/[organization_id]/organizationSettings". + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def get_organization_organization_settings(name, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+name}', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings + command.params['name'] = name unless name.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Updates an organization's settings. + # @param [String] name + # The relative resource name of the settings. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/organizationSettings". + # @param [Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings] organization_settings_object + # @param [String] update_mask + # The FieldMask to use when updating the settings resource. + # If empty all mutable fields will be updated. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def update_organization_organization_settings(name, organization_settings_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:patch, 'v1p1beta1/{+name}', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings::Representation + command.request_object = organization_settings_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::OrganizationSettings + command.params['name'] = name unless name.nil? + command.query['updateMask'] = update_mask unless update_mask.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Filters an organization's assets and groups them by their specified + # properties. + # @param [String] parent + # Required. Name of the organization to groupBy. Its format is + # "organizations/[organization_id]". + # @param [Google::Apis::SecuritycenterV1p1beta1::GroupAssetsRequest] group_assets_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GroupAssetsResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GroupAssetsResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def group_assets(parent, group_assets_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+parent}/assets:group', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GroupAssetsRequest::Representation + command.request_object = group_assets_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GroupAssetsResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GroupAssetsResponse + command.params['parent'] = parent unless parent.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Lists an organization's assets. + # @param [String] parent + # Required. Name of the organization assets should belong to. Its format is + # "organizations/[organization_id]". + # @param [String] compare_duration + # When compare_duration is set, the ListAssetsResult's "state_change" + # attribute is updated to indicate whether the asset was added, removed, or + # remained present during the compare_duration period of time that precedes + # the read_time. This is the time between (read_time - compare_duration) and + # read_time. + # The state_change value is derived based on the presence of the asset at the + # two points in time. Intermediate state changes between the two times don't + # affect the result. For example, the results aren't affected if the asset is + # removed and re-created again. + # Possible "state_change" values when compare_duration is specified: + # * "ADDED": indicates that the asset was not present at the start of + # compare_duration, but present at read_time. + # * "REMOVED": indicates that the asset was present at the start of + # compare_duration, but not present at read_time. + # * "ACTIVE": indicates that the asset was present at both the + # start and the end of the time period defined by + # compare_duration and read_time. + # If compare_duration is not specified, then the only possible state_change + # is "UNUSED", which will be the state_change set for all assets present at + # read_time. + # @param [String] field_mask + # Optional. + # A field mask to specify the ListAssetsResult fields to be listed in the + # response. + # An empty field mask will list all fields. + # @param [String] filter + # Expression that defines the filter to apply across assets. + # The expression is a list of zero or more restrictions combined via logical + # operators `AND` and `OR`. + # Parentheses are supported, and `OR` has higher precedence than `AND`. + # Restrictions have the form ` ` and may have a `-` + # character in front of them to indicate negation. The fields map to those + # defined in the Asset resource. Examples include: + # * name + # * security_center_properties.resource_name + # * resource_properties.a_property + # * security_marks.marks.marka + # The supported operators are: + # * `=` for all value types. + # * `>`, `<`, `>=`, `<=` for integer values. + # * `:`, meaning substring matching, for strings. + # The supported value types are: + # * string literals in quotes. + # * integer literals without quotes. + # * boolean literals `true` and `false` without quotes. + # The following are the allowed field and operator combinations: + # * name: `=` + # * update_time: `=`, `>`, `<`, `>=`, `<=` + # Usage: This should be milliseconds since epoch or an RFC3339 string. + # Examples: + # "update_time = \"2019-06-10T16:07:18-07:00\"" + # "update_time = 1560208038000" + # * create_time: `=`, `>`, `<`, `>=`, `<=` + # Usage: This should be milliseconds since epoch or an RFC3339 string. + # Examples: + # "create_time = \"2019-06-10T16:07:18-07:00\"" + # "create_time = 1560208038000" + # * iam_policy.policy_blob: `=`, `:` + # * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` + # * security_marks.marks: `=`, `:` + # * security_center_properties.resource_name: `=`, `:` + # * security_center_properties.resource_display_name: `=`, `:` + # * security_center_properties.resource_type: `=`, `:` + # * security_center_properties.resource_parent: `=`, `:` + # * security_center_properties.resource_parent_display_name: `=`, `:` + # * security_center_properties.resource_project: `=`, `:` + # * security_center_properties.resource_project_display_name: `=`, `:` + # * security_center_properties.resource_owners: `=`, `:` + # For example, `resource_properties.size = 100` is a valid filter string. + # @param [String] order_by + # Expression that defines what fields and order to use for sorting. The + # string value should follow SQL syntax: comma separated list of fields. For + # example: "name,resource_properties.a_property". The default sorting order + # is ascending. To specify descending order for a field, a suffix " desc" + # should be appended to the field name. For example: "name + # desc,resource_properties.a_property". Redundant space characters in the + # syntax are insignificant. "name desc,resource_properties.a_property" and " + # name desc , resource_properties.a_property " are equivalent. + # The following fields are supported: + # name + # update_time + # resource_properties + # security_marks.marks + # security_center_properties.resource_name + # security_center_properties.resource_display_name + # security_center_properties.resource_parent + # security_center_properties.resource_parent_display_name + # security_center_properties.resource_project + # security_center_properties.resource_project_display_name + # security_center_properties.resource_type + # @param [Fixnum] page_size + # The maximum number of results to return in a single response. Default is + # 10, minimum is 1, maximum is 1000. + # @param [String] page_token + # The value returned by the last `ListAssetsResponse`; indicates + # that this is a continuation of a prior `ListAssets` call, and + # that the system should return the next page of data. + # @param [String] read_time + # Time used as a reference point when filtering assets. The filter is limited + # to assets existing at the supplied time and their values are those at that + # specific time. Absence of this field will default to the API's version of + # NOW. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::ListAssetsResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::ListAssetsResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def list_organization_assets(parent, compare_duration: nil, field_mask: nil, filter: nil, order_by: nil, page_size: nil, page_token: nil, read_time: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+parent}/assets', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::ListAssetsResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::ListAssetsResponse + command.params['parent'] = parent unless parent.nil? + command.query['compareDuration'] = compare_duration unless compare_duration.nil? + command.query['fieldMask'] = field_mask unless field_mask.nil? + command.query['filter'] = filter unless filter.nil? + command.query['orderBy'] = order_by unless order_by.nil? + command.query['pageSize'] = page_size unless page_size.nil? + command.query['pageToken'] = page_token unless page_token.nil? + command.query['readTime'] = read_time unless read_time.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Runs asset discovery. The discovery is tracked with a long-running + # operation. + # // + # This API can only be called with limited frequency for an organization. If + # it is called too frequently the caller will receive a TOO_MANY_REQUESTS + # error. + # @param [String] parent + # Required. Name of the organization to run asset discovery for. Its format is + # "organizations/[organization_id]". + # @param [Google::Apis::SecuritycenterV1p1beta1::RunAssetDiscoveryRequest] run_asset_discovery_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Operation] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Operation] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def run_organization_asset_discovery(parent, run_asset_discovery_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+parent}/assets:runDiscovery', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::RunAssetDiscoveryRequest::Representation + command.request_object = run_asset_discovery_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Operation::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Operation + command.params['parent'] = parent unless parent.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Updates security marks. + # @param [String] name + # The relative resource name of the SecurityMarks. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Examples: + # "organizations/`organization_id`/assets/`asset_id`/securityMarks" + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks". + # @param [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] google_cloud_securitycenter_v1p1beta1_security_marks_object + # @param [String] start_time + # The time at which the updated SecurityMarks take effect. + # If not set uses current server time. Updates will be applied to the + # SecurityMarks that are active immediately preceding this time. + # @param [String] update_mask + # The FieldMask to use when updating the security marks resource. + # The field mask must not contain duplicate fields. + # If empty or set to "marks", all marks will be replaced. Individual + # marks can be updated using "marks.". + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def update_organization_asset_security_marks(name, google_cloud_securitycenter_v1p1beta1_security_marks_object = nil, start_time: nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:patch, 'v1p1beta1/{+name}', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + command.request_object = google_cloud_securitycenter_v1p1beta1_security_marks_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks + command.params['name'] = name unless name.nil? + command.query['startTime'] = start_time unless start_time.nil? + command.query['updateMask'] = update_mask unless update_mask.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Creates a notification config. + # @param [String] parent + # Required. Resource name of the new notification config's parent. Its format is + # "organizations/[organization_id]". + # @param [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] notification_config_object + # @param [String] config_id + # Required. + # Unique identifier provided by the client within the parent scope. + # It must be between 1 and 128 characters, and contains alphanumeric + # characters, underscores or hyphens only. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def create_organization_notification_config(parent, notification_config_object = nil, config_id: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+parent}/notificationConfigs', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig::Representation + command.request_object = notification_config_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig + command.params['parent'] = parent unless parent.nil? + command.query['configId'] = config_id unless config_id.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Deletes a notification config. + # @param [String] name + # Required. Name of the notification config to delete. Its format is + # "organizations/[organization_id]/notificationConfigs/[config_id]". + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Empty] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Empty] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def delete_organization_notification_config(name, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:delete, 'v1p1beta1/{+name}', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Empty::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Empty + command.params['name'] = name unless name.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Gets a notification config. + # @param [String] name + # Required. Name of the notification config to get. Its format is + # "organizations/[organization_id]/notificationConfigs/[config_id]". + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def get_organization_notification_config(name, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+name}', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig + command.params['name'] = name unless name.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Lists notification configs. + # @param [String] parent + # Required. Name of the organization to list notification configs. + # Its format is "organizations/[organization_id]". + # @param [Fixnum] page_size + # The maximum number of results to return in a single response. Default is + # 10, minimum is 1, maximum is 1000. + # @param [String] page_token + # The value returned by the last `ListNotificationConfigsResponse`; indicates + # that this is a continuation of a prior `ListNotificationConfigs` call, and + # that the system should return the next page of data. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::ListNotificationConfigsResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::ListNotificationConfigsResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def list_organization_notification_configs(parent, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+parent}/notificationConfigs', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::ListNotificationConfigsResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::ListNotificationConfigsResponse + command.params['parent'] = parent unless parent.nil? + command.query['pageSize'] = page_size unless page_size.nil? + command.query['pageToken'] = page_token unless page_token.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Updates a notification config. + # @param [String] name + # The relative resource name of this notification config. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/notificationConfigs/notify_public_bucket". + # @param [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] notification_config_object + # @param [String] update_mask + # The FieldMask to use when updating the notification config. + # If empty all mutable fields will be updated. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::NotificationConfig] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def patch_organization_notification_config(name, notification_config_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:patch, 'v1p1beta1/{+name}', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig::Representation + command.request_object = notification_config_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::NotificationConfig + command.params['name'] = name unless name.nil? + command.query['updateMask'] = update_mask unless update_mask.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + # Starts asynchronous cancellation on a long-running operation. The server # makes a best effort to cancel the operation, but success is not # guaranteed. If the server doesn't support this method, it returns @@ -198,6 +716,592 @@ module Google command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end + + # Creates a source. + # @param [String] parent + # Required. Resource name of the new source's parent. Its format should be + # "organizations/[organization_id]". + # @param [Google::Apis::SecuritycenterV1p1beta1::Source] source_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Source] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Source] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def create_organization_source(parent, source_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+parent}/sources', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::Source::Representation + command.request_object = source_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Source::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Source + command.params['parent'] = parent unless parent.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Gets a source. + # @param [String] name + # Required. Relative resource name of the source. Its format is + # "organizations/[organization_id]/source/[source_id]". + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Source] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Source] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def get_organization_source(name, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+name}', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Source::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Source + command.params['name'] = name unless name.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Gets the access control policy on the specified Source. + # @param [String] resource + # REQUIRED: The resource for which the policy is being requested. + # See the operation documentation for the appropriate value for this field. + # @param [Google::Apis::SecuritycenterV1p1beta1::GetIamPolicyRequest] get_iam_policy_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Policy] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Policy] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def get_source_iam_policy(resource, get_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+resource}:getIamPolicy', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GetIamPolicyRequest::Representation + command.request_object = get_iam_policy_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Policy::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Policy + command.params['resource'] = resource unless resource.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Lists all sources belonging to an organization. + # @param [String] parent + # Required. Resource name of the parent of sources to list. Its format should be + # "organizations/[organization_id]". + # @param [Fixnum] page_size + # The maximum number of results to return in a single response. Default is + # 10, minimum is 1, maximum is 1000. + # @param [String] page_token + # The value returned by the last `ListSourcesResponse`; indicates + # that this is a continuation of a prior `ListSources` call, and + # that the system should return the next page of data. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::ListSourcesResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::ListSourcesResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def list_organization_sources(parent, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+parent}/sources', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::ListSourcesResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::ListSourcesResponse + command.params['parent'] = parent unless parent.nil? + command.query['pageSize'] = page_size unless page_size.nil? + command.query['pageToken'] = page_token unless page_token.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Updates a source. + # @param [String] name + # The relative resource name of this source. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`" + # @param [Google::Apis::SecuritycenterV1p1beta1::Source] source_object + # @param [String] update_mask + # The FieldMask to use when updating the source resource. + # If empty all mutable fields will be updated. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Source] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Source] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def patch_organization_source(name, source_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:patch, 'v1p1beta1/{+name}', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::Source::Representation + command.request_object = source_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Source::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Source + command.params['name'] = name unless name.nil? + command.query['updateMask'] = update_mask unless update_mask.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Sets the access control policy on the specified Source. + # @param [String] resource + # REQUIRED: The resource for which the policy is being specified. + # See the operation documentation for the appropriate value for this field. + # @param [Google::Apis::SecuritycenterV1p1beta1::SetIamPolicyRequest] set_iam_policy_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::Policy] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::Policy] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def set_source_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+resource}:setIamPolicy', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::SetIamPolicyRequest::Representation + command.request_object = set_iam_policy_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::Policy::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::Policy + command.params['resource'] = resource unless resource.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Returns the permissions that a caller has on the specified source. + # @param [String] resource + # REQUIRED: The resource for which the policy detail is being requested. + # See the operation documentation for the appropriate value for this field. + # @param [Google::Apis::SecuritycenterV1p1beta1::TestIamPermissionsRequest] test_iam_permissions_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::TestIamPermissionsResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::TestIamPermissionsResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def test_source_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+resource}:testIamPermissions', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::TestIamPermissionsRequest::Representation + command.request_object = test_iam_permissions_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::TestIamPermissionsResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::TestIamPermissionsResponse + command.params['resource'] = resource unless resource.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Creates a finding. The corresponding source must exist for finding + # creation to succeed. + # @param [String] parent + # Required. Resource name of the new finding's parent. Its format should be + # "organizations/[organization_id]/sources/[source_id]". + # @param [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] google_cloud_securitycenter_v1p1beta1_finding_object + # @param [String] finding_id + # Required. Unique identifier provided by the client within the parent scope. + # It must be alphanumeric and less than or equal to 32 characters and + # greater than 0 characters in length. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def create_organization_source_finding(parent, google_cloud_securitycenter_v1p1beta1_finding_object = nil, finding_id: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+parent}/findings', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + command.request_object = google_cloud_securitycenter_v1p1beta1_finding_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding + command.params['parent'] = parent unless parent.nil? + command.query['findingId'] = finding_id unless finding_id.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Filters an organization or source's findings and groups them by their + # specified properties. + # To group across all sources provide a `-` as the source id. + # Example: /v1p1beta1/organizations/`organization_id`/sources/-/findings + # @param [String] parent + # Required. Name of the source to groupBy. Its format is + # "organizations/[organization_id]/sources/[source_id]". To groupBy across + # all sources provide a source_id of `-`. For example: + # organizations/`organization_id`/sources/- + # @param [Google::Apis::SecuritycenterV1p1beta1::GroupFindingsRequest] group_findings_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GroupFindingsResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GroupFindingsResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def group_findings(parent, group_findings_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+parent}/findings:group', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GroupFindingsRequest::Representation + command.request_object = group_findings_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GroupFindingsResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GroupFindingsResponse + command.params['parent'] = parent unless parent.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Lists an organization or source's findings. + # To list across all sources provide a `-` as the source id. + # Example: /v1p1beta1/organizations/`organization_id`/sources/-/findings + # @param [String] parent + # Required. Name of the source the findings belong to. Its format is + # "organizations/[organization_id]/sources/[source_id]". To list across all + # sources provide a source_id of `-`. For example: + # organizations/`organization_id`/sources/- + # @param [String] compare_duration + # When compare_duration is set, the ListFindingsResult's "state_change" + # attribute is updated to indicate whether the finding had its state changed, + # the finding's state remained unchanged, or if the finding was added in any + # state during the compare_duration period of time that precedes the + # read_time. This is the time between (read_time - compare_duration) and + # read_time. + # The state_change value is derived based on the presence and state of the + # finding at the two points in time. Intermediate state changes between the + # two times don't affect the result. For example, the results aren't affected + # if the finding is made inactive and then active again. + # Possible "state_change" values when compare_duration is specified: + # * "CHANGED": indicates that the finding was present at the start of + # compare_duration, but changed its state at read_time. + # * "UNCHANGED": indicates that the finding was present at the start of + # compare_duration and did not change state at read_time. + # * "ADDED": indicates that the finding was not present at the start + # of compare_duration, but was present at read_time. + # If compare_duration is not specified, then the only possible state_change + # is "UNUSED", which will be the state_change set for all findings present at + # read_time. + # @param [String] field_mask + # Optional. + # A field mask to specify the Finding fields to be listed in the response. + # An empty field mask will list all fields. + # @param [String] filter + # Expression that defines the filter to apply across findings. + # The expression is a list of one or more restrictions combined via logical + # operators `AND` and `OR`. + # Parentheses are supported, and `OR` has higher precedence than `AND`. + # Restrictions have the form ` ` and may have a `-` + # character in front of them to indicate negation. Examples include: + # * name + # * source_properties.a_property + # * security_marks.marks.marka + # The supported operators are: + # * `=` for all value types. + # * `>`, `<`, `>=`, `<=` for integer values. + # * `:`, meaning substring matching, for strings. + # The supported value types are: + # * string literals in quotes. + # * integer literals without quotes. + # * boolean literals `true` and `false` without quotes. + # The following field and operator combinations are supported: + # name: `=` + # parent: `=`, `:` + # resource_name: `=`, `:` + # state: `=`, `:` + # category: `=`, `:` + # external_uri: `=`, `:` + # event_time: `=`, `>`, `<`, `>=`, `<=` + # Usage: This should be milliseconds since epoch or an RFC3339 string. + # Examples: + # "event_time = \"2019-06-10T16:07:18-07:00\"" + # "event_time = 1560208038000" + # security_marks.marks: `=`, `:` + # source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` + # For example, `source_properties.size = 100` is a valid filter string. + # @param [String] order_by + # Expression that defines what fields and order to use for sorting. The + # string value should follow SQL syntax: comma separated list of fields. For + # example: "name,resource_properties.a_property". The default sorting order + # is ascending. To specify descending order for a field, a suffix " desc" + # should be appended to the field name. For example: "name + # desc,source_properties.a_property". Redundant space characters in the + # syntax are insignificant. "name desc,source_properties.a_property" and " + # name desc , source_properties.a_property " are equivalent. + # The following fields are supported: + # name + # parent + # state + # category + # resource_name + # event_time + # source_properties + # security_marks.marks + # @param [Fixnum] page_size + # The maximum number of results to return in a single response. Default is + # 10, minimum is 1, maximum is 1000. + # @param [String] page_token + # The value returned by the last `ListFindingsResponse`; indicates + # that this is a continuation of a prior `ListFindings` call, and + # that the system should return the next page of data. + # @param [String] read_time + # Time used as a reference point when filtering findings. The filter is + # limited to findings existing at the supplied time and their values are + # those at that specific time. Absence of this field will default to the + # API's version of NOW. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::ListFindingsResponse] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::ListFindingsResponse] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def list_organization_source_findings(parent, compare_duration: nil, field_mask: nil, filter: nil, order_by: nil, page_size: nil, page_token: nil, read_time: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:get, 'v1p1beta1/{+parent}/findings', options) + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::ListFindingsResponse::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::ListFindingsResponse + command.params['parent'] = parent unless parent.nil? + command.query['compareDuration'] = compare_duration unless compare_duration.nil? + command.query['fieldMask'] = field_mask unless field_mask.nil? + command.query['filter'] = filter unless filter.nil? + command.query['orderBy'] = order_by unless order_by.nil? + command.query['pageSize'] = page_size unless page_size.nil? + command.query['pageToken'] = page_token unless page_token.nil? + command.query['readTime'] = read_time unless read_time.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Creates or updates a finding. The corresponding source must exist for a + # finding creation to succeed. + # @param [String] name + # The relative resource name of this finding. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`" + # @param [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] google_cloud_securitycenter_v1p1beta1_finding_object + # @param [String] update_mask + # The FieldMask to use when updating the finding resource. This field should + # not be specified when creating a finding. + # When updating a finding, an empty mask is treated as updating all mutable + # fields and replacing source_properties. Individual source_properties can + # be added/updated by using "source_properties." in the field + # mask. + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def patch_organization_source_finding(name, google_cloud_securitycenter_v1p1beta1_finding_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:patch, 'v1p1beta1/{+name}', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + command.request_object = google_cloud_securitycenter_v1p1beta1_finding_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding + command.params['name'] = name unless name.nil? + command.query['updateMask'] = update_mask unless update_mask.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Updates the state of a finding. + # @param [String] name + # Required. The relative resource name of the finding. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Example: + # "organizations/`organization_id`/sources/`source_id`/finding/`finding_id`". + # @param [Google::Apis::SecuritycenterV1p1beta1::SetFindingStateRequest] set_finding_state_request_object + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def set_organization_source_finding_state(name, set_finding_state_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:post, 'v1p1beta1/{+name}:setState', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::SetFindingStateRequest::Representation + command.request_object = set_finding_state_request_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1Finding + command.params['name'] = name unless name.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end + + # Updates security marks. + # @param [String] name + # The relative resource name of the SecurityMarks. See: + # https://cloud.google.com/apis/design/resource_names#relative_resource_name + # Examples: + # "organizations/`organization_id`/assets/`asset_id`/securityMarks" + # "organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks". + # @param [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] google_cloud_securitycenter_v1p1beta1_security_marks_object + # @param [String] start_time + # The time at which the updated SecurityMarks take effect. + # If not set uses current server time. Updates will be applied to the + # SecurityMarks that are active immediately preceding this time. + # @param [String] update_mask + # The FieldMask to use when updating the security marks resource. + # The field mask must not contain duplicate fields. + # If empty or set to "marks", all marks will be replaced. Individual + # marks can be updated using "marks.". + # @param [String] fields + # Selector specifying which fields to include in a partial response. + # @param [String] quota_user + # Available to use for quota purposes for server-side applications. Can be any + # arbitrary string assigned to a user, but should not exceed 40 characters. + # @param [Google::Apis::RequestOptions] options + # Request-specific options + # + # @yield [result, err] Result & error if block supplied + # @yieldparam result [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] parsed result object + # @yieldparam err [StandardError] error object if request failed + # + # @return [Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks] + # + # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried + # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification + # @raise [Google::Apis::AuthorizationError] Authorization is required + def update_organization_source_finding_security_marks(name, google_cloud_securitycenter_v1p1beta1_security_marks_object = nil, start_time: nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) + command = make_simple_command(:patch, 'v1p1beta1/{+name}', options) + command.request_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + command.request_object = google_cloud_securitycenter_v1p1beta1_security_marks_object + command.response_representation = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks::Representation + command.response_class = Google::Apis::SecuritycenterV1p1beta1::GoogleCloudSecuritycenterV1p1beta1SecurityMarks + command.params['name'] = name unless name.nil? + command.query['startTime'] = start_time unless start_time.nil? + command.query['updateMask'] = update_mask unless update_mask.nil? + command.query['fields'] = fields unless fields.nil? + command.query['quotaUser'] = quota_user unless quota_user.nil? + execute_or_queue_command(command, &block) + end protected