Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Commit

Permalink
fix: allow passing gax instance to client constructor (#506)
Browse files Browse the repository at this point in the history
- [ ] Regenerate this pull request now.

PiperOrigin-RevId: 470911839

Source-Link: googleapis/googleapis@3527566

Source-Link: https://github.com/googleapis/googleapis-gen/commit/f16a1d224f00a630ea43d6a9a1a31f566f45cdea
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZjE2YTFkMjI0ZjAwYTYzMGVhNDNkNmE5YTFhMzFmNTY2ZjQ1Y2RlYSJ9

feat: accept google-gax instance as a parameter
Please see the documentation of the client constructor for details.

PiperOrigin-RevId: 470332808

Source-Link: googleapis/googleapis@d4a2367

Source-Link: https://github.com/googleapis/googleapis-gen/commit/e97a1ac204ead4fe7341f91e72db7c6ac6016341
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZTk3YTFhYzIwNGVhZDRmZTczNDFmOTFlNzJkYjdjNmFjNjAxNjM0MSJ9

feat: serviceAccountKeyName, serviceAccountDelegationInfo, and principalSubject attributes added to the existing access attribute. These new attributes provide additional context about the principals that are associated with the finding
PiperOrigin-RevId: 469787268

Source-Link: googleapis/googleapis@c7a52f4

Source-Link: https://github.com/googleapis/googleapis-gen/commit/4e235765c3f09662143bc0a2b08f12bc0fe0c93f
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNGUyMzU3NjVjM2YwOTY2MjE0M2JjMGEyYjA4ZjEyYmMwZmUwYzkzZiJ9

feat: Adding database access information, such as queries field to a finding. A database may be a sub-resource of an instance (as in the case of CloudSQL instances or Cloud Spanner instances), or the database instance itself
PiperOrigin-RevId: 469544940

Source-Link: googleapis/googleapis@a887434

Source-Link: https://github.com/googleapis/googleapis-gen/commit/ca12635e1b065de9efcaa551669648fcbde1a944
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2ExMjYzNWUxYjA2NWRlOWVmY2FhNTUxNjY5NjQ4ZmNiZGUxYTk0NCJ9
  • Loading branch information
gcf-owl-bot[bot] authored Sep 1, 2022
1 parent fcea451 commit 22478d6
Show file tree
Hide file tree
Showing 10 changed files with 1,271 additions and 161 deletions.
46 changes: 46 additions & 0 deletions protos/google/cloud/securitycenter/v1/access.proto
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,13 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
// Represents an access event.
message Access {
// Associated email, such as "foo@google.com".
//
// The email address of the authenticated user (or service account on behalf
// of third party principal) making the request. For third party identity
// callers, the `principal_subject` field is populated instead of this field.
// For privacy reasons, the principal email address is sometimes redacted.
// For more information, see [Caller identities in audit
// logs](https://cloud.google.com/logging/docs/audit#user-id).
string principal_email = 1;

// Caller's IP address, such as "1.1.1.1".
Expand All @@ -45,6 +52,45 @@ message Access {

// The method that the service account called, e.g. "SetIamPolicy".
string method_name = 6;

// A string representing the principal_subject associated with the identity.
// As compared to `principal_email`, supports principals that aren't
// associated with email addresses, such as third party principals. For most
// identities, the format will be `principal://iam.googleapis.com/{identity
// pool name}/subjects/{subject}` except for some GKE identities
// (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
// format `serviceAccount:{identity pool name}[{subject}]`
string principal_subject = 7;

// The name of the service account key used to create or exchange
// credentials for authenticating the service account making the request.
// This is a scheme-less URI full resource name. For example:
//
// "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
//
string service_account_key_name = 8;

// Identity delegation history of an authenticated service account that makes
// the request. It contains information on the real authorities that try to
// access GCP resources by delegating on a service account. When multiple
// authorities are present, they are guaranteed to be sorted based on the
// original ordering of the identity delegation events.
repeated ServiceAccountDelegationInfo service_account_delegation_info = 9;
}

// Identity delegation history of an authenticated service account.
message ServiceAccountDelegationInfo {
// The email address of a Google account.
string principal_email = 1;

// A string representing the principal_subject associated with the identity.
// As compared to `principal_email`, supports principals that aren't
// associated with email addresses, such as third party principals. For most
// identities, the format will be `principal://iam.googleapis.com/{identity
// pool name}/subjects/{subject}` except for some GKE identities
// (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
// format `serviceAccount:{identity pool name}[{subject}]`
string principal_subject = 2;
}

// Represents a geographical location for a given access.
Expand Down
52 changes: 52 additions & 0 deletions protos/google/cloud/securitycenter/v1/database.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v1;

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
option java_multiple_files = true;
option java_outer_classname = "DatabaseProto";
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// Represents database access information, such as queries.
// A database may be a sub-resource of an instance (as in the case of CloudSQL
// instances or Cloud Spanner instances), or the database instance itself.
// Some database resources may not have the full resource name populated
// because these resource types are not yet supported by Cloud Asset Inventory
// (e.g. CloudSQL databases). In these cases only the display name will be
// provided.
message Database {
// The full resource name of the database the user connected to, if it is
// supported by CAI. (https://google.aip.dev/122#full-resource-names)
string name = 1;

// The human readable name of the database the user connected to.
string display_name = 2;

// The username used to connect to the DB. This may not necessarily be an IAM
// principal, and has no required format.
string user_name = 3;

// The SQL statement associated with the relevant access.
string query = 4;

// The target usernames/roles/groups of a SQL privilege grant (not an IAM
// policy change).
repeated string grantees = 5;
}
23 changes: 15 additions & 8 deletions protos/google/cloud/securitycenter/v1/finding.proto
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import "google/cloud/securitycenter/v1/compliance.proto";
import "google/cloud/securitycenter/v1/connection.proto";
import "google/cloud/securitycenter/v1/contact_details.proto";
import "google/cloud/securitycenter/v1/container.proto";
import "google/cloud/securitycenter/v1/database.proto";
import "google/cloud/securitycenter/v1/exfiltration.proto";
import "google/cloud/securitycenter/v1/external_system.proto";
import "google/cloud/securitycenter/v1/iam_binding.proto";
Expand Down Expand Up @@ -257,11 +258,13 @@ message Finding {
Vulnerability vulnerability = 20;

// Output only. The most recent time this finding was muted or unmuted.
google.protobuf.Timestamp mute_update_time = 21 [(google.api.field_behavior) = OUTPUT_ONLY];
google.protobuf.Timestamp mute_update_time = 21
[(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. Third party SIEM/SOAR fields within SCC, contains external system
// information and external system finding fields.
map<string, ExternalSystem> external_systems = 22 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Third party SIEM/SOAR fields within SCC, contains external
// system information and external system finding fields.
map<string, ExternalSystem> external_systems = 22
[(google.api.field_behavior) = OUTPUT_ONLY];

// MITRE ATT&CK tactics and techniques related to this finding.
// See: https://attack.mitre.org
Expand All @@ -283,9 +286,9 @@ message Finding {
// Represents operating system processes associated with the Finding.
repeated Process processes = 30;

// Output only. Map containing the point of contacts for the given finding. The key
// represents the type of contact, while the value contains a list of all the
// contacts that pertain. Please refer to:
// Output only. Map containing the point of contacts for the given finding.
// The key represents the type of contact, while the value contains a list of
// all the contacts that pertain. Please refer to:
// https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
//
// {
Expand All @@ -300,7 +303,8 @@ message Finding {
// ]
// }
// }
map<string, ContactDetails> contacts = 33 [(google.api.field_behavior) = OUTPUT_ONLY];
map<string, ContactDetails> contacts = 33
[(google.api.field_behavior) = OUTPUT_ONLY];

// Contains compliance information for security standards associated to the
// finding.
Expand All @@ -324,4 +328,7 @@ message Finding {

// Kubernetes resources associated with the finding.
Kubernetes kubernetes = 43;

// Database associated with the finding.
Database database = 44;
}
Loading

0 comments on commit 22478d6

Please sign in to comment.