diff --git a/protos/google/cloud/securitycenter/v1/finding.proto b/protos/google/cloud/securitycenter/v1/finding.proto index cf0873cf..dcc62f8b 100644 --- a/protos/google/cloud/securitycenter/v1/finding.proto +++ b/protos/google/cloud/securitycenter/v1/finding.proto @@ -56,6 +56,65 @@ message Finding { INACTIVE = 2; } + // The severity of the finding. + enum Severity { + // This value is used for findings when a source doesn't write a severity + // value. + SEVERITY_UNSPECIFIED = 0; + + // Vulnerability: + // A critical vulnerability is easily discoverable by an external actor, + // exploitable, and results in the direct ability to execute arbitrary code, + // exfiltrate data, and otherwise gain additional access and privileges to + // cloud resources and workloads. Examples include publicly accessible + // unprotected user data, public SSH access with weak or no passwords, etc. + // + // Threat: + // Indicates a threat that is able to access, modify, or delete data or + // execute unauthorized code within existing resources. + CRITICAL = 1; + + // Vulnerability: + // A high risk vulnerability can be easily discovered and exploited in + // combination with other vulnerabilities in order to gain direct access and + // the ability to execute arbitrary code, exfiltrate data, and otherwise + // gain additional access and privileges to cloud resources and workloads. + // An example is a database with weak or no passwords that is only + // accessible internally. This database could easily be compromised by an + // actor that had access to the internal network. + // + // Threat: + // Indicates a threat that is able to create new computational resources in + // an environment but not able to access data or execute code in existing + // resources. + HIGH = 2; + + // Vulnerability: + // A medium risk vulnerability could be used by an actor to gain access to + // resources or privileges that enable them to eventually (through multiple + // steps or a complex exploit) gain access and the ability to execute + // arbitrary code or exfiltrate data. An example is a service account with + // access to more projects than it should have. If an actor gains access to + // the service account, they could potentially use that access to manipulate + // a project the service account was not intended to. + // + // Threat: + // Indicates a threat that is able to cause operational impact but may not + // access data or execute unauthorized code. + MEDIUM = 3; + + // Vulnerability: + // A low risk vulnerability hampers a security organization’s ability to + // detect vulnerabilities or active threats in their deployment, or prevents + // the root cause investigation of security issues. An example is monitoring + // and logs being disabled for resource configurations and access. + // + // Threat: + // Indicates a threat that has obtained minimal access to an environment but + // is not able to access data, execute code, or create resources. + LOW = 4; + } + // The relative resource name of this finding. See: // https://cloud.google.com/apis/design/resource_names#relative_resource_name // Example: @@ -110,4 +169,8 @@ message Finding { // The time at which the finding was created in Security Command Center. google.protobuf.Timestamp create_time = 10; + + // The severity of the finding. This field is managed by the source that + // writes the finding. + Severity severity = 12; } diff --git a/protos/google/cloud/securitycenter/v1/notification_config.proto b/protos/google/cloud/securitycenter/v1/notification_config.proto index 90bd83c3..1a9676d9 100644 --- a/protos/google/cloud/securitycenter/v1/notification_config.proto +++ b/protos/google/cloud/securitycenter/v1/notification_config.proto @@ -78,14 +78,14 @@ message NotificationConfig { // The description of the notification config (max of 1024 characters). string description = 2; - // The PubSub topic to send notifications to. Its format is + // The Pub/Sub topic to send notifications to. Its format is // "projects/[project_id]/topics/[topic]". - string pubsub_topic = 3 [ - (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } - ]; + string pubsub_topic = 3 [(google.api.resource_reference) = { + type: "pubsub.googleapis.com/Topic" + }]; // Output only. The service account that needs "pubsub.topics.publish" - // permission to publish to the PubSub topic. + // permission to publish to the Pub/Sub topic. string service_account = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // The config for triggering notifications. diff --git a/protos/google/cloud/securitycenter/v1/securitycenter_service.proto b/protos/google/cloud/securitycenter/v1/securitycenter_service.proto index b660d467..07f2f99d 100644 --- a/protos/google/cloud/securitycenter/v1/securitycenter_service.proto +++ b/protos/google/cloud/securitycenter/v1/securitycenter_service.proto @@ -17,7 +17,6 @@ syntax = "proto3"; package google.cloud.securitycenter.v1; import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto"; - import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; @@ -47,8 +46,7 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1"; // V1 APIs for Security Center service. service SecurityCenter { option (google.api.default_host) = "securitycenter.googleapis.com"; - option (google.api.oauth_scopes) = - "https://www.googleapis.com/auth/cloud-platform"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Creates a source. rpc CreateSource(CreateSourceRequest) returns (Source) { @@ -70,20 +68,17 @@ service SecurityCenter { } // Creates a notification config. - rpc CreateNotificationConfig(CreateNotificationConfigRequest) - returns (NotificationConfig) { + rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/notificationConfigs" body: "notification_config" }; - option (google.api.method_signature) = - "parent,config_id,notification_config"; + option (google.api.method_signature) = "parent,config_id,notification_config"; option (google.api.method_signature) = "parent,notification_config"; } // Deletes a notification config. - rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) - returns (google.protobuf.Empty) { + rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/{name=organizations/*/notificationConfigs/*}" }; @@ -91,8 +86,7 @@ service SecurityCenter { } // Gets the access control policy on the specified Source. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) - returns (google.iam.v1.Policy) { + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy" body: "*" @@ -101,8 +95,7 @@ service SecurityCenter { } // Gets a notification config. - rpc GetNotificationConfig(GetNotificationConfigRequest) - returns (NotificationConfig) { + rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) { option (google.api.http) = { get: "/v1/{name=organizations/*/notificationConfigs/*}" }; @@ -110,8 +103,7 @@ service SecurityCenter { } // Gets the settings for an organization. - rpc GetOrganizationSettings(GetOrganizationSettingsRequest) - returns (OrganizationSettings) { + rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { option (google.api.http) = { get: "/v1/{name=organizations/*/organizationSettings}" }; @@ -166,8 +158,7 @@ service SecurityCenter { } // Lists notification configs. - rpc ListNotificationConfigs(ListNotificationConfigsRequest) - returns (ListNotificationConfigsResponse) { + rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/notificationConfigs" }; @@ -188,8 +179,7 @@ service SecurityCenter { // This API can only be called with limited frequency for an organization. If // it is called too frequently the caller will receive a TOO_MANY_REQUESTS // error. - rpc RunAssetDiscovery(RunAssetDiscoveryRequest) - returns (google.longrunning.Operation) { + rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/assets:runDiscovery" body: "*" @@ -211,8 +201,7 @@ service SecurityCenter { } // Sets the access control policy on the specified Source. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) - returns (google.iam.v1.Policy) { + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy" body: "*" @@ -221,8 +210,7 @@ service SecurityCenter { } // Returns the permissions that a caller has on the specified source. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) - returns (google.iam.v1.TestIamPermissionsResponse) { + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions" body: "*" @@ -242,8 +230,7 @@ service SecurityCenter { // Updates a notification config. The following update // fields are allowed: description, pubsub_topic, streaming_config.filter - rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) - returns (NotificationConfig) { + rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) { option (google.api.http) = { patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}" body: "notification_config" @@ -253,8 +240,7 @@ service SecurityCenter { } // Updates an organization's settings. - rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) - returns (OrganizationSettings) { + rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { option (google.api.http) = { patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}" body: "organization_settings" @@ -301,15 +287,15 @@ message CreateFindingRequest { // greater than 0 characters in length. string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. The Finding being created. The name and security_marks will be - // ignored as they are both output only fields on this resource. + // Required. The Finding being created. The name and security_marks will be ignored as + // they are both output only fields on this resource. Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for creating a notification config. message CreateNotificationConfigRequest { - // Required. Resource name of the new notification config's parent. Its format - // is "organizations/[organization_id]". + // Required. Resource name of the new notification config's parent. Its format is + // "organizations/[organization_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -323,11 +309,9 @@ message CreateNotificationConfigRequest { // characters, underscores or hyphens only. string config_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. The notification config being created. The name and the service - // account will be ignored as they are both output only fields on this - // resource. - NotificationConfig notification_config = 3 - [(google.api.field_behavior) = REQUIRED]; + // Required. The notification config being created. The name and the service account + // will be ignored as they are both output only fields on this resource. + NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for creating a source. @@ -341,8 +325,8 @@ message CreateSourceRequest { } ]; - // Required. The Source being created, only the display_name and description - // will be used. All other fields will be ignored. + // Required. The Source being created, only the display_name and description will be + // used. All other fields will be ignored. Source source = 2 [(google.api.field_behavior) = REQUIRED]; } @@ -372,8 +356,8 @@ message GetNotificationConfigRequest { // Request message for getting organization settings. message GetOrganizationSettingsRequest { - // Required. Name of the organization to get organization settings for. Its - // format is "organizations/[organization_id]/organizationSettings". + // Required. Name of the organization to get organization settings for. Its format is + // "organizations/[organization_id]/organizationSettings". string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -463,15 +447,15 @@ message GroupAssetsRequest { // For example, `resource_properties.size = 100` is a valid filter string. // // Use a partial match on the empty string to filter based on a property - // existing:`resource_properties.my_property : ""` + // existing: `resource_properties.my_property : ""` // // Use a negated partial match on the empty string to filter based on a // property not existing: `-resource_properties.my_property : ""` string filter = 2; - // Required. Expression that defines what assets fields to use for grouping. - // The string value should follow SQL syntax: comma separated list of fields. - // For example: + // Required. Expression that defines what assets fields to use for grouping. The string + // value should follow SQL syntax: comma separated list of fields. For + // example: // "security_center_properties.resource_project,security_center_properties.project". // // The following fields are supported when compare_duration is not set: @@ -598,6 +582,7 @@ message GroupFindingsRequest { // * category: `=`, `:` // * external_uri: `=`, `:` // * event_time: `=`, `>`, `<`, `>=`, `<=` + // * severity: `=`, `:` // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: @@ -616,9 +601,9 @@ message GroupFindingsRequest { // property not existing: `-source_properties.my_property : ""` string filter = 2; - // Required. Expression that defines what assets fields to use for grouping - // (including `state_change`). The string value should follow SQL syntax: - // comma separated list of fields. For example: "parent,resource_name". + // Required. Expression that defines what assets fields to use for grouping (including + // `state_change`). The string value should follow SQL syntax: comma separated + // list of fields. For example: "parent,resource_name". // // The following fields are supported: // @@ -626,6 +611,7 @@ message GroupFindingsRequest { // * category // * state // * parent + // * severity // // The following fields are supported when compare_duration is set: // @@ -901,10 +887,10 @@ message ListAssetsRequest { // read_time. google.protobuf.Duration compare_duration = 5; - // Optional. A field mask to specify the ListAssetsResult fields to be listed - // in the response. An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7 - [(google.api.field_behavior) = OPTIONAL]; + // A field mask to specify the ListAssetsResult fields to be listed in the + // response. + // An empty field mask will list all fields. + google.protobuf.FieldMask field_mask = 7; // The value returned by the last `ListAssetsResponse`; indicates // that this is a continuation of a prior `ListAssets` call, and @@ -1000,13 +986,14 @@ message ListFindingsRequest { // // The following field and operator combinations are supported: // - // name: `=` - // parent: `=`, `:` - // resource_name: `=`, `:` - // state: `=`, `:` - // category: `=`, `:` - // external_uri: `=`, `:` - // event_time: `=`, `>`, `<`, `>=`, `<=` + // * name: `=` + // * parent: `=`, `:` + // * resource_name: `=`, `:` + // * state: `=`, `:` + // * category: `=`, `:` + // * external_uri: `=`, `:` + // * event_time: `=`, `>`, `<`, `>=`, `<=` + // * severity: `=`, `:` // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: @@ -1083,10 +1070,9 @@ message ListFindingsRequest { // read_time. google.protobuf.Duration compare_duration = 5; - // Optional. A field mask to specify the Finding fields to be listed in the - // response. An empty field mask will list all fields. - google.protobuf.FieldMask field_mask = 7 - [(google.api.field_behavior) = OPTIONAL]; + // A field mask to specify the Finding fields to be listed in the response. + // An empty field mask will list all fields. + google.protobuf.FieldMask field_mask = 7; // The value returned by the last `ListFindingsResponse`; indicates // that this is a continuation of a prior `ListFindings` call, and @@ -1157,7 +1143,7 @@ message ListFindingsResponse { StateChange state_change = 2; // Output only. Resource that is associated with this finding. - Resource resource = 3; + Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; } // Findings matching the list request. @@ -1191,14 +1177,13 @@ message SetFindingStateRequest { Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; // Required. The time at which the updated state takes effect. - google.protobuf.Timestamp start_time = 3 - [(google.api.field_behavior) = REQUIRED]; + google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for running asset discovery for an organization. message RunAssetDiscoveryRequest { - // Required. Name of the organization to run asset discovery for. Its format - // is "organizations/[organization_id]". + // Required. Name of the organization to run asset discovery for. Its format is + // "organizations/[organization_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -1209,8 +1194,8 @@ message RunAssetDiscoveryRequest { // Request message for updating or creating a finding. message UpdateFindingRequest { - // Required. The finding resource to update or create if it does not already - // exist. parent, security_marks, and update_time will be ignored. + // Required. The finding resource to update or create if it does not already exist. + // parent, security_marks, and update_time will be ignored. // // In the case of creation, the finding id portion of the name must be // alphanumeric and less than or equal to 32 characters and greater than 0 @@ -1230,8 +1215,7 @@ message UpdateFindingRequest { // Request message for updating a notification config. message UpdateNotificationConfigRequest { // Required. The notification config to update. - NotificationConfig notification_config = 1 - [(google.api.field_behavior) = REQUIRED]; + NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED]; // The FieldMask to use when updating the notification config. // @@ -1242,12 +1226,11 @@ message UpdateNotificationConfigRequest { // Request message for updating an organization's settings. message UpdateOrganizationSettingsRequest { // Required. The organization settings resource to update. - OrganizationSettings organization_settings = 1 - [(google.api.field_behavior) = REQUIRED]; + OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; // The FieldMask to use when updating the settings resource. // - // If empty all mutable fields will be updated. + // If empty all mutable fields will be updated. google.protobuf.FieldMask update_mask = 2; } diff --git a/protos/protos.d.ts b/protos/protos.d.ts index 64113be9..ec488173 100644 --- a/protos/protos.d.ts +++ b/protos/protos.d.ts @@ -505,6 +505,9 @@ export namespace google { /** Finding createTime */ createTime?: (google.protobuf.ITimestamp|null); + + /** Finding severity */ + severity?: (google.cloud.securitycenter.v1.Finding.Severity|keyof typeof google.cloud.securitycenter.v1.Finding.Severity|null); } /** Represents a Finding. */ @@ -546,6 +549,9 @@ export namespace google { /** Finding createTime. */ public createTime?: (google.protobuf.ITimestamp|null); + /** Finding severity. */ + public severity: (google.cloud.securitycenter.v1.Finding.Severity|keyof typeof google.cloud.securitycenter.v1.Finding.Severity); + /** * Creates a new Finding instance using the specified properties. * @param [properties] Properties to set @@ -625,6 +631,15 @@ export namespace google { ACTIVE = 1, INACTIVE = 2 } + + /** Severity enum. */ + enum Severity { + SEVERITY_UNSPECIFIED = 0, + CRITICAL = 1, + HIGH = 2, + MEDIUM = 3, + LOW = 4 + } } /** Properties of a NotificationConfig. */ diff --git a/protos/protos.js b/protos/protos.js index 2355fb81..681015ae 100644 --- a/protos/protos.js +++ b/protos/protos.js @@ -1261,6 +1261,7 @@ * @property {google.cloud.securitycenter.v1.ISecurityMarks|null} [securityMarks] Finding securityMarks * @property {google.protobuf.ITimestamp|null} [eventTime] Finding eventTime * @property {google.protobuf.ITimestamp|null} [createTime] Finding createTime + * @property {google.cloud.securitycenter.v1.Finding.Severity|null} [severity] Finding severity */ /** @@ -1359,6 +1360,14 @@ */ Finding.prototype.createTime = null; + /** + * Finding severity. + * @member {google.cloud.securitycenter.v1.Finding.Severity} severity + * @memberof google.cloud.securitycenter.v1.Finding + * @instance + */ + Finding.prototype.severity = 0; + /** * Creates a new Finding instance using the specified properties. * @function create @@ -1406,6 +1415,8 @@ $root.google.protobuf.Timestamp.encode(message.eventTime, writer.uint32(/* id 9, wireType 2 =*/74).fork()).ldelim(); if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 10, wireType 2 =*/82).fork()).ldelim(); + if (message.severity != null && Object.hasOwnProperty.call(message, "severity")) + writer.uint32(/* id 12, wireType 0 =*/96).int32(message.severity); return writer; }; @@ -1489,6 +1500,9 @@ case 10: message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); break; + case 12: + message.severity = reader.int32(); + break; default: reader.skipType(tag & 7); break; @@ -1573,6 +1587,17 @@ if (error) return "createTime." + error; } + if (message.severity != null && message.hasOwnProperty("severity")) + switch (message.severity) { + default: + return "severity: enum value expected"; + case 0: + case 1: + case 2: + case 3: + case 4: + break; + } return null; }; @@ -1637,6 +1662,28 @@ throw TypeError(".google.cloud.securitycenter.v1.Finding.createTime: object expected"); message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime); } + switch (object.severity) { + case "SEVERITY_UNSPECIFIED": + case 0: + message.severity = 0; + break; + case "CRITICAL": + case 1: + message.severity = 1; + break; + case "HIGH": + case 2: + message.severity = 2; + break; + case "MEDIUM": + case 3: + message.severity = 3; + break; + case "LOW": + case 4: + message.severity = 4; + break; + } return message; }; @@ -1665,6 +1712,7 @@ object.securityMarks = null; object.eventTime = null; object.createTime = null; + object.severity = options.enums === String ? "SEVERITY_UNSPECIFIED" : 0; } if (message.name != null && message.hasOwnProperty("name")) object.name = message.name; @@ -1690,6 +1738,8 @@ object.eventTime = $root.google.protobuf.Timestamp.toObject(message.eventTime, options); if (message.createTime != null && message.hasOwnProperty("createTime")) object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options); + if (message.severity != null && message.hasOwnProperty("severity")) + object.severity = options.enums === String ? $root.google.cloud.securitycenter.v1.Finding.Severity[message.severity] : message.severity; return object; }; @@ -1720,6 +1770,26 @@ return values; })(); + /** + * Severity enum. + * @name google.cloud.securitycenter.v1.Finding.Severity + * @enum {number} + * @property {number} SEVERITY_UNSPECIFIED=0 SEVERITY_UNSPECIFIED value + * @property {number} CRITICAL=1 CRITICAL value + * @property {number} HIGH=2 HIGH value + * @property {number} MEDIUM=3 MEDIUM value + * @property {number} LOW=4 LOW value + */ + Finding.Severity = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "SEVERITY_UNSPECIFIED"] = 0; + values[valuesById[1] = "CRITICAL"] = 1; + values[valuesById[2] = "HIGH"] = 2; + values[valuesById[3] = "MEDIUM"] = 3; + values[valuesById[4] = "LOW"] = 4; + return values; + })(); + return Finding; })(); diff --git a/protos/protos.json b/protos/protos.json index a102c248..3fe7d0e4 100644 --- a/protos/protos.json +++ b/protos/protos.json @@ -169,6 +169,10 @@ "createTime": { "type": "google.protobuf.Timestamp", "id": 10 + }, + "severity": { + "type": "Severity", + "id": 12 } }, "nested": { @@ -178,6 +182,15 @@ "ACTIVE": 1, "INACTIVE": 2 } + }, + "Severity": { + "values": { + "SEVERITY_UNSPECIFIED": 0, + "CRITICAL": 1, + "HIGH": 2, + "MEDIUM": 3, + "LOW": 4 + } } } }, @@ -1151,10 +1164,7 @@ }, "fieldMask": { "type": "google.protobuf.FieldMask", - "id": 7, - "options": { - "(google.api.field_behavior)": "OPTIONAL" - } + "id": 7 }, "pageToken": { "type": "string", @@ -1239,10 +1249,7 @@ }, "fieldMask": { "type": "google.protobuf.FieldMask", - "id": 7, - "options": { - "(google.api.field_behavior)": "OPTIONAL" - } + "id": 7 }, "pageToken": { "type": "string", @@ -1287,7 +1294,10 @@ }, "resource": { "type": "Resource", - "id": 3 + "id": 3, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } } }, "nested": { diff --git a/src/v1/security_center_client.ts b/src/v1/security_center_client.ts index 6e279447..fb5a3161 100644 --- a/src/v1/security_center_client.ts +++ b/src/v1/security_center_client.ts @@ -454,8 +454,8 @@ export class SecurityCenterClient { * Required. Resource name of the new source's parent. Its format should be * "organizations/[organization_id]". * @param {google.cloud.securitycenter.v1.Source} request.source - * Required. The Source being created, only the display_name and description - * will be used. All other fields will be ignored. + * Required. The Source being created, only the display_name and description will be + * used. All other fields will be ignored. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -555,8 +555,8 @@ export class SecurityCenterClient { * It must be alphanumeric and less than or equal to 32 characters and * greater than 0 characters in length. * @param {google.cloud.securitycenter.v1.Finding} request.finding - * Required. The Finding being created. The name and security_marks will be - * ignored as they are both output only fields on this resource. + * Required. The Finding being created. The name and security_marks will be ignored as + * they are both output only fields on this resource. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -651,17 +651,16 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Resource name of the new notification config's parent. Its format - * is "organizations/[organization_id]". + * Required. Resource name of the new notification config's parent. Its format is + * "organizations/[organization_id]". * @param {string} request.configId * Required. * Unique identifier provided by the client within the parent scope. * It must be between 1 and 128 characters, and contains alphanumeric * characters, underscores or hyphens only. * @param {google.cloud.securitycenter.v1.NotificationConfig} request.notificationConfig - * Required. The notification config being created. The name and the service - * account will be ignored as they are both output only fields on this - * resource. + * Required. The notification config being created. The name and the service account + * will be ignored as they are both output only fields on this resource. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1053,8 +1052,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. Name of the organization to get organization settings for. Its - * format is "organizations/[organization_id]/organizationSettings". + * Required. Name of the organization to get organization settings for. Its format is + * "organizations/[organization_id]/organizationSettings". * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1526,8 +1525,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {google.cloud.securitycenter.v1.Finding} request.finding - * Required. The finding resource to update or create if it does not already - * exist. parent, security_marks, and update_time will be ignored. + * Required. The finding resource to update or create if it does not already exist. + * parent, security_marks, and update_time will be ignored. * * In the case of creation, the finding id portion of the name must be * alphanumeric and less than or equal to 32 characters and greater than 0 @@ -1745,7 +1744,7 @@ export class SecurityCenterClient { * @param {google.protobuf.FieldMask} request.updateMask * The FieldMask to use when updating the settings resource. * - * If empty all mutable fields will be updated. + * If empty all mutable fields will be updated. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2059,8 +2058,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Name of the organization to run asset discovery for. Its format - * is "organizations/[organization_id]". + * Required. Name of the organization to run asset discovery for. Its format is + * "organizations/[organization_id]". * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2259,14 +2258,14 @@ export class SecurityCenterClient { * For example, `resource_properties.size = 100` is a valid filter string. * * Use a partial match on the empty string to filter based on a property - * existing:`resource_properties.my_property : ""` + * existing: `resource_properties.my_property : ""` * * Use a negated partial match on the empty string to filter based on a * property not existing: `-resource_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping. - * The string value should follow SQL syntax: comma separated list of fields. - * For example: + * Required. Expression that defines what assets fields to use for grouping. The string + * value should follow SQL syntax: comma separated list of fields. For + * example: * "security_center_properties.resource_project,security_center_properties.project". * * The following fields are supported when compare_duration is not set: @@ -2446,14 +2445,14 @@ export class SecurityCenterClient { * For example, `resource_properties.size = 100` is a valid filter string. * * Use a partial match on the empty string to filter based on a property - * existing:`resource_properties.my_property : ""` + * existing: `resource_properties.my_property : ""` * * Use a negated partial match on the empty string to filter based on a * property not existing: `-resource_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping. - * The string value should follow SQL syntax: comma separated list of fields. - * For example: + * Required. Expression that defines what assets fields to use for grouping. The string + * value should follow SQL syntax: comma separated list of fields. For + * example: * "security_center_properties.resource_project,security_center_properties.project". * * The following fields are supported when compare_duration is not set: @@ -2611,14 +2610,14 @@ export class SecurityCenterClient { * For example, `resource_properties.size = 100` is a valid filter string. * * Use a partial match on the empty string to filter based on a property - * existing:`resource_properties.my_property : ""` + * existing: `resource_properties.my_property : ""` * * Use a negated partial match on the empty string to filter based on a * property not existing: `-resource_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping. - * The string value should follow SQL syntax: comma separated list of fields. - * For example: + * Required. Expression that defines what assets fields to use for grouping. The string + * value should follow SQL syntax: comma separated list of fields. For + * example: * "security_center_properties.resource_project,security_center_properties.project". * * The following fields are supported when compare_duration is not set: @@ -2791,6 +2790,7 @@ export class SecurityCenterClient { * * category: `=`, `:` * * external_uri: `=`, `:` * * event_time: `=`, `>`, `<`, `>=`, `<=` + * * severity: `=`, `:` * * Usage: This should be milliseconds since epoch or an RFC3339 string. * Examples: @@ -2808,9 +2808,9 @@ export class SecurityCenterClient { * Use a negated partial match on the empty string to filter based on a * property not existing: `-source_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping - * (including `state_change`). The string value should follow SQL syntax: - * comma separated list of fields. For example: "parent,resource_name". + * Required. Expression that defines what assets fields to use for grouping (including + * `state_change`). The string value should follow SQL syntax: comma separated + * list of fields. For example: "parent,resource_name". * * The following fields are supported: * @@ -2818,6 +2818,7 @@ export class SecurityCenterClient { * * category * * state * * parent + * * severity * * The following fields are supported when compare_duration is set: * @@ -2968,6 +2969,7 @@ export class SecurityCenterClient { * * category: `=`, `:` * * external_uri: `=`, `:` * * event_time: `=`, `>`, `<`, `>=`, `<=` + * * severity: `=`, `:` * * Usage: This should be milliseconds since epoch or an RFC3339 string. * Examples: @@ -2985,9 +2987,9 @@ export class SecurityCenterClient { * Use a negated partial match on the empty string to filter based on a * property not existing: `-source_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping - * (including `state_change`). The string value should follow SQL syntax: - * comma separated list of fields. For example: "parent,resource_name". + * Required. Expression that defines what assets fields to use for grouping (including + * `state_change`). The string value should follow SQL syntax: comma separated + * list of fields. For example: "parent,resource_name". * * The following fields are supported: * @@ -2995,6 +2997,7 @@ export class SecurityCenterClient { * * category * * state * * parent + * * severity * * The following fields are supported when compare_duration is set: * @@ -3123,6 +3126,7 @@ export class SecurityCenterClient { * * category: `=`, `:` * * external_uri: `=`, `:` * * event_time: `=`, `>`, `<`, `>=`, `<=` + * * severity: `=`, `:` * * Usage: This should be milliseconds since epoch or an RFC3339 string. * Examples: @@ -3140,9 +3144,9 @@ export class SecurityCenterClient { * Use a negated partial match on the empty string to filter based on a * property not existing: `-source_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping - * (including `state_change`). The string value should follow SQL syntax: - * comma separated list of fields. For example: "parent,resource_name". + * Required. Expression that defines what assets fields to use for grouping (including + * `state_change`). The string value should follow SQL syntax: comma separated + * list of fields. For example: "parent,resource_name". * * The following fields are supported: * @@ -3150,6 +3154,7 @@ export class SecurityCenterClient { * * category * * state * * parent + * * severity * * The following fields are supported when compare_duration is set: * @@ -3391,9 +3396,10 @@ export class SecurityCenterClient { * If compare_duration is not specified, then the only possible state_change * is "UNUSED", which will be the state_change set for all assets present at * read_time. - * @param {google.protobuf.FieldMask} [request.fieldMask] - * Optional. A field mask to specify the ListAssetsResult fields to be listed - * in the response. An empty field mask will list all fields. + * @param {google.protobuf.FieldMask} request.fieldMask + * A field mask to specify the ListAssetsResult fields to be listed in the + * response. + * An empty field mask will list all fields. * @param {string} request.pageToken * The value returned by the last `ListAssetsResponse`; indicates * that this is a continuation of a prior `ListAssets` call, and @@ -3581,9 +3587,10 @@ export class SecurityCenterClient { * If compare_duration is not specified, then the only possible state_change * is "UNUSED", which will be the state_change set for all assets present at * read_time. - * @param {google.protobuf.FieldMask} [request.fieldMask] - * Optional. A field mask to specify the ListAssetsResult fields to be listed - * in the response. An empty field mask will list all fields. + * @param {google.protobuf.FieldMask} request.fieldMask + * A field mask to specify the ListAssetsResult fields to be listed in the + * response. + * An empty field mask will list all fields. * @param {string} request.pageToken * The value returned by the last `ListAssetsResponse`; indicates * that this is a continuation of a prior `ListAssets` call, and @@ -3749,9 +3756,10 @@ export class SecurityCenterClient { * If compare_duration is not specified, then the only possible state_change * is "UNUSED", which will be the state_change set for all assets present at * read_time. - * @param {google.protobuf.FieldMask} [request.fieldMask] - * Optional. A field mask to specify the ListAssetsResult fields to be listed - * in the response. An empty field mask will list all fields. + * @param {google.protobuf.FieldMask} request.fieldMask + * A field mask to specify the ListAssetsResult fields to be listed in the + * response. + * An empty field mask will list all fields. * @param {string} request.pageToken * The value returned by the last `ListAssetsResponse`; indicates * that this is a continuation of a prior `ListAssets` call, and @@ -3868,13 +3876,14 @@ export class SecurityCenterClient { * * The following field and operator combinations are supported: * - * name: `=` - * parent: `=`, `:` - * resource_name: `=`, `:` - * state: `=`, `:` - * category: `=`, `:` - * external_uri: `=`, `:` - * event_time: `=`, `>`, `<`, `>=`, `<=` + * * name: `=` + * * parent: `=`, `:` + * * resource_name: `=`, `:` + * * state: `=`, `:` + * * category: `=`, `:` + * * external_uri: `=`, `:` + * * event_time: `=`, `>`, `<`, `>=`, `<=` + * * severity: `=`, `:` * * Usage: This should be milliseconds since epoch or an RFC3339 string. * Examples: @@ -3946,9 +3955,9 @@ export class SecurityCenterClient { * If compare_duration is not specified, then the only possible state_change * is "UNUSED", which will be the state_change set for all findings present at * read_time. - * @param {google.protobuf.FieldMask} [request.fieldMask] - * Optional. A field mask to specify the Finding fields to be listed in the - * response. An empty field mask will list all fields. + * @param {google.protobuf.FieldMask} request.fieldMask + * A field mask to specify the Finding fields to be listed in the response. + * An empty field mask will list all fields. * @param {string} request.pageToken * The value returned by the last `ListFindingsResponse`; indicates * that this is a continuation of a prior `ListFindings` call, and @@ -4050,13 +4059,14 @@ export class SecurityCenterClient { * * The following field and operator combinations are supported: * - * name: `=` - * parent: `=`, `:` - * resource_name: `=`, `:` - * state: `=`, `:` - * category: `=`, `:` - * external_uri: `=`, `:` - * event_time: `=`, `>`, `<`, `>=`, `<=` + * * name: `=` + * * parent: `=`, `:` + * * resource_name: `=`, `:` + * * state: `=`, `:` + * * category: `=`, `:` + * * external_uri: `=`, `:` + * * event_time: `=`, `>`, `<`, `>=`, `<=` + * * severity: `=`, `:` * * Usage: This should be milliseconds since epoch or an RFC3339 string. * Examples: @@ -4128,9 +4138,9 @@ export class SecurityCenterClient { * If compare_duration is not specified, then the only possible state_change * is "UNUSED", which will be the state_change set for all findings present at * read_time. - * @param {google.protobuf.FieldMask} [request.fieldMask] - * Optional. A field mask to specify the Finding fields to be listed in the - * response. An empty field mask will list all fields. + * @param {google.protobuf.FieldMask} request.fieldMask + * A field mask to specify the Finding fields to be listed in the response. + * An empty field mask will list all fields. * @param {string} request.pageToken * The value returned by the last `ListFindingsResponse`; indicates * that this is a continuation of a prior `ListFindings` call, and @@ -4210,13 +4220,14 @@ export class SecurityCenterClient { * * The following field and operator combinations are supported: * - * name: `=` - * parent: `=`, `:` - * resource_name: `=`, `:` - * state: `=`, `:` - * category: `=`, `:` - * external_uri: `=`, `:` - * event_time: `=`, `>`, `<`, `>=`, `<=` + * * name: `=` + * * parent: `=`, `:` + * * resource_name: `=`, `:` + * * state: `=`, `:` + * * category: `=`, `:` + * * external_uri: `=`, `:` + * * event_time: `=`, `>`, `<`, `>=`, `<=` + * * severity: `=`, `:` * * Usage: This should be milliseconds since epoch or an RFC3339 string. * Examples: @@ -4288,9 +4299,9 @@ export class SecurityCenterClient { * If compare_duration is not specified, then the only possible state_change * is "UNUSED", which will be the state_change set for all findings present at * read_time. - * @param {google.protobuf.FieldMask} [request.fieldMask] - * Optional. A field mask to specify the Finding fields to be listed in the - * response. An empty field mask will list all fields. + * @param {google.protobuf.FieldMask} request.fieldMask + * A field mask to specify the Finding fields to be listed in the response. + * An empty field mask will list all fields. * @param {string} request.pageToken * The value returned by the last `ListFindingsResponse`; indicates * that this is a continuation of a prior `ListFindings` call, and diff --git a/synth.metadata b/synth.metadata index f8c9802a..dda57c58 100644 --- a/synth.metadata +++ b/synth.metadata @@ -4,15 +4,15 @@ "git": { "name": ".", "remote": "https://github.com/googleapis/nodejs-security-center.git", - "sha": "f0e8525fb86f0e2e3405319a8c41d37dbc731b62" + "sha": "50272404ab2411ba40eb350a92f7e8cc893ef1f4" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "d189e871205fea665a9648f7c4676f027495ccaf", - "internalRef": "345596855" + "sha": "e9135d3cb8a99f77ee2ba3318ebc2c9b807581d0", + "internalRef": "347410691" } }, {