OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update all json files

Browse Source
This commit is contained in:
Sebastian Thiel
2020-04-12 18:55:37 +08:00
parent ea3b428364
commit aacc30f08d
260 changed files with 138411 additions and 26293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

491
etc/api/securitycenter/v1beta1/securitycenter-api.json
View File

@@ -12,7 +12,7 @@
"baseUrl": "https://securitycenter.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Security Command Center",
"description": "Cloud Security Command Center API provides access to temporal views of assets and findings within an organization.",
"description": "Security Command Center API provides access to temporal views of assets and findings within an organization.",
"discoveryVersion": "v1",
"documentationLink": "https://console.cloud.google.com/apis/api/securitycenter.googleapis.com/overview",
"fullyEncodeReservedExpansion": true,
@@ -22,6 +22,7 @@
},
"id": "securitycenter:v1beta1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://securitycenter.mtls.googleapis.com/",
"name": "securitycenter",
"ownerDomain": "google.com",
"ownerName": "Google",
@@ -116,7 +117,7 @@
],
"parameters": {
"name": {
"description": "Name of the organization to get organization settings for. Its format is\n\"organizations/[organization_id]/organizationSettings\".",
"description": "Required. Name of the organization to get organization settings for. Its format is\n\"organizations/[organization_id]/organizationSettings\".",
"location": "path",
"pattern": "^organizations/[^/]+/organizationSettings$",
"required": true,
@@ -141,7 +142,7 @@
],
"parameters": {
"name": {
"description": "The relative resource name of the settings. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/organizationSettings\".",
"description": "The relative resource name of the settings. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/organizationSettings\".",
"location": "path",
"pattern": "^organizations/[^/]+/organizationSettings$",
"required": true,
@@ -179,7 +180,7 @@
],
"parameters": {
"parent": {
"description": "Name of the organization to groupBy. Its format is\n\"organizations/[organization_id]\".",
"description": "Required. Name of the organization to groupBy. Its format is\n\"organizations/[organization_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -240,7 +241,7 @@
"type": "string"
},
"parent": {
"description": "Name of the organization assets should belong to. Its format is\n\"organizations/[organization_id]\".",
"description": "Required. Name of the organization assets should belong to. Its format is\n\"organizations/[organization_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -271,7 +272,7 @@
],
"parameters": {
"parent": {
"description": "Name of the organization to run asset discovery for. Its format is\n\"organizations/[organization_id]\".",
"description": "Required. Name of the organization to run asset discovery for. Its format is\n\"organizations/[organization_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -299,7 +300,7 @@
],
"parameters": {
"name": {
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/123/assets/456/securityMarks\"\n\"organizations/123/sources/456/findings/789/securityMarks\".",
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/{organization_id}/assets/{asset_id}/securityMarks\"\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
"location": "path",
"pattern": "^organizations/[^/]+/assets/[^/]+/securityMarks$",
"required": true,
@@ -320,10 +321,10 @@
},
"path": "v1beta1/{+name}",
"request": {
"$ref": "SecurityMarks"
"$ref": "GoogleCloudSecuritycenterV1beta1SecurityMarks"
},
"response": {
"$ref": "SecurityMarks"
"$ref": "GoogleCloudSecuritycenterV1beta1SecurityMarks"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
@@ -466,7 +467,7 @@
],
"parameters": {
"parent": {
"description": "Resource name of the new source's parent. Its format should be\n\"organizations/[organization_id]\".",
"description": "Required. Resource name of the new source's parent. Its format should be\n\"organizations/[organization_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -494,7 +495,7 @@
],
"parameters": {
"name": {
"description": "Relative resource name of the source. Its format is\n\"organizations/[organization_id]/source/[source_id]\".",
"description": "Required. Relative resource name of the source. Its format is\n\"organizations/[organization_id]/source/[source_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+$",
"required": true,
@@ -558,7 +559,7 @@
"type": "string"
},
"parent": {
"description": "Resource name of the parent of sources to list. Its format should be\n\"organizations/[organization_id]\".",
"description": "Required. Resource name of the parent of sources to list. Its format should be\n\"organizations/[organization_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -583,7 +584,7 @@
],
"parameters": {
"name": {
"description": "The relative resource name of this source. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/sources/456\"",
"description": "The relative resource name of this source. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}\"",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+$",
"required": true,
@@ -677,12 +678,12 @@
],
"parameters": {
"findingId": {
"description": "Unique identifier provided by the client within the parent scope.\nIt must be alphanumeric and less than or equal to 32 characters and\ngreater than 0 characters in length.",
"description": "Required. Unique identifier provided by the client within the parent scope.\nIt must be alphanumeric and less than or equal to 32 characters and\ngreater than 0 characters in length.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Resource name of the new finding's parent. Its format should be\n\"organizations/[organization_id]/sources/[source_id]\".",
"description": "Required. Resource name of the new finding's parent. Its format should be\n\"organizations/[organization_id]/sources/[source_id]\".",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+$",
"required": true,
@@ -691,17 +692,17 @@
},
"path": "v1beta1/{+parent}/findings",
"request": {
"$ref": "Finding"
"$ref": "GoogleCloudSecuritycenterV1beta1Finding"
},
"response": {
"$ref": "Finding"
"$ref": "GoogleCloudSecuritycenterV1beta1Finding"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"group": {
"description": "Filters an organization or source's findings and groups them by their\nspecified properties.\n\nTo group across all sources provide a `-` as the source id.\nExample: /v1beta1/organizations/123/sources/-/findings",
"description": "Filters an organization or source's findings and groups them by their\nspecified properties.\n\nTo group across all sources provide a `-` as the source id.\nExample: /v1beta1/organizations/{organization_id}/sources/-/findings",
"flatPath": "v1beta1/organizations/{organizationsId}/sources/{sourcesId}/findings:group",
"httpMethod": "POST",
"id": "securitycenter.organizations.sources.findings.group",
@@ -710,7 +711,7 @@
],
"parameters": {
"parent": {
"description": "Name of the source to groupBy. Its format is\n\"organizations/[organization_id]/sources/[source_id]\". To groupBy across\nall sources provide a source_id of `-`. For example:\norganizations/123/sources/-",
"description": "Required. Name of the source to groupBy. Its format is\n\"organizations/[organization_id]/sources/[source_id]\". To groupBy across\nall sources provide a source_id of `-`. For example:\norganizations/{organization_id}/sources/-",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+$",
"required": true,
@@ -729,7 +730,7 @@
]
},
"list": {
"description": "Lists an organization or source's findings.\n\nTo list across all sources provide a `-` as the source id.\nExample: /v1beta1/organizations/123/sources/-/findings",
"description": "Lists an organization or source's findings.\n\nTo list across all sources provide a `-` as the source id.\nExample: /v1beta1/organizations/{organization_id}/sources/-/findings",
"flatPath": "v1beta1/organizations/{organizationsId}/sources/{sourcesId}/findings",
"httpMethod": "GET",
"id": "securitycenter.organizations.sources.findings.list",
@@ -765,7 +766,7 @@
"type": "string"
},
"parent": {
"description": "Name of the source the findings belong to. Its format is\n\"organizations/[organization_id]/sources/[source_id]\". To list across all\nsources provide a source_id of `-`. For example:\norganizations/123/sources/-",
"description": "Required. Name of the source the findings belong to. Its format is\n\"organizations/[organization_id]/sources/[source_id]\". To list across all\nsources provide a source_id of `-`. For example:\norganizations/{organization_id}/sources/-",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+$",
"required": true,
@@ -796,7 +797,7 @@
],
"parameters": {
"name": {
"description": "The relative resource name of this finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/sources/456/findings/789\"",
"description": "The relative resource name of this finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+/findings/[^/]+$",
"required": true,
@@ -811,10 +812,10 @@
},
"path": "v1beta1/{+name}",
"request": {
"$ref": "Finding"
"$ref": "GoogleCloudSecuritycenterV1beta1Finding"
},
"response": {
"$ref": "Finding"
"$ref": "GoogleCloudSecuritycenterV1beta1Finding"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
@@ -830,7 +831,7 @@
],
"parameters": {
"name": {
"description": "The relative resource name of the finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/sources/456/finding/789\".",
"description": "Required. The relative resource name of the finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}\".",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+/findings/[^/]+$",
"required": true,
@@ -842,7 +843,7 @@
"$ref": "SetFindingStateRequest"
},
"response": {
"$ref": "Finding"
"$ref": "GoogleCloudSecuritycenterV1beta1Finding"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
@@ -858,7 +859,7 @@
],
"parameters": {
"name": {
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/123/assets/456/securityMarks\"\n\"organizations/123/sources/456/findings/789/securityMarks\".",
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/{organization_id}/assets/{asset_id}/securityMarks\"\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
"location": "path",
"pattern": "^organizations/[^/]+/sources/[^/]+/findings/[^/]+/securityMarks$",
"required": true,
@@ -879,10 +880,10 @@
},
"path": "v1beta1/{+name}",
"request": {
"$ref": "SecurityMarks"
"$ref": "GoogleCloudSecuritycenterV1beta1SecurityMarks"
},
"response": {
"$ref": "SecurityMarks"
"$ref": "GoogleCloudSecuritycenterV1beta1SecurityMarks"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
@@ -895,39 +896,39 @@
}
}
},
"revision": "20190628",
"revision": "20200406",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Asset": {
"description": "Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud\nPlatform (GCP) resource.\n\nThe Asset is a Cloud SCC resource that captures information about a single\nGCP resource. All modifications to an Asset are only within the context of\nCloud SCC and don't affect the referenced GCP resource.",
"description": "Security Command Center representation of a Google Cloud\nresource.\n\nThe Asset is a Security Command Center resource that captures information\nabout a single Google Cloud resource. All modifications to an Asset are only\nwithin the context of Security Command Center and don't affect the referenced\nGoogle Cloud resource.",
"id": "Asset",
"properties": {
"createTime": {
"description": "The time at which the asset was created in Cloud SCC.",
"description": "The time at which the asset was created in Security Command Center.",
"format": "google-datetime",
"type": "string"
},
"name": {
"description": "The relative resource name of this asset. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/assets/456\".",
"description": "The relative resource name of this asset. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/assets/{asset_id}\".",
"type": "string"
},
"resourceProperties": {
"additionalProperties": {
"type": "any"
},
"description": "Resource managed properties. These properties are managed and defined by\nthe GCP resource and cannot be modified by the user.",
"description": "Resource managed properties. These properties are managed and defined by\nthe Google Cloud resource and cannot be modified by the user.",
"type": "object"
},
"securityCenterProperties": {
"$ref": "SecurityCenterProperties",
"description": "Cloud SCC managed properties. These properties are managed by\nCloud SCC and cannot be modified by the user."
"description": "Security Command Center managed properties. These properties are managed by\nSecurity Command Center and cannot be modified by the user."
},
"securityMarks": {
"$ref": "SecurityMarks",
"$ref": "GoogleCloudSecuritycenterV1beta1SecurityMarks",
"description": "User specified security marks. These marks are entirely managed by the user\nand come from the SecurityMarks resource that belongs to the asset."
},
"updateTime": {
"description": "The time at which the asset was last updated, added, or deleted in Cloud\nSCC.",
"description": "The time at which the asset was last updated, added, or deleted in Security\nCommand Center.",
"format": "google-datetime",
"type": "string"
}
@@ -963,7 +964,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"fooservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:bar@gmail.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts foo@gmail.com from DATA_READ logging, and\nbar@gmail.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -981,7 +982,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -1019,7 +1020,7 @@
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
@@ -1045,30 +1046,30 @@
"type": "object"
},
"Expr": {
"description": "Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) > 0\"",
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.",
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"Finding": {
"description": "Cloud Security Command Center (Cloud SCC) finding.\n\nA finding is a record of assessment data (security, risk, health or privacy)\ningested into Cloud SCC for presentation, notification, analysis,\npolicy testing, and enforcement. For example, an XSS vulnerability in an\nApp Engine application is a finding.",
"description": "Security Command Center finding.\n\nA finding is a record of assessment data like security, risk, health, or\nprivacy, that is ingested into Security Command Center for presentation,\nnotification, analysis, policy testing, and enforcement. For example, a\ncross-site scripting (XSS) vulnerability in an App Engine application is a\nfinding.\n\nWhen adding a new field hidden behind a visibility label, ensure it is also\nhidden from Notifications:\nhttp://google3/java/com/google/cloud/security/riskdashboard/notification/actions/streaming/FindingTranslator.java?l=26",
"id": "Finding",
"properties": {
"category": {
@@ -1076,7 +1077,7 @@
"type": "string"
},
"createTime": {
"description": "The time at which the finding was created in Cloud SCC.",
"description": "The time at which the finding was created in Security Command Center.",
"format": "google-datetime",
"type": "string"
},
@@ -1086,19 +1087,19 @@
"type": "string"
},
"externalUri": {
"description": "The URI that, if available, points to a web page outside of Cloud SCC\nwhere additional information about the finding can be found. This field is\nguaranteed to be either empty or a well formed URL.",
"description": "The URI that, if available, points to a web page outside of Security\nCommand Center where additional information about the finding can be found.\nThis field is guaranteed to be either empty or a well formed URL.",
"type": "string"
},
"name": {
"description": "The relative resource name of this finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/sources/456/findings/789\"",
"description": "The relative resource name of this finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
"type": "string"
},
"parent": {
"description": "The relative resource name of the source the finding belongs to. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nThis field is immutable after creation time.\nFor example:\n\"organizations/123/sources/456\"",
"description": "The relative resource name of the source the finding belongs to. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nThis field is immutable after creation time.\nFor example:\n\"organizations/{organization_id}/sources/{source_id}\"",
"type": "string"
},
"resourceName": {
"description": "The full resource name of the Google Cloud Platform (GCP) resource this\nfinding is for. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name\nThis field is immutable after creation time.",
"description": "For findings on Google Cloud resources, the full resource\nname of the Google Cloud resource this finding is for. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name\nWhen the finding is for a non-Google Cloud resource, the resourceName can\nbe a customer or partner defined string. This field is immutable after\ncreation time.",
"type": "string"
},
"securityMarks": {
@@ -1145,13 +1146,28 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\nAcceptable values are 0 and 1.\nIf the value is 0, or the field is omitted, policy format version 1 will be\nreturned.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1NotificationMessage": {
"description": "Cloud SCC's Notification",
"id": "GoogleCloudSecuritycenterV1NotificationMessage",
"properties": {
"finding": {
"$ref": "Finding",
"description": "If it's a Finding based notification config, this field will be\npopulated."
},
"notificationConfigName": {
"description": "Name of the notification config that generated current notification.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse": {
"description": "Response of asset discovery run",
"id": "GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse",
@@ -1180,6 +1196,68 @@
},
"type": "object"
},
"GoogleCloudSecuritycenterV1beta1Finding": {
"description": "Security Command Center finding.\n\nA finding is a record of assessment data (security, risk, health or privacy)\ningested into Security Command Center for presentation, notification,\nanalysis, policy testing, and enforcement. For example, an XSS vulnerability\nin an App Engine application is a finding.",
"id": "GoogleCloudSecuritycenterV1beta1Finding",
"properties": {
"category": {
"description": "The additional taxonomy group within findings from a given source.\nThis field is immutable after creation time.\nExample: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
"createTime": {
"description": "The time at which the finding was created in Security Command Center.",
"format": "google-datetime",
"type": "string"
},
"eventTime": {
"description": "The time at which the event took place. For example, if the finding\nrepresents an open firewall it would capture the time the detector believes\nthe firewall became open. The accuracy is determined by the detector.",
"format": "google-datetime",
"type": "string"
},
"externalUri": {
"description": "The URI that, if available, points to a web page outside of Security\nCommand Center where additional information about the finding can be found.\nThis field is guaranteed to be either empty or a well formed URL.",
"type": "string"
},
"name": {
"description": "The relative resource name of this finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
"type": "string"
},
"parent": {
"description": "Immutable. The relative resource name of the source the finding belongs to. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nThis field is immutable after creation time.\nFor example:\n\"organizations/{organization_id}/sources/{source_id}\"",
"type": "string"
},
"resourceName": {
"description": "For findings on Google Cloud resources, the full resource\nname of the Google Cloud resource this finding is for. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name\nWhen the finding is for a non-Google Cloud resource, the resourceName can\nbe a customer or partner defined string. This field is immutable after\ncreation time.",
"type": "string"
},
"securityMarks": {
"$ref": "GoogleCloudSecuritycenterV1beta1SecurityMarks",
"description": "Output only. User specified security marks. These marks are entirely\nmanaged by the user and come from the SecurityMarks resource that belongs\nto the finding."
},
"sourceProperties": {
"additionalProperties": {
"type": "any"
},
"description": "Source specific properties. These properties are managed by the source\nthat writes the finding. The key names in the source_properties map must be\nbetween 1 and 255 characters, and must start with a letter and contain\nalphanumeric characters or underscores only.",
"type": "object"
},
"state": {
"description": "The state of the finding.",
"enum": [
"STATE_UNSPECIFIED",
"ACTIVE",
"INACTIVE"
],
"enumDescriptions": [
"Unspecified state.",
"The finding requires attention and has not been addressed yet.",
"The finding has been fixed, triaged as a non-issue or otherwise addressed\nand is no longer active."
],
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse": {
"description": "Response of asset discovery run",
"id": "GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse",
@@ -1208,6 +1286,271 @@
},
"type": "object"
},
"GoogleCloudSecuritycenterV1beta1SecurityMarks": {
"description": "User specified security marks that are attached to the parent Security\nCommand Center resource. Security marks are scoped within a Security Command\nCenter organization -- they can be modified and viewed by all users who have\nproper permissions on the organization.",
"id": "GoogleCloudSecuritycenterV1beta1SecurityMarks",
"properties": {
"marks": {
"additionalProperties": {
"type": "string"
},
"description": "Mutable user specified security marks belonging to the parent resource.\nConstraints are as follows:\n\n * Keys and values are treated as case insensitive\n * Keys must be between 1 - 256 characters (inclusive)\n * Keys must be letters, numbers, underscores, or dashes\n * Values have leading and trailing whitespace trimmed, remaining\n characters must be between 1 - 4096 characters (inclusive)",
"type": "object"
},
"name": {
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/{organization_id}/assets/{asset_id}/securityMarks\"\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1Asset": {
"description": "Security Command Center representation of a Google Cloud\nresource.\n\nThe Asset is a Security Command Center resource that captures information\nabout a single Google Cloud resource. All modifications to an Asset are only\nwithin the context of Security Command Center and don't affect the referenced\nGoogle Cloud resource.",
"id": "GoogleCloudSecuritycenterV1p1beta1Asset",
"properties": {
"createTime": {
"description": "The time at which the asset was created in Security Command Center.",
"format": "google-datetime",
"type": "string"
},
"iamPolicy": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1IamPolicy",
"description": "Cloud IAM Policy information associated with the Google Cloud resource\ndescribed by the Security Command Center asset. This information is managed\nand defined by the Google Cloud resource and cannot be modified by the\nuser."
},
"name": {
"description": "The relative resource name of this asset. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/assets/{asset_id}\".",
"type": "string"
},
"resourceProperties": {
"additionalProperties": {
"type": "any"
},
"description": "Resource managed properties. These properties are managed and defined by\nthe Google Cloud resource and cannot be modified by the user.",
"type": "object"
},
"securityCenterProperties": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties",
"description": "Security Command Center managed properties. These properties are managed by\nSecurity Command Center and cannot be modified by the user."
},
"securityMarks": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1SecurityMarks",
"description": "User specified security marks. These marks are entirely managed by the user\nand come from the SecurityMarks resource that belongs to the asset."
},
"updateTime": {
"description": "The time at which the asset was last updated, added, or deleted in Cloud\nSCC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1Finding": {
"description": "Security Command Center finding.\n\nA finding is a record of assessment data (security, risk, health or privacy)\ningested into Security Command Center for presentation, notification,\nanalysis, policy testing, and enforcement. For example, an XSS vulnerability\nin an App Engine application is a finding.",
"id": "GoogleCloudSecuritycenterV1p1beta1Finding",
"properties": {
"category": {
"description": "The additional taxonomy group within findings from a given source.\nThis field is immutable after creation time.\nExample: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
"createTime": {
"description": "The time at which the finding was created in Security Command Center.",
"format": "google-datetime",
"type": "string"
},
"eventTime": {
"description": "The time at which the event took place. For example, if the finding\nrepresents an open firewall it would capture the time the detector believes\nthe firewall became open. The accuracy is determined by the detector.",
"format": "google-datetime",
"type": "string"
},
"externalUri": {
"description": "The URI that, if available, points to a web page outside of Security\nCommand Center where additional information about the finding can be found.\nThis field is guaranteed to be either empty or a well formed URL.",
"type": "string"
},
"name": {
"description": "The relative resource name of this finding. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
"type": "string"
},
"parent": {
"description": "The relative resource name of the source the finding belongs to. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nThis field is immutable after creation time.\nFor example:\n\"organizations/{organization_id}/sources/{source_id}\"",
"type": "string"
},
"resourceName": {
"description": "For findings on Google Cloud resources, the full resource\nname of the Google Cloud resource this finding is for. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name\nWhen the finding is for a non-Google Cloud resource, the resourceName can\nbe a customer or partner defined string. This field is immutable after\ncreation time.",
"type": "string"
},
"securityMarks": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1SecurityMarks",
"description": "Output only. User specified security marks. These marks are entirely\nmanaged by the user and come from the SecurityMarks resource that belongs\nto the finding."
},
"sourceProperties": {
"additionalProperties": {
"type": "any"
},
"description": "Source specific properties. These properties are managed by the source\nthat writes the finding. The key names in the source_properties map must be\nbetween 1 and 255 characters, and must start with a letter and contain\nalphanumeric characters or underscores only.",
"type": "object"
},
"state": {
"description": "The state of the finding.",
"enum": [
"STATE_UNSPECIFIED",
"ACTIVE",
"INACTIVE"
],
"enumDescriptions": [
"Unspecified state.",
"The finding requires attention and has not been addressed yet.",
"The finding has been fixed, triaged as a non-issue or otherwise addressed\nand is no longer active."
],
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1IamPolicy": {
"description": "Cloud IAM Policy information associated with the Google Cloud resource\ndescribed by the Security Command Center asset. This information is managed\nand defined by the Google Cloud resource and cannot be modified by the\nuser.",
"id": "GoogleCloudSecuritycenterV1p1beta1IamPolicy",
"properties": {
"policyBlob": {
"description": "The JSON representation of the Policy associated with the asset.\nSee https://cloud.google.com/iam/docs/reference/rest/v1/Policy for\nformat details.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1NotificationMessage": {
"description": "Security Command Center's Notification",
"id": "GoogleCloudSecuritycenterV1p1beta1NotificationMessage",
"properties": {
"finding": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1Finding",
"description": "If it's a Finding based notification config, this field will be\npopulated."
},
"notificationConfigName": {
"description": "Name of the notification config that generated current notification.",
"type": "string"
},
"temporalAsset": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1TemporalAsset",
"description": "If it's an asset based notification config, this field will be\npopulated."
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse": {
"description": "Response of asset discovery run",
"id": "GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse",
"properties": {
"duration": {
"description": "The duration between asset discovery run start and end",
"format": "google-duration",
"type": "string"
},
"state": {
"description": "The state of an asset discovery run.",
"enum": [
"STATE_UNSPECIFIED",
"COMPLETED",
"SUPERSEDED",
"TERMINATED"
],
"enumDescriptions": [
"Asset discovery run state was unspecified.",
"Asset discovery run completed successfully.",
"Asset discovery run was cancelled with tasks still pending, as another\nrun for the same organization was started with a higher priority.",
"Asset discovery run was killed and terminated."
],
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties": {
"description": "Security Command Center managed properties. These properties are managed by\nSecurity Command Center and cannot be modified by the user.",
"id": "GoogleCloudSecuritycenterV1p1beta1SecurityCenterProperties",
"properties": {
"resourceDisplayName": {
"description": "The user defined display name for this resource.",
"type": "string"
},
"resourceName": {
"description": "The full resource name of the Google Cloud resource this asset\nrepresents. This field is immutable after create time. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
"resourceOwners": {
"description": "Owners of the Google Cloud resource.",
"items": {
"type": "string"
},
"type": "array"
},
"resourceParent": {
"description": "The full resource name of the immediate parent of the resource. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
"resourceParentDisplayName": {
"description": "The user defined display name for the parent of this resource.",
"type": "string"
},
"resourceProject": {
"description": "The full resource name of the project the resource belongs to. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
"resourceProjectDisplayName": {
"description": "The user defined display name for the project of this resource.",
"type": "string"
},
"resourceType": {
"description": "The type of the Google Cloud resource. Examples include: APPLICATION,\nPROJECT, and ORGANIZATION. This is a case insensitive field defined by\nSecurity Command Center and/or the producer of the resource and is\nimmutable after create time.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1SecurityMarks": {
"description": "User specified security marks that are attached to the parent Security\nCommand Center resource. Security marks are scoped within a Security Command\nCenter organization -- they can be modified and viewed by all users who have\nproper permissions on the organization.",
"id": "GoogleCloudSecuritycenterV1p1beta1SecurityMarks",
"properties": {
"marks": {
"additionalProperties": {
"type": "string"
},
"description": "Mutable user specified security marks belonging to the parent resource.\nConstraints are as follows:\n\n * Keys and values are treated as case insensitive\n * Keys must be between 1 - 256 characters (inclusive)\n * Keys must be letters, numbers, underscores, or dashes\n * Values have leading and trailing whitespace trimmed, remaining\n characters must be between 1 - 4096 characters (inclusive)",
"type": "object"
},
"name": {
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/{organization_id}/assets/{asset_id}/securityMarks\"\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudSecuritycenterV1p1beta1TemporalAsset": {
"description": "Wrapper over asset object that also captures the state change for the asset\ne.g. if it was a newly created asset vs updated or deleted asset.",
"id": "GoogleCloudSecuritycenterV1p1beta1TemporalAsset",
"properties": {
"asset": {
"$ref": "GoogleCloudSecuritycenterV1p1beta1Asset",
"description": "Asset data that includes attributes, properties and marks about the asset."
},
"changeType": {
"description": "Represents if the asset was created/updated/deleted.",
"enum": [
"CHANGE_TYPE_UNSPECIFIED",
"CREATED",
"UPDATED",
"DELETED"
],
"enumDescriptions": [
"Unspecified or default.",
"Newly created Asset",
"Asset was updated.",
"Asset was deleted."
],
"type": "string"
}
},
"type": "object"
},
"GroupAssetsRequest": {
"description": "Request message for grouping by assets.",
"id": "GroupAssetsRequest",
@@ -1222,7 +1565,7 @@
"type": "string"
},
"groupBy": {
"description": "Expression that defines what assets fields to use for grouping. The string\nvalue should follow SQL syntax: comma separated list of fields. For\nexample:\n\"security_center_properties.resource_project,security_center_properties.project\".\n\nThe following fields are supported when compare_duration is not set:\n\n* security_center_properties.resource_project\n* security_center_properties.resource_type\n* security_center_properties.resource_parent\n\nThe following fields are supported when compare_duration is set:\n\n* security_center_properties.resource_type",
"description": "Required. Expression that defines what assets fields to use for grouping. The string\nvalue should follow SQL syntax: comma separated list of fields. For\nexample:\n\"security_center_properties.resource_project,security_center_properties.project\".\n\nThe following fields are supported when compare_duration is not set:\n\n* security_center_properties.resource_project\n* security_center_properties.resource_type\n* security_center_properties.resource_parent\n\nThe following fields are supported when compare_duration is set:\n\n* security_center_properties.resource_type",
"type": "string"
},
"pageSize": {
@@ -1274,7 +1617,7 @@
"type": "string"
},
"groupBy": {
"description": "Expression that defines what assets fields to use for grouping (including\n`state`). The string value should follow SQL syntax: comma separated list\nof fields. For example:\n\"parent,resource_name\".\n\nThe following fields are supported:\n\n* resource_name\n* category\n* state\n* parent",
"description": "Required. Expression that defines what assets fields to use for grouping (including\n`state`). The string value should follow SQL syntax: comma separated list\nof fields. For example:\n\"parent,resource_name\".\n\nThe following fields are supported:\n\n* resource_name\n* category\n* state\n* parent",
"type": "string"
},
"pageSize": {
@@ -1400,7 +1743,7 @@
"findings": {
"description": "Findings matching the list request.",
"items": {
"$ref": "Finding"
"$ref": "GoogleCloudSecuritycenterV1beta1Finding"
},
"type": "array"
},
@@ -1493,7 +1836,7 @@
"type": "object"
},
"OrganizationSettings": {
"description": "User specified settings that are attached to the Cloud Security Command\nCenter (Cloud SCC) organization.",
"description": "User specified settings that are attached to the Security Command\nCenter organization.",
"id": "OrganizationSettings",
"properties": {
"assetDiscoveryConfig": {
@@ -1505,14 +1848,14 @@
"type": "boolean"
},
"name": {
"description": "The relative resource name of the settings. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/organizationSettings\".",
"description": "The relative resource name of the settings. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/organizationSettings\".",
"type": "string"
}
},
"type": "object"
},
"Policy": {
"description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**JSON Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\n**YAML Example**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-other-app@appspot.gserviceaccount.com\n role: roles/owner\n - members:\n - user:sean@example.com\n role: roles/viewer\n\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1523,19 +1866,19 @@
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.",
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.",
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Deprecated.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"format": "int32",
"type": "integer"
}
@@ -1549,11 +1892,11 @@
"type": "object"
},
"SecurityCenterProperties": {
"description": "Cloud SCC managed properties. These properties are managed by Cloud SCC and\ncannot be modified by the user.",
"description": "Security Command Center managed properties. These properties are managed by\nSecurity Command Center and cannot be modified by the user.",
"id": "SecurityCenterProperties",
"properties": {
"resourceName": {
"description": "The full resource name of the GCP resource this asset\nrepresents. This field is immutable after create time. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name",
"description": "Immutable. The full resource name of the Google Cloud resource this asset\nrepresents. This field is immutable after create time. See:\nhttps://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
"resourceOwners": {
@@ -1572,25 +1915,25 @@
"type": "string"
},
"resourceType": {
"description": "The type of the GCP resource. Examples include: APPLICATION,\nPROJECT, and ORGANIZATION. This is a case insensitive field defined by\nCloud SCC and/or the producer of the resource and is immutable\nafter create time.",
"description": "The type of the Google Cloud resource. Examples include: APPLICATION,\nPROJECT, and ORGANIZATION. This is a case insensitive field defined by\nSecurity Command Center and/or the producer of the resource and is\nimmutable after create time.",
"type": "string"
}
},
"type": "object"
},
"SecurityMarks": {
"description": "User specified security marks that are attached to the parent Cloud Security\nCommand Center (Cloud SCC) resource. Security marks are scoped within a Cloud\nSCC organization -- they can be modified and viewed by all users who have\nproper permissions on the organization.",
"description": "User specified security marks that are attached to the parent Security\nCommand Center resource. Security marks are scoped within a Security Command\nCenter organization -- they can be modified and viewed by all users who have\nproper permissions on the organization.",
"id": "SecurityMarks",
"properties": {
"marks": {
"additionalProperties": {
"type": "string"
},
"description": "Mutable user specified security marks belonging to the parent resource.\nConstraints are as follows:\n - Keys and values are treated as case insensitive\n - Keys must be between 1 - 256 characters (inclusive)\n - Keys must be letters, numbers, underscores, or dashes\n - Values have leading and trailing whitespace trimmed, remaining\n characters must be between 1 - 4096 characters (inclusive)",
"description": "Mutable user specified security marks belonging to the parent resource.\nConstraints are as follows:\n\n * Keys and values are treated as case insensitive\n * Keys must be between 1 - 256 characters (inclusive)\n * Keys must be letters, numbers, underscores, or dashes\n * Values have leading and trailing whitespace trimmed, remaining\n characters must be between 1 - 4096 characters (inclusive)",
"type": "object"
},
"name": {
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/123/assets/456/securityMarks\"\n\"organizations/123/sources/456/findings/789/securityMarks\".",
"description": "The relative resource name of the SecurityMarks. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExamples:\n\"organizations/{organization_id}/assets/{asset_id}/securityMarks\"\n\"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
"type": "string"
}
},
@@ -1601,12 +1944,12 @@
"id": "SetFindingStateRequest",
"properties": {
"startTime": {
"description": "The time at which the updated state takes effect.",
"description": "Required. The time at which the updated state takes effect.",
"format": "google-datetime",
"type": "string"
},
"state": {
"description": "The desired State of the finding.",
"description": "Required. The desired State of the finding.",
"enum": [
"STATE_UNSPECIFIED",
"ACTIVE",
@@ -1639,19 +1982,19 @@
"type": "object"
},
"Source": {
"description": "Cloud Security Command Center's (Cloud SCC) finding source. A finding source\nis an entity or a mechanism that can produce a finding. A source is like a\ncontainer of findings that come from the same scanner, logger, monitor, etc.",
"description": "Security Command Center finding source. A finding source\nis an entity or a mechanism that can produce a finding. A source is like a\ncontainer of findings that come from the same scanner, logger, monitor, etc.",
"id": "Source",
"properties": {
"description": {
"description": "The description of the source (max of 1024 characters).\nExample:\n\"Cloud Security Scanner is a web security scanner for common\nvulnerabilities in App Engine applications. It can automatically\nscan and detect four common vulnerabilities, including cross-site-scripting\n(XSS), Flash injection, mixed content (HTTP in HTTPS), and\noutdated/insecure libraries.\"",
"description": "The description of the source (max of 1024 characters).\nExample:\n\"Web Security Scanner is a web security scanner for common\nvulnerabilities in App Engine applications. It can automatically\nscan and detect four common vulnerabilities, including cross-site-scripting\n(XSS), Flash injection, mixed content (HTTP in HTTPS), and\noutdated/insecure libraries.\"",
"type": "string"
},
"displayName": {
"description": "The source\u2019s display name.\nA source\u2019s display name must be unique amongst its siblings, for example,\ntwo sources with the same parent can't share the same display name.\nThe display name must have a length between 1 and 64 characters\n(inclusive).",
"description": "The source's display name.\nA source's display name must be unique amongst its siblings, for example,\ntwo sources with the same parent can't share the same display name.\nThe display name must have a length between 1 and 64 characters\n(inclusive).",
"type": "string"
},
"name": {
"description": "The relative resource name of this source. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/123/sources/456\"",
"description": "The relative resource name of this source. See:\nhttps://cloud.google.com/apis/design/resource_names#relative_resource_name\nExample:\n\"organizations/{organization_id}/sources/{source_id}\"",
"type": "string"
}
},
@@ -1714,7 +2057,7 @@
}
},
"servicePath": "",
"title": "Cloud Security Command Center API",
"title": "Security Command Center API",
"version": "v1beta1",
"version_module": true
}