Synchronize new proto/yaml changes.
PiperOrigin-RevId: 217898567
diff --git a/google/cloud/securitycenter/artman_securitycenter_v1beta1.yaml b/google/cloud/securitycenter/artman_securitycenter_v1beta1.yaml
new file mode 100644
index 0000000..c72f485
--- /dev/null
+++ b/google/cloud/securitycenter/artman_securitycenter_v1beta1.yaml
@@ -0,0 +1,34 @@
+common:
+ api_name: securitycenter
+ api_version: v1beta1
+ organization_name: google-cloud
+ proto_deps:
+ - name: google-common-protos
+ src_proto_paths:
+ - v1beta1
+ service_yaml: security_center_v1beta1.yaml
+ gapic_yaml: v1beta1/securitycenter_gapic.yaml
+artifacts:
+- name: gapic_config
+ type: GAPIC_CONFIG
+- name: java_gapic
+ type: GAPIC
+ language: JAVA
+- name: python_gapic
+ type: GAPIC
+ language: PYTHON
+- name: nodejs_gapic
+ type: GAPIC
+ language: NODEJS
+- name: php_gapic
+ type: GAPIC
+ language: PHP
+- name: go_gapic
+ type: GAPIC
+ language: GO
+- name: ruby_gapic
+ type: GAPIC
+ language: RUBY
+- name: csharp_gapic
+ type: GAPIC
+ language: CSHARP
diff --git a/google/cloud/securitycenter/security_center_v1beta1.yaml b/google/cloud/securitycenter/security_center_v1beta1.yaml
new file mode 100644
index 0000000..c02fbf8
--- /dev/null
+++ b/google/cloud/securitycenter/security_center_v1beta1.yaml
@@ -0,0 +1,72 @@
+type: google.api.Service
+config_version: 3
+name: securitycenter.googleapis.com
+title: Cloud Security Command Center API
+
+apis:
+- name: google.cloud.securitycenter.v1beta1.SecurityCenter
+
+documentation:
+ summary: The public Cloud Security Command Center API.
+
+backend:
+ rules:
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.CreateSource
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.CreateFinding
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.GetIamPolicy
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.GetOrganizationSettings
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.GetSource
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.GroupAssets
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.GroupFindings
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.ListAssets
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.ListFindings
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.ListSources
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.RunAssetDiscovery
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.SetFindingState
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.SetIamPolicy
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.TestIamPermissions
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateFinding
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateOrganizationSettings
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSource
+ deadline: 60.0
+ - selector: google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSecurityMarks
+ deadline: 60.0
+
+http:
+ rules:
+ - selector: google.longrunning.Operations.ListOperations
+ get: '/v1beta1/{name=organizations/*/operations}'
+
+ - selector: google.longrunning.Operations.GetOperation
+ get: '/v1beta1/{name=organizations/*/operations/*}'
+
+ - selector: google.longrunning.Operations.DeleteOperation
+ delete: '/v1beta1/{name=organizations/*/operations/*}'
+
+ - selector: google.longrunning.Operations.CancelOperation
+ post: '/v1beta1/{name=organizations/*/operations/*}:cancel'
+ body: '*'
+
+
+authentication:
+ rules:
+ - selector: '*'
+ oauth:
+ canonical_scopes: |-
+ https://www.googleapis.com/auth/cloud-platform
diff --git a/google/cloud/securitycenter/v1beta1/asset.proto b/google/cloud/securitycenter/v1beta1/asset.proto
new file mode 100644
index 0000000..87e16aa
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/asset.proto
@@ -0,0 +1,85 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+import "google/cloud/securitycenter/v1beta1/security_marks.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// Security Center's representation of a Google Cloud Platform resource.
+//
+// The Asset is a resource of Security Center that is meant to capture
+// information regarding a single Google Cloud Platform resource. All
+// modifications to an Asset are only within the context of Security Center and
+// do not effect the referenced Google Cloud Platform resource.
+message Asset {
+ // Security Center managed properties. These properties are managed by
+ // Security Center and cannot be modified by the user.
+ message SecurityCenterProperties {
+ // The full resource name of the Google Cloud Platform resource this asset
+ // represents. This field is immutable after create time. See:
+ // https://cloud.google.com/apis/design/resource_names#full_resource_name
+ string resource_name = 1;
+
+ // The type of the Google Cloud resource. Examples include: APPLICATION,
+ // PROJECT, and ORGANIZATION. This is a case insensitive field defined by
+ // Security Center and/or the producer of the resource and is immutable
+ // after create time.
+ string resource_type = 2;
+
+ // The full resource name of the immediate parent of the resource. See:
+ // https://cloud.google.com/apis/design/resource_names#full_resource_name
+ string resource_parent = 3;
+
+ // The full resource name of the project the resource belongs to. See:
+ // https://cloud.google.com/apis/design/resource_names#full_resource_name
+ string resource_project = 4;
+
+ // Owners of the Google Cloud resource.
+ repeated string resource_owners = 5;
+ }
+
+ // The relative resource name of this asset. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // Example:
+ // "organizations/123/assets/456".
+ string name = 1;
+
+ // Security Center managed properties. These properties are managed by
+ // Security Center and cannot be modified by the user.
+ SecurityCenterProperties security_center_properties = 2;
+
+ // Resource managed properties. These properties are managed and defined by
+ // the Google Cloud Platform resource and cannot be modified by the user.
+ map<string, google.protobuf.Value> resource_properties = 7;
+
+ // User specified security marks. These marks are entirely managed by the user
+ // and come from the SecurityMarks resource belonging to the asset.
+ SecurityMarks security_marks = 8;
+
+ // The time at which the asset was created in Security Center.
+ google.protobuf.Timestamp create_time = 9;
+
+ // The time at which the asset was last updated, added, or deleted in Security
+ // Center.
+ google.protobuf.Timestamp update_time = 10;
+}
diff --git a/google/cloud/securitycenter/v1beta1/finding.proto b/google/cloud/securitycenter/v1beta1/finding.proto
new file mode 100644
index 0000000..7d9016e
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/finding.proto
@@ -0,0 +1,96 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+import "google/cloud/securitycenter/v1beta1/security_marks.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// Security Center's finding.
+//
+// A finding is a record of assessment data (security, risk, health or privacy)
+// ingested into Security Center for presentation, notification, analysis,
+// policy testing and enforcement. For example, an XSS vulnerability in an
+// AppEngine application is a finding.
+message Finding {
+ // The state of the finding.
+ enum State {
+ // Unspecified state.
+ STATE_UNSPECIFIED = 0;
+
+ // The finding requires attention and has not been addressed yet.
+ ACTIVE = 1;
+
+ // The finding has been fixed, triaged as a non-issue or otherwise addressed
+ // and is no longer active.
+ INACTIVE = 2;
+ }
+
+ // The relative resource name of this finding. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // Example:
+ // "organizations/123/sources/456/findings/789"
+ string name = 1;
+
+ // The relative resource name of the source the finding belongs to. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // This field is immutable after creation time.
+ // For example:
+ // "organizations/123/sources/456"
+ string parent = 2;
+
+ // The full resource name of the Google Cloud Platform resource this finding
+ // is for. See:
+ // https://cloud.google.com/apis/design/resource_names#full_resource_name
+ // This field is immutable after creation time.
+ string resource_name = 3;
+
+ // The state of the finding.
+ State state = 4;
+
+ // The additional taxonomy group within findings from a give source.
+ // This field is immutable after creation time.
+ // Example: "XSS_FLASH_INJECTION"
+ string category = 5;
+
+ // The URI that, if available, points to a web page outside of Security Center
+ // where additional information about the finding can be found. This field is
+ // guaranteed to be either empty or a well formed url.
+ string external_uri = 6;
+
+ // Source specific properties. These properties are managed by the source
+ // writing the finding.
+ map<string, google.protobuf.Value> source_properties = 7;
+
+ // Output only. User specified security marks. These marks are entirely
+ // managed by the user and come from the SecurityMarks resource belonging to
+ // the finding.
+ SecurityMarks security_marks = 8;
+
+ // The time at which the event took place. For example, if the finding
+ // represents an open firewall it would capture the time the open firewall was
+ // detected.
+ google.protobuf.Timestamp event_time = 9;
+
+ // The time at which the finding was created in Security Center.
+ google.protobuf.Timestamp create_time = 10;
+}
diff --git a/google/cloud/securitycenter/v1beta1/organization_settings.proto b/google/cloud/securitycenter/v1beta1/organization_settings.proto
new file mode 100644
index 0000000..80fafe5
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/organization_settings.proto
@@ -0,0 +1,72 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// User specified settings that are attached to the Security Center
+// organization.
+message OrganizationSettings {
+ // The configuration used for Asset Discovery runs.
+ message AssetDiscoveryConfig {
+ // The mode of inclusion when running Asset Discovery.
+ // Asset discovery can be limited by explicitly identifying projects to be
+ // included or excluded. If INCLUDE_ONLY is set then only those projects
+ // (within the organization) and their children are discovered during asset
+ // discovery. If EXCLUDE is set then projects not matching those projects
+ // are discovered during asset discovery. If neither are set then all
+ // projects within the organization are discovered during asset discovery.
+ enum InclusionMode {
+ // Unspecified. Setting the mode with this value will disable
+ // inclusion/exclusion filtering for Asset Discovery.
+ INCLUSION_MODE_UNSPECIFIED = 0;
+
+ // Asset Discovery will capture only the resources within the projects
+ // specified. All other resources will be ignored.
+ INCLUDE_ONLY = 1;
+
+ // Asset Discovery will ignore all resources under the projects specified.
+ // All other resources will be retrieved.
+ EXCLUDE = 2;
+ }
+
+ // The project ids to use for filtering asset discovery.
+ repeated string project_ids = 1;
+
+ // The mode to use for filtering asset discovery.
+ InclusionMode inclusion_mode = 2;
+ }
+
+ // The relative resource name of the settings. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // Example:
+ // "organizations/123/organizationSettings".
+ string name = 1;
+
+ // A flag indicating whether Asset Discovery should be enabled. If the flag is
+ // set to true then discovery of assets will occur. If it is set to false all
+ // historical assets will remain but discovery of future assets will not
+ // occur.
+ bool enable_asset_discovery = 2;
+
+ // The configuration used for Asset Discovery runs.
+ AssetDiscoveryConfig asset_discovery_config = 3;
+}
diff --git a/google/cloud/securitycenter/v1beta1/security_marks.proto b/google/cloud/securitycenter/v1beta1/security_marks.proto
new file mode 100644
index 0000000..1d011dc
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/security_marks.proto
@@ -0,0 +1,44 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// User specified security marks that are attached to the parent Security Center
+// resource. Security marks are scoped within a Security Center organization --
+// they are modifiable and viewable by all with proper permissions on the
+// organization.
+message SecurityMarks {
+ // The relative resource name of the SecurityMarks. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // Examples:
+ // "organizations/123/assets/456/securityMarks"
+ // "organizations/123/sources/456/findings/789/securityMarks".
+ string name = 1;
+
+ // Mutable user specified security marks belonging to the parent resource.
+ // Constraints are as follows:
+ // - Keys and values are treated as case insensitive
+ // - Keys must be alphanumeric and between 1 - 256 characters (inclusive)
+ // - Values have leading and trailing whitespace trimmed, remaining
+ // characters must be between 1 - 4096 characters (inclusive)
+ map<string, string> marks = 2;
+}
diff --git a/google/cloud/securitycenter/v1beta1/securitycenter_gapic.yaml b/google/cloud/securitycenter/v1beta1/securitycenter_gapic.yaml
new file mode 100644
index 0000000..978c031
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/securitycenter_gapic.yaml
@@ -0,0 +1,465 @@
+type: com.google.api.codegen.ConfigProto
+config_schema_version: 1.0.0
+# The settings of generated code in a specific language.
+language_settings:
+ java:
+ package_name: com.google.cloud.securitycenter.v1beta1
+ python:
+ package_name: google.cloud.securitycenter_v1beta1.gapic
+ go:
+ package_name: cloud.google.com/go/securitycenter/apiv1beta1
+ csharp:
+ package_name: Google.Cloud.Securitycenter.V1beta1
+ ruby:
+ package_name: Google::Cloud::Securitycenter::V1beta1
+ php:
+ package_name: Google\Cloud\Securitycenter\V1beta1
+ nodejs:
+ package_name: securitycenter.v1beta1
+# The configuration for the license header to put on generated files.
+license_header:
+ # The file containing the copyright line(s).
+ copyright_file: copyright-google.txt
+ # The file containing the raw license header without any copyright line(s).
+ license_file: license-header-apache-2.0.txt
+# A list of resource collection configurations.
+# Consists of a name_pattern and an entity_name.
+# The name_pattern is a pattern to describe the names of the resources of this
+# collection, using the platform's conventions for URI patterns. A generator
+# may use this to generate methods to compose and decompose such names. The
+# pattern should use named placeholders as in `shelves/{shelf}/books/{book}`;
+# those will be taken as hints for the parameter names of the generated
+# methods. If empty, no name methods are generated.
+# The entity_name is the name to be used as a basis for generated methods and
+# classes.
+collections:
+- name_pattern: organizations/{organization}
+ entity_name: organization
+- name_pattern: organizations/{organization}/assets/{asset}/securityMarks
+ entity_name: asset_security_marks
+- name_pattern: organizations/{organization}/sources/{source}/findings/{finding}/securityMarks
+ entity_name: finding_security_marks
+- name_pattern: organizations/{organization}/organizationSettings
+ entity_name: organization_settings
+- name_pattern: organizations/{organization}/sources/{source}
+ entity_name: source
+- name_pattern: organizations/{organization}/sources/{source}/findings/{finding}
+ entity_name: finding
+collection_oneofs:
+- oneof_name: securitymarks_oneof
+ collection_names:
+ - asset_security_marks
+ - finding_security_marks
+# A list of API interface configurations.
+interfaces:
+ # The fully qualified name of the API interface.
+- name: google.cloud.securitycenter.v1beta1.SecurityCenter
+ # Definition for retryable codes.
+ retry_codes_def:
+ - name: idempotent
+ retry_codes:
+ - DEADLINE_EXCEEDED
+ - UNAVAILABLE
+ - name: non_idempotent
+ retry_codes: []
+ # Definition for retry/backoff parameters.
+ retry_params_def:
+ - name: default
+ initial_retry_delay_millis: 100
+ retry_delay_multiplier: 1.3
+ max_retry_delay_millis: 60000
+ initial_rpc_timeout_millis: 20000
+ rpc_timeout_multiplier: 1
+ max_rpc_timeout_millis: 20000
+ total_timeout_millis: 600000
+ # A list of method configurations.
+ # Common properties:
+ #
+ # name - The simple name of the method.
+ #
+ # flattening - Specifies the configuration for parameter flattening.
+ # Describes the parameter groups for which a generator should produce method
+ # overloads which allow a client to directly pass request message fields as
+ # method parameters. This information may or may not be used, depending on
+ # the target language.
+ # Consists of groups, which each represent a list of parameters to be
+ # flattened. Each parameter listed must be a field of the request message.
+ #
+ # required_fields - Fields that are always required for a request to be
+ # valid.
+ #
+ # resource_name_treatment - An enum that specifies how to treat the resource
+ # name formats defined in the field_name_patterns and
+ # response_field_name_patterns fields.
+ # UNSET: default value
+ # NONE: the collection configs will not be used by the generated code.
+ # VALIDATE: string fields will be validated by the client against the
+ # specified resource name formats.
+ # STATIC_TYPES: the client will use generated types for resource names.
+ #
+ # page_streaming - Specifies the configuration for paging.
+ # Describes information for generating a method which transforms a paging
+ # list RPC into a stream of resources.
+ # Consists of a request and a response.
+ # The request specifies request information of the list method. It defines
+ # which fields match the paging pattern in the request. The request consists
+ # of a page_size_field and a token_field. The page_size_field is the name of
+ # the optional field specifying the maximum number of elements to be
+ # returned in the response. The token_field is the name of the field in the
+ # request containing the page token.
+ # The response specifies response information of the list method. It defines
+ # which fields match the paging pattern in the response. The response
+ # consists of a token_field and a resources_field. The token_field is the
+ # name of the field in the response containing the next page token. The
+ # resources_field is the name of the field in the response containing the
+ # list of resources belonging to the page.
+ #
+ # retry_codes_name - Specifies the configuration for retryable codes. The
+ # name must be defined in interfaces.retry_codes_def.
+ #
+ # retry_params_name - Specifies the configuration for retry/backoff
+ # parameters. The name must be defined in interfaces.retry_params_def.
+ #
+ # field_name_patterns - Maps the field name of the request type to
+ # entity_name of interfaces.collections.
+ # Specifies the string pattern that the field must follow.
+ #
+ # timeout_millis - Specifies the default timeout for a non-retrying call. If
+ # the call is retrying, refer to retry_params_name instead.
+ methods:
+ - name: CreateSource
+ flattening:
+ groups:
+ - parameters:
+ - parent
+ - source
+ required_fields:
+ - parent
+ - source
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: organization
+ timeout_millis: 60000
+ - name: CreateFinding
+ flattening:
+ groups:
+ - parameters:
+ - parent
+ - finding_id
+ - finding
+ required_fields:
+ - parent
+ - finding_id
+ - finding
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: source
+ timeout_millis: 60000
+ - name: GetIamPolicy
+ flattening:
+ groups:
+ - parameters:
+ - resource
+ required_fields:
+ - resource
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ resource: source
+ timeout_millis: 60000
+ - name: GetOrganizationSettings
+ flattening:
+ groups:
+ - parameters:
+ - name
+ required_fields:
+ - name
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ name: organization_settings
+ timeout_millis: 60000
+ - name: GetSource
+ flattening:
+ groups:
+ - parameters:
+ - name
+ required_fields:
+ - name
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ name: source
+ timeout_millis: 60000
+ - name: GroupAssets
+ required_fields:
+ - parent
+ - group_by
+ page_streaming:
+ request:
+ page_size_field: page_size
+ token_field: page_token
+ response:
+ token_field: next_page_token
+ resources_field: group_by_results
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: organization
+ timeout_millis: 60000
+ - name: GroupFindings
+ flattening:
+ groups:
+ - parameters:
+ - parent
+ - group_by
+ required_fields:
+ - parent
+ - group_by
+ page_streaming:
+ request:
+ page_size_field: page_size
+ token_field: page_token
+ response:
+ token_field: next_page_token
+ resources_field: group_by_results
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: source
+ timeout_millis: 60000
+ - name: ListAssets
+ required_fields:
+ - parent
+ page_streaming:
+ request:
+ page_size_field: page_size
+ token_field: page_token
+ response:
+ token_field: next_page_token
+ resources_field: list_assets_results
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: organization
+ timeout_millis: 60000
+ - name: ListFindings
+ required_fields:
+ - parent
+ page_streaming:
+ request:
+ page_size_field: page_size
+ token_field: page_token
+ response:
+ token_field: next_page_token
+ resources_field: findings
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: source
+ timeout_millis: 60000
+ - name: ListSources
+ flattening:
+ groups:
+ - parameters:
+ - parent
+ required_fields:
+ - parent
+ page_streaming:
+ request:
+ page_size_field: page_size
+ token_field: page_token
+ response:
+ token_field: next_page_token
+ resources_field: sources
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: organization
+ timeout_millis: 60000
+ - name: RunAssetDiscovery
+ flattening:
+ groups:
+ - parameters:
+ - parent
+ required_fields:
+ - parent
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ parent: organization
+ long_running:
+ return_type: google.protobuf.Empty
+ metadata_type: google.protobuf.Empty
+ initial_poll_delay_millis: 500
+ poll_delay_multiplier: 1.5
+ max_poll_delay_millis: 5000
+ total_poll_timeout_millis: 300000
+ timeout_millis: 60000
+ - name: SetFindingState
+ flattening:
+ groups:
+ - parameters:
+ - name
+ - state
+ - start_time
+ required_fields:
+ - name
+ - state
+ - start_time
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ name: finding
+ timeout_millis: 60000
+ - name: SetIamPolicy
+ flattening:
+ groups:
+ - parameters:
+ - resource
+ - policy
+ required_fields:
+ - resource
+ - policy
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ resource: source
+ timeout_millis: 60000
+ - name: TestIamPermissions
+ flattening:
+ groups:
+ - parameters:
+ - resource
+ - permissions
+ required_fields:
+ - resource
+ - permissions
+ retry_codes_name: idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ resource: source
+ timeout_millis: 60000
+ - name: UpdateFinding
+ flattening:
+ groups:
+ - parameters:
+ - finding
+ required_fields:
+ - finding
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ finding.name: finding
+ timeout_millis: 60000
+ - name: UpdateOrganizationSettings
+ flattening:
+ groups:
+ - parameters:
+ - organization_settings
+ required_fields:
+ - organization_settings
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ organization_settings.name: organization_settings
+ timeout_millis: 60000
+ - name: UpdateSource
+ flattening:
+ groups:
+ - parameters:
+ - source
+ required_fields:
+ - source
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ source.name: source
+ timeout_millis: 60000
+ - name: UpdateSecurityMarks
+ flattening:
+ groups:
+ - parameters:
+ - security_marks
+ required_fields:
+ - security_marks
+ retry_codes_name: non_idempotent
+ retry_params_name: default
+ resource_name_treatment: STATIC_TYPES
+ field_name_patterns:
+ security_marks.name: securitymarks_oneof
+ timeout_millis: 60000
+resource_name_generation:
+- message_name: CreateSourceRequest
+ field_entity_map:
+ parent: organization
+- message_name: CreateFindingRequest
+ field_entity_map:
+ parent: source
+- message_name: google.iam.v1.GetIamPolicyRequest
+ field_entity_map:
+ resource: source
+- message_name: GetOrganizationSettingsRequest
+ field_entity_map:
+ name: organization_settings
+- message_name: GetSourceRequest
+ field_entity_map:
+ name: source
+- message_name: GroupAssetsRequest
+ field_entity_map:
+ parent: organization
+- message_name: GroupFindingsRequest
+ field_entity_map:
+ parent: source
+- message_name: ListAssetsRequest
+ field_entity_map:
+ parent: organization
+- message_name: ListFindingsRequest
+ field_entity_map:
+ parent: source
+- message_name: ListSourcesRequest
+ field_entity_map:
+ parent: organization
+- message_name: RunAssetDiscoveryRequest
+ field_entity_map:
+ parent: organization
+- message_name: SetFindingStateRequest
+ field_entity_map:
+ name: finding
+- message_name: google.iam.v1.SetIamPolicyRequest
+ field_entity_map:
+ resource: source
+- message_name: google.iam.v1.TestIamPermissionsRequest
+ field_entity_map:
+ resource: source
+- message_name: UpdateFindingRequest
+ field_entity_map:
+ name: finding
+- message_name: UpdateOrganizationSettingsRequest
+ field_entity_map:
+ name: organization_settings
+- message_name: UpdateSourceRequest
+ field_entity_map:
+ name: source
+- message_name: UpdateSecurityMarksRequest
+ field_entity_map:
+ name: securitymarks_oneof
diff --git a/google/cloud/securitycenter/v1beta1/securitycenter_service.proto b/google/cloud/securitycenter/v1beta1/securitycenter_service.proto
new file mode 100644
index 0000000..dd71020
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/securitycenter_service.proto
@@ -0,0 +1,755 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+import "google/cloud/securitycenter/v1beta1/asset.proto";
+import "google/cloud/securitycenter/v1beta1/finding.proto";
+import "google/cloud/securitycenter/v1beta1/organization_settings.proto";
+import "google/cloud/securitycenter/v1beta1/security_marks.proto";
+import "google/cloud/securitycenter/v1beta1/source.proto";
+import "google/iam/v1/iam_policy.proto";
+import "google/iam/v1/policy.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// V1 Beta APIs for Security Center service.
+service SecurityCenter {
+ // Creates a source.
+ rpc CreateSource(CreateSourceRequest) returns (Source) {
+ option (google.api.http) = {
+ post: "/v1beta1/{parent=organizations/*}/sources"
+ body: "source"
+ };
+ }
+
+ // Creates a finding. The corresponding source must exist for finding creation
+ // to succeed.
+ rpc CreateFinding(CreateFindingRequest) returns (Finding) {
+ option (google.api.http) = {
+ post: "/v1beta1/{parent=organizations/*/sources/*}/findings"
+ body: "finding"
+ };
+ }
+
+ // Gets the access control policy on the specified Source.
+ rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
+ returns (google.iam.v1.Policy) {
+ option (google.api.http) = {
+ post: "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy"
+ body: "*"
+ };
+ }
+
+ // Gets the settings for an organization.
+ rpc GetOrganizationSettings(GetOrganizationSettingsRequest)
+ returns (OrganizationSettings) {
+ option (google.api.http) = {
+ get: "/v1beta1/{name=organizations/*/organizationSettings}"
+ };
+ }
+
+ // Gets a source.
+ rpc GetSource(GetSourceRequest) returns (Source) {
+ option (google.api.http) = {
+ get: "/v1beta1/{name=organizations/*/sources/*}"
+ };
+ }
+
+ // Filters an organization's assets and groups them by their specified
+ // properties.
+ rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) {
+ option (google.api.http) = {
+ post: "/v1beta1/{parent=organizations/*}/assets:group"
+ body: "*"
+ };
+ }
+
+ // Filters an organization or source's findings and groups them by their
+ // specified properties.
+ //
+ // To group across all sources provide a `-` as the source id.
+ // Example: /v1beta1/organizations/123/sources/-/findings
+ rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) {
+ option (google.api.http) = {
+ post: "/v1beta1/{parent=organizations/*/sources/*}/findings:group"
+ body: "*"
+ };
+ }
+
+ // Lists an organization's assets.
+ rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) {
+ option (google.api.http) = {
+ get: "/v1beta1/{parent=organizations/*}/assets"
+ };
+ }
+
+ // Lists an organization or source's assets.
+ //
+ // To list across all sources provide a `-` as the source id.
+ // Example: /v1beta1/organizations/123/sources/-/findings
+ rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
+ option (google.api.http) = {
+ get: "/v1beta1/{parent=organizations/*/sources/*}/findings"
+ };
+ }
+
+ // Lists all sources belonging to an organization.
+ rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) {
+ option (google.api.http) = {
+ get: "/v1beta1/{parent=organizations/*}/sources"
+ };
+ }
+
+ // Runs asset discovery. The discovery is tracked with a long-running
+ // operation.
+ //
+ // This API can only be called with limited frequency for an organization. If
+ // it is called too frequently the caller will receive a TOO_MANY_REQUESTS
+ // error.
+ rpc RunAssetDiscovery(RunAssetDiscoveryRequest)
+ returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1beta1/{parent=organizations/*}/assets:runDiscovery"
+ body: "*"
+ };
+ }
+
+ // Updates the state of a finding.
+ rpc SetFindingState(SetFindingStateRequest) returns (Finding) {
+ option (google.api.http) = {
+ post: "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState"
+ body: "*"
+ };
+ }
+
+ // Sets the access control policy on the specified Source.
+ rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
+ returns (google.iam.v1.Policy) {
+ option (google.api.http) = {
+ post: "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy"
+ body: "*"
+ };
+ }
+
+ // Returns the permissions that a caller has on the specified source.
+ rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
+ returns (google.iam.v1.TestIamPermissionsResponse) {
+ option (google.api.http) = {
+ post: "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions"
+ body: "*"
+ };
+ }
+
+ // Creates or updates a finding. The corresponding source must exist for a
+ // finding creation to succeed.
+ rpc UpdateFinding(UpdateFindingRequest) returns (Finding) {
+ option (google.api.http) = {
+ patch: "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}"
+ body: "finding"
+ };
+ }
+
+ // Updates an organization's settings.
+ rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest)
+ returns (OrganizationSettings) {
+ option (google.api.http) = {
+ patch: "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}"
+ body: "organization_settings"
+ };
+ }
+
+ // Updates a source.
+ rpc UpdateSource(UpdateSourceRequest) returns (Source) {
+ option (google.api.http) = {
+ patch: "/v1beta1/{source.name=organizations/*/sources/*}"
+ body: "source"
+ };
+ }
+
+ // Updates security marks.
+ rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) {
+ option (google.api.http) = {
+ patch: "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}"
+ body: "security_marks"
+ additional_bindings {
+ patch: "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}"
+ body: "security_marks"
+ }
+ };
+ }
+}
+
+// Request message for creating a finding.
+message CreateFindingRequest {
+ // Resource name of the new finding's parent. Its format should be
+ // "organizations/[organization_id]/sources/[source_id]".
+ string parent = 1;
+
+ // Unique identifier provided by the client within the parent scope.
+ // It must be alphanumeric and less than or equal to 32 characters and
+ // greater than 0 characters in length.
+ string finding_id = 2;
+
+ // The Finding being created. The name and security_marks will be ignored as
+ // they are both output only fields on this resource.
+ Finding finding = 3;
+}
+
+// Request message for creating a source.
+message CreateSourceRequest {
+ // Resource name of the new source's parent. Its format should be
+ // "organizations/[organization_id]".
+ string parent = 1;
+
+ // The Source being created, only the display_name and description will be
+ // used. All other fields will be ignored.
+ Source source = 2;
+}
+
+// Request message for getting organization settings.
+message GetOrganizationSettingsRequest {
+ // Name of the organization to get organization settings for. Its format is
+ // "organizations/[organization_id]/organizationSettings".
+ string name = 1;
+}
+
+// Request message for getting a source.
+message GetSourceRequest {
+ // Relative resource name of the source. Its format is
+ // "organizations/[organization_id]/source/[source_id]".
+ string name = 1;
+}
+
+// Request message for grouping by assets.
+message GroupAssetsRequest {
+ // Name of the organization to groupBy. Its format is
+ // "organizations/[organization_id]".
+ string parent = 1;
+
+ // Expression that defines the filter to apply across assets.
+ // The expression is a list of zero or more restrictions combined via logical
+ // operators `AND` and `OR`.
+ // Parentheses are not supported, and `OR` has higher precedence than `AND`.
+ //
+ // Restrictions have the form `<field> <operator> <value>` and may have a `-`
+ // character in front of them to indicate negation. The fields map to those
+ // defined in the Asset resource. Examples include:
+ //
+ // * name
+ // * security_center_properties.resource_name
+ // * resource_properties.a_property
+ // * security_marks.marks.marka
+ //
+ // The supported operators are:
+ //
+ // * `=` for all value types.
+ // * `>`, `<`, `>=`, `<=` for integer values.
+ // * `:`, meaning substring matching, for strings.
+ //
+ // The supported value types are:
+ //
+ // * string literals in quotes.
+ // * integer literals without quotes.
+ // * boolean literals `true` and `false` without quotes.
+ //
+ // For example, `resource_properties.size = 100` is a valid filter string.
+ string filter = 2;
+
+ // Expression that defines what assets fields to use for grouping. The string
+ // value should follow SQL syntax: comma separated list of fields. For
+ // example:
+ // "security_center_properties.resource_project,security_center_properties.project".
+ //
+ // The following fields are supported when compare_duration is not set:
+ //
+ // * security_center_properties.resource_name
+ // * security_center_properties.resource_project
+ // * security_center_properties.resource_type
+ // * security_center_properties.resource_parent
+ //
+ // The following fields are supported when compare_duration is set:
+ //
+ // * security_center_properties.resource_type
+ string group_by = 3;
+
+ // When compare_duration is set, the Asset's "state" property is updated to
+ // indicate whether the asset was added, removed, or remained present during
+ // the compare_duration period of time that precedes the read_time. This is
+ // the time between (read_time - compare_duration) and read_time.
+ //
+ // The state value is derived based on the presence of the asset at the two
+ // points in time. Intermediate state changes between the two times don't
+ // affect the result. For example, the results aren't affected if the asset is
+ // removed and re-created again.
+ //
+ // Possible "state" values when compare_duration is specified:
+ //
+ // * "ADDED": indicates that the asset was not present before
+ // compare_duration, but present at reference_time.
+ // * "REMOVED": indicates that the asset was present at the start of
+ // compare_duration, but not present at reference_time.
+ // * "ACTIVE_AT_BOTH": indicates that the asset was present at both the
+ // start and the end of the time period defined by
+ // compare_duration and reference_time.
+ //
+ // This field is ignored if `state` is not a field in `group_by`.
+ google.protobuf.Duration compare_duration = 4;
+
+ // Time used as a reference point when filtering assets. The filter is limited
+ // to assets existing at the supplied time and their values are those at that
+ // specific time. Absence of this field will default to the API's version of
+ // NOW.
+ google.protobuf.Timestamp read_time = 5;
+
+ // The value returned by the last `GroupAssetsResponse`; indicates
+ // that this is a continuation of a prior `GroupAssets` call, and that the
+ // system should return the next page of data.
+ string page_token = 7;
+
+ // The maximum number of results to return in a single response. Default is
+ // 10, minimum is 1, maximum is 1000.
+ int32 page_size = 8;
+}
+
+// Response message for grouping by assets.
+message GroupAssetsResponse {
+ // Group results. There exists an element for each existing unique
+ // combination of property/values. The element contains a count for the number
+ // of times those specific property/values appear.
+ repeated GroupResult group_by_results = 1;
+
+ // Time used for executing the groupBy request.
+ google.protobuf.Timestamp read_time = 2;
+
+ // Token to retrieve the next page of results, or empty if there are no more
+ // results.
+ string next_page_token = 3;
+}
+
+// Request message for grouping by findings.
+message GroupFindingsRequest {
+ // Name of the source to groupBy. Its format is
+ // "organizations/[organization_id]/sources/[source_id]". To groupBy across
+ // all sources provide a source_id of `-`. For example:
+ // organizations/123/sources/-
+ string parent = 1;
+
+ // Expression that defines the filter to apply across findings.
+ // The expression is a list of one or more restrictions combined via logical
+ // operators `AND` and `OR`.
+ // Parentheses are not supported, and `OR` has higher precedence than `AND`.
+ //
+ // Restrictions have the form `<field> <operator> <value>` and may have a `-`
+ // character in front of them to indicate negation. Examples include:
+ //
+ // * name
+ // * source_properties.a_property
+ // * security_marks.marks.marka
+ //
+ // The supported operators are:
+ //
+ // * `=` for all value types.
+ // * `>`, `<`, `>=`, `<=` for integer values.
+ // * `:`, meaning substring matching, for strings.
+ //
+ // The supported value types are:
+ //
+ // * string literals in quotes.
+ // * integer literals without quotes.
+ // * boolean literals `true` and `false` without quotes.
+ //
+ // For example, `source_properties.size = 100` is a valid filter string.
+ string filter = 2;
+
+ // Expression that defines what assets fields to use for grouping (including
+ // `state`). The string value should follow SQL syntax: comma separated list
+ // of fields. For example:
+ // "parent,resource_name".
+ //
+ // The following fields are supported:
+ //
+ // * resource_name
+ // * category
+ // * state
+ // * parent
+ string group_by = 3;
+
+ // Time used as a reference point when filtering findings. The filter is
+ // limited to findings existing at the supplied time and their values are
+ // those at that specific time. Absence of this field will default to the
+ // API's version of NOW.
+ google.protobuf.Timestamp read_time = 4;
+
+ // The value returned by the last `GroupFindingsResponse`; indicates
+ // that this is a continuation of a prior `GroupFindings` call, and
+ // that the system should return the next page of data.
+ string page_token = 5;
+
+ // The maximum number of results to return in a single response. Default is
+ // 10, minimum is 1, maximum is 1000.
+ int32 page_size = 6;
+}
+
+// Response message for group by findings.
+message GroupFindingsResponse {
+ // Group results. There exists an element for each existing unique
+ // combination of property/values. The element contains a count for the number
+ // of times those specific property/values appear.
+ repeated GroupResult group_by_results = 1;
+
+ // Time used for executing the groupBy request.
+ google.protobuf.Timestamp read_time = 2;
+
+ // Token to retrieve the next page of results, or empty if there are no more
+ // results.
+ string next_page_token = 3;
+}
+
+// Result containing the properties and count of a groupBy request.
+message GroupResult {
+ // Properties matching the groupBy fields in the request.
+ map<string, google.protobuf.Value> properties = 1;
+
+ // Total count of resources for the given properties.
+ int64 count = 2;
+}
+
+// Request message for listing sources.
+message ListSourcesRequest {
+ // Resource name of the parent of sources to list. Its format should be
+ // "organizations/[organization_id]".
+ string parent = 1;
+
+ // The value returned by the last `ListSourcesResponse`; indicates
+ // that this is a continuation of a prior `ListSources` call, and
+ // that the system should return the next page of data.
+ string page_token = 2;
+
+ // The maximum number of results to return in a single response. Default is
+ // 10, minimum is 1, maximum is 1000.
+ int32 page_size = 7;
+}
+
+// Response message for listing sources.
+message ListSourcesResponse {
+ // Sources belonging to the requested parent.
+ repeated Source sources = 1;
+
+ // Token to retrieve the next page of results, or empty if there are no more
+ // results.
+ string next_page_token = 2;
+}
+
+// Request message for listing assets.
+message ListAssetsRequest {
+ // Name of the organization assets should belong to. Its format is
+ // "organizations/[organization_id]".
+ string parent = 1;
+
+ // Expression that defines the filter to apply across assets.
+ // The expression is a list of zero or more restrictions combined via logical
+ // operators `AND` and `OR`.
+ // Parentheses are not supported, and `OR` has higher precedence than `AND`.
+ //
+ // Restrictions have the form `<field> <operator> <value>` and may have a `-`
+ // character in front of them to indicate negation. The fields map to those
+ // defined in the Asset resource. Examples include:
+ //
+ // * name
+ // * security_center_properties.resource_name
+ // * resource_properties.a_property
+ // * security_marks.marks.marka
+ //
+ // The supported operators are:
+ //
+ // * `=` for all value types.
+ // * `>`, `<`, `>=`, `<=` for integer values.
+ // * `:`, meaning substring matching, for strings.
+ //
+ // The supported value types are:
+ //
+ // * string literals in quotes.
+ // * integer literals without quotes.
+ // * boolean literals `true` and `false` without quotes.
+ //
+ // For example, `resource_properties.size = 100` is a valid filter string.
+ string filter = 2;
+
+ // Expression that defines what fields and order to use for sorting. The
+ // string value should follow SQL syntax: comma separated list of fields. For
+ // example: "name,resource_properties.a_property". The default sorting order
+ // is ascending. To specify descending order for a field, a suffix " desc"
+ // should be appended to the field name. For example: "name
+ // desc,resource_properties.a_property". Redundant space characters in the
+ // syntax are insignificant. "name desc,resource_properties.a_property" and "
+ // name desc , resource_properties.a_property " are equivalent.
+ string order_by = 3;
+
+ // Time used as a reference point when filtering assets. The filter is limited
+ // to assets existing at the supplied time and their values are those at that
+ // specific time. Absence of this field will default to the API's version of
+ // NOW.
+ google.protobuf.Timestamp read_time = 4;
+
+ // When compare_duration is set, the ListAssetResult's "state" attribute is
+ // updated to indicate whether the asset was added, removed, or remained
+ // present during the compare_duration period of time that precedes the
+ // read_time. This is the time between (read_time -
+ // compare_duration) and read_time.
+ //
+ // The state value is derived based on the presence of the asset at the two
+ // points in time. Intermediate state changes between the two times don't
+ // affect the result. For example, the results aren't affected if the asset is
+ // removed and re-created again.
+ //
+ // Possible "state" values when compare_duration is specified:
+ //
+ // * "ADDED": indicates that the asset was not present before
+ // compare_duration, but present at read_time.
+ // * "REMOVED": indicates that the asset was present at the start of
+ // compare_duration, but not present at read_time.
+ // * "ACTIVE": indicates that the asset was present at both the
+ // start and the end of the time period defined by
+ // compare_duration and read_time.
+ //
+ // If compare_duration is not specified, then the only possible state is
+ // "UNUSED", which indicates that the asset is present at read_time.
+ google.protobuf.Duration compare_duration = 5;
+
+ // Optional.
+ //
+ // A field mask to specify the ListAssetsResult fields to be listed in the
+ // response.
+ // An empty field mask will list all fields.
+ google.protobuf.FieldMask field_mask = 7;
+
+ // The value returned by the last `ListAssetsResponse`; indicates
+ // that this is a continuation of a prior `ListAssets` call, and
+ // that the system should return the next page of data.
+ string page_token = 8;
+
+ // The maximum number of results to return in a single response. Default is
+ // 10, minimum is 1, maximum is 1000.
+ int32 page_size = 9;
+}
+
+// Response message for listing assets.
+message ListAssetsResponse {
+ // Result containing the Asset and its State.
+ message ListAssetsResult {
+ // State of the asset.
+ //
+ // When querying across two points in time this describes
+ // the change between the two points: ADDED, REMOVED, or ACTIVE.
+ // If there was no compare_duration supplied in the request the state should
+ // be: UNUSED
+ enum State {
+ // Unspecified state.
+ STATE_UNSPECIFIED = 0;
+
+ // Request did not specify use of this field in the result.
+ UNUSED = 1;
+
+ // Asset was added between the points in time.
+ ADDED = 2;
+
+ // Asset was removed between the points in time.
+ REMOVED = 3;
+
+ // Asset was active at both point(s) in time.
+ ACTIVE = 4;
+ }
+
+ // Asset matching the search request.
+ Asset asset = 1;
+
+ // State of the asset.
+ State state = 2;
+ }
+
+ // Assets matching the list request.
+ repeated ListAssetsResult list_assets_results = 1;
+
+ // Time used for executing the list request.
+ google.protobuf.Timestamp read_time = 2;
+
+ // Token to retrieve the next page of results, or empty if there are no more
+ // results.
+ string next_page_token = 3;
+
+ // The total number of assets matching the query.
+ int32 total_size = 4;
+}
+
+// Request message for listing findings.
+message ListFindingsRequest {
+ // Name of the source the findings belong to. Its format is
+ // "organizations/[organization_id]/sources/[source_id]". To list across all
+ // sources provide a source_id of `-`. For example:
+ // organizations/123/sources/-
+ string parent = 1;
+
+ // Expression that defines the filter to apply across findings.
+ // The expression is a list of one or more restrictions combined via logical
+ // operators `AND` and `OR`.
+ // Parentheses are not supported, and `OR` has higher precedence than `AND`.
+ //
+ // Restrictions have the form `<field> <operator> <value>` and may have a `-`
+ // character in front of them to indicate negation. Examples include:
+ //
+ // * name
+ // * source_properties.a_property
+ // * security_marks.marks.marka
+ //
+ // The supported operators are:
+ //
+ // * `=` for all value types.
+ // * `>`, `<`, `>=`, `<=` for integer values.
+ // * `:`, meaning substring matching, for strings.
+ //
+ // The supported value types are:
+ //
+ // * string literals in quotes.
+ // * integer literals without quotes.
+ // * boolean literals `true` and `false` without quotes.
+ //
+ // For example, `source_properties.size = 100` is a valid filter string.
+ string filter = 2;
+
+ // Expression that defines what fields and order to use for sorting. The
+ // string value should follow SQL syntax: comma separated list of fields. For
+ // example: "name,resource_properties.a_property". The default sorting order
+ // is ascending. To specify descending order for a field, a suffix " desc"
+ // should be appended to the field name. For example: "name
+ // desc,source_properties.a_property". Redundant space characters in the
+ // syntax are insignificant. "name desc,source_properties.a_property" and "
+ // name desc , source_properties.a_property " are equivalent.
+ string order_by = 3;
+
+ // Time used as a reference point when filtering findings. The filter is
+ // limited to findings existing at the supplied time and their values are
+ // those at that specific time. Absence of this field will default to the
+ // API's version of NOW.
+ google.protobuf.Timestamp read_time = 4;
+
+ // Optional.
+ //
+ // A field mask to specify the Finding fields to be listed in the response.
+ // An empty field mask will list all fields.
+ google.protobuf.FieldMask field_mask = 5;
+
+ // The value returned by the last `ListFindingsResponse`; indicates
+ // that this is a continuation of a prior `ListFindings` call, and
+ // that the system should return the next page of data.
+ string page_token = 6;
+
+ // The maximum number of results to return in a single response. Default is
+ // 10, minimum is 1, maximum is 1000.
+ int32 page_size = 7;
+}
+
+// Response message for listing findings.
+message ListFindingsResponse {
+ // Findings matching the list request.
+ repeated Finding findings = 1;
+
+ // Time used for executing the list request.
+ google.protobuf.Timestamp read_time = 2;
+
+ // Token to retrieve the next page of results, or empty if there are no more
+ // results.
+ string next_page_token = 3;
+
+ // The total number of findings matching the query.
+ int32 total_size = 4;
+}
+
+// Request message for updating a finding's state.
+message SetFindingStateRequest {
+ // The relative resource name of the finding. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // Example:
+ // "organizations/123/sources/456/finding/789".
+ string name = 1;
+
+ // The desired State of the finding.
+ Finding.State state = 2;
+
+ // The time at which the updated state takes effect.
+ google.protobuf.Timestamp start_time = 3;
+}
+
+// Request message for running asset discovery for an organization.
+message RunAssetDiscoveryRequest {
+ // Name of the organization to run asset discovery for. Its format is
+ // "organizations/[organization_id]".
+ string parent = 1;
+}
+
+// Request message for updating or creating a finding.
+message UpdateFindingRequest {
+ // The finding resource to update or create if it does not already exist.
+ // parent, security_marks, and update_time will be ignored.
+ //
+ // In the case of creation, the finding id portion of the name must
+ // alphanumeric and less than or equal to 32 characters and greater than 0
+ // characters in length.
+ Finding finding = 1;
+
+ // The FieldMask to use when updating the finding resource. This field is
+ // ignored if the finding does not already exist and the finding is created.
+ google.protobuf.FieldMask update_mask = 2;
+}
+
+// Request message for updating an organization's settings.
+message UpdateOrganizationSettingsRequest {
+ // The organization settings resource to update.
+ OrganizationSettings organization_settings = 1;
+
+ // The FieldMask to use when updating the settings resource.
+ google.protobuf.FieldMask update_mask = 2;
+}
+
+// Request message for updating a source.
+message UpdateSourceRequest {
+ // The source resource to update.
+ Source source = 1;
+
+ // The FieldMask to use when updating the source resource.
+ google.protobuf.FieldMask update_mask = 2;
+}
+
+// Request message for updating a SecurityMarks resource.
+message UpdateSecurityMarksRequest {
+ // The security marks resource to update.
+ SecurityMarks security_marks = 1;
+
+ // The FieldMask to use when updating the security marks resource.
+ google.protobuf.FieldMask update_mask = 2;
+
+ // The time at which the updated SecurityMarks take effect.
+ google.protobuf.Timestamp start_time = 3;
+}
diff --git a/google/cloud/securitycenter/v1beta1/source.proto b/google/cloud/securitycenter/v1beta1/source.proto
new file mode 100644
index 0000000..c732ff0
--- /dev/null
+++ b/google/cloud/securitycenter/v1beta1/source.proto
@@ -0,0 +1,52 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// Security Center's finding source. A finding source is an entity or a
+// mechanism that can produce a finding. A source can also be thought of as a
+// container of findings that come from the same scanner, logger, monitor, etc.
+message Source {
+ // The relative resource name of this source. See:
+ // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+ // Example:
+ // "organizations/123/sources/456"
+ string name = 1;
+
+ // The source’s display name.
+ // A source’s display name must be unique amongst its siblings, e.g.
+ // no two sources with the same parent can share the same display name.
+ // The display name must start and end with a letter or digit, may contain
+ // letters, digits, spaces, hyphens and underscores and can be no longer
+ // than 30 characters. This is captured by the regular expression:
+ // [\p{L}\p{N}]({\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
+ string display_name = 2;
+
+ // The description of the source (max of 1024 characters).
+ // Example:
+ // "Cloud Security Scanner is a web security scanner for common
+ // vulnerabilities in Google App Engine applications. It can automatically
+ // scan and detect four common vulnerabilities, including cross-site-scripting
+ // (XSS), Flash injection, mixed content (HTTP in HTTPS), and
+ // outdated/insecure libraries."
+ string description = 3;
+}
