Skip to content

Commit 3e70564

Browse files
Google APIscopybara-github
Google APIs
authored andcommitted
feat: Add Resource to the v1 NotificationMessage, which contains resource-related fields associated to the Finding notification.
docs: Adjusted wording from Cloud SCC to Security Command Center, and updated filtering docs for List APIs. PiperOrigin-RevId: 315715539
1 parent ed11746 commit 3e70564

10 files changed

+137
-58
lines changed

google/cloud/securitycenter/v1/BUILD.bazel

+2-1
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ proto_library(
1717
"notification_config.proto",
1818
"notification_message.proto",
1919
"organization_settings.proto",
20+
"resource.proto",
2021
"run_asset_discovery_response.proto",
2122
"security_marks.proto",
2223
"securitycenter_service.proto",
@@ -136,8 +137,8 @@ go_gapic_library(
136137
deps = [
137138
":securitycenter_go_proto",
138139
"//google/iam/v1:iam_go_proto",
139-
"//google/longrunning:longrunning_go_gapic",
140140
"//google/longrunning:longrunning_go_proto",
141+
"@com_google_cloud_go//longrunning/autogen:go_default_library",
141142
"@com_google_cloud_go//longrunning:go_default_library",
142143
"@io_bazel_rules_go//proto/wkt:duration_go_proto",
143144
"@io_bazel_rules_go//proto/wkt:struct_go_proto",

google/cloud/securitycenter/v1/asset.proto

+26-23
Original file line numberDiff line numberDiff line change
@@ -29,30 +29,31 @@ option java_package = "com.google.cloud.securitycenter.v1";
2929
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
3030
option ruby_package = "Google::Cloud::SecurityCenter::V1";
3131

32-
// Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud
33-
// Platform (GCP) resource.
32+
// Security Command Center representation of a Google Cloud
33+
// resource.
3434
//
35-
// The Asset is a Cloud SCC resource that captures information about a single
36-
// GCP resource. All modifications to an Asset are only within the context of
37-
// Cloud SCC and don't affect the referenced GCP resource.
35+
// The Asset is a Security Command Center resource that captures information
36+
// about a single Google Cloud resource. All modifications to an Asset are only
37+
// within the context of Security Command Center and don't affect the referenced
38+
// Google Cloud resource.
3839
message Asset {
3940
option (google.api.resource) = {
4041
type: "securitycenter.googleapis.com/Asset"
4142
pattern: "organizations/{organization}/assets/{asset}"
4243
};
4344

44-
// Cloud SCC managed properties. These properties are managed by Cloud SCC and
45-
// cannot be modified by the user.
45+
// Security Command Center managed properties. These properties are managed by
46+
// Security Command Center and cannot be modified by the user.
4647
message SecurityCenterProperties {
47-
// The full resource name of the GCP resource this asset
48+
// The full resource name of the Google Cloud resource this asset
4849
// represents. This field is immutable after create time. See:
4950
// https://cloud.google.com/apis/design/resource_names#full_resource_name
5051
string resource_name = 1;
5152

52-
// The type of the GCP resource. Examples include: APPLICATION,
53+
// The type of the Google Cloud resource. Examples include: APPLICATION,
5354
// PROJECT, and ORGANIZATION. This is a case insensitive field defined by
54-
// Cloud SCC and/or the producer of the resource and is immutable
55-
// after create time.
55+
// Security Command Center and/or the producer of the resource and is
56+
// immutable after create time.
5657
string resource_type = 2;
5758

5859
// The full resource name of the immediate parent of the resource. See:
@@ -76,9 +77,10 @@ message Asset {
7677
string resource_project_display_name = 8;
7778
}
7879

79-
// IAM Policy information associated with the GCP resource described by the
80-
// Cloud SCC asset. This information is managed and defined by the GCP
81-
// resource and cannot be modified by the user.
80+
// Cloud IAM Policy information associated with the Google Cloud resource
81+
// described by the Security Command Center asset. This information is managed
82+
// and defined by the Google Cloud resource and cannot be modified by the
83+
// user.
8284
message IamPolicy {
8385
// The JSON representation of the Policy associated with the asset.
8486
// See https://cloud.google.com/iam/reference/rest/v1/Policy for format
@@ -92,27 +94,28 @@ message Asset {
9294
// "organizations/{organization_id}/assets/{asset_id}".
9395
string name = 1;
9496

95-
// Cloud SCC managed properties. These properties are managed by
96-
// Cloud SCC and cannot be modified by the user.
97+
// Security Command Center managed properties. These properties are managed by
98+
// Security Command Center and cannot be modified by the user.
9799
SecurityCenterProperties security_center_properties = 2;
98100

99101
// Resource managed properties. These properties are managed and defined by
100-
// the GCP resource and cannot be modified by the user.
102+
// the Google Cloud resource and cannot be modified by the user.
101103
map<string, google.protobuf.Value> resource_properties = 7;
102104

103105
// User specified security marks. These marks are entirely managed by the user
104106
// and come from the SecurityMarks resource that belongs to the asset.
105107
SecurityMarks security_marks = 8;
106108

107-
// The time at which the asset was created in Cloud SCC.
109+
// The time at which the asset was created in Security Command Center.
108110
google.protobuf.Timestamp create_time = 9;
109111

110-
// The time at which the asset was last updated, added, or deleted in Cloud
111-
// SCC.
112+
// The time at which the asset was last updated, added, or deleted in Security
113+
// Command Center.
112114
google.protobuf.Timestamp update_time = 10;
113115

114-
// IAM Policy information associated with the GCP resource described by the
115-
// Cloud SCC asset. This information is managed and defined by the GCP
116-
// resource and cannot be modified by the user.
116+
// Cloud IAM Policy information associated with the Google Cloud resource
117+
// described by the Security Command Center asset. This information is managed
118+
// and defined by the Google Cloud resource and cannot be modified by the
119+
// user.
117120
IamPolicy iam_policy = 11;
118121
}

google/cloud/securitycenter/v1/finding.proto

+12-12
Original file line numberDiff line numberDiff line change
@@ -30,11 +30,11 @@ option java_package = "com.google.cloud.securitycenter.v1";
3030
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
3131
option ruby_package = "Google::Cloud::SecurityCenter::V1";
3232

33-
// Cloud Security Command Center (Cloud SCC) finding.
33+
// Security Command Center finding.
3434
//
3535
// A finding is a record of assessment data like security, risk, health, or
36-
// privacy, that is ingested into Cloud SCC for presentation, notification,
37-
// analysis, policy testing, and enforcement. For example, a
36+
// privacy, that is ingested into Security Command Center for presentation,
37+
// notification, analysis, policy testing, and enforcement. For example, a
3838
// cross-site scripting (XSS) vulnerability in an App Engine application is a
3939
// finding.
4040
message Finding {
@@ -69,12 +69,12 @@ message Finding {
6969
// "organizations/{organization_id}/sources/{source_id}"
7070
string parent = 2;
7171

72-
// For findings on Google Cloud Platform (GCP) resources, the full resource
73-
// name of the GCP resource this finding is for. See:
72+
// For findings on Google Cloud resources, the full resource
73+
// name of the Google Cloud resource this finding is for. See:
7474
// https://cloud.google.com/apis/design/resource_names#full_resource_name
75-
// When the finding is for a non-GCP resource, the resourceName can be a
76-
// customer or partner defined string.
77-
// This field is immutable after creation time.
75+
// When the finding is for a non-Google Cloud resource, the resourceName can
76+
// be a customer or partner defined string. This field is immutable after
77+
// creation time.
7878
string resource_name = 3;
7979

8080
// The state of the finding.
@@ -85,9 +85,9 @@ message Finding {
8585
// Example: "XSS_FLASH_INJECTION"
8686
string category = 5;
8787

88-
// The URI that, if available, points to a web page outside of Cloud SCC
89-
// where additional information about the finding can be found. This field is
90-
// guaranteed to be either empty or a well formed URL.
88+
// The URI that, if available, points to a web page outside of Security
89+
// Command Center where additional information about the finding can be found.
90+
// This field is guaranteed to be either empty or a well formed URL.
9191
string external_uri = 6;
9292

9393
// Source specific properties. These properties are managed by the source
@@ -106,6 +106,6 @@ message Finding {
106106
// the firewall became open. The accuracy is determined by the detector.
107107
google.protobuf.Timestamp event_time = 9;
108108

109-
// The time at which the finding was created in Cloud SCC.
109+
// The time at which the finding was created in Security Command Center.
110110
google.protobuf.Timestamp create_time = 10;
111111
}

google/cloud/securitycenter/v1/notification_message.proto

+4
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ package google.cloud.securitycenter.v1;
1818

1919
import "google/api/annotations.proto";
2020
import "google/cloud/securitycenter/v1/finding.proto";
21+
import "google/cloud/securitycenter/v1/resource.proto";
2122

2223
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
2324
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
@@ -38,4 +39,7 @@ message NotificationMessage {
3839
// populated.
3940
Finding finding = 2;
4041
}
42+
43+
// The Cloud resource tied to this notification's Finding.
44+
Resource resource = 3;
4145
}

google/cloud/securitycenter/v1/organization_settings.proto

+2-2
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,8 @@ option java_package = "com.google.cloud.securitycenter.v1";
2626
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
2727
option ruby_package = "Google::Cloud::SecurityCenter::V1";
2828

29-
// User specified settings that are attached to the Cloud Security Command
30-
// Center (Cloud SCC) organization.
29+
// User specified settings that are attached to the Security Command
30+
// Center organization.
3131
message OrganizationSettings {
3232
option (google.api.resource) = {
3333
type: "securitycenter.googleapis.com/OrganizationSettings"
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
// Copyright 2020 Google LLC
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
syntax = "proto3";
16+
17+
package google.cloud.securitycenter.v1;
18+
19+
import "google/api/annotations.proto";
20+
21+
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
22+
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
23+
option java_multiple_files = true;
24+
option java_outer_classname = "ResourceProto";
25+
option java_package = "com.google.cloud.securitycenter.v1";
26+
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
27+
option ruby_package = "Google::Cloud::SecurityCenter::V1";
28+
29+
// Information related to the Google Cloud resource.
30+
message Resource {
31+
// The full resource name of the resource. See:
32+
// https://cloud.google.com/apis/design/resource_names#full_resource_name
33+
string name = 1;
34+
35+
// The full resource name of project that the resource belongs to.
36+
string project = 2;
37+
38+
// The human readable name of project that the resource belongs to.
39+
string project_display_name = 3;
40+
41+
// The full resource name of resource's parent.
42+
string parent = 4;
43+
44+
// The human readable name of resource's parent.
45+
string parent_display_name = 5;
46+
}

google/cloud/securitycenter/v1/security_marks.proto

+3-3
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ option java_package = "com.google.cloud.securitycenter.v1";
2626
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
2727
option ruby_package = "Google::Cloud::SecurityCenter::V1";
2828

29-
// User specified security marks that are attached to the parent Cloud Security
30-
// Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud
31-
// SCC organization -- they can be modified and viewed by all users who have
29+
// User specified security marks that are attached to the parent Security
30+
// Command Center resource. Security marks are scoped within a Security Command
31+
// Center organization -- they can be modified and viewed by all users who have
3232
// proper permissions on the organization.
3333
message SecurityMarks {
3434
option (google.api.resource) = {

google/cloud/securitycenter/v1/securitycenter_service.proto

+37-13
Original file line numberDiff line numberDiff line change
@@ -438,15 +438,15 @@ message GroupAssetsRequest {
438438
//
439439
// Usage: This should be milliseconds since epoch or an RFC3339 string.
440440
// Examples:
441-
// "update_time = \"2019-06-10T16:07:18-07:00\""
442-
// "update_time = 1560208038000"
441+
// `update_time = "2019-06-10T16:07:18-07:00"`
442+
// `update_time = 1560208038000`
443443
//
444444
// * create_time: `=`, `>`, `<`, `>=`, `<=`
445445
//
446446
// Usage: This should be milliseconds since epoch or an RFC3339 string.
447447
// Examples:
448-
// "create_time = \"2019-06-10T16:07:18-07:00\""
449-
// "create_time = 1560208038000"
448+
// `create_time = "2019-06-10T16:07:18-07:00"`
449+
// `create_time = 1560208038000`
450450
//
451451
// * iam_policy.policy_blob: `=`, `:`
452452
// * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
@@ -461,6 +461,12 @@ message GroupAssetsRequest {
461461
// * security_center_properties.resource_owners: `=`, `:`
462462
//
463463
// For example, `resource_properties.size = 100` is a valid filter string.
464+
//
465+
// Use a partial match on the empty string to filter based on a property
466+
// existing:`resource_properties.my_property : ""`
467+
//
468+
// Use a negated partial match on the empty string to filter based on a
469+
// property not existing: `-resource_properties.my_property : ""`
464470
string filter = 2;
465471

466472
// Required. Expression that defines what assets fields to use for grouping.
@@ -595,13 +601,19 @@ message GroupFindingsRequest {
595601
//
596602
// Usage: This should be milliseconds since epoch or an RFC3339 string.
597603
// Examples:
598-
// "event_time = \"2019-06-10T16:07:18-07:00\""
599-
// "event_time = 1560208038000"
604+
// `event_time = "2019-06-10T16:07:18-07:00"`
605+
// `event_time = 1560208038000`
600606
//
601607
// * security_marks.marks: `=`, `:`
602608
// * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
603609
//
604610
// For example, `source_properties.size = 100` is a valid filter string.
611+
//
612+
// Use a partial match on the empty string to filter based on a property
613+
// existing: `source_properties.my_property : ""`
614+
//
615+
// Use a negated partial match on the empty string to filter based on a
616+
// property not existing: `-source_properties.my_property : ""`
605617
string filter = 2;
606618

607619
// Required. Expression that defines what assets fields to use for grouping
@@ -803,15 +815,15 @@ message ListAssetsRequest {
803815
//
804816
// Usage: This should be milliseconds since epoch or an RFC3339 string.
805817
// Examples:
806-
// "update_time = \"2019-06-10T16:07:18-07:00\""
807-
// "update_time = 1560208038000"
818+
// `update_time = "2019-06-10T16:07:18-07:00"`
819+
// `update_time = 1560208038000`
808820
//
809821
// * create_time: `=`, `>`, `<`, `>=`, `<=`
810822
//
811823
// Usage: This should be milliseconds since epoch or an RFC3339 string.
812824
// Examples:
813-
// "create_time = \"2019-06-10T16:07:18-07:00\""
814-
// "create_time = 1560208038000"
825+
// `create_time = "2019-06-10T16:07:18-07:00"`
826+
// `create_time = 1560208038000`
815827
//
816828
// * iam_policy.policy_blob: `=`, `:`
817829
// * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
@@ -826,6 +838,12 @@ message ListAssetsRequest {
826838
// * security_center_properties.resource_owners: `=`, `:`
827839
//
828840
// For example, `resource_properties.size = 100` is a valid filter string.
841+
//
842+
// Use a partial match on the empty string to filter based on a property
843+
// existing: `resource_properties.my_property : ""`
844+
//
845+
// Use a negated partial match on the empty string to filter based on a
846+
// property not existing: `-resource_properties.my_property : ""`
829847
string filter = 2;
830848

831849
// Expression that defines what fields and order to use for sorting. The
@@ -992,13 +1010,19 @@ message ListFindingsRequest {
9921010
//
9931011
// Usage: This should be milliseconds since epoch or an RFC3339 string.
9941012
// Examples:
995-
// "event_time = \"2019-06-10T16:07:18-07:00\""
996-
// "event_time = 1560208038000"
1013+
// `event_time = "2019-06-10T16:07:18-07:00"`
1014+
// `event_time = 1560208038000`
9971015
//
9981016
// security_marks.marks: `=`, `:`
9991017
// source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
10001018
//
10011019
// For example, `source_properties.size = 100` is a valid filter string.
1020+
//
1021+
// Use a partial match on the empty string to filter based on a property
1022+
// existing: `source_properties.my_property : ""`
1023+
//
1024+
// Use a negated partial match on the empty string to filter based on a
1025+
// property not existing: `-source_properties.my_property : ""`
10021026
string filter = 2;
10031027

10041028
// Expression that defines what fields and order to use for sorting. The
@@ -1078,7 +1102,7 @@ message ListFindingsRequest {
10781102
message ListFindingsResponse {
10791103
// Result containing the Finding and its StateChange.
10801104
message ListFindingsResult {
1081-
// Information related to the Google Cloud Platform (GCP) resource that is
1105+
// Information related to the Google Cloud resource that is
10821106
// associated with this finding.
10831107
message Resource {
10841108
// The full resource name of the resource. See:

google/cloud/securitycenter/v1/securitycenter_v1.yaml

+4-3
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,20 @@
11
type: google.api.Service
22
config_version: 3
33
name: securitycenter.googleapis.com
4-
title: Cloud Security Command Center API
4+
title: Security Command Center API
55

66
apis:
77
- name: google.cloud.securitycenter.v1.SecurityCenter
88

99
types:
1010
- name: google.cloud.securitycenter.v1.NotificationMessage
11+
- name: google.cloud.securitycenter.v1.Resource
1112
- name: google.cloud.securitycenter.v1.RunAssetDiscoveryResponse
1213

1314
documentation:
1415
summary: |-
15-
Cloud Security Command Center API provides access to temporal views of
16-
assets and findings within an organization.
16+
Security Command Center API provides access to temporal views of assets and
17+
findings within an organization.
1718
1819
backend:
1920
rules:

0 commit comments

Comments
 (0)