feat(securitycenter): update the api

#### securitycenter:v1

The following keys were added:
- resources.organizations.resources.simulations.resources.attackExposureResults.resources.valuedResources.methods.list.parameters.orderBy (Total Keys: 2)
- resources.organizations.resources.simulations.resources.valuedResources.methods.list.parameters.orderBy (Total Keys: 2)
- schemas.PolicyDriftDetails (Total Keys: 5)
- schemas.SecurityPosture.properties.policy (Total Keys: 4)

#### securitycenter:v1beta1

The following keys were added:
- schemas.PolicyDriftDetails (Total Keys: 5)
- schemas.SecurityPosture.properties.policy (Total Keys: 4)

#### securitycenter:v1beta2

The following keys were added:
- schemas.PolicyDriftDetails (Total Keys: 5)
- schemas.SecurityPosture.properties.policy (Total Keys: 4)

docs/dyn/securitycenter_v1.folders.securityHealthAnalyticsSettings.customModules.html

@@ -583,7 +583,7 @@ <h3>Method Details</h3>
           &quot;members&quot;: [ # Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
             &quot;A String&quot;,
           ],
-          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
         },
       ],
       &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -641,7 +641,7 @@ <h3>Method Details</h3>
         &quot;fullUri&quot;: &quot;A String&quot;, # The full URI with payload that can be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H
       },
       &quot;attackExposure&quot;: { # An attack exposure contains the results of an attack path simulation run. # The results of an attack path simulation relevant to this finding.
-        &quot;attackExposureResult&quot;: &quot;A String&quot;, # The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/attackExposureResults/456
+        &quot;attackExposureResult&quot;: &quot;A String&quot;, # The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/simulations/456/attackExposureResults/789
         &quot;exposedHighValueResourcesCount&quot;: 42, # The number of high value resources that are exposed as a result of this finding.
         &quot;exposedLowValueResourcesCount&quot;: 42, # The number of high value resources that are exposed as a result of this finding.
         &quot;exposedMediumValueResourcesCount&quot;: 42, # The number of medium value resources that are exposed as a result of this finding.
@@ -1043,10 +1043,19 @@ <h3>Method Details</h3>
         &quot;name&quot;: &quot;A String&quot;, # The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: &quot;organizations/{organization_id}/assets/{asset_id}/securityMarks&quot; &quot;organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks&quot;.
       },
       &quot;securityPosture&quot;: { # Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud. # The security posture associated with the finding.
-        &quot;changedPolicy&quot;: &quot;A String&quot;, # The name of the policy that has been updated, for example, `projects/{project_id}/policies/{constraint_name}`.
-        &quot;name&quot;: &quot;A String&quot;, # Name of the posture, for example, `organizations/{org_id}/locations/{location}/postures/{posture_name}`.
-        &quot;postureDeployment&quot;: &quot;A String&quot;, # The name of the posture deployment, for example, `projects/{project_id}/posturedeployments/{posture_deployment_id}`.
-        &quot;postureDeploymentResource&quot;: &quot;A String&quot;, # The project, folder, or organization on which the posture is deployed, for example, `projects/{project_id}`.
+        &quot;changedPolicy&quot;: &quot;A String&quot;, # The name of the updated policy, for example, `projects/{project_id}/policies/{constraint_name}`.
+        &quot;name&quot;: &quot;A String&quot;, # Name of the posture, for example, `CIS-Posture`.
+        &quot;policy&quot;: &quot;A String&quot;, # The ID of the updated policy, for example, `compute-policy-1`.
+        &quot;policyDriftDetails&quot;: [ # The details about a change in an updated policy that violates the deployed posture.
+          { # The policy field that violates the deployed posture and its expected and and detected values.
+            &quot;detectedValue&quot;: &quot;A String&quot;, # The detected value that violates the deployed posture, for example, `false` or `allowed_values={&quot;projects/22831892”}`.
+            &quot;expectedValue&quot;: &quot;A String&quot;, # The value of this field that was configured in a posture, for example, `true` or `allowed_values={&quot;projects/29831892”}`.
+            &quot;field&quot;: &quot;A String&quot;, # The name of the updated field, for example constraint.implementation.policy_rules[0].enforce
+          },
+        ],
+        &quot;policySet&quot;: &quot;A String&quot;, # The name of the updated policyset, for example, `cis-policyset`.
+        &quot;postureDeployment&quot;: &quot;A String&quot;, # The name of the posture deployment, for example, `organizations/{org_id}/posturedeployments/{posture_deployment_id}`.
+        &quot;postureDeploymentResource&quot;: &quot;A String&quot;, # The project, folder, or organization on which the posture is deployed, for example, `projects/{project_number}`.
         &quot;revisionId&quot;: &quot;A String&quot;, # The version of the posture, for example, `c7cfa2a8`.
       },
       &quot;severity&quot;: &quot;A String&quot;, # The severity of the finding. This field is managed by the source that writes the finding.