diff --git a/google/cloud/securitycenter/v1/notification_config.proto b/google/cloud/securitycenter/v1/notification_config.proto index 7ab94662823e6..ee1e954607867 100644 --- a/google/cloud/securitycenter/v1/notification_config.proto +++ b/google/cloud/securitycenter/v1/notification_config.proto @@ -39,6 +39,8 @@ message NotificationConfig { option (google.api.resource) = { type: "securitycenter.googleapis.com/NotificationConfig" pattern: "organizations/{organization}/notificationConfigs/{notification_config}" + pattern: "folders/{folder}/notificationConfigs/{notification_config}" + pattern: "projects/{project}/notificationConfigs/{notification_config}" }; // The config for streaming-based notifications, which send each event as soon diff --git a/google/cloud/securitycenter/v1/securitycenter_service.proto b/google/cloud/securitycenter/v1/securitycenter_service.proto index cc4d3fbfe7351..a70726cba72e5 100644 --- a/google/cloud/securitycenter/v1/securitycenter_service.proto +++ b/google/cloud/securitycenter/v1/securitycenter_service.proto @@ -51,12 +51,14 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1"; // V1 APIs for Security Center service. service SecurityCenter { option (google.api.default_host) = "securitycenter.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/cloud-platform"; // Kicks off an LRO to bulk mute findings for a parent based on a filter. The // parent can be either an organization, folder or project. The findings // matched by the filter will be muted after the LRO is done. - rpc BulkMuteFindings(BulkMuteFindingsRequest) returns (google.longrunning.Operation) { + rpc BulkMuteFindings(BulkMuteFindingsRequest) + returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/findings:bulkMute" body: "*" @@ -114,33 +116,47 @@ service SecurityCenter { } // Creates a notification config. - rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) { + rpc CreateNotificationConfig(CreateNotificationConfigRequest) + returns (NotificationConfig) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/notificationConfigs" body: "notification_config" + additional_bindings { + post: "/v1/{parent=folders/*}/notificationConfigs" + body: "notification_config" + } + additional_bindings { + post: "/v1/{parent=projects/*}/notificationConfigs" + body: "notification_config" + } }; - option (google.api.method_signature) = "parent,config_id,notification_config"; + option (google.api.method_signature) = + "parent,config_id,notification_config"; option (google.api.method_signature) = "parent,notification_config"; } // Deletes an existing mute config. - rpc DeleteMuteConfig(DeleteMuteConfigRequest) returns (google.protobuf.Empty) { + rpc DeleteMuteConfig(DeleteMuteConfigRequest) + returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/{name=organizations/*/muteConfigs/*}" - additional_bindings { - delete: "/v1/{name=folders/*/muteConfigs/*}" - } - additional_bindings { - delete: "/v1/{name=projects/*/muteConfigs/*}" - } + additional_bindings { delete: "/v1/{name=folders/*/muteConfigs/*}" } + additional_bindings { delete: "/v1/{name=projects/*/muteConfigs/*}" } }; option (google.api.method_signature) = "name"; } // Deletes a notification config. - rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) { + rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) + returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/{name=organizations/*/notificationConfigs/*}" + additional_bindings { + delete: "/v1/{name=folders/*/notificationConfigs/*}" + } + additional_bindings { + delete: "/v1/{name=projects/*/notificationConfigs/*}" + } }; option (google.api.method_signature) = "name"; } @@ -149,18 +165,15 @@ service SecurityCenter { rpc GetBigQueryExport(GetBigQueryExportRequest) returns (BigQueryExport) { option (google.api.http) = { get: "/v1/{name=organizations/*/bigQueryExports/*}" - additional_bindings { - get: "/v1/{name=folders/*/bigQueryExports/*}" - } - additional_bindings { - get: "/v1/{name=projects/*/bigQueryExports/*}" - } + additional_bindings { get: "/v1/{name=folders/*/bigQueryExports/*}" } + additional_bindings { get: "/v1/{name=projects/*/bigQueryExports/*}" } }; option (google.api.method_signature) = "name"; } // Gets the access control policy on the specified Source. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) + returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy" body: "*" @@ -172,26 +185,26 @@ service SecurityCenter { rpc GetMuteConfig(GetMuteConfigRequest) returns (MuteConfig) { option (google.api.http) = { get: "/v1/{name=organizations/*/muteConfigs/*}" - additional_bindings { - get: "/v1/{name=folders/*/muteConfigs/*}" - } - additional_bindings { - get: "/v1/{name=projects/*/muteConfigs/*}" - } + additional_bindings { get: "/v1/{name=folders/*/muteConfigs/*}" } + additional_bindings { get: "/v1/{name=projects/*/muteConfigs/*}" } }; option (google.api.method_signature) = "name"; } // Gets a notification config. - rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) { + rpc GetNotificationConfig(GetNotificationConfigRequest) + returns (NotificationConfig) { option (google.api.http) = { get: "/v1/{name=organizations/*/notificationConfigs/*}" + additional_bindings { get: "/v1/{name=folders/*/notificationConfigs/*}" } + additional_bindings { get: "/v1/{name=projects/*/notificationConfigs/*}" } }; option (google.api.method_signature) = "name"; } // Gets the settings for an organization. - rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { + rpc GetOrganizationSettings(GetOrganizationSettingsRequest) + returns (OrganizationSettings) { option (google.api.http) = { get: "/v1/{name=organizations/*/organizationSettings}" }; @@ -250,12 +263,8 @@ service SecurityCenter { rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/assets" - additional_bindings { - get: "/v1/{parent=folders/*}/assets" - } - additional_bindings { - get: "/v1/{parent=projects/*}/assets" - } + additional_bindings { get: "/v1/{parent=folders/*}/assets" } + additional_bindings { get: "/v1/{parent=projects/*}/assets" } }; } @@ -266,33 +275,29 @@ service SecurityCenter { rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*/sources/*}/findings" - additional_bindings { - get: "/v1/{parent=folders/*/sources/*}/findings" - } - additional_bindings { - get: "/v1/{parent=projects/*/sources/*}/findings" - } + additional_bindings { get: "/v1/{parent=folders/*/sources/*}/findings" } + additional_bindings { get: "/v1/{parent=projects/*/sources/*}/findings" } }; } // Lists mute configs. - rpc ListMuteConfigs(ListMuteConfigsRequest) returns (ListMuteConfigsResponse) { + rpc ListMuteConfigs(ListMuteConfigsRequest) + returns (ListMuteConfigsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/muteConfigs" - additional_bindings { - get: "/v1/{parent=folders/*}/muteConfigs" - } - additional_bindings { - get: "/v1/{parent=projects/*}/muteConfigs" - } + additional_bindings { get: "/v1/{parent=folders/*}/muteConfigs" } + additional_bindings { get: "/v1/{parent=projects/*}/muteConfigs" } }; option (google.api.method_signature) = "parent"; } // Lists notification configs. - rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) { + rpc ListNotificationConfigs(ListNotificationConfigsRequest) + returns (ListNotificationConfigsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/notificationConfigs" + additional_bindings { get: "/v1/{parent=folders/*}/notificationConfigs" } + additional_bindings { get: "/v1/{parent=projects/*}/notificationConfigs" } }; option (google.api.method_signature) = "parent"; } @@ -301,12 +306,8 @@ service SecurityCenter { rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/sources" - additional_bindings { - get: "/v1/{parent=folders/*}/sources" - } - additional_bindings { - get: "/v1/{parent=projects/*}/sources" - } + additional_bindings { get: "/v1/{parent=folders/*}/sources" } + additional_bindings { get: "/v1/{parent=projects/*}/sources" } }; option (google.api.method_signature) = "parent"; } @@ -317,7 +318,8 @@ service SecurityCenter { // This API can only be called with limited frequency for an organization. If // it is called too frequently the caller will receive a TOO_MANY_REQUESTS // error. - rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { + rpc RunAssetDiscovery(RunAssetDiscoveryRequest) + returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/assets:runDiscovery" body: "*" @@ -364,7 +366,8 @@ service SecurityCenter { } // Sets the access control policy on the specified Source. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) + returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy" body: "*" @@ -373,7 +376,8 @@ service SecurityCenter { } // Returns the permissions that a caller has on the specified source. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) + returns (google.iam.v1.TestIamPermissionsResponse) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions" body: "*" @@ -382,7 +386,8 @@ service SecurityCenter { } // Updates external system. This is for a given finding. - rpc UpdateExternalSystem(UpdateExternalSystemRequest) returns (ExternalSystem) { + rpc UpdateExternalSystem(UpdateExternalSystemRequest) + returns (ExternalSystem) { option (google.api.http) = { patch: "/v1/{external_system.name=organizations/*/sources/*/findings/*/externalSystems/*}" body: "external_system" @@ -436,17 +441,27 @@ service SecurityCenter { // // Updates a notification config. The following update // fields are allowed: description, pubsub_topic, streaming_config.filter - rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) { + rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) + returns (NotificationConfig) { option (google.api.http) = { patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}" body: "notification_config" + additional_bindings { + patch: "/v1/{notification_config.name=folders/*/notificationConfigs/*}" + body: "notification_config" + } + additional_bindings { + patch: "/v1/{notification_config.name=projects/*/notificationConfigs/*}" + body: "notification_config" + } }; option (google.api.method_signature) = "notification_config"; option (google.api.method_signature) = "notification_config,update_mask"; } // Updates an organization's settings. - rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { + rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) + returns (OrganizationSettings) { option (google.api.http) = { patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}" body: "organization_settings" @@ -493,7 +508,8 @@ service SecurityCenter { } // Creates a big query export. - rpc CreateBigQueryExport(CreateBigQueryExportRequest) returns (BigQueryExport) { + rpc CreateBigQueryExport(CreateBigQueryExportRequest) + returns (BigQueryExport) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/bigQueryExports" body: "big_query_export" @@ -506,25 +522,24 @@ service SecurityCenter { body: "big_query_export" } }; - option (google.api.method_signature) = "parent,big_query_export,big_query_export_id"; + option (google.api.method_signature) = + "parent,big_query_export,big_query_export_id"; } // Deletes an existing big query export. - rpc DeleteBigQueryExport(DeleteBigQueryExportRequest) returns (google.protobuf.Empty) { + rpc DeleteBigQueryExport(DeleteBigQueryExportRequest) + returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/{name=organizations/*/bigQueryExports/*}" - additional_bindings { - delete: "/v1/{name=folders/*/bigQueryExports/*}" - } - additional_bindings { - delete: "/v1/{name=projects/*/bigQueryExports/*}" - } + additional_bindings { delete: "/v1/{name=folders/*/bigQueryExports/*}" } + additional_bindings { delete: "/v1/{name=projects/*/bigQueryExports/*}" } }; option (google.api.method_signature) = "name"; } // Updates a BigQuery export. - rpc UpdateBigQueryExport(UpdateBigQueryExportRequest) returns (BigQueryExport) { + rpc UpdateBigQueryExport(UpdateBigQueryExportRequest) + returns (BigQueryExport) { option (google.api.http) = { patch: "/v1/{big_query_export.name=organizations/*/bigQueryExports/*}" body: "big_query_export" @@ -545,15 +560,12 @@ service SecurityCenter { // requesting BigQuery exports under a folder, then all BigQuery exports // immediately under the folder plus the ones created under the projects // within the folder are returned. - rpc ListBigQueryExports(ListBigQueryExportsRequest) returns (ListBigQueryExportsResponse) { + rpc ListBigQueryExports(ListBigQueryExportsRequest) + returns (ListBigQueryExportsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/bigQueryExports" - additional_bindings { - get: "/v1/{parent=folders/*}/bigQueryExports" - } - additional_bindings { - get: "/v1/{parent=projects/*}/bigQueryExports" - } + additional_bindings { get: "/v1/{parent=folders/*}/bigQueryExports" } + additional_bindings { get: "/v1/{parent=projects/*}/bigQueryExports" } }; option (google.api.method_signature) = "parent"; } @@ -566,14 +578,12 @@ service SecurityCenter { // which they get executed is not defined. // 2. Once a bulk operation is started, there is no way to stop it. message BulkMuteFindingsRequest { - // Required. The parent, at which bulk action needs to be applied. Its format is - // "organizations/[organization_id]", "folders/[folder_id]", + // Required. The parent, at which bulk action needs to be applied. Its format + // is "organizations/[organization_id]", "folders/[folder_id]", // "projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "*" - } + (google.api.resource_reference) = { type: "*" } ]; // Expression that identifies findings that should be updated. @@ -604,9 +614,7 @@ message BulkMuteFindingsRequest { } // The response to a BulkMute request. Contains the LRO information. -message BulkMuteFindingsResponse { - -} +message BulkMuteFindingsResponse {} // Request message for creating a finding. message CreateFindingRequest { @@ -624,8 +632,8 @@ message CreateFindingRequest { // greater than 0 characters in length. string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. The Finding being created. The name and security_marks will be ignored as - // they are both output only fields on this resource. + // Required. The Finding being created. The name and security_marks will be + // ignored as they are both output only fields on this resource. Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; } @@ -653,12 +661,13 @@ message CreateMuteConfigRequest { // Request message for creating a notification config. message CreateNotificationConfigRequest { - // Required. Resource name of the new notification config's parent. Its format is - // "organizations/[organization_id]". + // Required. Resource name of the new notification config's parent. Its format + // is "organizations/[organization_id]", "folders/[folder_id]", or + // "projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" + child_type: "securitycenter.googleapis.com/NotificationConfig" } ]; @@ -668,9 +677,11 @@ message CreateNotificationConfigRequest { // characters, underscores or hyphens only. string config_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. The notification config being created. The name and the service account - // will be ignored as they are both output only fields on this resource. - NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED]; + // Required. The notification config being created. The name and the service + // account will be ignored as they are both output only fields on this + // resource. + NotificationConfig notification_config = 3 + [(google.api.field_behavior) = REQUIRED]; } // Request message for creating a source. @@ -684,8 +695,8 @@ message CreateSourceRequest { } ]; - // Required. The Source being created, only the display_name and description will be - // used. All other fields will be ignored. + // Required. The Source being created, only the display_name and description + // will be used. All other fields will be ignored. Source source = 2 [(google.api.field_behavior) = REQUIRED]; } @@ -757,8 +768,8 @@ message GetNotificationConfigRequest { // Request message for getting organization settings. message GetOrganizationSettingsRequest { - // Required. Name of the organization to get organization settings for. Its format is - // "organizations/[organization_id]/organizationSettings". + // Required. Name of the organization to get organization settings for. Its + // format is "organizations/[organization_id]/organizationSettings". string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -855,9 +866,9 @@ message GroupAssetsRequest { // property not existing: `-resource_properties.my_property : ""` string filter = 2; - // Required. Expression that defines what assets fields to use for grouping. The string - // value should follow SQL syntax: comma separated list of fields. For - // example: + // Required. Expression that defines what assets fields to use for grouping. + // The string value should follow SQL syntax: comma separated list of fields. + // For example: // "security_center_properties.resource_project,security_center_properties.project". // // The following fields are supported when compare_duration is not set: @@ -1015,9 +1026,9 @@ message GroupFindingsRequest { // * resource.type: `=`, `:` string filter = 2; - // Required. Expression that defines what assets fields to use for grouping (including - // `state_change`). The string value should follow SQL syntax: comma separated - // list of fields. For example: "parent,resource_name". + // Required. Expression that defines what assets fields to use for grouping + // (including `state_change`). The string value should follow SQL syntax: + // comma separated list of fields. For example: "parent,resource_name". // // The following fields are supported: // @@ -1112,8 +1123,8 @@ message GroupResult { // Request message for listing mute configs at a given scope e.g. organization, // folder or project. message ListMuteConfigsRequest { - // Required. The parent, which owns the collection of mute configs. Its format is - // "organizations/[organization_id]", "folders/[folder_id]", + // Required. The parent, which owns the collection of mute configs. Its format + // is "organizations/[organization_id]", "folders/[folder_id]", // "projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, @@ -1148,12 +1159,13 @@ message ListMuteConfigsResponse { // Request message for listing notification configs. message ListNotificationConfigsRequest { - // Required. Name of the organization to list notification configs. - // Its format is "organizations/[organization_id]". + // Required. Name of the organization to list notification configs. Its format + // is "organizations/[organization_id]", "folders/[folder_id]", or + // "projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Organization" + child_type: "securitycenter.googleapis.com/NotificationConfig" } ]; @@ -1179,8 +1191,8 @@ message ListNotificationConfigsResponse { // Request message for listing sources. message ListSourcesRequest { - // Required. Resource name of the parent of sources to list. Its format should be - // "organizations/[organization_id], folders/[folder_id], or + // Required. Resource name of the parent of sources to list. Its format should + // be "organizations/[organization_id], folders/[folder_id], or // projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, @@ -1655,7 +1667,8 @@ message SetFindingStateRequest { Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; // Required. The time at which the updated state takes effect. - google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; + google.protobuf.Timestamp start_time = 3 + [(google.api.field_behavior) = REQUIRED]; } // Request message for updating a finding's mute status. @@ -1679,8 +1692,8 @@ message SetMuteRequest { // Request message for running asset discovery for an organization. message RunAssetDiscoveryRequest { - // Required. Name of the organization to run asset discovery for. Its format is - // "organizations/[organization_id]". + // Required. Name of the organization to run asset discovery for. Its format + // is "organizations/[organization_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -1702,8 +1715,8 @@ message UpdateExternalSystemRequest { // Request message for updating or creating a finding. message UpdateFindingRequest { - // Required. The finding resource to update or create if it does not already exist. - // parent, security_marks, and update_time will be ignored. + // Required. The finding resource to update or create if it does not already + // exist. parent, security_marks, and update_time will be ignored. // // In the case of creation, the finding id portion of the name must be // alphanumeric and less than or equal to 32 characters and greater than 0 @@ -1733,7 +1746,8 @@ message UpdateMuteConfigRequest { // Request message for updating a notification config. message UpdateNotificationConfigRequest { // Required. The notification config to update. - NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED]; + NotificationConfig notification_config = 1 + [(google.api.field_behavior) = REQUIRED]; // The FieldMask to use when updating the notification config. // @@ -1744,7 +1758,8 @@ message UpdateNotificationConfigRequest { // Request message for updating an organization's settings. message UpdateOrganizationSettingsRequest { // Required. The organization settings resource to update. - OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; + OrganizationSettings organization_settings = 1 + [(google.api.field_behavior) = REQUIRED]; // The FieldMask to use when updating the settings resource. // @@ -1817,8 +1832,8 @@ message UpdateBigQueryExportRequest { // Request message for listing BigQuery exports at a given scope e.g. // organization, folder or project. message ListBigQueryExportsRequest { - // Required. The parent, which owns the collection of BigQuery exports. Its format is - // "organizations/[organization_id]", "folders/[folder_id]", + // Required. The parent, which owns the collection of BigQuery exports. Its + // format is "organizations/[organization_id]", "folders/[folder_id]", // "projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED,