From de80cecfc45cdb7e5fb85c62f333d79db6c08277 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 25 Aug 2022 17:16:17 +0000 Subject: [PATCH] feat: serviceAccountKeyName, serviceAccountDelegationInfo, and principalSubject attributes added to the existing access attribute. These new attributes provide additional context about the principals that are associated with the finding (#905) - [ ] Regenerate this pull request now. PiperOrigin-RevId: 469787268 Source-Link: https://github.com/googleapis/googleapis/commit/c7a52f4e986a72015aa4ba430bfb5e7508282516 Source-Link: https://github.com/googleapis/googleapis-gen/commit/4e235765c3f09662143bc0a2b08f12bc0fe0c93f Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNGUyMzU3NjVjM2YwOTY2MjE0M2JjMGEyYjA4ZjEyYmMwZmUwYzkzZiJ9 --- .../cloud/securitycenter/v1/Access.java | 1134 ++++++++++++++++- .../securitycenter/v1/AccessOrBuilder.java | 165 +++ .../cloud/securitycenter/v1/AccessProto.java | 41 +- .../v1/ServiceAccountDelegationInfo.java | 867 +++++++++++++ ...ServiceAccountDelegationInfoOrBuilder.java | 87 ++ .../cloud/securitycenter/v1/access.proto | 46 + 6 files changed, 2329 insertions(+), 11 deletions(-) create mode 100644 java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java create mode 100644 java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfoOrBuilder.java diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/Access.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/Access.java index 0dcdbcfcf00e..a15b75826394 100644 --- a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/Access.java +++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/Access.java @@ -43,6 +43,9 @@ private Access() { userAgentFamily_ = ""; serviceName_ = ""; methodName_ = ""; + principalSubject_ = ""; + serviceAccountKeyName_ = ""; + serviceAccountDelegationInfo_ = java.util.Collections.emptyList(); } @java.lang.Override @@ -64,6 +67,7 @@ private Access( if (extensionRegistry == null) { throw new java.lang.NullPointerException(); } + int mutable_bitField0_ = 0; com.google.protobuf.UnknownFieldSet.Builder unknownFields = com.google.protobuf.UnknownFieldSet.newBuilder(); try { @@ -125,6 +129,34 @@ private Access( methodName_ = s; break; } + case 58: + { + java.lang.String s = input.readStringRequireUtf8(); + + principalSubject_ = s; + break; + } + case 66: + { + java.lang.String s = input.readStringRequireUtf8(); + + serviceAccountKeyName_ = s; + break; + } + case 74: + { + if (!((mutable_bitField0_ & 0x00000001) != 0)) { + serviceAccountDelegationInfo_ = + new java.util.ArrayList< + com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo>(); + mutable_bitField0_ |= 0x00000001; + } + serviceAccountDelegationInfo_.add( + input.readMessage( + com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.parser(), + extensionRegistry)); + break; + } default: { if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) { @@ -141,6 +173,10 @@ private Access( } catch (java.io.IOException e) { throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this); } finally { + if (((mutable_bitField0_ & 0x00000001) != 0)) { + serviceAccountDelegationInfo_ = + java.util.Collections.unmodifiableList(serviceAccountDelegationInfo_); + } this.unknownFields = unknownFields.build(); makeExtensionsImmutable(); } @@ -168,6 +204,12 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * *
* Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -191,6 +233,12 @@ public java.lang.String getPrincipalEmail() {
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -458,6 +506,226 @@ public com.google.protobuf.ByteString getMethodNameBytes() {
}
}
+ public static final int PRINCIPAL_SUBJECT_FIELD_NUMBER = 7;
+ private volatile java.lang.Object principalSubject_;
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return The principalSubject.
+ */
+ @java.lang.Override
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return The bytes for principalSubject.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int SERVICE_ACCOUNT_KEY_NAME_FIELD_NUMBER = 8;
+ private volatile java.lang.Object serviceAccountKeyName_;
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return The serviceAccountKeyName.
+ */
+ @java.lang.Override
+ public java.lang.String getServiceAccountKeyName() {
+ java.lang.Object ref = serviceAccountKeyName_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ serviceAccountKeyName_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return The bytes for serviceAccountKeyName.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getServiceAccountKeyNameBytes() {
+ java.lang.Object ref = serviceAccountKeyName_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ serviceAccountKeyName_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int SERVICE_ACCOUNT_DELEGATION_INFO_FIELD_NUMBER = 9;
+ private java.util.List+ * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public java.util.List+ * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public java.util.List<
+ ? extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ getServiceAccountDelegationInfoOrBuilderList() {
+ return serviceAccountDelegationInfo_;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public int getServiceAccountDelegationInfoCount() {
+ return serviceAccountDelegationInfo_.size();
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getServiceAccountDelegationInfo(int index) {
+ return serviceAccountDelegationInfo_.get(index);
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder
+ getServiceAccountDelegationInfoOrBuilder(int index) {
+ return serviceAccountDelegationInfo_.get(index);
+ }
+
private byte memoizedIsInitialized = -1;
@java.lang.Override
@@ -490,6 +758,15 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(methodName_)) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 6, methodName_);
}
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 7, principalSubject_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(serviceAccountKeyName_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 8, serviceAccountKeyName_);
+ }
+ for (int i = 0; i < serviceAccountDelegationInfo_.size(); i++) {
+ output.writeMessage(9, serviceAccountDelegationInfo_.get(i));
+ }
unknownFields.writeTo(output);
}
@@ -517,6 +794,17 @@ public int getSerializedSize() {
if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(methodName_)) {
size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, methodName_);
}
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(7, principalSubject_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(serviceAccountKeyName_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(8, serviceAccountKeyName_);
+ }
+ for (int i = 0; i < serviceAccountDelegationInfo_.size(); i++) {
+ size +=
+ com.google.protobuf.CodedOutputStream.computeMessageSize(
+ 9, serviceAccountDelegationInfo_.get(i));
+ }
size += unknownFields.getSerializedSize();
memoizedSize = size;
return size;
@@ -542,6 +830,10 @@ public boolean equals(final java.lang.Object obj) {
if (!getUserAgentFamily().equals(other.getUserAgentFamily())) return false;
if (!getServiceName().equals(other.getServiceName())) return false;
if (!getMethodName().equals(other.getMethodName())) return false;
+ if (!getPrincipalSubject().equals(other.getPrincipalSubject())) return false;
+ if (!getServiceAccountKeyName().equals(other.getServiceAccountKeyName())) return false;
+ if (!getServiceAccountDelegationInfoList().equals(other.getServiceAccountDelegationInfoList()))
+ return false;
if (!unknownFields.equals(other.unknownFields)) return false;
return true;
}
@@ -567,6 +859,14 @@ public int hashCode() {
hash = (53 * hash) + getServiceName().hashCode();
hash = (37 * hash) + METHOD_NAME_FIELD_NUMBER;
hash = (53 * hash) + getMethodName().hashCode();
+ hash = (37 * hash) + PRINCIPAL_SUBJECT_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalSubject().hashCode();
+ hash = (37 * hash) + SERVICE_ACCOUNT_KEY_NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getServiceAccountKeyName().hashCode();
+ if (getServiceAccountDelegationInfoCount() > 0) {
+ hash = (37 * hash) + SERVICE_ACCOUNT_DELEGATION_INFO_FIELD_NUMBER;
+ hash = (53 * hash) + getServiceAccountDelegationInfoList().hashCode();
+ }
hash = (29 * hash) + unknownFields.hashCode();
memoizedHashCode = hash;
return hash;
@@ -706,7 +1006,9 @@ private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
}
private void maybeForceBuilderInitialization() {
- if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+ if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+ getServiceAccountDelegationInfoFieldBuilder();
+ }
}
@java.lang.Override
@@ -728,6 +1030,16 @@ public Builder clear() {
methodName_ = "";
+ principalSubject_ = "";
+
+ serviceAccountKeyName_ = "";
+
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ serviceAccountDelegationInfo_ = java.util.Collections.emptyList();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ } else {
+ serviceAccountDelegationInfoBuilder_.clear();
+ }
return this;
}
@@ -755,6 +1067,7 @@ public com.google.cloud.securitycenter.v1.Access build() {
public com.google.cloud.securitycenter.v1.Access buildPartial() {
com.google.cloud.securitycenter.v1.Access result =
new com.google.cloud.securitycenter.v1.Access(this);
+ int from_bitField0_ = bitField0_;
result.principalEmail_ = principalEmail_;
result.callerIp_ = callerIp_;
if (callerIpGeoBuilder_ == null) {
@@ -765,6 +1078,18 @@ public com.google.cloud.securitycenter.v1.Access buildPartial() {
result.userAgentFamily_ = userAgentFamily_;
result.serviceName_ = serviceName_;
result.methodName_ = methodName_;
+ result.principalSubject_ = principalSubject_;
+ result.serviceAccountKeyName_ = serviceAccountKeyName_;
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (((bitField0_ & 0x00000001) != 0)) {
+ serviceAccountDelegationInfo_ =
+ java.util.Collections.unmodifiableList(serviceAccountDelegationInfo_);
+ bitField0_ = (bitField0_ & ~0x00000001);
+ }
+ result.serviceAccountDelegationInfo_ = serviceAccountDelegationInfo_;
+ } else {
+ result.serviceAccountDelegationInfo_ = serviceAccountDelegationInfoBuilder_.build();
+ }
onBuilt();
return result;
}
@@ -837,6 +1162,42 @@ public Builder mergeFrom(com.google.cloud.securitycenter.v1.Access other) {
methodName_ = other.methodName_;
onChanged();
}
+ if (!other.getPrincipalSubject().isEmpty()) {
+ principalSubject_ = other.principalSubject_;
+ onChanged();
+ }
+ if (!other.getServiceAccountKeyName().isEmpty()) {
+ serviceAccountKeyName_ = other.serviceAccountKeyName_;
+ onChanged();
+ }
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (!other.serviceAccountDelegationInfo_.isEmpty()) {
+ if (serviceAccountDelegationInfo_.isEmpty()) {
+ serviceAccountDelegationInfo_ = other.serviceAccountDelegationInfo_;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ } else {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.addAll(other.serviceAccountDelegationInfo_);
+ }
+ onChanged();
+ }
+ } else {
+ if (!other.serviceAccountDelegationInfo_.isEmpty()) {
+ if (serviceAccountDelegationInfoBuilder_.isEmpty()) {
+ serviceAccountDelegationInfoBuilder_.dispose();
+ serviceAccountDelegationInfoBuilder_ = null;
+ serviceAccountDelegationInfo_ = other.serviceAccountDelegationInfo_;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ serviceAccountDelegationInfoBuilder_ =
+ com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+ ? getServiceAccountDelegationInfoFieldBuilder()
+ : null;
+ } else {
+ serviceAccountDelegationInfoBuilder_.addAllMessages(
+ other.serviceAccountDelegationInfo_);
+ }
+ }
+ }
this.mergeUnknownFields(other.unknownFields);
onChanged();
return this;
@@ -866,12 +1227,20 @@ public Builder mergeFrom(
return this;
}
+ private int bitField0_;
+
private java.lang.Object principalEmail_ = "";
/**
*
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -894,6 +1263,12 @@ public java.lang.String getPrincipalEmail() {
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -916,6 +1291,12 @@ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -937,6 +1318,12 @@ public Builder setPrincipalEmail(java.lang.String value) {
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -954,6 +1341,12 @@ public Builder clearPrincipalEmail() {
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -1592,6 +1985,745 @@ public Builder setMethodNameBytes(com.google.protobuf.ByteString value) {
return this;
}
+ private java.lang.Object principalSubject_ = "";
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return The principalSubject.
+ */
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return The bytes for principalSubject.
+ */
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @param value The principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubject(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalSubject() {
+
+ principalSubject_ = getDefaultInstance().getPrincipalSubject();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @param value The bytes for principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubjectBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object serviceAccountKeyName_ = "";
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return The serviceAccountKeyName.
+ */
+ public java.lang.String getServiceAccountKeyName() {
+ java.lang.Object ref = serviceAccountKeyName_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ serviceAccountKeyName_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return The bytes for serviceAccountKeyName.
+ */
+ public com.google.protobuf.ByteString getServiceAccountKeyNameBytes() {
+ java.lang.Object ref = serviceAccountKeyName_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ serviceAccountKeyName_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @param value The serviceAccountKeyName to set.
+ * @return This builder for chaining.
+ */
+ public Builder setServiceAccountKeyName(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ serviceAccountKeyName_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearServiceAccountKeyName() {
+
+ serviceAccountKeyName_ = getDefaultInstance().getServiceAccountKeyName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @param value The bytes for serviceAccountKeyName to set.
+ * @return This builder for chaining.
+ */
+ public Builder setServiceAccountKeyNameBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ serviceAccountKeyName_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.util.List+ * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public java.util.List+ * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public int getServiceAccountDelegationInfoCount() {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return serviceAccountDelegationInfo_.size();
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getCount();
+ }
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getServiceAccountDelegationInfo(int index) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return serviceAccountDelegationInfo_.get(index);
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getMessage(index);
+ }
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder setServiceAccountDelegationInfo(
+ int index, com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo value) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.set(index, value);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.setMessage(index, value);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder setServiceAccountDelegationInfo(
+ int index,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder builderForValue) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.set(index, builderForValue.build());
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.setMessage(index, builderForValue.build());
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo value) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(value);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(value);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ int index, com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo value) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(index, value);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(index, value);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder builderForValue) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(builderForValue.build());
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(builderForValue.build());
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ int index,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder builderForValue) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(index, builderForValue.build());
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(index, builderForValue.build());
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addAllServiceAccountDelegationInfo(
+ java.lang.Iterable<
+ ? extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo>
+ values) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ com.google.protobuf.AbstractMessageLite.Builder.addAll(
+ values, serviceAccountDelegationInfo_);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addAllMessages(values);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder clearServiceAccountDelegationInfo() {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ serviceAccountDelegationInfo_ = java.util.Collections.emptyList();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.clear();
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder removeServiceAccountDelegationInfo(int index) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.remove(index);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.remove(index);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder
+ getServiceAccountDelegationInfoBuilder(int index) {
+ return getServiceAccountDelegationInfoFieldBuilder().getBuilder(index);
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder
+ getServiceAccountDelegationInfoOrBuilder(int index) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return serviceAccountDelegationInfo_.get(index);
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getMessageOrBuilder(index);
+ }
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public java.util.List<
+ ? extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ getServiceAccountDelegationInfoOrBuilderList() {
+ if (serviceAccountDelegationInfoBuilder_ != null) {
+ return serviceAccountDelegationInfoBuilder_.getMessageOrBuilderList();
+ } else {
+ return java.util.Collections.unmodifiableList(serviceAccountDelegationInfo_);
+ }
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder
+ addServiceAccountDelegationInfoBuilder() {
+ return getServiceAccountDelegationInfoFieldBuilder()
+ .addBuilder(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.getDefaultInstance());
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder
+ addServiceAccountDelegationInfoBuilder(int index) {
+ return getServiceAccountDelegationInfoFieldBuilder()
+ .addBuilder(
+ index,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.getDefaultInstance());
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public java.util.List* Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -40,6 +46,12 @@ public interface AccessOrBuilder
*
* * Associated email, such as "foo@google.com". + * The email address of the authenticated user (or service account on behalf + * of third party principal) making the request. For third party identity + * callers, the `principal_subject` field is populated instead of this field. + * For privacy reasons, the principal email address is sometimes redacted. + * For more information, see [Caller identities in audit + * logs](https://cloud.google.com/logging/docs/audit#user-id). ** *
string principal_email = 1;
@@ -186,4 +198,157 @@ public interface AccessOrBuilder
* @return The bytes for methodName.
*/
com.google.protobuf.ByteString getMethodNameBytes();
+
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return The principalSubject.
+ */
+ java.lang.String getPrincipalSubject();
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 7;
+ *
+ * @return The bytes for principalSubject.
+ */
+ com.google.protobuf.ByteString getPrincipalSubjectBytes();
+
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return The serviceAccountKeyName.
+ */
+ java.lang.String getServiceAccountKeyName();
+ /**
+ *
+ *
+ * + * The name of the service account key used to create or exchange + * credentials for authenticating the service account making the request. + * This is a scheme-less URI full resource name. For example: + * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" + *+ * + *
string service_account_key_name = 8;
+ *
+ * @return The bytes for serviceAccountKeyName.
+ */
+ com.google.protobuf.ByteString getServiceAccountKeyNameBytes();
+
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ java.util.List+ * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo getServiceAccountDelegationInfo(
+ int index);
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ int getServiceAccountDelegationInfoCount();
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ java.util.List extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ getServiceAccountDelegationInfoOrBuilderList();
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account that makes + * the request. It contains information on the real authorities that try to + * access GCP resources by delegating on a service account. When multiple + * authorities are present, they are guaranteed to be sorted based on the + * original ordering of the identity delegation events. + *+ * + *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder
+ getServiceAccountDelegationInfoOrBuilder(int index);
}
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java
index efcf4ec4d20f..93ae5a0fee69 100644
--- a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java
@@ -31,6 +31,10 @@ public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry r
internal_static_google_cloud_securitycenter_v1_Access_descriptor;
static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
internal_static_google_cloud_securitycenter_v1_Access_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor;
+ static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable;
static final com.google.protobuf.Descriptors.Descriptor
internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor;
static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
@@ -45,19 +49,25 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
static {
java.lang.String[] descriptorData = {
"\n+google/cloud/securitycenter/v1/access."
- + "proto\022\036google.cloud.securitycenter.v1\"\276\001"
+ + "proto\022\036google.cloud.securitycenter.v1\"\342\002"
+ "\n\006Access\022\027\n\017principal_email\030\001 \001(\t\022\021\n\tcal"
+ "ler_ip\030\002 \001(\t\022B\n\rcaller_ip_geo\030\003 \001(\0132+.go"
+ "ogle.cloud.securitycenter.v1.Geolocation"
+ "\022\031\n\021user_agent_family\030\004 \001(\t\022\024\n\014service_n"
- + "ame\030\005 \001(\t\022\023\n\013method_name\030\006 \001(\t\"\"\n\013Geoloc"
- + "ation\022\023\n\013region_code\030\001 \001(\tB\347\001\n\"com.googl"
- + "e.cloud.securitycenter.v1B\013AccessProtoP\001"
- + "ZLgoogle.golang.org/genproto/googleapis/"
- + "cloud/securitycenter/v1;securitycenter\252\002"
- + "\036Google.Cloud.SecurityCenter.V1\312\002\036Google"
- + "\\Cloud\\SecurityCenter\\V1\352\002!Google::Cloud"
- + "::SecurityCenter::V1b\006proto3"
+ + "ame\030\005 \001(\t\022\023\n\013method_name\030\006 \001(\t\022\031\n\021princi"
+ + "pal_subject\030\007 \001(\t\022 \n\030service_account_key"
+ + "_name\030\010 \001(\t\022e\n\037service_account_delegatio"
+ + "n_info\030\t \003(\0132<.google.cloud.securitycent"
+ + "er.v1.ServiceAccountDelegationInfo\"R\n\034Se"
+ + "rviceAccountDelegationInfo\022\027\n\017principal_"
+ + "email\030\001 \001(\t\022\031\n\021principal_subject\030\002 \001(\t\"\""
+ + "\n\013Geolocation\022\023\n\013region_code\030\001 \001(\tB\347\001\n\"c"
+ + "om.google.cloud.securitycenter.v1B\013Acces"
+ + "sProtoP\001ZLgoogle.golang.org/genproto/goo"
+ + "gleapis/cloud/securitycenter/v1;security"
+ + "center\252\002\036Google.Cloud.SecurityCenter.V1\312"
+ + "\002\036Google\\Cloud\\SecurityCenter\\V1\352\002!Googl"
+ + "e::Cloud::SecurityCenter::V1b\006proto3"
};
descriptor =
com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -74,9 +84,20 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
"UserAgentFamily",
"ServiceName",
"MethodName",
+ "PrincipalSubject",
+ "ServiceAccountKeyName",
+ "ServiceAccountDelegationInfo",
});
- internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor =
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor =
getDescriptor().getMessageTypes().get(1);
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable =
+ new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor,
+ new java.lang.String[] {
+ "PrincipalEmail", "PrincipalSubject",
+ });
+ internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor =
+ getDescriptor().getMessageTypes().get(2);
internal_static_google_cloud_securitycenter_v1_Geolocation_fieldAccessorTable =
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor,
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java
new file mode 100644
index 000000000000..d48c4a817512
--- /dev/null
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java
@@ -0,0 +1,867 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/cloud/securitycenter/v1/access.proto
+
+package com.google.cloud.securitycenter.v1;
+
+/**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account. + *+ * + * Protobuf type {@code google.cloud.securitycenter.v1.ServiceAccountDelegationInfo} + */ +public final class ServiceAccountDelegationInfo extends com.google.protobuf.GeneratedMessageV3 + implements + // @@protoc_insertion_point(message_implements:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo) + ServiceAccountDelegationInfoOrBuilder { + private static final long serialVersionUID = 0L; + // Use ServiceAccountDelegationInfo.newBuilder() to construct. + private ServiceAccountDelegationInfo(com.google.protobuf.GeneratedMessageV3.Builder> builder) { + super(builder); + } + + private ServiceAccountDelegationInfo() { + principalEmail_ = ""; + principalSubject_ = ""; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance(UnusedPrivateParameter unused) { + return new ServiceAccountDelegationInfo(); + } + + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + + private ServiceAccountDelegationInfo( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + this(); + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + com.google.protobuf.UnknownFieldSet.Builder unknownFields = + com.google.protobuf.UnknownFieldSet.newBuilder(); + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: + { + java.lang.String s = input.readStringRequireUtf8(); + + principalEmail_ = s; + break; + } + case 18: + { + java.lang.String s = input.readStringRequireUtf8(); + + principalSubject_ = s; + break; + } + default: + { + if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) { + done = true; + } + break; + } + } + } + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(this); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(this); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this); + } finally { + this.unknownFields = unknownFields.build(); + makeExtensionsImmutable(); + } + } + + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { + return com.google.cloud.securitycenter.v1.AccessProto + .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return com.google.cloud.securitycenter.v1.AccessProto + .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable + .ensureFieldAccessorsInitialized( + com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.class, + com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder.class); + } + + public static final int PRINCIPAL_EMAIL_FIELD_NUMBER = 1; + private volatile java.lang.Object principalEmail_; + /** + * + * + *
+ * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return The principalEmail.
+ */
+ @java.lang.Override
+ public java.lang.String getPrincipalEmail() {
+ java.lang.Object ref = principalEmail_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalEmail_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ * + * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return The bytes for principalEmail.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
+ java.lang.Object ref = principalEmail_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalEmail_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int PRINCIPAL_SUBJECT_FIELD_NUMBER = 2;
+ private volatile java.lang.Object principalSubject_;
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return The principalSubject.
+ */
+ @java.lang.Override
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return The bytes for principalSubject.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ private byte memoizedIsInitialized = -1;
+
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalEmail_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, principalEmail_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, principalSubject_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalEmail_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, principalEmail_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, principalSubject_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)) {
+ return super.equals(obj);
+ }
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo other =
+ (com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo) obj;
+
+ if (!getPrincipalEmail().equals(other.getPrincipalEmail())) return false;
+ if (!getPrincipalSubject().equals(other.getPrincipalSubject())) return false;
+ if (!unknownFields.equals(other.unknownFields)) return false;
+ return true;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + PRINCIPAL_EMAIL_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalEmail().hashCode();
+ hash = (37 * hash) + PRINCIPAL_SUBJECT_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalSubject().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.io.InputStream input) throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+ PARSER, input, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseDelimitedFrom(
+ java.io.InputStream input) throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseDelimitedFrom(
+ java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+ PARSER, input, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+ PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() {
+ return newBuilder();
+ }
+
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+
+ public static Builder newBuilder(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ *
+ *
+ * + * Identity delegation history of an authenticated service account. + *+ * + * Protobuf type {@code google.cloud.securitycenter.v1.ServiceAccountDelegationInfo} + */ + public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder
+ * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return The principalEmail.
+ */
+ public java.lang.String getPrincipalEmail() {
+ java.lang.Object ref = principalEmail_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalEmail_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return The bytes for principalEmail.
+ */
+ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
+ java.lang.Object ref = principalEmail_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalEmail_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @param value The principalEmail to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalEmail(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalEmail_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalEmail() {
+
+ principalEmail_ = getDefaultInstance().getPrincipalEmail();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @param value The bytes for principalEmail to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalEmailBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalEmail_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object principalSubject_ = "";
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return The principalSubject.
+ */
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return The bytes for principalSubject.
+ */
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @param value The principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubject(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalSubject() {
+
+ principalSubject_ = getDefaultInstance().getPrincipalSubject();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @param value The bytes for principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubjectBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+
+ @java.lang.Override
+ public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFields(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+ // @@protoc_insertion_point(builder_scope:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ private static final com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ DEFAULT_INSTANCE;
+
+ static {
+ DEFAULT_INSTANCE = new com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo();
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser+ * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return The principalEmail.
+ */
+ java.lang.String getPrincipalEmail();
+ /**
+ *
+ *
+ * + * The email address of a Google account. + *+ * + *
string principal_email = 1;
+ *
+ * @return The bytes for principalEmail.
+ */
+ com.google.protobuf.ByteString getPrincipalEmailBytes();
+
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return The principalSubject.
+ */
+ java.lang.String getPrincipalSubject();
+ /**
+ *
+ *
+ * + * A string representing the principal_subject associated with the identity. + * As compared to `principal_email`, supports principals that aren't + * associated with email addresses, such as third party principals. For most + * identities, the format will be `principal://iam.googleapis.com/{identity + * pool name}/subjects/{subject}` except for some GKE identities + * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy + * format `serviceAccount:{identity pool name}[{subject}]` + *+ * + *
string principal_subject = 2;
+ *
+ * @return The bytes for principalSubject.
+ */
+ com.google.protobuf.ByteString getPrincipalSubjectBytes();
+}
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto
index e1b572471f16..799b84fcccb8 100644
--- a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto
@@ -27,6 +27,13 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
// Represents an access event.
message Access {
// Associated email, such as "foo@google.com".
+ //
+ // The email address of the authenticated user (or service account on behalf
+ // of third party principal) making the request. For third party identity
+ // callers, the `principal_subject` field is populated instead of this field.
+ // For privacy reasons, the principal email address is sometimes redacted.
+ // For more information, see [Caller identities in audit
+ // logs](https://cloud.google.com/logging/docs/audit#user-id).
string principal_email = 1;
// Caller's IP address, such as "1.1.1.1".
@@ -45,6 +52,45 @@ message Access {
// The method that the service account called, e.g. "SetIamPolicy".
string method_name = 6;
+
+ // A string representing the principal_subject associated with the identity.
+ // As compared to `principal_email`, supports principals that aren't
+ // associated with email addresses, such as third party principals. For most
+ // identities, the format will be `principal://iam.googleapis.com/{identity
+ // pool name}/subjects/{subject}` except for some GKE identities
+ // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ // format `serviceAccount:{identity pool name}[{subject}]`
+ string principal_subject = 7;
+
+ // The name of the service account key used to create or exchange
+ // credentials for authenticating the service account making the request.
+ // This is a scheme-less URI full resource name. For example:
+ //
+ // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ //
+ string service_account_key_name = 8;
+
+ // Identity delegation history of an authenticated service account that makes
+ // the request. It contains information on the real authorities that try to
+ // access GCP resources by delegating on a service account. When multiple
+ // authorities are present, they are guaranteed to be sorted based on the
+ // original ordering of the identity delegation events.
+ repeated ServiceAccountDelegationInfo service_account_delegation_info = 9;
+}
+
+// Identity delegation history of an authenticated service account.
+message ServiceAccountDelegationInfo {
+ // The email address of a Google account.
+ string principal_email = 1;
+
+ // A string representing the principal_subject associated with the identity.
+ // As compared to `principal_email`, supports principals that aren't
+ // associated with email addresses, such as third party principals. For most
+ // identities, the format will be `principal://iam.googleapis.com/{identity
+ // pool name}/subjects/{subject}` except for some GKE identities
+ // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ // format `serviceAccount:{identity pool name}[{subject}]`
+ string principal_subject = 2;
}
// Represents a geographical location for a given access.