diff --git a/.kokoro/continuous/securitycenter.cfg b/.kokoro/continuous/securitycenter.cfg new file mode 100644 index 000000000000..17dc427dae15 --- /dev/null +++ b/.kokoro/continuous/securitycenter.cfg @@ -0,0 +1,7 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Tell the trampoline which build file to use. +env_vars: { + key: "PACKAGE" + value: "securitycenter" +} diff --git a/.kokoro/presubmit/securitycenter.cfg b/.kokoro/presubmit/securitycenter.cfg new file mode 100644 index 000000000000..17dc427dae15 --- /dev/null +++ b/.kokoro/presubmit/securitycenter.cfg @@ -0,0 +1,7 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Tell the trampoline which build file to use. +env_vars: { + key: "PACKAGE" + value: "securitycenter" +} diff --git a/docs/index.rst b/docs/index.rst index 17ce947f2fa2..bc38f4ed1ed2 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -22,6 +22,7 @@ Redis Resource Manager Runtime Configuration + Security Center Security Scanner Spanner Speech diff --git a/docs/requirements.txt b/docs/requirements.txt index 732fda8a3e88..4fc5b7e23d98 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -29,6 +29,7 @@ grpcio-gcp >= 0.2.2 -e redis/ -e resource_manager/ -e runtimeconfig/ +-e securitycenter/ -e spanner/ -e speech/ -e tasks/ diff --git a/docs/securitycenter b/docs/securitycenter new file mode 120000 index 000000000000..c17cf5ceaec8 --- /dev/null +++ b/docs/securitycenter @@ -0,0 +1 @@ +../securitycenter/docs \ No newline at end of file diff --git a/securitycenter/.coveragerc b/securitycenter/.coveragerc new file mode 100644 index 000000000000..e98815844673 --- /dev/null +++ b/securitycenter/.coveragerc @@ -0,0 +1,17 @@ +[run] +branch = True +omit = + */gapic/* + */proto/* + +[report] +fail_under = 100 +show_missing = True +exclude_lines = + # Re-enable the standard pragma + pragma: NO COVER + # Ignore debug-only repr + def __repr__ +omit = + */gapic/* + */proto/* diff --git a/securitycenter/.flake8 b/securitycenter/.flake8 new file mode 100644 index 000000000000..3c9e3266d0a1 --- /dev/null +++ b/securitycenter/.flake8 @@ -0,0 +1,13 @@ +[flake8] +exclude = + # Exclude generated code. + **/proto/** + **/gapic/** + **/types.py + *_pb2.py + + # Standard linting exemptions. + __pycache__, + .git, + *.pyc, + conf.py diff --git a/securitycenter/LICENSE b/securitycenter/LICENSE new file mode 100644 index 000000000000..a8ee855de2aa --- /dev/null +++ b/securitycenter/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/securitycenter/MANIFEST.in b/securitycenter/MANIFEST.in new file mode 100644 index 000000000000..9cbf175afe6b --- /dev/null +++ b/securitycenter/MANIFEST.in @@ -0,0 +1,5 @@ +include README.rst LICENSE +recursive-include google *.json *.proto +recursive-include tests * +global-exclude *.py[co] +global-exclude __pycache__ diff --git a/securitycenter/README.rst b/securitycenter/README.rst new file mode 100644 index 000000000000..d2b19ca2380d --- /dev/null +++ b/securitycenter/README.rst @@ -0,0 +1,83 @@ +Python Client for Cloud Security Command Center API (`Alpha`_) +============================================================== +|alpha| |pypi| |versions| + +`Cloud Security Command Center API`_: The public Cloud Security Command Center API. + +- `Client Library Documentation`_ +- `Product Documentation`_ + +.. |alpha| image:: https://img.shields.io/badge/support-alpha-orange.svg + :target: https://github.com/googleapis/google-cloud-python/blob/master/README.rst#alpha-support +.. |pypi| image:: https://img.shields.io/pypi/v/google-cloud-securitycenter.svg + :target: https://pypi.org/project/google-cloud-securitycenter/ +.. |versions| image:: https://img.shields.io/pypi/pyversions/google-cloud-securitycenter.svg + :target: https://pypi.org/project/google-cloud-securitycenter/ +.. _Alpha: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/README.rst +.. _Cloud Security Command Center API: https://cloud.google.com/security-command-center +.. _Client Library Documentation: https://googlecloudplatform.github.io/google-cloud-python/stable/securitycenter/usage.html +.. _Product Documentation: https://cloud.google.com/security-command-center + + +Quick Start +----------- + +In order to use this library, you first need to go through the following steps: + +1. `Select or create a Cloud Platform project.`_ +2. `Enable billing for your project.`_ +3. `Enable the Cloud Security Command Center API.`_ +4. `Setup Authentication.`_ + +.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project +.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project +.. _Enable the Cloud Security Command Center API.: https://cloud.google.com/security-command-center +.. _Setup Authentication.: https://googlecloudplatform.github.io/google-cloud-python/stable/core/auth.html + +Installation +~~~~~~~~~~~~ + +Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to +create isolated Python environments. The basic problem it addresses is one of +dependencies and versions, and indirectly permissions. + +With `virtualenv`_, it's possible to install this library without needing system +install permissions, and without clashing with the installed system +dependencies. + +.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ + + +Mac/Linux +^^^^^^^^^ + +.. code-block:: console + + pip install virtualenv + virtualenv + source /bin/activate + /bin/pip install google-cloud-securitycenter + + +Windows +^^^^^^^ + +.. code-block:: console + + pip install virtualenv + virtualenv + \Scripts\activate + \Scripts\pip.exe install google-cloud-securitycenter + +Next Steps +~~~~~~~~~~ + +- Read the `Client Library Documentation`_ for Cloud Security Command Center API + API to see other available methods on the client. +- Read the `Cloud Security Command Center API Product documentation`_ to learn + more about the product and see How-to Guides. +- View this `repository’s main README`_ to see the full list of Cloud + APIs that we cover. + +.. _Cloud Security Command Center API Product documentation: https://cloud.google.com/security-command-center +.. _repository’s main README: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/README.rst \ No newline at end of file diff --git a/securitycenter/docs/conf.py b/securitycenter/docs/conf.py new file mode 100644 index 000000000000..f0f50ac8cfbd --- /dev/null +++ b/securitycenter/docs/conf.py @@ -0,0 +1,311 @@ +# -*- coding: utf-8 -*- +# +# google-cloud-securitycenter documentation build configuration file +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys +import os +import shlex + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath('..')) + +__version__ = '0.1.0' + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.autosummary', + 'sphinx.ext.intersphinx', + 'sphinx.ext.coverage', + 'sphinx.ext.napoleon', + 'sphinx.ext.viewcode', +] + +# autodoc/autosummary flags +autoclass_content = 'both' +autodoc_default_flags = ['members'] +autosummary_generate = True + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'google-cloud-securitycenter' +copyright = u'2017, Google' +author = u'Google APIs' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The full version, including alpha/beta/rc tags. +release = __version__ +# The short X.Y version. +version = '.'.join(release.split('.')[0:2]) + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = True + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'sphinx_rtd_theme' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +# html_static_path = [] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +#html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' +#html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +#html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +#html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'google-cloud-securitycenter-doc' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + #'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + #'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + #'preamble': '', + + # Latex figure (float) alignment + #'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'google-cloud-securitycenter.tex', + u'google-cloud-securitycenter Documentation', author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [(master_doc, 'google-cloud-securitycenter', + u'google-cloud-securitycenter Documentation', [author], 1)] + +# If true, show URL addresses after external links. +#man_show_urls = False + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'google-cloud-securitycenter', + u'google-cloud-securitycenter Documentation', author, + 'google-cloud-securitycenter', + 'GAPIC library for the {metadata.shortName} v1beta1 service', 'APIs'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False + +# Example configuration for intersphinx: refer to the Python standard library. +intersphinx_mapping = { + 'python': ('http://python.readthedocs.org/en/latest/', None), + 'gax': ('https://gax-python.readthedocs.org/en/latest/', None), +} + +# Napoleon settings +napoleon_google_docstring = True +napoleon_numpy_docstring = True +napoleon_include_private_with_doc = False +napoleon_include_special_with_doc = True +napoleon_use_admonition_for_examples = False +napoleon_use_admonition_for_notes = False +napoleon_use_admonition_for_references = False +napoleon_use_ivar = False +napoleon_use_param = True +napoleon_use_rtype = True diff --git a/securitycenter/docs/gapic/v1beta1/api.rst b/securitycenter/docs/gapic/v1beta1/api.rst new file mode 100644 index 000000000000..5bf656fea5f0 --- /dev/null +++ b/securitycenter/docs/gapic/v1beta1/api.rst @@ -0,0 +1,6 @@ +Client for Cloud Security Command Center API +============================================ + +.. automodule:: google.cloud.securitycenter_v1beta1 + :members: + :inherited-members: \ No newline at end of file diff --git a/securitycenter/docs/gapic/v1beta1/types.rst b/securitycenter/docs/gapic/v1beta1/types.rst new file mode 100644 index 000000000000..4af19d8c571a --- /dev/null +++ b/securitycenter/docs/gapic/v1beta1/types.rst @@ -0,0 +1,5 @@ +Types for Cloud Security Command Center API Client +================================================== + +.. automodule:: google.cloud.securitycenter_v1beta1.types + :members: \ No newline at end of file diff --git a/securitycenter/docs/index.rst b/securitycenter/docs/index.rst new file mode 100644 index 000000000000..b8194a385e6a --- /dev/null +++ b/securitycenter/docs/index.rst @@ -0,0 +1,9 @@ +.. include:: /../securitycenter/README.rst + +Api Reference +------------- +.. toctree:: + :maxdepth: 2 + + gapic/v1beta1/api + gapic/v1beta1/types \ No newline at end of file diff --git a/securitycenter/google/__init__.py b/securitycenter/google/__init__.py new file mode 100644 index 000000000000..f65701dd143f --- /dev/null +++ b/securitycenter/google/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import pkg_resources + pkg_resources.declare_namespace(__name__) +except ImportError: + import pkgutil + __path__ = pkgutil.extend_path(__path__, __name__) diff --git a/securitycenter/google/cloud/__init__.py b/securitycenter/google/cloud/__init__.py new file mode 100644 index 000000000000..f65701dd143f --- /dev/null +++ b/securitycenter/google/cloud/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import pkg_resources + pkg_resources.declare_namespace(__name__) +except ImportError: + import pkgutil + __path__ = pkgutil.extend_path(__path__, __name__) diff --git a/securitycenter/google/cloud/securitycenter.py b/securitycenter/google/cloud/securitycenter.py new file mode 100644 index 000000000000..0cdbfc23938d --- /dev/null +++ b/securitycenter/google/cloud/securitycenter.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import + +from google.cloud.securitycenter_v1beta1 import SecurityCenterClient +from google.cloud.securitycenter_v1beta1 import enums +from google.cloud.securitycenter_v1beta1 import types + +__all__ = ( + 'enums', + 'types', + 'SecurityCenterClient', +) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/__init__.py b/securitycenter/google/cloud/securitycenter_v1beta1/__init__.py new file mode 100644 index 000000000000..b93174ba6ef1 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/__init__.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import + +from google.cloud.securitycenter_v1beta1 import types +from google.cloud.securitycenter_v1beta1.gapic import enums +from google.cloud.securitycenter_v1beta1.gapic import security_center_client + + +class SecurityCenterClient(security_center_client.SecurityCenterClient): + __doc__ = security_center_client.SecurityCenterClient.__doc__ + enums = enums + + +__all__ = ( + 'enums', + 'types', + 'SecurityCenterClient', +) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/gapic/__init__.py b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/gapic/enums.py b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/enums.py new file mode 100644 index 000000000000..fc6c8c364da7 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/enums.py @@ -0,0 +1,97 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Wrappers for protocol buffer enum types.""" + +import enum + + +class NullValue(enum.IntEnum): + """ + ``NullValue`` is a singleton enumeration to represent the null value for the + ``Value`` type union. + + The JSON representation for ``NullValue`` is JSON ``null``. + + Attributes: + NULL_VALUE (int): Null value. + """ + NULL_VALUE = 0 + + +class Finding(object): + class State(enum.IntEnum): + """ + The state of the finding. + + Attributes: + STATE_UNSPECIFIED (int): Unspecified state. + ACTIVE (int): The finding requires attention and has not been addressed yet. + INACTIVE (int): The finding has been fixed, triaged as a non-issue or otherwise addressed + and is no longer active. + """ + STATE_UNSPECIFIED = 0 + ACTIVE = 1 + INACTIVE = 2 + + +class OrganizationSettings(object): + class AssetDiscoveryConfig(object): + class InclusionMode(enum.IntEnum): + """ + The mode of inclusion when running Asset Discovery. + Asset discovery can be limited by explicitly identifying projects to be + included or excluded. If INCLUDE_ONLY is set then only those projects + (within the organization) and their children are discovered during asset + discovery. If EXCLUDE is set then projects not matching those projects + are discovered during asset discovery. If neither are set then all + projects within the organization are discovered during asset discovery. + + Attributes: + INCLUSION_MODE_UNSPECIFIED (int): Unspecified. Setting the mode with this value will disable + inclusion/exclusion filtering for Asset Discovery. + INCLUDE_ONLY (int): Asset Discovery will capture only the resources within the projects + specified. All other resources will be ignored. + EXCLUDE (int): Asset Discovery will ignore all resources under the projects specified. + All other resources will be retrieved. + """ + INCLUSION_MODE_UNSPECIFIED = 0 + INCLUDE_ONLY = 1 + EXCLUDE = 2 + + +class ListAssetsResponse(object): + class ListAssetsResult(object): + class State(enum.IntEnum): + """ + State of the asset. + + When querying across two points in time this describes + the change between the two points: ADDED, REMOVED, or ACTIVE. + If there was no compare_duration supplied in the request the state should + be: UNUSED + + Attributes: + STATE_UNSPECIFIED (int): Unspecified state. + UNUSED (int): Request did not specify use of this field in the result. + ADDED (int): Asset was added between the points in time. + REMOVED (int): Asset was removed between the points in time. + ACTIVE (int): Asset was active at both point(s) in time. + """ + STATE_UNSPECIFIED = 0 + UNUSED = 1 + ADDED = 2 + REMOVED = 3 + ACTIVE = 4 diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/gapic/security_center_client.py b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/security_center_client.py new file mode 100644 index 000000000000..dba4ab4cd6ed --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/security_center_client.py @@ -0,0 +1,1796 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Accesses the google.cloud.securitycenter.v1beta1 SecurityCenter API.""" + +import functools +import pkg_resources +import warnings + +from google.oauth2 import service_account +import google.api_core.gapic_v1.client_info +import google.api_core.gapic_v1.config +import google.api_core.gapic_v1.method +import google.api_core.grpc_helpers +import google.api_core.operation +import google.api_core.operations_v1 +import google.api_core.page_iterator +import google.api_core.path_template +import grpc + +from google.cloud.securitycenter_v1beta1.gapic import enums +from google.cloud.securitycenter_v1beta1.gapic import security_center_client_config +from google.cloud.securitycenter_v1beta1.gapic.transports import security_center_grpc_transport +from google.cloud.securitycenter_v1beta1.proto import finding_pb2 +from google.cloud.securitycenter_v1beta1.proto import organization_settings_pb2 +from google.cloud.securitycenter_v1beta1.proto import security_marks_pb2 +from google.cloud.securitycenter_v1beta1.proto import securitycenter_service_pb2 +from google.cloud.securitycenter_v1beta1.proto import securitycenter_service_pb2_grpc +from google.cloud.securitycenter_v1beta1.proto import source_pb2 +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import policy_pb2 +from google.longrunning import operations_pb2 +from google.protobuf import duration_pb2 +from google.protobuf import empty_pb2 +from google.protobuf import field_mask_pb2 +from google.protobuf import timestamp_pb2 + +_GAPIC_LIBRARY_VERSION = pkg_resources.get_distribution( + 'google-cloud-securitycenter', ).version + + +class SecurityCenterClient(object): + """V1 Beta APIs for Security Center service.""" + + SERVICE_ADDRESS = 'securitycenter.googleapis.com:443' + """The default address of the service.""" + + # The name of the interface for this client. This is the key used to + # find the method configuration in the client_config dictionary. + _INTERFACE_NAME = 'google.cloud.securitycenter.v1beta1.SecurityCenter' + + @classmethod + def from_service_account_file(cls, filename, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file( + filename) + kwargs['credentials'] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @classmethod + def organization_path(cls, organization): + """Return a fully-qualified organization string.""" + return google.api_core.path_template.expand( + 'organizations/{organization}', + organization=organization, + ) + + @classmethod + def source_path(cls, organization, source): + """Return a fully-qualified source string.""" + return google.api_core.path_template.expand( + 'organizations/{organization}/sources/{source}', + organization=organization, + source=source, + ) + + @classmethod + def organization_settings_path(cls, organization): + """Return a fully-qualified organization_settings string.""" + return google.api_core.path_template.expand( + 'organizations/{organization}/organizationSettings', + organization=organization, + ) + + @classmethod + def finding_path(cls, organization, source, finding): + """Return a fully-qualified finding string.""" + return google.api_core.path_template.expand( + 'organizations/{organization}/sources/{source}/findings/{finding}', + organization=organization, + source=source, + finding=finding, + ) + + @classmethod + def asset_security_marks_path(cls, organization, asset): + """Return a fully-qualified asset_security_marks string.""" + return google.api_core.path_template.expand( + 'organizations/{organization}/assets/{asset}/securityMarks', + organization=organization, + asset=asset, + ) + + def __init__(self, + transport=None, + channel=None, + credentials=None, + client_config=security_center_client_config.config, + client_info=None): + """Constructor. + + Args: + transport (Union[~.SecurityCenterGrpcTransport, + Callable[[~.Credentials, type], ~.SecurityCenterGrpcTransport]): A transport + instance, responsible for actually making the API calls. + The default transport uses the gRPC protocol. + This argument may also be a callable which returns a + transport instance. Callables will be sent the credentials + as the first argument and the default transport class as + the second argument. + channel (grpc.Channel): DEPRECATED. A ``Channel`` instance + through which to make calls. This argument is mutually exclusive + with ``credentials``; providing both will raise an exception. + credentials (google.auth.credentials.Credentials): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is mutually exclusive with providing a + transport instance to ``transport``; doing so will raise + an exception. + client_config (dict): DEPRECATED. A dictionary of call options for + each method. If not specified, the default configuration is used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + """ + # Raise deprecation warnings for things we want to go away. + if client_config: + warnings.warn('The `client_config` argument is deprecated.', + PendingDeprecationWarning) + if channel: + warnings.warn( + 'The `channel` argument is deprecated; use ' + '`transport` instead.', PendingDeprecationWarning) + + # Instantiate the transport. + # The transport is responsible for handling serialization and + # deserialization and actually sending data to the service. + if transport: + if callable(transport): + self.transport = transport( + credentials=credentials, + default_class=security_center_grpc_transport. + SecurityCenterGrpcTransport, + ) + else: + if credentials: + raise ValueError( + 'Received both a transport instance and ' + 'credentials; these are mutually exclusive.') + self.transport = transport + else: + self.transport = security_center_grpc_transport.SecurityCenterGrpcTransport( + address=self.SERVICE_ADDRESS, + channel=channel, + credentials=credentials, + ) + + if client_info is None: + client_info = ( + google.api_core.gapic_v1.client_info.DEFAULT_CLIENT_INFO) + client_info.gapic_version = _GAPIC_LIBRARY_VERSION + self._client_info = client_info + + # Parse out the default settings for retry and timeout for each RPC + # from the client configuration. + # (Ordinarily, these are the defaults specified in the `*_config.py` + # file next to this one.) + self._method_configs = google.api_core.gapic_v1.config.parse_method_configs( + client_config['interfaces'][self._INTERFACE_NAME], ) + + # Save a dictionary of cached API call functions. + # These are the actual callables which invoke the proper + # transport methods, wrapped with `wrap_method` to add retry, + # timeout, and the like. + self._inner_api_calls = {} + + # Service calls + def create_source(self, + parent, + source, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Creates a source. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.organization_path('[ORGANIZATION]') + >>> + >>> # TODO: Initialize ``source``: + >>> source = {} + >>> + >>> response = client.create_source(parent, source) + + Args: + parent (str): Resource name of the new source's parent. Its format should be + \"organizations/[organization_id]\". + source (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Source]): The Source being created, only the display_name and description will be + used. All other fields will be ignored. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Source` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Source` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'create_source' not in self._inner_api_calls: + self._inner_api_calls[ + 'create_source'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.create_source, + default_retry=self._method_configs['CreateSource'].retry, + default_timeout=self._method_configs['CreateSource']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.CreateSourceRequest( + parent=parent, + source=source, + ) + return self._inner_api_calls['create_source']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def create_finding(self, + parent, + finding_id, + finding, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Creates a finding. The corresponding source must exist for finding creation + to succeed. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> # TODO: Initialize ``finding_id``: + >>> finding_id = '' + >>> + >>> # TODO: Initialize ``finding``: + >>> finding = {} + >>> + >>> response = client.create_finding(parent, finding_id, finding) + + Args: + parent (str): Resource name of the new finding's parent. Its format should be + \"organizations/[organization_id]/sources/[source_id]\". + finding_id (str): Unique identifier provided by the client within the parent scope. + It must be alphanumeric and less than or equal to 32 characters and + greater than 0 characters in length. + finding (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Finding]): The Finding being created. The name and security_marks will be ignored as + they are both output only fields on this resource. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Finding` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Finding` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'create_finding' not in self._inner_api_calls: + self._inner_api_calls[ + 'create_finding'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.create_finding, + default_retry=self._method_configs['CreateFinding'].retry, + default_timeout=self._method_configs['CreateFinding']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.CreateFindingRequest( + parent=parent, + finding_id=finding_id, + finding=finding, + ) + return self._inner_api_calls['create_finding']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def get_iam_policy(self, + resource, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Gets the access control policy on the specified Source. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> response = client.get_iam_policy(resource) + + Args: + resource (str): REQUIRED: The resource for which the policy is being requested. + ``resource`` is usually specified as a path. For example, a Project + resource is specified as ``projects/{project}``. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Policy` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_iam_policy' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_iam_policy'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_iam_policy, + default_retry=self._method_configs['GetIamPolicy'].retry, + default_timeout=self._method_configs['GetIamPolicy']. + timeout, + client_info=self._client_info, + ) + + request = iam_policy_pb2.GetIamPolicyRequest(resource=resource, ) + return self._inner_api_calls['get_iam_policy']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def get_organization_settings( + self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Gets the settings for an organization. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> name = client.organization_settings_path('[ORGANIZATION]') + >>> + >>> response = client.get_organization_settings(name) + + Args: + name (str): Name of the organization to get organization settings for. Its format is + \"organizations/[organization_id]/organizationSettings\". + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.OrganizationSettings` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_organization_settings' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_organization_settings'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_organization_settings, + default_retry=self. + _method_configs['GetOrganizationSettings'].retry, + default_timeout=self. + _method_configs['GetOrganizationSettings'].timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.GetOrganizationSettingsRequest( + name=name, ) + return self._inner_api_calls['get_organization_settings']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def get_source(self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Gets a source. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> name = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> response = client.get_source(name) + + Args: + name (str): Relative resource name of the source. Its format is + \"organizations/[organization_id]/source/[source_id]\". + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Source` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_source' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_source'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_source, + default_retry=self._method_configs['GetSource'].retry, + default_timeout=self._method_configs['GetSource'].timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.GetSourceRequest(name=name, ) + return self._inner_api_calls['get_source']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def group_assets(self, + parent, + group_by, + filter_=None, + compare_duration=None, + read_time=None, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Filters an organization's assets and groups them by their specified + properties. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.organization_path('[ORGANIZATION]') + >>> + >>> # TODO: Initialize ``group_by``: + >>> group_by = '' + >>> + >>> # Iterate over all results + >>> for element in client.group_assets(parent, group_by): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.group_assets(parent, group_by, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Name of the organization to groupBy. Its format is + \"organizations/[organization_id]\". + group_by (str): Expression that defines what assets fields to use for grouping. The string + value should follow SQL syntax: comma separated list of fields. For + example: + \"security_center_properties.resource_project,security_center_properties.project\". + + The following fields are supported when compare_duration is not set: + + * security_center_properties.resource_name + * security_center_properties.resource_project + * security_center_properties.resource_type + * security_center_properties.resource_parent + + The following fields are supported when compare_duration is set: + + * security_center_properties.resource_type + filter_ (str): Expression that defines the filter to apply across assets. + The expression is a list of zero or more restrictions combined via logical + operators ``AND`` and ``OR``. + Parentheses are not supported, and ``OR`` has higher precedence than ``AND``. + + Restrictions have the form `` `` and may have a ``-`` + character in front of them to indicate negation. The fields map to those + defined in the Asset resource. Examples include: + + * name + * security_center_properties.resource_name + * resource_properties.a_property + * security_marks.marks.marka + + The supported operators are: + + * ``=`` for all value types. + * ``>``, ``<``, ``>=``, ``<=`` for integer values. + * ``:``, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals ``true`` and ``false`` without quotes. + + For example, ``resource_properties.size = 100`` is a valid filter string. + compare_duration (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Duration]): When compare_duration is set, the Asset's \"state\" property is updated to + indicate whether the asset was added, removed, or remained present during + the compare_duration period of time that precedes the read_time. This is + the time between (read_time - compare_duration) and read_time. + + The state value is derived based on the presence of the asset at the two + points in time. Intermediate state changes between the two times don't + affect the result. For example, the results aren't affected if the asset is + removed and re-created again. + + Possible \"state\" values when compare_duration is specified: + + * \"ADDED\": indicates that the asset was not present before + compare_duration, but present at reference_time. + * \"REMOVED\": indicates that the asset was present at the start of + compare_duration, but not present at reference_time. + * \"ACTIVE_AT_BOTH\": indicates that the asset was present at both the + start and the end of the time period defined by + compare_duration and reference_time. + + This field is ignored if ``state`` is not a field in ``group_by``. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Duration` + read_time (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Timestamp]): Time used as a reference point when filtering assets. The filter is limited + to assets existing at the supplied time and their values are those at that + specific time. Absence of this field will default to the API's version of + NOW. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Timestamp` + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.securitycenter_v1beta1.types.GroupResult` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'group_assets' not in self._inner_api_calls: + self._inner_api_calls[ + 'group_assets'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.group_assets, + default_retry=self._method_configs['GroupAssets'].retry, + default_timeout=self._method_configs['GroupAssets']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.GroupAssetsRequest( + parent=parent, + group_by=group_by, + filter=filter_, + compare_duration=compare_duration, + read_time=read_time, + page_size=page_size, + ) + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['group_assets'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='group_by_results', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def group_findings(self, + parent, + group_by, + filter_=None, + read_time=None, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Filters an organization or source's findings and groups them by their + specified properties. + + To group across all sources provide a ``-`` as the source id. + Example: /v1beta1/organizations/123/sources/-/findings + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> # TODO: Initialize ``group_by``: + >>> group_by = '' + >>> + >>> # Iterate over all results + >>> for element in client.group_findings(parent, group_by): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.group_findings(parent, group_by, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Name of the source to groupBy. Its format is + \"organizations/[organization_id]/sources/[source_id]\". To groupBy across + all sources provide a source_id of ``-``. For example: + organizations/123/sources/- + group_by (str): Expression that defines what assets fields to use for grouping (including + ``state``). The string value should follow SQL syntax: comma separated list + of fields. For example: + \"parent,resource_name\". + + The following fields are supported: + + * resource_name + * category + * state + * parent + filter_ (str): Expression that defines the filter to apply across findings. + The expression is a list of one or more restrictions combined via logical + operators ``AND`` and ``OR``. + Parentheses are not supported, and ``OR`` has higher precedence than ``AND``. + + Restrictions have the form `` `` and may have a ``-`` + character in front of them to indicate negation. Examples include: + + * name + * source_properties.a_property + * security_marks.marks.marka + + The supported operators are: + + * ``=`` for all value types. + * ``>``, ``<``, ``>=``, ``<=`` for integer values. + * ``:``, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals ``true`` and ``false`` without quotes. + + For example, ``source_properties.size = 100`` is a valid filter string. + read_time (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Timestamp]): Time used as a reference point when filtering findings. The filter is + limited to findings existing at the supplied time and their values are + those at that specific time. Absence of this field will default to the + API's version of NOW. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Timestamp` + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.securitycenter_v1beta1.types.GroupResult` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'group_findings' not in self._inner_api_calls: + self._inner_api_calls[ + 'group_findings'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.group_findings, + default_retry=self._method_configs['GroupFindings'].retry, + default_timeout=self._method_configs['GroupFindings']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.GroupFindingsRequest( + parent=parent, + group_by=group_by, + filter=filter_, + read_time=read_time, + page_size=page_size, + ) + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['group_findings'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='group_by_results', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def list_assets(self, + parent, + filter_=None, + order_by=None, + read_time=None, + compare_duration=None, + field_mask=None, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Lists an organization's assets. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.organization_path('[ORGANIZATION]') + >>> + >>> # Iterate over all results + >>> for element in client.list_assets(parent): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.list_assets(parent, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Name of the organization assets should belong to. Its format is + \"organizations/[organization_id]\". + filter_ (str): Expression that defines the filter to apply across assets. + The expression is a list of zero or more restrictions combined via logical + operators ``AND`` and ``OR``. + Parentheses are not supported, and ``OR`` has higher precedence than ``AND``. + + Restrictions have the form `` `` and may have a ``-`` + character in front of them to indicate negation. The fields map to those + defined in the Asset resource. Examples include: + + * name + * security_center_properties.resource_name + * resource_properties.a_property + * security_marks.marks.marka + + The supported operators are: + + * ``=`` for all value types. + * ``>``, ``<``, ``>=``, ``<=`` for integer values. + * ``:``, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals ``true`` and ``false`` without quotes. + + For example, ``resource_properties.size = 100`` is a valid filter string. + order_by (str): Expression that defines what fields and order to use for sorting. The + string value should follow SQL syntax: comma separated list of fields. For + example: \"name,resource_properties.a_property\". The default sorting order + is ascending. To specify descending order for a field, a suffix \" desc\" + should be appended to the field name. For example: \"name + desc,resource_properties.a_property\". Redundant space characters in the + syntax are insignificant. \"name desc,resource_properties.a_property\" and \" + name desc , resource_properties.a_property \" are equivalent. + read_time (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Timestamp]): Time used as a reference point when filtering assets. The filter is limited + to assets existing at the supplied time and their values are those at that + specific time. Absence of this field will default to the API's version of + NOW. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Timestamp` + compare_duration (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Duration]): When compare_duration is set, the ListAssetResult's \"state\" attribute is + updated to indicate whether the asset was added, removed, or remained + present during the compare_duration period of time that precedes the + read_time. This is the time between (read_time - + compare_duration) and read_time. + + The state value is derived based on the presence of the asset at the two + points in time. Intermediate state changes between the two times don't + affect the result. For example, the results aren't affected if the asset is + removed and re-created again. + + Possible \"state\" values when compare_duration is specified: + + * \"ADDED\": indicates that the asset was not present before + compare_duration, but present at read_time. + * \"REMOVED\": indicates that the asset was present at the start of + compare_duration, but not present at read_time. + * \"ACTIVE\": indicates that the asset was present at both the + start and the end of the time period defined by + compare_duration and read_time. + + If compare_duration is not specified, then the only possible state is + \"UNUSED\", which indicates that the asset is present at read_time. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Duration` + field_mask (Union[dict, ~google.cloud.securitycenter_v1beta1.types.FieldMask]): Optional. + + A field mask to specify the ListAssetsResult fields to be listed in the + response. + An empty field mask will list all fields. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.FieldMask` + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.securitycenter_v1beta1.types.ListAssetsResult` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'list_assets' not in self._inner_api_calls: + self._inner_api_calls[ + 'list_assets'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.list_assets, + default_retry=self._method_configs['ListAssets'].retry, + default_timeout=self._method_configs['ListAssets'].timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.ListAssetsRequest( + parent=parent, + filter=filter_, + order_by=order_by, + read_time=read_time, + compare_duration=compare_duration, + field_mask=field_mask, + page_size=page_size, + ) + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['list_assets'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='list_assets_results', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def list_findings(self, + parent, + filter_=None, + order_by=None, + read_time=None, + field_mask=None, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Lists an organization or source's assets. + + To list across all sources provide a ``-`` as the source id. + Example: /v1beta1/organizations/123/sources/-/findings + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> # Iterate over all results + >>> for element in client.list_findings(parent): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.list_findings(parent, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Name of the source the findings belong to. Its format is + \"organizations/[organization_id]/sources/[source_id]\". To list across all + sources provide a source_id of ``-``. For example: + organizations/123/sources/- + filter_ (str): Expression that defines the filter to apply across findings. + The expression is a list of one or more restrictions combined via logical + operators ``AND`` and ``OR``. + Parentheses are not supported, and ``OR`` has higher precedence than ``AND``. + + Restrictions have the form `` `` and may have a ``-`` + character in front of them to indicate negation. Examples include: + + * name + * source_properties.a_property + * security_marks.marks.marka + + The supported operators are: + + * ``=`` for all value types. + * ``>``, ``<``, ``>=``, ``<=`` for integer values. + * ``:``, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals ``true`` and ``false`` without quotes. + + For example, ``source_properties.size = 100`` is a valid filter string. + order_by (str): Expression that defines what fields and order to use for sorting. The + string value should follow SQL syntax: comma separated list of fields. For + example: \"name,resource_properties.a_property\". The default sorting order + is ascending. To specify descending order for a field, a suffix \" desc\" + should be appended to the field name. For example: \"name + desc,source_properties.a_property\". Redundant space characters in the + syntax are insignificant. \"name desc,source_properties.a_property\" and \" + name desc , source_properties.a_property \" are equivalent. + read_time (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Timestamp]): Time used as a reference point when filtering findings. The filter is + limited to findings existing at the supplied time and their values are + those at that specific time. Absence of this field will default to the + API's version of NOW. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Timestamp` + field_mask (Union[dict, ~google.cloud.securitycenter_v1beta1.types.FieldMask]): Optional. + + A field mask to specify the Finding fields to be listed in the response. + An empty field mask will list all fields. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.FieldMask` + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.securitycenter_v1beta1.types.Finding` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'list_findings' not in self._inner_api_calls: + self._inner_api_calls[ + 'list_findings'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.list_findings, + default_retry=self._method_configs['ListFindings'].retry, + default_timeout=self._method_configs['ListFindings']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.ListFindingsRequest( + parent=parent, + filter=filter_, + order_by=order_by, + read_time=read_time, + field_mask=field_mask, + page_size=page_size, + ) + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['list_findings'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='findings', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def list_sources(self, + parent, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Lists all sources belonging to an organization. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.organization_path('[ORGANIZATION]') + >>> + >>> # Iterate over all results + >>> for element in client.list_sources(parent): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.list_sources(parent, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Resource name of the parent of sources to list. Its format should be + \"organizations/[organization_id]\". + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.securitycenter_v1beta1.types.Source` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'list_sources' not in self._inner_api_calls: + self._inner_api_calls[ + 'list_sources'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.list_sources, + default_retry=self._method_configs['ListSources'].retry, + default_timeout=self._method_configs['ListSources']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.ListSourcesRequest( + parent=parent, + page_size=page_size, + ) + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['list_sources'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='sources', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def run_asset_discovery(self, + parent, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Runs asset discovery. The discovery is tracked with a long-running + operation. + + This API can only be called with limited frequency for an organization. If + it is called too frequently the caller will receive a TOO_MANY_REQUESTS + error. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> parent = client.organization_path('[ORGANIZATION]') + >>> + >>> response = client.run_asset_discovery(parent) + >>> + >>> def callback(operation_future): + ... # Handle result. + ... result = operation_future.result() + >>> + >>> response.add_done_callback(callback) + >>> + >>> # Handle metadata. + >>> metadata = response.metadata() + + Args: + parent (str): Name of the organization to run asset discovery for. Its format is + \"organizations/[organization_id]\". + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types._OperationFuture` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'run_asset_discovery' not in self._inner_api_calls: + self._inner_api_calls[ + 'run_asset_discovery'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.run_asset_discovery, + default_retry=self._method_configs['RunAssetDiscovery']. + retry, + default_timeout=self._method_configs['RunAssetDiscovery']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.RunAssetDiscoveryRequest( + parent=parent, ) + operation = self._inner_api_calls['run_asset_discovery']( + request, retry=retry, timeout=timeout, metadata=metadata) + return google.api_core.operation.from_gapic( + operation, + self.transport._operations_client, + empty_pb2.Empty, + metadata_type=empty_pb2.Empty, + ) + + def set_finding_state(self, + name, + state, + start_time, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Updates the state of a finding. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> from google.cloud.securitycenter_v1beta1 import enums + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> name = client.finding_path('[ORGANIZATION]', '[SOURCE]', '[FINDING]') + >>> + >>> # TODO: Initialize ``state``: + >>> state = enums.Finding.State.STATE_UNSPECIFIED + >>> + >>> # TODO: Initialize ``start_time``: + >>> start_time = {} + >>> + >>> response = client.set_finding_state(name, state, start_time) + + Args: + name (str): The relative resource name of the finding. See: + https://cloud.google.com/apis/design/resource_names#relative_resource_name + Example: + \"organizations/123/sources/456/finding/789\". + state (~google.cloud.securitycenter_v1beta1.types.State): The desired State of the finding. + start_time (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Timestamp]): The time at which the updated state takes effect. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Timestamp` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Finding` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'set_finding_state' not in self._inner_api_calls: + self._inner_api_calls[ + 'set_finding_state'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.set_finding_state, + default_retry=self._method_configs['SetFindingState']. + retry, + default_timeout=self._method_configs['SetFindingState']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.SetFindingStateRequest( + name=name, + state=state, + start_time=start_time, + ) + return self._inner_api_calls['set_finding_state']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def set_iam_policy(self, + resource, + policy, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Sets the access control policy on the specified Source. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> # TODO: Initialize ``policy``: + >>> policy = {} + >>> + >>> response = client.set_iam_policy(resource, policy) + + Args: + resource (str): REQUIRED: The resource for which the policy is being specified. + ``resource`` is usually specified as a path. For example, a Project + resource is specified as ``projects/{project}``. + policy (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The size of + the policy is limited to a few 10s of KB. An empty policy is a + valid policy but certain Cloud Platform services (such as Projects) + might reject them. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Policy` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Policy` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'set_iam_policy' not in self._inner_api_calls: + self._inner_api_calls[ + 'set_iam_policy'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.set_iam_policy, + default_retry=self._method_configs['SetIamPolicy'].retry, + default_timeout=self._method_configs['SetIamPolicy']. + timeout, + client_info=self._client_info, + ) + + request = iam_policy_pb2.SetIamPolicyRequest( + resource=resource, + policy=policy, + ) + return self._inner_api_calls['set_iam_policy']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def test_iam_permissions(self, + resource, + permissions, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Returns the permissions that a caller has on the specified source. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + >>> + >>> # TODO: Initialize ``permissions``: + >>> permissions = [] + >>> + >>> response = client.test_iam_permissions(resource, permissions) + + Args: + resource (str): REQUIRED: The resource for which the policy detail is being requested. + ``resource`` is usually specified as a path. For example, a Project + resource is specified as ``projects/{project}``. + permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with + wildcards (such as '*' or 'storage.*') are not allowed. For more + information see + `IAM Overview `_. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.TestIamPermissionsResponse` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'test_iam_permissions' not in self._inner_api_calls: + self._inner_api_calls[ + 'test_iam_permissions'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.test_iam_permissions, + default_retry=self._method_configs['TestIamPermissions']. + retry, + default_timeout=self._method_configs['TestIamPermissions']. + timeout, + client_info=self._client_info, + ) + + request = iam_policy_pb2.TestIamPermissionsRequest( + resource=resource, + permissions=permissions, + ) + return self._inner_api_calls['test_iam_permissions']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_finding(self, + finding, + update_mask=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Creates or updates a finding. The corresponding source must exist for a + finding creation to succeed. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> # TODO: Initialize ``finding``: + >>> finding = {} + >>> + >>> response = client.update_finding(finding) + + Args: + finding (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Finding]): The finding resource to update or create if it does not already exist. + parent, security_marks, and update_time will be ignored. + + In the case of creation, the finding id portion of the name must + alphanumeric and less than or equal to 32 characters and greater than 0 + characters in length. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Finding` + update_mask (Union[dict, ~google.cloud.securitycenter_v1beta1.types.FieldMask]): The FieldMask to use when updating the finding resource. This field is + ignored if the finding does not already exist and the finding is created. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.FieldMask` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Finding` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_finding' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_finding'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_finding, + default_retry=self._method_configs['UpdateFinding'].retry, + default_timeout=self._method_configs['UpdateFinding']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.UpdateFindingRequest( + finding=finding, + update_mask=update_mask, + ) + return self._inner_api_calls['update_finding']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_organization_settings( + self, + organization_settings, + update_mask=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Updates an organization's settings. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> # TODO: Initialize ``organization_settings``: + >>> organization_settings = {} + >>> + >>> response = client.update_organization_settings(organization_settings) + + Args: + organization_settings (Union[dict, ~google.cloud.securitycenter_v1beta1.types.OrganizationSettings]): The organization settings resource to update. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.OrganizationSettings` + update_mask (Union[dict, ~google.cloud.securitycenter_v1beta1.types.FieldMask]): The FieldMask to use when updating the settings resource. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.FieldMask` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.OrganizationSettings` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_organization_settings' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_organization_settings'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_organization_settings, + default_retry=self. + _method_configs['UpdateOrganizationSettings'].retry, + default_timeout=self. + _method_configs['UpdateOrganizationSettings'].timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.UpdateOrganizationSettingsRequest( + organization_settings=organization_settings, + update_mask=update_mask, + ) + return self._inner_api_calls['update_organization_settings']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_source(self, + source, + update_mask=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Updates a source. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> # TODO: Initialize ``source``: + >>> source = {} + >>> + >>> response = client.update_source(source) + + Args: + source (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Source]): The source resource to update. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Source` + update_mask (Union[dict, ~google.cloud.securitycenter_v1beta1.types.FieldMask]): The FieldMask to use when updating the source resource. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.FieldMask` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.Source` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_source' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_source'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_source, + default_retry=self._method_configs['UpdateSource'].retry, + default_timeout=self._method_configs['UpdateSource']. + timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.UpdateSourceRequest( + source=source, + update_mask=update_mask, + ) + return self._inner_api_calls['update_source']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_security_marks(self, + security_marks, + update_mask=None, + start_time=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Updates security marks. + + Example: + >>> from google.cloud import securitycenter_v1beta1 + >>> + >>> client = securitycenter_v1beta1.SecurityCenterClient() + >>> + >>> # TODO: Initialize ``security_marks``: + >>> security_marks = {} + >>> + >>> response = client.update_security_marks(security_marks) + + Args: + security_marks (Union[dict, ~google.cloud.securitycenter_v1beta1.types.SecurityMarks]): The security marks resource to update. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.SecurityMarks` + update_mask (Union[dict, ~google.cloud.securitycenter_v1beta1.types.FieldMask]): The FieldMask to use when updating the security marks resource. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.FieldMask` + start_time (Union[dict, ~google.cloud.securitycenter_v1beta1.types.Timestamp]): The time at which the updated SecurityMarks take effect. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.securitycenter_v1beta1.types.Timestamp` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.securitycenter_v1beta1.types.SecurityMarks` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_security_marks' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_security_marks'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_security_marks, + default_retry=self._method_configs['UpdateSecurityMarks']. + retry, + default_timeout=self. + _method_configs['UpdateSecurityMarks'].timeout, + client_info=self._client_info, + ) + + request = securitycenter_service_pb2.UpdateSecurityMarksRequest( + security_marks=security_marks, + update_mask=update_mask, + start_time=start_time, + ) + return self._inner_api_calls['update_security_marks']( + request, retry=retry, timeout=timeout, metadata=metadata) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/gapic/security_center_client_config.py b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/security_center_client_config.py new file mode 100644 index 000000000000..e9444324e9b4 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/security_center_client_config.py @@ -0,0 +1,113 @@ +config = { + "interfaces": { + "google.cloud.securitycenter.v1beta1.SecurityCenter": { + "retry_codes": { + "idempotent": ["DEADLINE_EXCEEDED", "UNAVAILABLE"], + "non_idempotent": [] + }, + "retry_params": { + "default": { + "initial_retry_delay_millis": 100, + "retry_delay_multiplier": 1.3, + "max_retry_delay_millis": 60000, + "initial_rpc_timeout_millis": 20000, + "rpc_timeout_multiplier": 1.0, + "max_rpc_timeout_millis": 20000, + "total_timeout_millis": 600000 + } + }, + "methods": { + "CreateSource": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "CreateFinding": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "GetIamPolicy": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GetOrganizationSettings": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GetSource": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GroupAssets": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GroupFindings": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "ListAssets": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "ListFindings": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "ListSources": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "RunAssetDiscovery": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "SetFindingState": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "SetIamPolicy": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "TestIamPermissions": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "UpdateFinding": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "UpdateOrganizationSettings": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "UpdateSource": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "UpdateSecurityMarks": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + } + } + } + } +} diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/gapic/transports/__init__.py b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/transports/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/gapic/transports/security_center_grpc_transport.py b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/transports/security_center_grpc_transport.py new file mode 100644 index 000000000000..91a84c600f36 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/gapic/transports/security_center_grpc_transport.py @@ -0,0 +1,349 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import google.api_core.grpc_helpers +import google.api_core.operations_v1 + +from google.cloud.securitycenter_v1beta1.proto import securitycenter_service_pb2_grpc + + +class SecurityCenterGrpcTransport(object): + """gRPC transport class providing stubs for + google.cloud.securitycenter.v1beta1 SecurityCenter API. + + The transport provides access to the raw gRPC stubs, + which can be used to take advantage of advanced + features of gRPC. + """ + # The scopes needed to make gRPC calls to all of the methods defined + # in this service. + _OAUTH_SCOPES = ('https://www.googleapis.com/auth/cloud-platform', ) + + def __init__(self, + channel=None, + credentials=None, + address='securitycenter.googleapis.com:443'): + """Instantiate the transport class. + + Args: + channel (grpc.Channel): A ``Channel`` instance through + which to make calls. This argument is mutually exclusive + with ``credentials``; providing both will raise an exception. + credentials (google.auth.credentials.Credentials): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If none + are specified, the client will attempt to ascertain the + credentials from the environment. + address (str): The address where the service is hosted. + """ + # If both `channel` and `credentials` are specified, raise an + # exception (channels come with credentials baked in already). + if channel is not None and credentials is not None: + raise ValueError( + 'The `channel` and `credentials` arguments are mutually ' + 'exclusive.', ) + + # Create the channel. + if channel is None: + channel = self.create_channel( + address=address, + credentials=credentials, + ) + + # gRPC uses objects called "stubs" that are bound to the + # channel and provide a basic method for each RPC. + self._stubs = { + 'security_center_stub': + securitycenter_service_pb2_grpc.SecurityCenterStub(channel), + } + + # Because this API includes a method that returns a + # long-running operation (proto: google.longrunning.Operation), + # instantiate an LRO client. + self._operations_client = google.api_core.operations_v1.OperationsClient( + channel) + + @classmethod + def create_channel(cls, + address='securitycenter.googleapis.com:443', + credentials=None): + """Create and return a gRPC channel object. + + Args: + address (str): The host for the channel to use. + credentials (~.Credentials): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + + Returns: + grpc.Channel: A gRPC channel object. + """ + return google.api_core.grpc_helpers.create_channel( + address, + credentials=credentials, + scopes=cls._OAUTH_SCOPES, + ) + + @property + def create_source(self): + """Return the gRPC stub for {$apiMethod.name}. + + Creates a source. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].CreateSource + + @property + def create_finding(self): + """Return the gRPC stub for {$apiMethod.name}. + + Creates a finding. The corresponding source must exist for finding creation + to succeed. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].CreateFinding + + @property + def get_iam_policy(self): + """Return the gRPC stub for {$apiMethod.name}. + + Gets the access control policy on the specified Source. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].GetIamPolicy + + @property + def get_organization_settings(self): + """Return the gRPC stub for {$apiMethod.name}. + + Gets the settings for an organization. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].GetOrganizationSettings + + @property + def get_source(self): + """Return the gRPC stub for {$apiMethod.name}. + + Gets a source. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].GetSource + + @property + def group_assets(self): + """Return the gRPC stub for {$apiMethod.name}. + + Filters an organization's assets and groups them by their specified + properties. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].GroupAssets + + @property + def group_findings(self): + """Return the gRPC stub for {$apiMethod.name}. + + Filters an organization or source's findings and groups them by their + specified properties. + + To group across all sources provide a ``-`` as the source id. + Example: /v1beta1/organizations/123/sources/-/findings + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].GroupFindings + + @property + def list_assets(self): + """Return the gRPC stub for {$apiMethod.name}. + + Lists an organization's assets. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].ListAssets + + @property + def list_findings(self): + """Return the gRPC stub for {$apiMethod.name}. + + Lists an organization or source's assets. + + To list across all sources provide a ``-`` as the source id. + Example: /v1beta1/organizations/123/sources/-/findings + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].ListFindings + + @property + def list_sources(self): + """Return the gRPC stub for {$apiMethod.name}. + + Lists all sources belonging to an organization. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].ListSources + + @property + def run_asset_discovery(self): + """Return the gRPC stub for {$apiMethod.name}. + + Runs asset discovery. The discovery is tracked with a long-running + operation. + + This API can only be called with limited frequency for an organization. If + it is called too frequently the caller will receive a TOO_MANY_REQUESTS + error. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].RunAssetDiscovery + + @property + def set_finding_state(self): + """Return the gRPC stub for {$apiMethod.name}. + + Updates the state of a finding. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].SetFindingState + + @property + def set_iam_policy(self): + """Return the gRPC stub for {$apiMethod.name}. + + Sets the access control policy on the specified Source. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].SetIamPolicy + + @property + def test_iam_permissions(self): + """Return the gRPC stub for {$apiMethod.name}. + + Returns the permissions that a caller has on the specified source. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].TestIamPermissions + + @property + def update_finding(self): + """Return the gRPC stub for {$apiMethod.name}. + + Creates or updates a finding. The corresponding source must exist for a + finding creation to succeed. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].UpdateFinding + + @property + def update_organization_settings(self): + """Return the gRPC stub for {$apiMethod.name}. + + Updates an organization's settings. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].UpdateOrganizationSettings + + @property + def update_source(self): + """Return the gRPC stub for {$apiMethod.name}. + + Updates a source. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].UpdateSource + + @property + def update_security_marks(self): + """Return the gRPC stub for {$apiMethod.name}. + + Updates security marks. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['security_center_stub'].UpdateSecurityMarks diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/__init__.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py new file mode 100644 index 000000000000..30c10817f4cd --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2.py @@ -0,0 +1,290 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/securitycenter_v1beta1/proto/asset.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 +from google.cloud.securitycenter_v1beta1.proto import security_marks_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2 +from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 +from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/securitycenter_v1beta1/proto/asset.proto', + package='google.cloud.securitycenter.v1beta1', + syntax='proto3', + serialized_pb=_b('\n5google/cloud/securitycenter_v1beta1/proto/asset.proto\x12#google.cloud.securitycenter.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a>google/cloud/securitycenter_v1beta1/proto/security_marks.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xf7\x04\n\x05\x41sset\x12\x0c\n\x04name\x18\x01 \x01(\t\x12g\n\x1asecurity_center_properties\x18\x02 \x01(\x0b\x32\x43.google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties\x12_\n\x13resource_properties\x18\x07 \x03(\x0b\x32\x42.google.cloud.securitycenter.v1beta1.Asset.ResourcePropertiesEntry\x12J\n\x0esecurity_marks\x18\x08 \x01(\x0b\x32\x32.google.cloud.securitycenter.v1beta1.SecurityMarks\x12/\n\x0b\x63reate_time\x18\t \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\n \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x1a\x94\x01\n\x18SecurityCenterProperties\x12\x15\n\rresource_name\x18\x01 \x01(\t\x12\x15\n\rresource_type\x18\x02 \x01(\t\x12\x17\n\x0fresource_parent\x18\x03 \x01(\t\x12\x18\n\x10resource_project\x18\x04 \x01(\t\x12\x17\n\x0fresource_owners\x18\x05 \x03(\t\x1aQ\n\x17ResourcePropertiesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12%\n\x05value\x18\x02 \x01(\x0b\x32\x16.google.protobuf.Value:\x02\x38\x01\x42|\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenterb\x06proto3') + , + dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2.DESCRIPTOR,google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR,]) + + + + +_ASSET_SECURITYCENTERPROPERTIES = _descriptor.Descriptor( + name='SecurityCenterProperties', + full_name='google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='resource_name', full_name='google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties.resource_name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resource_type', full_name='google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties.resource_type', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resource_parent', full_name='google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties.resource_parent', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resource_project', full_name='google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties.resource_project', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resource_owners', full_name='google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties.resource_owners', index=4, + number=5, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=652, + serialized_end=800, +) + +_ASSET_RESOURCEPROPERTIESENTRY = _descriptor.Descriptor( + name='ResourcePropertiesEntry', + full_name='google.cloud.securitycenter.v1beta1.Asset.ResourcePropertiesEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='google.cloud.securitycenter.v1beta1.Asset.ResourcePropertiesEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='value', full_name='google.cloud.securitycenter.v1beta1.Asset.ResourcePropertiesEntry.value', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=_descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')), + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=802, + serialized_end=883, +) + +_ASSET = _descriptor.Descriptor( + name='Asset', + full_name='google.cloud.securitycenter.v1beta1.Asset', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.securitycenter.v1beta1.Asset.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='security_center_properties', full_name='google.cloud.securitycenter.v1beta1.Asset.security_center_properties', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resource_properties', full_name='google.cloud.securitycenter.v1beta1.Asset.resource_properties', index=2, + number=7, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='security_marks', full_name='google.cloud.securitycenter.v1beta1.Asset.security_marks', index=3, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='create_time', full_name='google.cloud.securitycenter.v1beta1.Asset.create_time', index=4, + number=9, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='update_time', full_name='google.cloud.securitycenter.v1beta1.Asset.update_time', index=5, + number=10, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[_ASSET_SECURITYCENTERPROPERTIES, _ASSET_RESOURCEPROPERTIESENTRY, ], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=252, + serialized_end=883, +) + +_ASSET_SECURITYCENTERPROPERTIES.containing_type = _ASSET +_ASSET_RESOURCEPROPERTIESENTRY.fields_by_name['value'].message_type = google_dot_protobuf_dot_struct__pb2._VALUE +_ASSET_RESOURCEPROPERTIESENTRY.containing_type = _ASSET +_ASSET.fields_by_name['security_center_properties'].message_type = _ASSET_SECURITYCENTERPROPERTIES +_ASSET.fields_by_name['resource_properties'].message_type = _ASSET_RESOURCEPROPERTIESENTRY +_ASSET.fields_by_name['security_marks'].message_type = google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2._SECURITYMARKS +_ASSET.fields_by_name['create_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_ASSET.fields_by_name['update_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +DESCRIPTOR.message_types_by_name['Asset'] = _ASSET +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +Asset = _reflection.GeneratedProtocolMessageType('Asset', (_message.Message,), dict( + + SecurityCenterProperties = _reflection.GeneratedProtocolMessageType('SecurityCenterProperties', (_message.Message,), dict( + DESCRIPTOR = _ASSET_SECURITYCENTERPROPERTIES, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.asset_pb2' + , + __doc__ = """Security Center managed properties. These properties are managed by + Security Center and cannot be modified by the user. + + + Attributes: + resource_name: + The full resource name of the Google Cloud Platform resource + this asset represents. This field is immutable after create + time. See: https://cloud.google.com/apis/design/resource\_name + s#full\_resource\_name + resource_type: + The type of the Google Cloud resource. Examples include: + APPLICATION, PROJECT, and ORGANIZATION. This is a case + insensitive field defined by Security Center and/or the + producer of the resource and is immutable after create time. + resource_parent: + The full resource name of the immediate parent of the + resource. See: https://cloud.google.com/apis/design/resource\_ + names#full\_resource\_name + resource_project: + The full resource name of the project the resource belongs to. + See: https://cloud.google.com/apis/design/resource\_names#full + \_resource\_name + resource_owners: + Owners of the Google Cloud resource. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.Asset.SecurityCenterProperties) + )) + , + + ResourcePropertiesEntry = _reflection.GeneratedProtocolMessageType('ResourcePropertiesEntry', (_message.Message,), dict( + DESCRIPTOR = _ASSET_RESOURCEPROPERTIESENTRY, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.asset_pb2' + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.Asset.ResourcePropertiesEntry) + )) + , + DESCRIPTOR = _ASSET, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.asset_pb2' + , + __doc__ = """Security Center's representation of a Google Cloud Platform resource. + + The Asset is a resource of Security Center that is meant to capture + information regarding a single Google Cloud Platform resource. All + modifications to an Asset are only within the context of Security Center + and do not effect the referenced Google Cloud Platform resource. + + + Attributes: + name: + The relative resource name of this asset. See: https://cloud.g + oogle.com/apis/design/resource\_names#relative\_resource\_name + Example: "organizations/123/assets/456". + security_center_properties: + Security Center managed properties. These properties are + managed by Security Center and cannot be modified by the user. + resource_properties: + Resource managed properties. These properties are managed and + defined by the Google Cloud Platform resource and cannot be + modified by the user. + security_marks: + User specified security marks. These marks are entirely + managed by the user and come from the SecurityMarks resource + belonging to the asset. + create_time: + The time at which the asset was created in Security Center. + update_time: + The time at which the asset was last updated, added, or + deleted in Security Center. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.Asset) + )) +_sym_db.RegisterMessage(Asset) +_sym_db.RegisterMessage(Asset.SecurityCenterProperties) +_sym_db.RegisterMessage(Asset.ResourcePropertiesEntry) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter')) +_ASSET_RESOURCEPROPERTIESENTRY.has_options = True +_ASSET_RESOURCEPROPERTIESENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) +# @@protoc_insertion_point(module_scope) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2_grpc.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2_grpc.py new file mode 100644 index 000000000000..a89435267cb2 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/asset_pb2_grpc.py @@ -0,0 +1,3 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py new file mode 100644 index 000000000000..955b0b48d060 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2.py @@ -0,0 +1,270 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/securitycenter_v1beta1/proto/finding.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 +from google.cloud.securitycenter_v1beta1.proto import security_marks_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2 +from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 +from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/securitycenter_v1beta1/proto/finding.proto', + package='google.cloud.securitycenter.v1beta1', + syntax='proto3', + serialized_pb=_b('\n7google/cloud/securitycenter_v1beta1/proto/finding.proto\x12#google.cloud.securitycenter.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a>google/cloud/securitycenter_v1beta1/proto/security_marks.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xc0\x04\n\x07\x46inding\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06parent\x18\x02 \x01(\t\x12\x15\n\rresource_name\x18\x03 \x01(\t\x12\x41\n\x05state\x18\x04 \x01(\x0e\x32\x32.google.cloud.securitycenter.v1beta1.Finding.State\x12\x10\n\x08\x63\x61tegory\x18\x05 \x01(\t\x12\x14\n\x0c\x65xternal_uri\x18\x06 \x01(\t\x12]\n\x11source_properties\x18\x07 \x03(\x0b\x32\x42.google.cloud.securitycenter.v1beta1.Finding.SourcePropertiesEntry\x12J\n\x0esecurity_marks\x18\x08 \x01(\x0b\x32\x32.google.cloud.securitycenter.v1beta1.SecurityMarks\x12.\n\nevent_time\x18\t \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0b\x63reate_time\x18\n \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x1aO\n\x15SourcePropertiesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12%\n\x05value\x18\x02 \x01(\x0b\x32\x16.google.protobuf.Value:\x02\x38\x01\"8\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\n\n\x06\x41\x43TIVE\x10\x01\x12\x0c\n\x08INACTIVE\x10\x02\x42|\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenterb\x06proto3') + , + dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2.DESCRIPTOR,google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR,]) + + + +_FINDING_STATE = _descriptor.EnumDescriptor( + name='State', + full_name='google.cloud.securitycenter.v1beta1.Finding.State', + filename=None, + file=DESCRIPTOR, + values=[ + _descriptor.EnumValueDescriptor( + name='STATE_UNSPECIFIED', index=0, number=0, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='ACTIVE', index=1, number=1, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='INACTIVE', index=2, number=2, + options=None, + type=None), + ], + containing_type=None, + options=None, + serialized_start=774, + serialized_end=830, +) +_sym_db.RegisterEnumDescriptor(_FINDING_STATE) + + +_FINDING_SOURCEPROPERTIESENTRY = _descriptor.Descriptor( + name='SourcePropertiesEntry', + full_name='google.cloud.securitycenter.v1beta1.Finding.SourcePropertiesEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='google.cloud.securitycenter.v1beta1.Finding.SourcePropertiesEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='value', full_name='google.cloud.securitycenter.v1beta1.Finding.SourcePropertiesEntry.value', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=_descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')), + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=693, + serialized_end=772, +) + +_FINDING = _descriptor.Descriptor( + name='Finding', + full_name='google.cloud.securitycenter.v1beta1.Finding', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.securitycenter.v1beta1.Finding.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.securitycenter.v1beta1.Finding.parent', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resource_name', full_name='google.cloud.securitycenter.v1beta1.Finding.resource_name', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='state', full_name='google.cloud.securitycenter.v1beta1.Finding.state', index=3, + number=4, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='category', full_name='google.cloud.securitycenter.v1beta1.Finding.category', index=4, + number=5, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='external_uri', full_name='google.cloud.securitycenter.v1beta1.Finding.external_uri', index=5, + number=6, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='source_properties', full_name='google.cloud.securitycenter.v1beta1.Finding.source_properties', index=6, + number=7, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='security_marks', full_name='google.cloud.securitycenter.v1beta1.Finding.security_marks', index=7, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='event_time', full_name='google.cloud.securitycenter.v1beta1.Finding.event_time', index=8, + number=9, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='create_time', full_name='google.cloud.securitycenter.v1beta1.Finding.create_time', index=9, + number=10, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[_FINDING_SOURCEPROPERTIESENTRY, ], + enum_types=[ + _FINDING_STATE, + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=254, + serialized_end=830, +) + +_FINDING_SOURCEPROPERTIESENTRY.fields_by_name['value'].message_type = google_dot_protobuf_dot_struct__pb2._VALUE +_FINDING_SOURCEPROPERTIESENTRY.containing_type = _FINDING +_FINDING.fields_by_name['state'].enum_type = _FINDING_STATE +_FINDING.fields_by_name['source_properties'].message_type = _FINDING_SOURCEPROPERTIESENTRY +_FINDING.fields_by_name['security_marks'].message_type = google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2._SECURITYMARKS +_FINDING.fields_by_name['event_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_FINDING.fields_by_name['create_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_FINDING_STATE.containing_type = _FINDING +DESCRIPTOR.message_types_by_name['Finding'] = _FINDING +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +Finding = _reflection.GeneratedProtocolMessageType('Finding', (_message.Message,), dict( + + SourcePropertiesEntry = _reflection.GeneratedProtocolMessageType('SourcePropertiesEntry', (_message.Message,), dict( + DESCRIPTOR = _FINDING_SOURCEPROPERTIESENTRY, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.finding_pb2' + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.Finding.SourcePropertiesEntry) + )) + , + DESCRIPTOR = _FINDING, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.finding_pb2' + , + __doc__ = """Security Center's finding. + + A finding is a record of assessment data (security, risk, health or + privacy) ingested into Security Center for presentation, notification, + analysis, policy testing and enforcement. For example, an XSS + vulnerability in an AppEngine application is a finding. + + + Attributes: + name: + The relative resource name of this finding. See: https://cloud + .google.com/apis/design/resource\_names#relative\_resource\_na + me Example: "organizations/123/sources/456/findings/789" + parent: + The relative resource name of the source the finding belongs + to. See: https://cloud.google.com/apis/design/resource\_names# + relative\_resource\_name This field is immutable after + creation time. For example: "organizations/123/sources/456" + resource_name: + The full resource name of the Google Cloud Platform resource + this finding is for. See: https://cloud.google.com/apis/design + /resource\_names#full\_resource\_name This field is immutable + after creation time. + state: + The state of the finding. + category: + The additional taxonomy group within findings from a give + source. This field is immutable after creation time. Example: + "XSS\_FLASH\_INJECTION" + external_uri: + The URI that, if available, points to a web page outside of + Security Center where additional information about the finding + can be found. This field is guaranteed to be either empty or a + well formed url. + source_properties: + Source specific properties. These properties are managed by + the source writing the finding. + security_marks: + Output only. User specified security marks. These marks are + entirely managed by the user and come from the SecurityMarks + resource belonging to the finding. + event_time: + The time at which the event took place. For example, if the + finding represents an open firewall it would capture the time + the open firewall was detected. + create_time: + The time at which the finding was created in Security Center. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.Finding) + )) +_sym_db.RegisterMessage(Finding) +_sym_db.RegisterMessage(Finding.SourcePropertiesEntry) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter')) +_FINDING_SOURCEPROPERTIESENTRY.has_options = True +_FINDING_SOURCEPROPERTIESENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) +# @@protoc_insertion_point(module_scope) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2_grpc.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2_grpc.py new file mode 100644 index 000000000000..a89435267cb2 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/finding_pb2_grpc.py @@ -0,0 +1,3 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py new file mode 100644 index 000000000000..111cea582360 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2.py @@ -0,0 +1,191 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/securitycenter_v1beta1/proto/organization_settings.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/securitycenter_v1beta1/proto/organization_settings.proto', + package='google.cloud.securitycenter.v1beta1', + syntax='proto3', + serialized_pb=_b('\nEgoogle/cloud/securitycenter_v1beta1/proto/organization_settings.proto\x12#google.cloud.securitycenter.v1beta1\x1a\x1cgoogle/api/annotations.proto\"\xa8\x03\n\x14OrganizationSettings\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x1e\n\x16\x65nable_asset_discovery\x18\x02 \x01(\x08\x12n\n\x16\x61sset_discovery_config\x18\x03 \x01(\x0b\x32N.google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig\x1a\xf1\x01\n\x14\x41ssetDiscoveryConfig\x12\x13\n\x0bproject_ids\x18\x01 \x03(\t\x12t\n\x0einclusion_mode\x18\x02 \x01(\x0e\x32\\.google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode\"N\n\rInclusionMode\x12\x1e\n\x1aINCLUSION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0cINCLUDE_ONLY\x10\x01\x12\x0b\n\x07\x45XCLUDE\x10\x02\x42|\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenterb\x06proto3') + , + dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,]) + + + +_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG_INCLUSIONMODE = _descriptor.EnumDescriptor( + name='InclusionMode', + full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode', + filename=None, + file=DESCRIPTOR, + values=[ + _descriptor.EnumValueDescriptor( + name='INCLUSION_MODE_UNSPECIFIED', index=0, number=0, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='INCLUDE_ONLY', index=1, number=1, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='EXCLUDE', index=2, number=2, + options=None, + type=None), + ], + containing_type=None, + options=None, + serialized_start=487, + serialized_end=565, +) +_sym_db.RegisterEnumDescriptor(_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG_INCLUSIONMODE) + + +_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG = _descriptor.Descriptor( + name='AssetDiscoveryConfig', + full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='project_ids', full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig.project_ids', index=0, + number=1, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='inclusion_mode', full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig.inclusion_mode', index=1, + number=2, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + _ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG_INCLUSIONMODE, + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=324, + serialized_end=565, +) + +_ORGANIZATIONSETTINGS = _descriptor.Descriptor( + name='OrganizationSettings', + full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='enable_asset_discovery', full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.enable_asset_discovery', index=1, + number=2, type=8, cpp_type=7, label=1, + has_default_value=False, default_value=False, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='asset_discovery_config', full_name='google.cloud.securitycenter.v1beta1.OrganizationSettings.asset_discovery_config', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG, ], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=141, + serialized_end=565, +) + +_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG.fields_by_name['inclusion_mode'].enum_type = _ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG_INCLUSIONMODE +_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG.containing_type = _ORGANIZATIONSETTINGS +_ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG_INCLUSIONMODE.containing_type = _ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG +_ORGANIZATIONSETTINGS.fields_by_name['asset_discovery_config'].message_type = _ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG +DESCRIPTOR.message_types_by_name['OrganizationSettings'] = _ORGANIZATIONSETTINGS +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +OrganizationSettings = _reflection.GeneratedProtocolMessageType('OrganizationSettings', (_message.Message,), dict( + + AssetDiscoveryConfig = _reflection.GeneratedProtocolMessageType('AssetDiscoveryConfig', (_message.Message,), dict( + DESCRIPTOR = _ORGANIZATIONSETTINGS_ASSETDISCOVERYCONFIG, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.organization_settings_pb2' + , + __doc__ = """The configuration used for Asset Discovery runs. + + + Attributes: + project_ids: + The project ids to use for filtering asset discovery. + inclusion_mode: + The mode to use for filtering asset discovery. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.OrganizationSettings.AssetDiscoveryConfig) + )) + , + DESCRIPTOR = _ORGANIZATIONSETTINGS, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.organization_settings_pb2' + , + __doc__ = """User specified settings that are attached to the Security Center + organization. + + + Attributes: + name: + The relative resource name of the settings. See: https://cloud + .google.com/apis/design/resource\_names#relative\_resource\_na + me Example: "organizations/123/organizationSettings". + enable_asset_discovery: + A flag indicating whether Asset Discovery should be enabled. + If the flag is set to true then discovery of assets will + occur. If it is set to false all historical assets will remain + but discovery of future assets will not occur. + asset_discovery_config: + The configuration used for Asset Discovery runs. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.OrganizationSettings) + )) +_sym_db.RegisterMessage(OrganizationSettings) +_sym_db.RegisterMessage(OrganizationSettings.AssetDiscoveryConfig) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter')) +# @@protoc_insertion_point(module_scope) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2_grpc.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2_grpc.py new file mode 100644 index 000000000000..a89435267cb2 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings_pb2_grpc.py @@ -0,0 +1,3 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py new file mode 100644 index 000000000000..264b80065328 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2.py @@ -0,0 +1,150 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/securitycenter_v1beta1/proto/security_marks.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/securitycenter_v1beta1/proto/security_marks.proto', + package='google.cloud.securitycenter.v1beta1', + syntax='proto3', + serialized_pb=_b('\n>google/cloud/securitycenter_v1beta1/proto/security_marks.proto\x12#google.cloud.securitycenter.v1beta1\x1a\x1cgoogle/api/annotations.proto\"\x99\x01\n\rSecurityMarks\x12\x0c\n\x04name\x18\x01 \x01(\t\x12L\n\x05marks\x18\x02 \x03(\x0b\x32=.google.cloud.securitycenter.v1beta1.SecurityMarks.MarksEntry\x1a,\n\nMarksEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x42|\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenterb\x06proto3') + , + dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,]) + + + + +_SECURITYMARKS_MARKSENTRY = _descriptor.Descriptor( + name='MarksEntry', + full_name='google.cloud.securitycenter.v1beta1.SecurityMarks.MarksEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='google.cloud.securitycenter.v1beta1.SecurityMarks.MarksEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='value', full_name='google.cloud.securitycenter.v1beta1.SecurityMarks.MarksEntry.value', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=_descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')), + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=243, + serialized_end=287, +) + +_SECURITYMARKS = _descriptor.Descriptor( + name='SecurityMarks', + full_name='google.cloud.securitycenter.v1beta1.SecurityMarks', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.securitycenter.v1beta1.SecurityMarks.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='marks', full_name='google.cloud.securitycenter.v1beta1.SecurityMarks.marks', index=1, + number=2, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[_SECURITYMARKS_MARKSENTRY, ], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=134, + serialized_end=287, +) + +_SECURITYMARKS_MARKSENTRY.containing_type = _SECURITYMARKS +_SECURITYMARKS.fields_by_name['marks'].message_type = _SECURITYMARKS_MARKSENTRY +DESCRIPTOR.message_types_by_name['SecurityMarks'] = _SECURITYMARKS +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +SecurityMarks = _reflection.GeneratedProtocolMessageType('SecurityMarks', (_message.Message,), dict( + + MarksEntry = _reflection.GeneratedProtocolMessageType('MarksEntry', (_message.Message,), dict( + DESCRIPTOR = _SECURITYMARKS_MARKSENTRY, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.security_marks_pb2' + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.SecurityMarks.MarksEntry) + )) + , + DESCRIPTOR = _SECURITYMARKS, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.security_marks_pb2' + , + __doc__ = """User specified security marks that are attached to the parent Security + Center resource. Security marks are scoped within a Security Center + organization -- they are modifiable and viewable by all with proper + permissions on the organization. + + + Attributes: + name: + The relative resource name of the SecurityMarks. See: https:// + cloud.google.com/apis/design/resource\_names#relative\_resourc + e\_name Examples: "organizations/123/assets/456/securityMarks" + "organizations/123/sources/456/findings/789/securityMarks". + marks: + Mutable user specified security marks belonging to the parent + resource. Constraints are as follows: - Keys and values are + treated as case insensitive - Keys must be alphanumeric and + between 1 - 256 characters (inclusive) - Values have leading + and trailing whitespace trimmed, remaining characters must be + between 1 - 4096 characters (inclusive) + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.SecurityMarks) + )) +_sym_db.RegisterMessage(SecurityMarks) +_sym_db.RegisterMessage(SecurityMarks.MarksEntry) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter')) +_SECURITYMARKS_MARKSENTRY.has_options = True +_SECURITYMARKS_MARKSENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) +# @@protoc_insertion_point(module_scope) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2_grpc.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2_grpc.py new file mode 100644 index 000000000000..a89435267cb2 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks_pb2_grpc.py @@ -0,0 +1,3 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py new file mode 100644 index 000000000000..5803c2308fba --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/securitycenter_service_pb2.py @@ -0,0 +1,2020 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 +from google.cloud.securitycenter_v1beta1.proto import asset_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_asset__pb2 +from google.cloud.securitycenter_v1beta1.proto import finding_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_finding__pb2 +from google.cloud.securitycenter_v1beta1.proto import organization_settings_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_organization__settings__pb2 +from google.cloud.securitycenter_v1beta1.proto import security_marks_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_security__marks__pb2 +from google.cloud.securitycenter_v1beta1.proto import source_pb2 as google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_source__pb2 +from google.iam.v1 import iam_policy_pb2 as google_dot_iam_dot_v1_dot_iam__policy__pb2 +from google.iam.v1 import policy_pb2 as google_dot_iam_dot_v1_dot_policy__pb2 +from google.longrunning import operations_pb2 as google_dot_longrunning_dot_operations__pb2 +from google.protobuf import duration_pb2 as google_dot_protobuf_dot_duration__pb2 +from google.protobuf import empty_pb2 as google_dot_protobuf_dot_empty__pb2 +from google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2 +from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 +from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto', + package='google.cloud.securitycenter.v1beta1', + syntax='proto3', + serialized_pb=_b('\nFgoogle/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto\x12#google.cloud.securitycenter.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a\x35google/cloud/securitycenter_v1beta1/proto/asset.proto\x1a\x37google/cloud/securitycenter_v1beta1/proto/finding.proto\x1a\x45google/cloud/securitycenter_v1beta1/proto/organization_settings.proto\x1a>google/cloud/securitycenter_v1beta1/proto/security_marks.proto\x1a\x36google/cloud/securitycenter_v1beta1/proto/source.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a#google/longrunning/operations.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a google/protobuf/field_mask.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"y\n\x14\x43reateFindingRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x12\n\nfinding_id\x18\x02 \x01(\t\x12=\n\x07\x66inding\x18\x03 \x01(\x0b\x32,.google.cloud.securitycenter.v1beta1.Finding\"b\n\x13\x43reateSourceRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12;\n\x06source\x18\x02 \x01(\x0b\x32+.google.cloud.securitycenter.v1beta1.Source\".\n\x1eGetOrganizationSettingsRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\" \n\x10GetSourceRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\"\xd1\x01\n\x12GroupAssetsRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x10\n\x08group_by\x18\x03 \x01(\t\x12\x33\n\x10\x63ompare_duration\x18\x04 \x01(\x0b\x32\x19.google.protobuf.Duration\x12-\n\tread_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x12\n\npage_token\x18\x07 \x01(\t\x12\x11\n\tpage_size\x18\x08 \x01(\x05\"\xa9\x01\n\x13GroupAssetsResponse\x12J\n\x10group_by_results\x18\x01 \x03(\x0b\x32\x30.google.cloud.securitycenter.v1beta1.GroupResult\x12-\n\tread_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x17\n\x0fnext_page_token\x18\x03 \x01(\t\"\x9e\x01\n\x14GroupFindingsRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x10\n\x08group_by\x18\x03 \x01(\t\x12-\n\tread_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x12\n\npage_token\x18\x05 \x01(\t\x12\x11\n\tpage_size\x18\x06 \x01(\x05\"\xab\x01\n\x15GroupFindingsResponse\x12J\n\x10group_by_results\x18\x01 \x03(\x0b\x32\x30.google.cloud.securitycenter.v1beta1.GroupResult\x12-\n\tread_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x17\n\x0fnext_page_token\x18\x03 \x01(\t\"\xbd\x01\n\x0bGroupResult\x12T\n\nproperties\x18\x01 \x03(\x0b\x32@.google.cloud.securitycenter.v1beta1.GroupResult.PropertiesEntry\x12\r\n\x05\x63ount\x18\x02 \x01(\x03\x1aI\n\x0fPropertiesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12%\n\x05value\x18\x02 \x01(\x0b\x32\x16.google.protobuf.Value:\x02\x38\x01\"K\n\x12ListSourcesRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x12\n\npage_token\x18\x02 \x01(\t\x12\x11\n\tpage_size\x18\x07 \x01(\x05\"l\n\x13ListSourcesResponse\x12<\n\x07sources\x18\x01 \x03(\x0b\x32+.google.cloud.securitycenter.v1beta1.Source\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\x80\x02\n\x11ListAssetsRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x10\n\x08order_by\x18\x03 \x01(\t\x12-\n\tread_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x33\n\x10\x63ompare_duration\x18\x05 \x01(\x0b\x32\x19.google.protobuf.Duration\x12.\n\nfield_mask\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\x12\x12\n\npage_token\x18\x08 \x01(\t\x12\x11\n\tpage_size\x18\t \x01(\x05\"\xd6\x03\n\x12ListAssetsResponse\x12\x65\n\x13list_assets_results\x18\x01 \x03(\x0b\x32H.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult\x12-\n\tread_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x17\n\x0fnext_page_token\x18\x03 \x01(\t\x12\x12\n\ntotal_size\x18\x04 \x01(\x05\x1a\xfc\x01\n\x10ListAssetsResult\x12\x39\n\x05\x61sset\x18\x01 \x01(\x0b\x32*.google.cloud.securitycenter.v1beta1.Asset\x12]\n\x05state\x18\x02 \x01(\x0e\x32N.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult.State\"N\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\n\n\x06UNUSED\x10\x01\x12\t\n\x05\x41\x44\x44\x45\x44\x10\x02\x12\x0b\n\x07REMOVED\x10\x03\x12\n\n\x06\x41\x43TIVE\x10\x04\"\xcd\x01\n\x13ListFindingsRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x10\n\x08order_by\x18\x03 \x01(\t\x12-\n\tread_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12.\n\nfield_mask\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\x12\x12\n\npage_token\x18\x06 \x01(\t\x12\x11\n\tpage_size\x18\x07 \x01(\x05\"\xb2\x01\n\x14ListFindingsResponse\x12>\n\x08\x66indings\x18\x01 \x03(\x0b\x32,.google.cloud.securitycenter.v1beta1.Finding\x12-\n\tread_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x17\n\x0fnext_page_token\x18\x03 \x01(\t\x12\x12\n\ntotal_size\x18\x04 \x01(\x05\"\x99\x01\n\x16SetFindingStateRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x41\n\x05state\x18\x02 \x01(\x0e\x32\x32.google.cloud.securitycenter.v1beta1.Finding.State\x12.\n\nstart_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\"*\n\x18RunAssetDiscoveryRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\"\x86\x01\n\x14UpdateFindingRequest\x12=\n\x07\x66inding\x18\x01 \x01(\x0b\x32,.google.cloud.securitycenter.v1beta1.Finding\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\xae\x01\n!UpdateOrganizationSettingsRequest\x12X\n\x15organization_settings\x18\x01 \x01(\x0b\x32\x39.google.cloud.securitycenter.v1beta1.OrganizationSettings\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\x83\x01\n\x13UpdateSourceRequest\x12;\n\x06source\x18\x01 \x01(\x0b\x32+.google.cloud.securitycenter.v1beta1.Source\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\xc9\x01\n\x1aUpdateSecurityMarksRequest\x12J\n\x0esecurity_marks\x18\x01 \x01(\x0b\x32\x32.google.cloud.securitycenter.v1beta1.SecurityMarks\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\x12.\n\nstart_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.Timestamp2\x80\x1c\n\x0eSecurityCenter\x12\xb0\x01\n\x0c\x43reateSource\x12\x38.google.cloud.securitycenter.v1beta1.CreateSourceRequest\x1a+.google.cloud.securitycenter.v1beta1.Source\"9\x82\xd3\xe4\x93\x02\x33\")/v1beta1/{parent=organizations/*}/sources:\x06source\x12\xbf\x01\n\rCreateFinding\x12\x39.google.cloud.securitycenter.v1beta1.CreateFindingRequest\x1a,.google.cloud.securitycenter.v1beta1.Finding\"E\x82\xd3\xe4\x93\x02?\"4/v1beta1/{parent=organizations/*/sources/*}/findings:\x07\x66inding\x12\x90\x01\n\x0cGetIamPolicy\x12\".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\"E\x82\xd3\xe4\x93\x02?\":/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy:\x01*\x12\xd7\x01\n\x17GetOrganizationSettings\x12\x43.google.cloud.securitycenter.v1beta1.GetOrganizationSettingsRequest\x1a\x39.google.cloud.securitycenter.v1beta1.OrganizationSettings\"<\x82\xd3\xe4\x93\x02\x36\x12\x34/v1beta1/{name=organizations/*/organizationSettings}\x12\xa2\x01\n\tGetSource\x12\x35.google.cloud.securitycenter.v1beta1.GetSourceRequest\x1a+.google.cloud.securitycenter.v1beta1.Source\"1\x82\xd3\xe4\x93\x02+\x12)/v1beta1/{name=organizations/*/sources/*}\x12\xbb\x01\n\x0bGroupAssets\x12\x37.google.cloud.securitycenter.v1beta1.GroupAssetsRequest\x1a\x38.google.cloud.securitycenter.v1beta1.GroupAssetsResponse\"9\x82\xd3\xe4\x93\x02\x33\"./v1beta1/{parent=organizations/*}/assets:group:\x01*\x12\xcd\x01\n\rGroupFindings\x12\x39.google.cloud.securitycenter.v1beta1.GroupFindingsRequest\x1a:.google.cloud.securitycenter.v1beta1.GroupFindingsResponse\"E\x82\xd3\xe4\x93\x02?\":/v1beta1/{parent=organizations/*/sources/*}/findings:group:\x01*\x12\xaf\x01\n\nListAssets\x12\x36.google.cloud.securitycenter.v1beta1.ListAssetsRequest\x1a\x37.google.cloud.securitycenter.v1beta1.ListAssetsResponse\"0\x82\xd3\xe4\x93\x02*\x12(/v1beta1/{parent=organizations/*}/assets\x12\xc1\x01\n\x0cListFindings\x12\x38.google.cloud.securitycenter.v1beta1.ListFindingsRequest\x1a\x39.google.cloud.securitycenter.v1beta1.ListFindingsResponse\"<\x82\xd3\xe4\x93\x02\x36\x12\x34/v1beta1/{parent=organizations/*/sources/*}/findings\x12\xb3\x01\n\x0bListSources\x12\x37.google.cloud.securitycenter.v1beta1.ListSourcesRequest\x1a\x38.google.cloud.securitycenter.v1beta1.ListSourcesResponse\"1\x82\xd3\xe4\x93\x02+\x12)/v1beta1/{parent=organizations/*}/sources\x12\xb3\x01\n\x11RunAssetDiscovery\x12=.google.cloud.securitycenter.v1beta1.RunAssetDiscoveryRequest\x1a\x1d.google.longrunning.Operation\"@\x82\xd3\xe4\x93\x02:\"5/v1beta1/{parent=organizations/*}/assets:runDiscovery:\x01*\x12\xc6\x01\n\x0fSetFindingState\x12;.google.cloud.securitycenter.v1beta1.SetFindingStateRequest\x1a,.google.cloud.securitycenter.v1beta1.Finding\"H\x82\xd3\xe4\x93\x02\x42\"=/v1beta1/{name=organizations/*/sources/*/findings/*}:setState:\x01*\x12\x90\x01\n\x0cSetIamPolicy\x12\".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\"E\x82\xd3\xe4\x93\x02?\":/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy:\x01*\x12\xb6\x01\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse\"K\x82\xd3\xe4\x93\x02\x45\"@/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions:\x01*\x12\xc7\x01\n\rUpdateFinding\x12\x39.google.cloud.securitycenter.v1beta1.UpdateFindingRequest\x1a,.google.cloud.securitycenter.v1beta1.Finding\"M\x82\xd3\xe4\x93\x02G2 `` and + may have a ``-`` character in front of them to indicate + negation. The fields map to those defined in the Asset + resource. Examples include: - name - + security\_center\_properties.resource\_name - + resource\_properties.a\_property - + security\_marks.marks.marka The supported operators are: - + ``=`` for all value types. - ``>``, ``<``, ``>=``, ``<=`` for + integer values. - ``:``, meaning substring matching, for + strings. The supported value types are: - string literals + in quotes. - integer literals without quotes. - boolean + literals ``true`` and ``false`` without quotes. For example, + ``resource_properties.size = 100`` is a valid filter string. + group_by: + Expression that defines what assets fields to use for + grouping. The string value should follow SQL syntax: comma + separated list of fields. For example: "security\_center\_prop + erties.resource\_project,security\_center\_properties.project" + . The following fields are supported when compare\_duration + is not set: - security\_center\_properties.resource\_name - + security\_center\_properties.resource\_project - + security\_center\_properties.resource\_type - + security\_center\_properties.resource\_parent The following + fields are supported when compare\_duration is set: - + security\_center\_properties.resource\_type + compare_duration: + When compare\_duration is set, the Asset's "state" property is + updated to indicate whether the asset was added, removed, or + remained present during the compare\_duration period of time + that precedes the read\_time. This is the time between + (read\_time - compare\_duration) and read\_time. The state + value is derived based on the presence of the asset at the two + points in time. Intermediate state changes between the two + times don't affect the result. For example, the results aren't + affected if the asset is removed and re-created again. + Possible "state" values when compare\_duration is specified: + - "ADDED": indicates that the asset was not present before + compare\_duration, but present at reference\_time. - + "REMOVED": indicates that the asset was present at the start + of compare\_duration, but not present at reference\_time. - + "ACTIVE\_AT\_BOTH": indicates that the asset was present at + both the start and the end of the time period defined by + compare\_duration and reference\_time. This field is + ignored if ``state`` is not a field in ``group_by``. + read_time: + Time used as a reference point when filtering assets. The + filter is limited to assets existing at the supplied time and + their values are those at that specific time. Absence of this + field will default to the API's version of NOW. + page_token: + The value returned by the last ``GroupAssetsResponse``; + indicates that this is a continuation of a prior + ``GroupAssets`` call, and that the system should return the + next page of data. + page_size: + The maximum number of results to return in a single response. + Default is 10, minimum is 1, maximum is 1000. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.GroupAssetsRequest) + )) +_sym_db.RegisterMessage(GroupAssetsRequest) + +GroupAssetsResponse = _reflection.GeneratedProtocolMessageType('GroupAssetsResponse', (_message.Message,), dict( + DESCRIPTOR = _GROUPASSETSRESPONSE, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Response message for grouping by assets. + + + Attributes: + group_by_results: + Group results. There exists an element for each existing + unique combination of property/values. The element contains a + count for the number of times those specific property/values + appear. + read_time: + Time used for executing the groupBy request. + next_page_token: + Token to retrieve the next page of results, or empty if there + are no more results. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.GroupAssetsResponse) + )) +_sym_db.RegisterMessage(GroupAssetsResponse) + +GroupFindingsRequest = _reflection.GeneratedProtocolMessageType('GroupFindingsRequest', (_message.Message,), dict( + DESCRIPTOR = _GROUPFINDINGSREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for grouping by findings. + + + Attributes: + parent: + Name of the source to groupBy. Its format is + "organizations/[organization\_id]/sources/[source\_id]". To + groupBy across all sources provide a source\_id of ``-``. For + example: organizations/123/sources/- + filter: + Expression that defines the filter to apply across findings. + The expression is a list of one or more restrictions combined + via logical operators ``AND`` and ``OR``. Parentheses are not + supported, and ``OR`` has higher precedence than ``AND``. + Restrictions have the form `` `` and + may have a ``-`` character in front of them to indicate + negation. Examples include: - name - + source\_properties.a\_property - security\_marks.marks.marka + The supported operators are: - ``=`` for all value types. - + ``>``, ``<``, ``>=``, ``<=`` for integer values. - ``:``, + meaning substring matching, for strings. The supported value + types are: - string literals in quotes. - integer literals + without quotes. - boolean literals ``true`` and ``false`` + without quotes. For example, ``source_properties.size = 100`` + is a valid filter string. + group_by: + Expression that defines what assets fields to use for grouping + (including ``state``). The string value should follow SQL + syntax: comma separated list of fields. For example: + "parent,resource\_name". The following fields are supported: + - resource\_name - category - state - parent + read_time: + Time used as a reference point when filtering findings. The + filter is limited to findings existing at the supplied time + and their values are those at that specific time. Absence of + this field will default to the API's version of NOW. + page_token: + The value returned by the last ``GroupFindingsResponse``; + indicates that this is a continuation of a prior + ``GroupFindings`` call, and that the system should return the + next page of data. + page_size: + The maximum number of results to return in a single response. + Default is 10, minimum is 1, maximum is 1000. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.GroupFindingsRequest) + )) +_sym_db.RegisterMessage(GroupFindingsRequest) + +GroupFindingsResponse = _reflection.GeneratedProtocolMessageType('GroupFindingsResponse', (_message.Message,), dict( + DESCRIPTOR = _GROUPFINDINGSRESPONSE, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Response message for group by findings. + + + Attributes: + group_by_results: + Group results. There exists an element for each existing + unique combination of property/values. The element contains a + count for the number of times those specific property/values + appear. + read_time: + Time used for executing the groupBy request. + next_page_token: + Token to retrieve the next page of results, or empty if there + are no more results. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.GroupFindingsResponse) + )) +_sym_db.RegisterMessage(GroupFindingsResponse) + +GroupResult = _reflection.GeneratedProtocolMessageType('GroupResult', (_message.Message,), dict( + + PropertiesEntry = _reflection.GeneratedProtocolMessageType('PropertiesEntry', (_message.Message,), dict( + DESCRIPTOR = _GROUPRESULT_PROPERTIESENTRY, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.GroupResult.PropertiesEntry) + )) + , + DESCRIPTOR = _GROUPRESULT, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Result containing the properties and count of a groupBy request. + + + Attributes: + properties: + Properties matching the groupBy fields in the request. + count: + Total count of resources for the given properties. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.GroupResult) + )) +_sym_db.RegisterMessage(GroupResult) +_sym_db.RegisterMessage(GroupResult.PropertiesEntry) + +ListSourcesRequest = _reflection.GeneratedProtocolMessageType('ListSourcesRequest', (_message.Message,), dict( + DESCRIPTOR = _LISTSOURCESREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for listing sources. + + + Attributes: + parent: + Resource name of the parent of sources to list. Its format + should be "organizations/[organization\_id]". + page_token: + The value returned by the last ``ListSourcesResponse``; + indicates that this is a continuation of a prior + ``ListSources`` call, and that the system should return the + next page of data. + page_size: + The maximum number of results to return in a single response. + Default is 10, minimum is 1, maximum is 1000. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListSourcesRequest) + )) +_sym_db.RegisterMessage(ListSourcesRequest) + +ListSourcesResponse = _reflection.GeneratedProtocolMessageType('ListSourcesResponse', (_message.Message,), dict( + DESCRIPTOR = _LISTSOURCESRESPONSE, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Response message for listing sources. + + + Attributes: + sources: + Sources belonging to the requested parent. + next_page_token: + Token to retrieve the next page of results, or empty if there + are no more results. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListSourcesResponse) + )) +_sym_db.RegisterMessage(ListSourcesResponse) + +ListAssetsRequest = _reflection.GeneratedProtocolMessageType('ListAssetsRequest', (_message.Message,), dict( + DESCRIPTOR = _LISTASSETSREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for listing assets. + + + Attributes: + parent: + Name of the organization assets should belong to. Its format + is "organizations/[organization\_id]". + filter: + Expression that defines the filter to apply across assets. The + expression is a list of zero or more restrictions combined via + logical operators ``AND`` and ``OR``. Parentheses are not + supported, and ``OR`` has higher precedence than ``AND``. + Restrictions have the form `` `` and + may have a ``-`` character in front of them to indicate + negation. The fields map to those defined in the Asset + resource. Examples include: - name - + security\_center\_properties.resource\_name - + resource\_properties.a\_property - + security\_marks.marks.marka The supported operators are: - + ``=`` for all value types. - ``>``, ``<``, ``>=``, ``<=`` for + integer values. - ``:``, meaning substring matching, for + strings. The supported value types are: - string literals + in quotes. - integer literals without quotes. - boolean + literals ``true`` and ``false`` without quotes. For example, + ``resource_properties.size = 100`` is a valid filter string. + order_by: + Expression that defines what fields and order to use for + sorting. The string value should follow SQL syntax: comma + separated list of fields. For example: + "name,resource\_properties.a\_property". The default sorting + order is ascending. To specify descending order for a field, a + suffix " desc" should be appended to the field name. For + example: "name desc,resource\_properties.a\_property". + Redundant space characters in the syntax are insignificant. + "name desc,resource\_properties.a\_property" and " name desc , + resource\_properties.a\_property " are equivalent. + read_time: + Time used as a reference point when filtering assets. The + filter is limited to assets existing at the supplied time and + their values are those at that specific time. Absence of this + field will default to the API's version of NOW. + compare_duration: + When compare\_duration is set, the ListAssetResult's "state" + attribute is updated to indicate whether the asset was added, + removed, or remained present during the compare\_duration + period of time that precedes the read\_time. This is the time + between (read\_time - compare\_duration) and read\_time. The + state value is derived based on the presence of the asset at + the two points in time. Intermediate state changes between the + two times don't affect the result. For example, the results + aren't affected if the asset is removed and re-created again. + Possible "state" values when compare\_duration is specified: + - "ADDED": indicates that the asset was not present before + compare\_duration, but present at read\_time. - "REMOVED": + indicates that the asset was present at the start of + compare\_duration, but not present at read\_time. - "ACTIVE": + indicates that the asset was present at both the start and + the end of the time period defined by compare\_duration and + read\_time. If compare\_duration is not specified, then the + only possible state is "UNUSED", which indicates that the + asset is present at read\_time. + field_mask: + Optional. A field mask to specify the ListAssetsResult fields + to be listed in the response. An empty field mask will list + all fields. + page_token: + The value returned by the last ``ListAssetsResponse``; + indicates that this is a continuation of a prior + ``ListAssets`` call, and that the system should return the + next page of data. + page_size: + The maximum number of results to return in a single response. + Default is 10, minimum is 1, maximum is 1000. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListAssetsRequest) + )) +_sym_db.RegisterMessage(ListAssetsRequest) + +ListAssetsResponse = _reflection.GeneratedProtocolMessageType('ListAssetsResponse', (_message.Message,), dict( + + ListAssetsResult = _reflection.GeneratedProtocolMessageType('ListAssetsResult', (_message.Message,), dict( + DESCRIPTOR = _LISTASSETSRESPONSE_LISTASSETSRESULT, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Result containing the Asset and its State. + + + Attributes: + asset: + Asset matching the search request. + state: + State of the asset. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult) + )) + , + DESCRIPTOR = _LISTASSETSRESPONSE, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Response message for listing assets. + + + Attributes: + list_assets_results: + Assets matching the list request. + read_time: + Time used for executing the list request. + next_page_token: + Token to retrieve the next page of results, or empty if there + are no more results. + total_size: + The total number of assets matching the query. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListAssetsResponse) + )) +_sym_db.RegisterMessage(ListAssetsResponse) +_sym_db.RegisterMessage(ListAssetsResponse.ListAssetsResult) + +ListFindingsRequest = _reflection.GeneratedProtocolMessageType('ListFindingsRequest', (_message.Message,), dict( + DESCRIPTOR = _LISTFINDINGSREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for listing findings. + + + Attributes: + parent: + Name of the source the findings belong to. Its format is + "organizations/[organization\_id]/sources/[source\_id]". To + list across all sources provide a source\_id of ``-``. For + example: organizations/123/sources/- + filter: + Expression that defines the filter to apply across findings. + The expression is a list of one or more restrictions combined + via logical operators ``AND`` and ``OR``. Parentheses are not + supported, and ``OR`` has higher precedence than ``AND``. + Restrictions have the form `` `` and + may have a ``-`` character in front of them to indicate + negation. Examples include: - name - + source\_properties.a\_property - security\_marks.marks.marka + The supported operators are: - ``=`` for all value types. - + ``>``, ``<``, ``>=``, ``<=`` for integer values. - ``:``, + meaning substring matching, for strings. The supported value + types are: - string literals in quotes. - integer literals + without quotes. - boolean literals ``true`` and ``false`` + without quotes. For example, ``source_properties.size = 100`` + is a valid filter string. + order_by: + Expression that defines what fields and order to use for + sorting. The string value should follow SQL syntax: comma + separated list of fields. For example: + "name,resource\_properties.a\_property". The default sorting + order is ascending. To specify descending order for a field, a + suffix " desc" should be appended to the field name. For + example: "name desc,source\_properties.a\_property". Redundant + space characters in the syntax are insignificant. "name + desc,source\_properties.a\_property" and " name desc , + source\_properties.a\_property " are equivalent. + read_time: + Time used as a reference point when filtering findings. The + filter is limited to findings existing at the supplied time + and their values are those at that specific time. Absence of + this field will default to the API's version of NOW. + field_mask: + Optional. A field mask to specify the Finding fields to be + listed in the response. An empty field mask will list all + fields. + page_token: + The value returned by the last ``ListFindingsResponse``; + indicates that this is a continuation of a prior + ``ListFindings`` call, and that the system should return the + next page of data. + page_size: + The maximum number of results to return in a single response. + Default is 10, minimum is 1, maximum is 1000. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListFindingsRequest) + )) +_sym_db.RegisterMessage(ListFindingsRequest) + +ListFindingsResponse = _reflection.GeneratedProtocolMessageType('ListFindingsResponse', (_message.Message,), dict( + DESCRIPTOR = _LISTFINDINGSRESPONSE, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Response message for listing findings. + + + Attributes: + findings: + Findings matching the list request. + read_time: + Time used for executing the list request. + next_page_token: + Token to retrieve the next page of results, or empty if there + are no more results. + total_size: + The total number of findings matching the query. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.ListFindingsResponse) + )) +_sym_db.RegisterMessage(ListFindingsResponse) + +SetFindingStateRequest = _reflection.GeneratedProtocolMessageType('SetFindingStateRequest', (_message.Message,), dict( + DESCRIPTOR = _SETFINDINGSTATEREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for updating a finding's state. + + + Attributes: + name: + The relative resource name of the finding. See: https://cloud. + google.com/apis/design/resource\_names#relative\_resource\_nam + e Example: "organizations/123/sources/456/finding/789". + state: + The desired State of the finding. + start_time: + The time at which the updated state takes effect. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.SetFindingStateRequest) + )) +_sym_db.RegisterMessage(SetFindingStateRequest) + +RunAssetDiscoveryRequest = _reflection.GeneratedProtocolMessageType('RunAssetDiscoveryRequest', (_message.Message,), dict( + DESCRIPTOR = _RUNASSETDISCOVERYREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for running asset discovery for an organization. + + + Attributes: + parent: + Name of the organization to run asset discovery for. Its + format is "organizations/[organization\_id]". + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.RunAssetDiscoveryRequest) + )) +_sym_db.RegisterMessage(RunAssetDiscoveryRequest) + +UpdateFindingRequest = _reflection.GeneratedProtocolMessageType('UpdateFindingRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATEFINDINGREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for updating or creating a finding. + + + Attributes: + finding: + The finding resource to update or create if it does not + already exist. parent, security\_marks, and update\_time will + be ignored. In the case of creation, the finding id portion + of the name must alphanumeric and less than or equal to 32 + characters and greater than 0 characters in length. + update_mask: + The FieldMask to use when updating the finding resource. This + field is ignored if the finding does not already exist and the + finding is created. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.UpdateFindingRequest) + )) +_sym_db.RegisterMessage(UpdateFindingRequest) + +UpdateOrganizationSettingsRequest = _reflection.GeneratedProtocolMessageType('UpdateOrganizationSettingsRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATEORGANIZATIONSETTINGSREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for updating an organization's settings. + + + Attributes: + organization_settings: + The organization settings resource to update. + update_mask: + The FieldMask to use when updating the settings resource. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.UpdateOrganizationSettingsRequest) + )) +_sym_db.RegisterMessage(UpdateOrganizationSettingsRequest) + +UpdateSourceRequest = _reflection.GeneratedProtocolMessageType('UpdateSourceRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATESOURCEREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for updating a source. + + + Attributes: + source: + The source resource to update. + update_mask: + The FieldMask to use when updating the source resource. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.UpdateSourceRequest) + )) +_sym_db.RegisterMessage(UpdateSourceRequest) + +UpdateSecurityMarksRequest = _reflection.GeneratedProtocolMessageType('UpdateSecurityMarksRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATESECURITYMARKSREQUEST, + __module__ = 'google.cloud.securitycenter_v1beta1.proto.securitycenter_service_pb2' + , + __doc__ = """Request message for updating a SecurityMarks resource. + + + Attributes: + security_marks: + The security marks resource to update. + update_mask: + The FieldMask to use when updating the security marks + resource. + start_time: + The time at which the updated SecurityMarks take effect. + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.UpdateSecurityMarksRequest) + )) +_sym_db.RegisterMessage(UpdateSecurityMarksRequest) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter')) +_GROUPRESULT_PROPERTIESENTRY.has_options = True +_GROUPRESULT_PROPERTIESENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) + +_SECURITYCENTER = _descriptor.ServiceDescriptor( + name='SecurityCenter', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter', + file=DESCRIPTOR, + index=0, + options=None, + serialized_start=4076, + serialized_end=7660, + methods=[ + _descriptor.MethodDescriptor( + name='CreateSource', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.CreateSource', + index=0, + containing_service=None, + input_type=_CREATESOURCEREQUEST, + output_type=google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_source__pb2._SOURCE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\0023\")/v1beta1/{parent=organizations/*}/sources:\006source')), + ), + _descriptor.MethodDescriptor( + name='CreateFinding', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.CreateFinding', + index=1, + containing_service=None, + input_type=_CREATEFINDINGREQUEST, + output_type=google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_finding__pb2._FINDING, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002?\"4/v1beta1/{parent=organizations/*/sources/*}/findings:\007finding')), + ), + _descriptor.MethodDescriptor( + name='GetIamPolicy', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.GetIamPolicy', + index=2, + containing_service=None, + input_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._GETIAMPOLICYREQUEST, + output_type=google_dot_iam_dot_v1_dot_policy__pb2._POLICY, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002?\":/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy:\001*')), + ), + _descriptor.MethodDescriptor( + name='GetOrganizationSettings', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.GetOrganizationSettings', + index=3, + containing_service=None, + input_type=_GETORGANIZATIONSETTINGSREQUEST, + output_type=google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_organization__settings__pb2._ORGANIZATIONSETTINGS, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\0026\0224/v1beta1/{name=organizations/*/organizationSettings}')), + ), + _descriptor.MethodDescriptor( + name='GetSource', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.GetSource', + index=4, + containing_service=None, + input_type=_GETSOURCEREQUEST, + output_type=google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_source__pb2._SOURCE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002+\022)/v1beta1/{name=organizations/*/sources/*}')), + ), + _descriptor.MethodDescriptor( + name='GroupAssets', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.GroupAssets', + index=5, + containing_service=None, + input_type=_GROUPASSETSREQUEST, + output_type=_GROUPASSETSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\0023\"./v1beta1/{parent=organizations/*}/assets:group:\001*')), + ), + _descriptor.MethodDescriptor( + name='GroupFindings', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.GroupFindings', + index=6, + containing_service=None, + input_type=_GROUPFINDINGSREQUEST, + output_type=_GROUPFINDINGSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002?\":/v1beta1/{parent=organizations/*/sources/*}/findings:group:\001*')), + ), + _descriptor.MethodDescriptor( + name='ListAssets', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.ListAssets', + index=7, + containing_service=None, + input_type=_LISTASSETSREQUEST, + output_type=_LISTASSETSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002*\022(/v1beta1/{parent=organizations/*}/assets')), + ), + _descriptor.MethodDescriptor( + name='ListFindings', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.ListFindings', + index=8, + containing_service=None, + input_type=_LISTFINDINGSREQUEST, + output_type=_LISTFINDINGSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\0026\0224/v1beta1/{parent=organizations/*/sources/*}/findings')), + ), + _descriptor.MethodDescriptor( + name='ListSources', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.ListSources', + index=9, + containing_service=None, + input_type=_LISTSOURCESREQUEST, + output_type=_LISTSOURCESRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002+\022)/v1beta1/{parent=organizations/*}/sources')), + ), + _descriptor.MethodDescriptor( + name='RunAssetDiscovery', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.RunAssetDiscovery', + index=10, + containing_service=None, + input_type=_RUNASSETDISCOVERYREQUEST, + output_type=google_dot_longrunning_dot_operations__pb2._OPERATION, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002:\"5/v1beta1/{parent=organizations/*}/assets:runDiscovery:\001*')), + ), + _descriptor.MethodDescriptor( + name='SetFindingState', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.SetFindingState', + index=11, + containing_service=None, + input_type=_SETFINDINGSTATEREQUEST, + output_type=google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_finding__pb2._FINDING, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002B\"=/v1beta1/{name=organizations/*/sources/*/findings/*}:setState:\001*')), + ), + _descriptor.MethodDescriptor( + name='SetIamPolicy', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.SetIamPolicy', + index=12, + containing_service=None, + input_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._SETIAMPOLICYREQUEST, + output_type=google_dot_iam_dot_v1_dot_policy__pb2._POLICY, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002?\":/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy:\001*')), + ), + _descriptor.MethodDescriptor( + name='TestIamPermissions', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.TestIamPermissions', + index=13, + containing_service=None, + input_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._TESTIAMPERMISSIONSREQUEST, + output_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._TESTIAMPERMISSIONSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002E\"@/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions:\001*')), + ), + _descriptor.MethodDescriptor( + name='UpdateFinding', + full_name='google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateFinding', + index=14, + containing_service=None, + input_type=_UPDATEFINDINGREQUEST, + output_type=google_dot_cloud_dot_securitycenter__v1beta1_dot_proto_dot_finding__pb2._FINDING, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002G2`__?. + description: + The description of the source (max of 1024 characters). + Example: "Cloud Security Scanner is a web security scanner for + common vulnerabilities in Google App Engine applications. It + can automatically scan and detect four common vulnerabilities, + including cross-site-scripting (XSS), Flash injection, mixed + content (HTTP in HTTPS), and outdated/insecure libraries." + """, + # @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1beta1.Source) + )) +_sym_db.RegisterMessage(Source) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\'com.google.cloud.securitycenter.v1beta1ZQgoogle.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter')) +# @@protoc_insertion_point(module_scope) diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2_grpc.py b/securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2_grpc.py new file mode 100644 index 000000000000..a89435267cb2 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/proto/source_pb2_grpc.py @@ -0,0 +1,3 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + diff --git a/securitycenter/google/cloud/securitycenter_v1beta1/types.py b/securitycenter/google/cloud/securitycenter_v1beta1/types.py new file mode 100644 index 000000000000..3a249f2b9e61 --- /dev/null +++ b/securitycenter/google/cloud/securitycenter_v1beta1/types.py @@ -0,0 +1,77 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import +import sys + +from google.api_core.protobuf_helpers import get_messages + +from google.api import http_pb2 +from google.cloud.securitycenter_v1beta1.proto import asset_pb2 +from google.cloud.securitycenter_v1beta1.proto import finding_pb2 +from google.cloud.securitycenter_v1beta1.proto import organization_settings_pb2 +from google.cloud.securitycenter_v1beta1.proto import security_marks_pb2 +from google.cloud.securitycenter_v1beta1.proto import securitycenter_service_pb2 +from google.cloud.securitycenter_v1beta1.proto import source_pb2 +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import policy_pb2 +from google.longrunning import operations_pb2 +from google.protobuf import any_pb2 +from google.protobuf import descriptor_pb2 +from google.protobuf import duration_pb2 +from google.protobuf import empty_pb2 +from google.protobuf import field_mask_pb2 +from google.protobuf import struct_pb2 +from google.protobuf import timestamp_pb2 +from google.rpc import status_pb2 + +_shared_modules = [ + http_pb2, + iam_policy_pb2, + policy_pb2, + operations_pb2, + any_pb2, + descriptor_pb2, + duration_pb2, + empty_pb2, + field_mask_pb2, + struct_pb2, + timestamp_pb2, + status_pb2, +] + +_local_modules = [ + asset_pb2, + finding_pb2, + organization_settings_pb2, + security_marks_pb2, + securitycenter_service_pb2, + source_pb2, +] + +names = [] + +for module in _shared_modules: + for name, message in get_messages(module).items(): + setattr(sys.modules[__name__], name, message) + names.append(name) +for module in _local_modules: + for name, message in get_messages(module).items(): + message.__module__ = 'google.cloud.securitycenter_v1beta1.types' + setattr(sys.modules[__name__], name, message) + names.append(name) + +__all__ = tuple(sorted(names)) diff --git a/securitycenter/noxfile.py b/securitycenter/noxfile.py new file mode 100644 index 000000000000..1c3ab2c57a38 --- /dev/null +++ b/securitycenter/noxfile.py @@ -0,0 +1,89 @@ +# Copyright 2017, Google LLC All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import +import os + +import nox + + +LOCAL_DEPS = ( + os.path.join('..', 'api_core'), + os.path.join('..', 'core'), +) + + +def default(session): + """Run the unit test suite. + + This is intended to be run **without** an interpreter set, so + that the current ``python`` (on the ``PATH``) or the version of + Python corresponding to the ``nox`` binary the ``PATH`` can + run the tests. + """ + session.install('mock', 'pytest', 'pytest-cov', *LOCAL_DEPS) + session.install('-e', '.') + + session.run( + 'py.test', + '--quiet', + '--cov=google.cloud.securitycenter_v1beta1', + '--cov-append', + '--cov-config=.coveragerc', + '--cov-report=', + '--cov-fail-under=89', # TODO: Coverage should be raised to 97% + os.path.join('tests', 'unit'), + *session.posargs + ) + + +@nox.session(python=['2.7', '3.5', '3.6', '3.7']) +def unit(session): + """Run the unit test suite.""" + + default(session) + + +@nox.session(python='3.6') +def lint(session): + """Run linters. + + Returns a failure if the linters find linting errors or sufficiently + serious code quality issues. + """ + session.install('flake8', *LOCAL_DEPS) + session.install('.') + session.run('flake8', 'google', 'tests') + + +@nox.session(python='3.6') +def lint_setup_py(session): + """Verify that setup.py is valid (including RST check).""" + session.install('docutils', 'pygments') + session.run('python', 'setup.py', 'check', '--restructuredtext', + '--strict') + + +@nox.session(python='3.6') +def cover(session): + """Run the final coverage report. + + This outputs the coverage report aggregating coverage from the unit + test runs (not system test runs), and then erases coverage data. + """ + session.chdir(os.path.dirname(__file__)) + session.install('coverage', 'pytest-cov') + session.run('coverage', 'report', '--show-missing', '--fail-under=100') + session.run('coverage', 'erase') + diff --git a/securitycenter/setup.cfg b/securitycenter/setup.cfg new file mode 100644 index 000000000000..2a9acf13daa9 --- /dev/null +++ b/securitycenter/setup.cfg @@ -0,0 +1,2 @@ +[bdist_wheel] +universal = 1 diff --git a/securitycenter/setup.py b/securitycenter/setup.py new file mode 100644 index 000000000000..4a79d2183b36 --- /dev/null +++ b/securitycenter/setup.py @@ -0,0 +1,76 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import io +import os + +import setuptools + +name = 'google-cloud-securitycenter' +description = 'Cloud Security Command Center API API client library' +version = '0.1.0' +release_status = '3 - Alpha' +dependencies = [ + 'google-api-core[grpc] >= 1.1.0, < 2.0.0dev', + 'grpc-google-iam-v1<0.12dev,>=0.11.4', + 'enum34; python_version < "3.4"', +] + +package_root = os.path.abspath(os.path.dirname(__file__)) + +readme_filename = os.path.join(package_root, 'README.rst') +with io.open(readme_filename, encoding='utf-8') as readme_file: + readme = readme_file.read() + +packages = [ + package for package in setuptools.find_packages() + if package.startswith('google') +] + +namespaces = ['google'] +if 'google.cloud' in packages: + namespaces.append('google.cloud') + +setuptools.setup( + name=name, + version=version, + description=description, + long_description=readme, + author='Google LLC', + author_email='googleapis-packages@google.com', + license='Apache 2.0', + url='https://github.com/GoogleCloudPlatform/google-cloud-python', + classifiers=[ + release_status, + 'Intended Audience :: Developers', + 'License :: OSI Approved :: Apache Software License', + 'Programming Language :: Python', + 'Programming Language :: Python :: 2', + 'Programming Language :: Python :: 2.7', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', + 'Operating System :: OS Independent', + 'Topic :: Internet', + ], + platforms='Posix; MacOS X; Windows', + packages=packages, + namespace_packages=namespaces, + install_requires=dependencies, + include_package_data=True, + zip_safe=False, +) diff --git a/securitycenter/synth.py b/securitycenter/synth.py new file mode 100644 index 000000000000..a3e5ebd6aebd --- /dev/null +++ b/securitycenter/synth.py @@ -0,0 +1,50 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""This script is used to synthesize generated parts of this library.""" +import synthtool as s +from synthtool import gcp + +gapic = gcp.GAPICGenerator() + +library = gapic.py_library( + 'securitycenter', + 'v1beta1') + +s.move( + library, + excludes=[ + 'setup.py', 'nox.py', 'README.rst', 'docs/index.rst', 'docs/conf.py' + ] +) + +# Fix security_center_client.py docstrings. +s.replace( + "google/cloud/securitycenter_v1beta1/gapic/security_center_client.py", + "::\n\n\s+(compare_duration, but present at [a-z]+_time.)", + " \g<1>" +) + +s.replace( + "google/cloud/securitycenter_v1beta1/gapic/security_center_client.py", + "::\n\n\s+(compare_duration, but not present at [a-z]+_time.)", + " \g<1>" +) + +s.replace( + "google/cloud/securitycenter_v1beta1/gapic/security_center_client.py", + "(^\s+)::\n\n\s+(start and the end of the time period defined by\n)" + "\s+(compare_duration and [a-z]+_time.)", + "\g<1> \g<2>\g<1> \g<3>" +) diff --git a/securitycenter/tests/unit/gapic/v1beta1/test_security_center_client_v1beta1.py b/securitycenter/tests/unit/gapic/v1beta1/test_security_center_client_v1beta1.py new file mode 100644 index 000000000000..7d88f6c58cbb --- /dev/null +++ b/securitycenter/tests/unit/gapic/v1beta1/test_security_center_client_v1beta1.py @@ -0,0 +1,806 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Unit tests.""" + +import pytest + +from google.rpc import status_pb2 + +from google.cloud import securitycenter_v1beta1 +from google.cloud.securitycenter_v1beta1 import enums +from google.cloud.securitycenter_v1beta1.proto import finding_pb2 +from google.cloud.securitycenter_v1beta1.proto import organization_settings_pb2 +from google.cloud.securitycenter_v1beta1.proto import security_marks_pb2 +from google.cloud.securitycenter_v1beta1.proto import securitycenter_service_pb2 +from google.cloud.securitycenter_v1beta1.proto import source_pb2 +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import policy_pb2 +from google.longrunning import operations_pb2 +from google.protobuf import empty_pb2 +from google.protobuf import timestamp_pb2 + + +class MultiCallableStub(object): + """Stub for the grpc.UnaryUnaryMultiCallable interface.""" + + def __init__(self, method, channel_stub): + self.method = method + self.channel_stub = channel_stub + + def __call__(self, request, timeout=None, metadata=None, credentials=None): + self.channel_stub.requests.append((self.method, request)) + + response = None + if self.channel_stub.responses: + response = self.channel_stub.responses.pop() + + if isinstance(response, Exception): + raise response + + if response: + return response + + +class ChannelStub(object): + """Stub for the grpc.Channel interface.""" + + def __init__(self, responses=[]): + self.responses = responses + self.requests = [] + + def unary_unary(self, + method, + request_serializer=None, + response_deserializer=None): + return MultiCallableStub(method, self) + + +class CustomException(Exception): + pass + + +class TestSecurityCenterClient(object): + def test_create_source(self): + # Setup Expected Response + name = 'name3373707' + display_name = 'displayName1615086568' + description = 'description-1724546052' + expected_response = { + 'name': name, + 'display_name': display_name, + 'description': description + } + expected_response = source_pb2.Source(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.organization_path('[ORGANIZATION]') + source = {} + + response = client.create_source(parent, source) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.CreateSourceRequest( + parent=parent, source=source) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_create_source_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.organization_path('[ORGANIZATION]') + source = {} + + with pytest.raises(CustomException): + client.create_source(parent, source) + + def test_create_finding(self): + # Setup Expected Response + name = 'name3373707' + parent_2 = 'parent21175163357' + resource_name = 'resourceName979421212' + category = 'category50511102' + external_uri = 'externalUri-1385596168' + expected_response = { + 'name': name, + 'parent': parent_2, + 'resource_name': resource_name, + 'category': category, + 'external_uri': external_uri + } + expected_response = finding_pb2.Finding(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + finding_id = 'findingId728776081' + finding = {} + + response = client.create_finding(parent, finding_id, finding) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.CreateFindingRequest( + parent=parent, finding_id=finding_id, finding=finding) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_create_finding_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + finding_id = 'findingId728776081' + finding = {} + + with pytest.raises(CustomException): + client.create_finding(parent, finding_id, finding) + + def test_get_iam_policy(self): + # Setup Expected Response + version = 351608024 + etag = b'21' + expected_response = {'version': version, 'etag': etag} + expected_response = policy_pb2.Policy(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + + response = client.get_iam_policy(resource) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = iam_policy_pb2.GetIamPolicyRequest( + resource=resource) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_iam_policy_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + + with pytest.raises(CustomException): + client.get_iam_policy(resource) + + def test_get_organization_settings(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + enable_asset_discovery = False + expected_response = { + 'name': name_2, + 'enable_asset_discovery': enable_asset_discovery + } + expected_response = organization_settings_pb2.OrganizationSettings( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + name = client.organization_settings_path('[ORGANIZATION]') + + response = client.get_organization_settings(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.GetOrganizationSettingsRequest( + name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_organization_settings_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + name = client.organization_settings_path('[ORGANIZATION]') + + with pytest.raises(CustomException): + client.get_organization_settings(name) + + def test_get_source(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + display_name = 'displayName1615086568' + description = 'description-1724546052' + expected_response = { + 'name': name_2, + 'display_name': display_name, + 'description': description + } + expected_response = source_pb2.Source(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + name = client.source_path('[ORGANIZATION]', '[SOURCE]') + + response = client.get_source(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.GetSourceRequest( + name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_source_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + name = client.source_path('[ORGANIZATION]', '[SOURCE]') + + with pytest.raises(CustomException): + client.get_source(name) + + def test_group_assets(self): + # Setup Expected Response + next_page_token = '' + group_by_results_element = {} + group_by_results = [group_by_results_element] + expected_response = { + 'next_page_token': next_page_token, + 'group_by_results': group_by_results + } + expected_response = securitycenter_service_pb2.GroupAssetsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.organization_path('[ORGANIZATION]') + group_by = 'groupBy506361367' + + paged_list_response = client.group_assets(parent, group_by) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.group_by_results[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.GroupAssetsRequest( + parent=parent, group_by=group_by) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_group_assets_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.organization_path('[ORGANIZATION]') + group_by = 'groupBy506361367' + + paged_list_response = client.group_assets(parent, group_by) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_group_findings(self): + # Setup Expected Response + next_page_token = '' + group_by_results_element = {} + group_by_results = [group_by_results_element] + expected_response = { + 'next_page_token': next_page_token, + 'group_by_results': group_by_results + } + expected_response = securitycenter_service_pb2.GroupFindingsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + group_by = 'groupBy506361367' + + paged_list_response = client.group_findings(parent, group_by) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.group_by_results[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.GroupFindingsRequest( + parent=parent, group_by=group_by) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_group_findings_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + group_by = 'groupBy506361367' + + paged_list_response = client.group_findings(parent, group_by) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_list_assets(self): + # Setup Expected Response + next_page_token = '' + total_size = 705419236 + list_assets_results_element = {} + list_assets_results = [list_assets_results_element] + expected_response = { + 'next_page_token': next_page_token, + 'total_size': total_size, + 'list_assets_results': list_assets_results + } + expected_response = securitycenter_service_pb2.ListAssetsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.organization_path('[ORGANIZATION]') + + paged_list_response = client.list_assets(parent) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.list_assets_results[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.ListAssetsRequest( + parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_list_assets_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.organization_path('[ORGANIZATION]') + + paged_list_response = client.list_assets(parent) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_list_findings(self): + # Setup Expected Response + next_page_token = '' + total_size = 705419236 + findings_element = {} + findings = [findings_element] + expected_response = { + 'next_page_token': next_page_token, + 'total_size': total_size, + 'findings': findings + } + expected_response = securitycenter_service_pb2.ListFindingsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + + paged_list_response = client.list_findings(parent) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.findings[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.ListFindingsRequest( + parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_list_findings_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.source_path('[ORGANIZATION]', '[SOURCE]') + + paged_list_response = client.list_findings(parent) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_list_sources(self): + # Setup Expected Response + next_page_token = '' + sources_element = {} + sources = [sources_element] + expected_response = { + 'next_page_token': next_page_token, + 'sources': sources + } + expected_response = securitycenter_service_pb2.ListSourcesResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.organization_path('[ORGANIZATION]') + + paged_list_response = client.list_sources(parent) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.sources[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.ListSourcesRequest( + parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_list_sources_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + parent = client.organization_path('[ORGANIZATION]') + + paged_list_response = client.list_sources(parent) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_run_asset_discovery(self): + # Setup Expected Response + expected_response = {} + expected_response = empty_pb2.Empty(**expected_response) + operation = operations_pb2.Operation( + name='operations/test_run_asset_discovery', done=True) + operation.response.Pack(expected_response) + + # Mock the API response + channel = ChannelStub(responses=[operation]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.organization_path('[ORGANIZATION]') + + response = client.run_asset_discovery(parent) + result = response.result() + assert expected_response == result + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.RunAssetDiscoveryRequest( + parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_run_asset_discovery_exception(self): + # Setup Response + error = status_pb2.Status() + operation = operations_pb2.Operation( + name='operations/test_run_asset_discovery_exception', done=True) + operation.error.CopyFrom(error) + + # Mock the API response + channel = ChannelStub(responses=[operation]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + parent = client.organization_path('[ORGANIZATION]') + + response = client.run_asset_discovery(parent) + exception = response.exception() + assert exception.errors[0] == error + + def test_set_finding_state(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + parent = 'parent-995424086' + resource_name = 'resourceName979421212' + category = 'category50511102' + external_uri = 'externalUri-1385596168' + expected_response = { + 'name': name_2, + 'parent': parent, + 'resource_name': resource_name, + 'category': category, + 'external_uri': external_uri + } + expected_response = finding_pb2.Finding(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + name = client.finding_path('[ORGANIZATION]', '[SOURCE]', '[FINDING]') + state = enums.Finding.State.STATE_UNSPECIFIED + start_time = {} + + response = client.set_finding_state(name, state, start_time) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.SetFindingStateRequest( + name=name, state=state, start_time=start_time) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_set_finding_state_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + name = client.finding_path('[ORGANIZATION]', '[SOURCE]', '[FINDING]') + state = enums.Finding.State.STATE_UNSPECIFIED + start_time = {} + + with pytest.raises(CustomException): + client.set_finding_state(name, state, start_time) + + def test_set_iam_policy(self): + # Setup Expected Response + version = 351608024 + etag = b'21' + expected_response = {'version': version, 'etag': etag} + expected_response = policy_pb2.Policy(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + policy = {} + + response = client.set_iam_policy(resource, policy) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = iam_policy_pb2.SetIamPolicyRequest( + resource=resource, policy=policy) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_set_iam_policy_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + policy = {} + + with pytest.raises(CustomException): + client.set_iam_policy(resource, policy) + + def test_test_iam_permissions(self): + # Setup Expected Response + expected_response = {} + expected_response = iam_policy_pb2.TestIamPermissionsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + permissions = [] + + response = client.test_iam_permissions(resource, permissions) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = iam_policy_pb2.TestIamPermissionsRequest( + resource=resource, permissions=permissions) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_test_iam_permissions_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + resource = client.source_path('[ORGANIZATION]', '[SOURCE]') + permissions = [] + + with pytest.raises(CustomException): + client.test_iam_permissions(resource, permissions) + + def test_update_finding(self): + # Setup Expected Response + name = 'name3373707' + parent = 'parent-995424086' + resource_name = 'resourceName979421212' + category = 'category50511102' + external_uri = 'externalUri-1385596168' + expected_response = { + 'name': name, + 'parent': parent, + 'resource_name': resource_name, + 'category': category, + 'external_uri': external_uri + } + expected_response = finding_pb2.Finding(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + finding = {} + + response = client.update_finding(finding) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.UpdateFindingRequest( + finding=finding) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_finding_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + finding = {} + + with pytest.raises(CustomException): + client.update_finding(finding) + + def test_update_organization_settings(self): + # Setup Expected Response + name = 'name3373707' + enable_asset_discovery = False + expected_response = { + 'name': name, + 'enable_asset_discovery': enable_asset_discovery + } + expected_response = organization_settings_pb2.OrganizationSettings( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + organization_settings = {} + + response = client.update_organization_settings(organization_settings) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.UpdateOrganizationSettingsRequest( + organization_settings=organization_settings) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_organization_settings_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + organization_settings = {} + + with pytest.raises(CustomException): + client.update_organization_settings(organization_settings) + + def test_update_source(self): + # Setup Expected Response + name = 'name3373707' + display_name = 'displayName1615086568' + description = 'description-1724546052' + expected_response = { + 'name': name, + 'display_name': display_name, + 'description': description + } + expected_response = source_pb2.Source(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + source = {} + + response = client.update_source(source) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.UpdateSourceRequest( + source=source) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_source_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + source = {} + + with pytest.raises(CustomException): + client.update_source(source) + + def test_update_security_marks(self): + # Setup Expected Response + name = 'name3373707' + expected_response = {'name': name} + expected_response = security_marks_pb2.SecurityMarks( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup Request + security_marks = {} + + response = client.update_security_marks(security_marks) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = securitycenter_service_pb2.UpdateSecurityMarksRequest( + security_marks=security_marks) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_security_marks_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) + + # Setup request + security_marks = {} + + with pytest.raises(CustomException): + client.update_security_marks(security_marks)