feat: Add Resource to the vp1beta1 NotificationMessage, which contain…

…s resource-related fields associated to the Finding notification. feat!: Removed 'having' as a field for the Group and List APIs for both Assets and Findings. docs: Adjusted wording from Cloud SCC to Security Command Center, and updated filtering docs for List APIs. BREAKING CHANGE: Removed 'having' as a field in the List and Group Finding and Asset requests. PiperOrigin-RevId: 315725809
googleapis · Jun 10, 2020 · 027e977 · 027e977
1 parent 49e84e1
commit 027e977
Show file tree

Hide file tree

Showing 13 changed files with 180 additions and 123 deletions.
diff --git a/google/cloud/securitycenter/v1p1beta1/BUILD.bazel b/google/cloud/securitycenter/v1p1beta1/BUILD.bazel
@@ -17,6 +17,7 @@ proto_library(
         "notification_config.proto",
         "notification_message.proto",
         "organization_settings.proto",
+        "resource.proto",
         "run_asset_discovery_response.proto",
         "security_marks.proto",
         "securitycenter_service.proto",
@@ -136,8 +137,8 @@ go_gapic_library(
     deps = [
         ":securitycenter_go_proto",
         "//google/iam/v1:iam_go_proto",
-        "//google/longrunning:longrunning_go_gapic",
         "//google/longrunning:longrunning_go_proto",
+        "@com_google_cloud_go//longrunning/autogen:go_default_library",
         "@com_google_cloud_go//longrunning:go_default_library",
         "@io_bazel_rules_go//proto/wkt:duration_go_proto",
         "@io_bazel_rules_go//proto/wkt:struct_go_proto",

diff --git a/google/cloud/securitycenter/v1p1beta1/asset.proto b/google/cloud/securitycenter/v1p1beta1/asset.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -30,30 +29,31 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1";
 option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
 option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
 
-// Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud
-// Platform (GCP) resource.
+// Security Command Center representation of a Google Cloud
+// resource.
 //
-// The Asset is a Cloud SCC resource that captures information about a single
-// GCP resource. All modifications to an Asset are only within the context of
-// Cloud SCC and don't affect the referenced GCP resource.
+// The Asset is a Security Command Center resource that captures information
+// about a single Google Cloud resource. All modifications to an Asset are only
+// within the context of Security Command Center and don't affect the referenced
+// Google Cloud resource.
 message Asset {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/Asset"
     pattern: "organizations/{organization}/assets/{asset}"
   };
 
-  // Cloud SCC managed properties. These properties are managed by Cloud SCC and
-  // cannot be modified by the user.
+  // Security Command Center managed properties. These properties are managed by
+  // Security Command Center and cannot be modified by the user.
   message SecurityCenterProperties {
-    // The full resource name of the GCP resource this asset
+    // The full resource name of the Google Cloud resource this asset
     // represents. This field is immutable after create time. See:
     // https://cloud.google.com/apis/design/resource_names#full_resource_name
     string resource_name = 1;
 
-    // The type of the GCP resource. Examples include: APPLICATION,
+    // The type of the Google Cloud resource. Examples include: APPLICATION,
     // PROJECT, and ORGANIZATION. This is a case insensitive field defined by
-    // Cloud SCC and/or the producer of the resource and is immutable
-    // after create time.
+    // Security Command Center and/or the producer of the resource and is
+    // immutable after create time.
     string resource_type = 2;
 
     // The full resource name of the immediate parent of the resource. See:
@@ -77,12 +77,13 @@ message Asset {
     string resource_project_display_name = 8;
   }
 
-  // IAM Policy information associated with the GCP resource described by the
-  // Cloud SCC asset. This information is managed and defined by the GCP
-  // resource and cannot be modified by the user.
+  // Cloud IAM Policy information associated with the Google Cloud resource
+  // described by the Security Command Center asset. This information is managed
+  // and defined by the Google Cloud resource and cannot be modified by the
+  // user.
   message IamPolicy {
     // The JSON representation of the Policy associated with the asset.
-    // See https://cloud.google.com/iam/reference/rest/v1/Policy for
+    // See https://cloud.google.com/iam/docs/reference/rest/v1/Policy for
     // format details.
     string policy_blob = 1;
   }
@@ -93,27 +94,28 @@ message Asset {
   // "organizations/{organization_id}/assets/{asset_id}".
   string name = 1;
 
-  // Cloud SCC managed properties. These properties are managed by
-  // Cloud SCC and cannot be modified by the user.
+  // Security Command Center managed properties. These properties are managed by
+  // Security Command Center and cannot be modified by the user.
   SecurityCenterProperties security_center_properties = 2;
 
   // Resource managed properties. These properties are managed and defined by
-  // the GCP resource and cannot be modified by the user.
+  // the Google Cloud resource and cannot be modified by the user.
   map<string, google.protobuf.Value> resource_properties = 7;
 
   // User specified security marks. These marks are entirely managed by the user
   // and come from the SecurityMarks resource that belongs to the asset.
   SecurityMarks security_marks = 8;
 
-  // The time at which the asset was created in Cloud SCC.
+  // The time at which the asset was created in Security Command Center.
   google.protobuf.Timestamp create_time = 9;
 
   // The time at which the asset was last updated, added, or deleted in Cloud
   // SCC.
   google.protobuf.Timestamp update_time = 10;
 
-  // IAM Policy information associated with the GCP resource described by the
-  // Cloud SCC asset. This information is managed and defined by the GCP
-  // resource and cannot be modified by the user.
+  // Cloud IAM Policy information associated with the Google Cloud resource
+  // described by the Security Command Center asset. This information is managed
+  // and defined by the Google Cloud resource and cannot be modified by the
+  // user.
   IamPolicy iam_policy = 11;
 }
diff --git a/google/cloud/securitycenter/v1p1beta1/finding.proto b/google/cloud/securitycenter/v1p1beta1/finding.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -31,12 +30,12 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1";
 option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
 option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
 
-// Cloud Security Command Center (Cloud SCC) finding.
+// Security Command Center finding.
 //
 // A finding is a record of assessment data (security, risk, health or privacy)
-// ingested into Cloud SCC for presentation, notification, analysis,
-// policy testing, and enforcement. For example, an XSS vulnerability in an
-// App Engine application is a finding.
+// ingested into Security Command Center for presentation, notification,
+// analysis, policy testing, and enforcement. For example, an XSS vulnerability
+// in an App Engine application is a finding.
 message Finding {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/Finding"
@@ -69,12 +68,12 @@ message Finding {
   // "organizations/{organization_id}/sources/{source_id}"
   string parent = 2;
 
-  // For findings on Google Cloud Platform (GCP) resources, the full resource
-  // name of the GCP resource this finding is for. See:
+  // For findings on Google Cloud resources, the full resource
+  // name of the Google Cloud resource this finding is for. See:
   // https://cloud.google.com/apis/design/resource_names#full_resource_name
-  // When the finding is for a non-GCP resource, the resourceName can be a
-  // customer or partner defined string.
-  // This field is immutable after creation time.
+  // When the finding is for a non-Google Cloud resource, the resourceName can
+  // be a customer or partner defined string. This field is immutable after
+  // creation time.
   string resource_name = 3;
 
   // The state of the finding.
@@ -85,9 +84,9 @@ message Finding {
   // Example: "XSS_FLASH_INJECTION"
   string category = 5;
 
-  // The URI that, if available, points to a web page outside of Cloud SCC
-  // where additional information about the finding can be found. This field is
-  // guaranteed to be either empty or a well formed URL.
+  // The URI that, if available, points to a web page outside of Security
+  // Command Center where additional information about the finding can be found.
+  // This field is guaranteed to be either empty or a well formed URL.
   string external_uri = 6;
 
   // Source specific properties. These properties are managed by the source
@@ -106,6 +105,6 @@ message Finding {
   // the firewall became open. The accuracy is determined by the detector.
   google.protobuf.Timestamp event_time = 9;
 
-  // The time at which the finding was created in Cloud SCC.
+  // The time at which the finding was created in Security Command Center.
   google.protobuf.Timestamp create_time = 10;
 }
diff --git a/google/cloud/securitycenter/v1p1beta1/notification_config.proto b/google/cloud/securitycenter/v1p1beta1/notification_config.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -27,19 +26,16 @@ option java_multiple_files = true;
 option java_package = "com.google.cloud.securitycenter.v1p1beta1";
 option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
 option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
-
-// The Pub/Sub Topic resource definition is in google/cloud/pubsub/v1/,
-// but we do not import that proto directly; therefore, we redefine the
-// pattern here.
 option (google.api.resource_definition) = {
   type: "pubsub.googleapis.com/Topic"
   pattern: "projects/{project}/topics/{topic}"
 };
 
-// Cloud Security Command Center (Cloud SCC) notification configs.
+// Security Command Center notification configs.
 //
-// A notification config is a Cloud SCC resource that contains the configuration
-// to send notifications for create/update events of findings, assets and etc.
+// A notification config is a Security Command Center resource that contains the
+// configuration to send notifications for create/update events of findings,
+// assets and etc.
 message NotificationConfig {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/NotificationConfig"
@@ -94,14 +90,14 @@ message NotificationConfig {
   // The type of events the config is for, e.g. FINDING.
   EventType event_type = 3;
 
-  // The PubSub topic to send notifications to. Its format is
+  // The Pub/Sub topic to send notifications to. Its format is
   // "projects/[project_id]/topics/[topic]".
   string pubsub_topic = 4 [
     (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }
   ];
 
   // Output only. The service account that needs "pubsub.topics.publish"
-  // permission to publish to the PubSub topic.
+  // permission to publish to the Pub/Sub topic.
   string service_account = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // The config for triggering notifications.

diff --git a/google/cloud/securitycenter/v1p1beta1/notification_message.proto b/google/cloud/securitycenter/v1p1beta1/notification_message.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -20,6 +19,7 @@ package google.cloud.securitycenter.v1p1beta1;
 import "google/api/annotations.proto";
 import "google/cloud/securitycenter/v1p1beta1/asset.proto";
 import "google/cloud/securitycenter/v1p1beta1/finding.proto";
+import "google/cloud/securitycenter/v1p1beta1/resource.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -28,7 +28,7 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1";
 option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
 option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
 
-// Cloud SCC's Notification
+// Security Command Center's Notification
 message NotificationMessage {
   // Name of the notification config that generated current notification.
   string notification_config_name = 1;
@@ -39,4 +39,7 @@ message NotificationMessage {
     // populated.
     Finding finding = 2;
   }
+
+  // The Cloud resource tied to the notification.
+  Resource resource = 3;
 }
diff --git a/google/cloud/securitycenter/v1p1beta1/organization_settings.proto b/google/cloud/securitycenter/v1p1beta1/organization_settings.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -27,8 +26,8 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1";
 option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
 option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
 
-// User specified settings that are attached to the Cloud Security Command
-// Center (Cloud SCC) organization.
+// User specified settings that are attached to the Security Command
+// Center organization.
 message OrganizationSettings {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/OrganizationSettings"

diff --git a/google/cloud/securitycenter/v1p1beta1/resource.proto b/google/cloud/securitycenter/v1p1beta1/resource.proto
@@ -0,0 +1,46 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1p1beta1;
+
+import "google/api/annotations.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1p1Beta1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "ResourceProto";
+option java_package = "com.google.cloud.securitycenter.v1p1beta1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
+
+// Information related to the Google Cloud resource.
+message Resource {
+  // The full resource name of the resource. See:
+  // https://cloud.google.com/apis/design/resource_names#full_resource_name
+  string name = 1;
+
+  // The full resource name of project that the resource belongs to.
+  string project = 2;
+
+  // The human readable name of project that the resource belongs to.
+  string project_display_name = 3;
+
+  // The full resource name of resource's parent.
+  string parent = 4;
+
+  // The human readable name of resource's parent.
+  string parent_display_name = 5;
+}
diff --git a/google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto b/google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";