diff --git a/discovery/securitycenter-v1.json b/discovery/securitycenter-v1.json index 11c81a55ea..f9e07e8fef 100644 --- a/discovery/securitycenter-v1.json +++ b/discovery/securitycenter-v1.json @@ -732,39 +732,6 @@ "resources": { "muteConfigs": { "methods": { - "create": { - "description": "Creates a mute config.", - "flatPath": "v1/folders/{foldersId}/locations/{locationsId}/muteConfigs", - "httpMethod": "POST", - "id": "securitycenter.folders.locations.muteConfigs.create", - "parameterOrder": [ - "parent" - ], - "parameters": { - "muteConfigId": { - "description": "Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less.", - "location": "query", - "type": "string" - }, - "parent": { - "description": "Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`.", - "location": "path", - "pattern": "^folders/[^/]+/locations/[^/]+$", - "required": true, - "type": "string" - } - }, - "path": "v1/{+parent}/muteConfigs", - "request": { - "$ref": "GoogleCloudSecuritycenterV1MuteConfig" - }, - "response": { - "$ref": "GoogleCloudSecuritycenterV1MuteConfig" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ] - }, "delete": { "description": "Deletes an existing mute config.", "flatPath": "v1/folders/{foldersId}/locations/{locationsId}/muteConfigs/{muteConfigsId}", @@ -815,42 +782,6 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, - "list": { - "description": "Lists mute configs.", - "flatPath": "v1/folders/{foldersId}/locations/{locationsId}/muteConfigs", - "httpMethod": "GET", - "id": "securitycenter.folders.locations.muteConfigs.list", - "parameterOrder": [ - "parent" - ], - "parameters": { - "pageSize": { - "description": "The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", - "format": "int32", - "location": "query", - "type": "integer" - }, - "pageToken": { - "description": "A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.", - "location": "query", - "type": "string" - }, - "parent": { - "description": "Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, `projects/[project_id]`.", - "location": "path", - "pattern": "^folders/[^/]+/locations/[^/]+/muteConfigs$", - "required": true, - "type": "string" - } - }, - "path": "v1/{+parent}", - "response": { - "$ref": "ListMuteConfigsResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ] - }, "patch": { "description": "Updates a mute config.", "flatPath": "v1/folders/{foldersId}/locations/{locationsId}/muteConfigs/{muteConfigsId}", @@ -2508,39 +2439,6 @@ "resources": { "muteConfigs": { "methods": { - "create": { - "description": "Creates a mute config.", - "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/muteConfigs", - "httpMethod": "POST", - "id": "securitycenter.organizations.locations.muteConfigs.create", - "parameterOrder": [ - "parent" - ], - "parameters": { - "muteConfigId": { - "description": "Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less.", - "location": "query", - "type": "string" - }, - "parent": { - "description": "Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`.", - "location": "path", - "pattern": "^organizations/[^/]+/locations/[^/]+$", - "required": true, - "type": "string" - } - }, - "path": "v1/{+parent}/muteConfigs", - "request": { - "$ref": "GoogleCloudSecuritycenterV1MuteConfig" - }, - "response": { - "$ref": "GoogleCloudSecuritycenterV1MuteConfig" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ] - }, "delete": { "description": "Deletes an existing mute config.", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/muteConfigs/{muteConfigsId}", @@ -2591,42 +2489,6 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, - "list": { - "description": "Lists mute configs.", - "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/muteConfigs", - "httpMethod": "GET", - "id": "securitycenter.organizations.locations.muteConfigs.list", - "parameterOrder": [ - "parent" - ], - "parameters": { - "pageSize": { - "description": "The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", - "format": "int32", - "location": "query", - "type": "integer" - }, - "pageToken": { - "description": "A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.", - "location": "query", - "type": "string" - }, - "parent": { - "description": "Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, `projects/[project_id]`.", - "location": "path", - "pattern": "^organizations/[^/]+/locations/[^/]+/muteConfigs$", - "required": true, - "type": "string" - } - }, - "path": "v1/{+parent}", - "response": { - "$ref": "ListMuteConfigsResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ] - }, "patch": { "description": "Updates a mute config.", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/muteConfigs/{muteConfigsId}", @@ -5017,39 +4879,6 @@ "resources": { "muteConfigs": { "methods": { - "create": { - "description": "Creates a mute config.", - "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/muteConfigs", - "httpMethod": "POST", - "id": "securitycenter.projects.locations.muteConfigs.create", - "parameterOrder": [ - "parent" - ], - "parameters": { - "muteConfigId": { - "description": "Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less.", - "location": "query", - "type": "string" - }, - "parent": { - "description": "Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`.", - "location": "path", - "pattern": "^projects/[^/]+/locations/[^/]+$", - "required": true, - "type": "string" - } - }, - "path": "v1/{+parent}/muteConfigs", - "request": { - "$ref": "GoogleCloudSecuritycenterV1MuteConfig" - }, - "response": { - "$ref": "GoogleCloudSecuritycenterV1MuteConfig" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ] - }, "delete": { "description": "Deletes an existing mute config.", "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/muteConfigs/{muteConfigsId}", @@ -5100,42 +4929,6 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, - "list": { - "description": "Lists mute configs.", - "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/muteConfigs", - "httpMethod": "GET", - "id": "securitycenter.projects.locations.muteConfigs.list", - "parameterOrder": [ - "parent" - ], - "parameters": { - "pageSize": { - "description": "The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", - "format": "int32", - "location": "query", - "type": "integer" - }, - "pageToken": { - "description": "A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.", - "location": "query", - "type": "string" - }, - "parent": { - "description": "Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, `projects/[project_id]`.", - "location": "path", - "pattern": "^projects/[^/]+/locations/[^/]+/muteConfigs$", - "required": true, - "type": "string" - } - }, - "path": "v1/{+parent}", - "response": { - "$ref": "ListMuteConfigsResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ] - }, "patch": { "description": "Updates a mute config.", "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/muteConfigs/{muteConfigsId}", @@ -6084,7 +5877,7 @@ } } }, - "revision": "20240827", + "revision": "20240926", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -6630,6 +6423,10 @@ "description": "Represents an Azure resource group.", "id": "AzureResourceGroup", "properties": { + "id": { + "description": "The ID of the Azure resource group.", + "type": "string" + }, "name": { "description": "The name of the Azure resource group. This is not a UUID.", "type": "string" @@ -6656,6 +6453,10 @@ "description": "Represents a Microsoft Entra tenant.", "id": "AzureTenant", "properties": { + "displayName": { + "description": "The display name of the Azure tenant.", + "type": "string" + }, "id": { "description": "The ID of the Microsoft Entra tenant, for example, \"a11aaa11-aa11-1aa1-11aa-1aaa11a\".", "type": "string" @@ -6800,6 +6601,17 @@ }, "type": "object" }, + "CelPolicySpec": { + "description": "YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: \"compute.googleapis.com/Instance\" - resource_types: \"compute.googleapis.com/Firewall\" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: > instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies.", + "id": "CelPolicySpec", + "properties": { + "spec": { + "description": "The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false.", + "type": "string" + } + }, + "type": "object" + }, "CloudArmor": { "description": "Fields related to Google Cloud Armor findings.", "id": "CloudArmor", @@ -8238,6 +8050,10 @@ "description": "Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.", "id": "GoogleCloudSecuritycenterV1CustomConfig", "properties": { + "celPolicy": { + "$ref": "CelPolicySpec", + "description": "The CEL policy spec attached to the custom module." + }, "customOutput": { "$ref": "GoogleCloudSecuritycenterV1CustomOutputSpec", "description": "Custom output properties." @@ -9320,6 +9136,10 @@ "description": "Represents an Azure resource group.", "id": "GoogleCloudSecuritycenterV2AzureResourceGroup", "properties": { + "id": { + "description": "The ID of the Azure resource group.", + "type": "string" + }, "name": { "description": "The name of the Azure resource group. This is not a UUID.", "type": "string" @@ -9346,6 +9166,10 @@ "description": "Represents a Microsoft Entra tenant.", "id": "GoogleCloudSecuritycenterV2AzureTenant", "properties": { + "displayName": { + "description": "The display name of the Azure tenant.", + "type": "string" + }, "id": { "description": "The ID of the Microsoft Entra tenant, for example, \"a11aaa11-aa11-1aa1-11aa-1aaa11a\".", "type": "string" diff --git a/discovery/securitycenter-v1beta1.json b/discovery/securitycenter-v1beta1.json index c7316c3337..75a5b1ceaa 100644 --- a/discovery/securitycenter-v1beta1.json +++ b/discovery/securitycenter-v1beta1.json @@ -903,7 +903,7 @@ } } }, - "revision": "20240827", + "revision": "20240926", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -1313,6 +1313,10 @@ "description": "Represents an Azure resource group.", "id": "AzureResourceGroup", "properties": { + "id": { + "description": "The ID of the Azure resource group.", + "type": "string" + }, "name": { "description": "The name of the Azure resource group. This is not a UUID.", "type": "string" @@ -1339,6 +1343,10 @@ "description": "Represents a Microsoft Entra tenant.", "id": "AzureTenant", "properties": { + "displayName": { + "description": "The display name of the Azure tenant.", + "type": "string" + }, "id": { "description": "The ID of the Microsoft Entra tenant, for example, \"a11aaa11-aa11-1aa1-11aa-1aaa11a\".", "type": "string" @@ -1431,6 +1439,17 @@ "properties": {}, "type": "object" }, + "CelPolicySpec": { + "description": "YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: \"compute.googleapis.com/Instance\" - resource_types: \"compute.googleapis.com/Firewall\" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: > instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies.", + "id": "CelPolicySpec", + "properties": { + "spec": { + "description": "The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false.", + "type": "string" + } + }, + "type": "object" + }, "CloudArmor": { "description": "Fields related to Google Cloud Armor findings.", "id": "CloudArmor", @@ -2704,6 +2723,10 @@ "description": "Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.", "id": "GoogleCloudSecuritycenterV1CustomConfig", "properties": { + "celPolicy": { + "$ref": "CelPolicySpec", + "description": "The CEL policy spec attached to the custom module." + }, "customOutput": { "$ref": "GoogleCloudSecuritycenterV1CustomOutputSpec", "description": "Custom output properties." @@ -3867,6 +3890,10 @@ "description": "Represents an Azure resource group.", "id": "GoogleCloudSecuritycenterV2AzureResourceGroup", "properties": { + "id": { + "description": "The ID of the Azure resource group.", + "type": "string" + }, "name": { "description": "The name of the Azure resource group. This is not a UUID.", "type": "string" @@ -3893,6 +3920,10 @@ "description": "Represents a Microsoft Entra tenant.", "id": "GoogleCloudSecuritycenterV2AzureTenant", "properties": { + "displayName": { + "description": "The display name of the Azure tenant.", + "type": "string" + }, "id": { "description": "The ID of the Microsoft Entra tenant, for example, \"a11aaa11-aa11-1aa1-11aa-1aaa11a\".", "type": "string" diff --git a/discovery/securitycenter-v1beta2.json b/discovery/securitycenter-v1beta2.json index 610096d7b8..734ed38b3d 100644 --- a/discovery/securitycenter-v1beta2.json +++ b/discovery/securitycenter-v1beta2.json @@ -512,6 +512,11 @@ "pattern": "^folders/[^/]+/containerThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -541,6 +546,11 @@ "pattern": "^folders/[^/]+/eventThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -599,6 +609,11 @@ "pattern": "^folders/[^/]+/securityHealthAnalyticsSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -628,6 +643,11 @@ "pattern": "^folders/[^/]+/virtualMachineThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -657,6 +677,11 @@ "pattern": "^folders/[^/]+/webSecurityScannerSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1096,6 +1121,11 @@ "pattern": "^organizations/[^/]+/containerThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1125,6 +1155,11 @@ "pattern": "^organizations/[^/]+/eventThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1183,6 +1218,11 @@ "pattern": "^organizations/[^/]+/securityHealthAnalyticsSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1212,6 +1252,11 @@ "pattern": "^organizations/[^/]+/virtualMachineThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1241,6 +1286,11 @@ "pattern": "^organizations/[^/]+/webSecurityScannerSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1655,6 +1705,11 @@ "pattern": "^projects/[^/]+/containerThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1684,6 +1739,11 @@ "pattern": "^projects/[^/]+/eventThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1778,6 +1838,11 @@ "pattern": "^projects/[^/]+/locations/[^/]+/clusters/[^/]+/containerThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1840,6 +1905,11 @@ "pattern": "^projects/[^/]+/securityHealthAnalyticsSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1869,6 +1939,11 @@ "pattern": "^projects/[^/]+/virtualMachineThreatDetectionSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1898,6 +1973,11 @@ "pattern": "^projects/[^/]+/webSecurityScannerSettings$", "required": true, "type": "string" + }, + "showEligibleModulesOnly": { + "description": "Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown.", + "location": "query", + "type": "boolean" } }, "path": "v1beta2/{+name}:calculate", @@ -1913,7 +1993,7 @@ } } }, - "revision": "20240827", + "revision": "20240927", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -2237,6 +2317,10 @@ "description": "Represents a Microsoft Entra tenant.", "id": "AzureTenant", "properties": { + "displayName": { + "description": "The display name of the Azure tenant.", + "type": "string" + }, "id": { "description": "The ID of the Microsoft Entra tenant, for example, \"a11aaa11-aa11-1aa1-11aa-1aaa11a\".", "type": "string" @@ -4806,6 +4890,10 @@ "description": "Represents a Microsoft Entra tenant.", "id": "GoogleCloudSecuritycenterV2AzureTenant", "properties": { + "displayName": { + "description": "The display name of the Azure tenant.", + "type": "string" + }, "id": { "description": "The ID of the Microsoft Entra tenant, for example, \"a11aaa11-aa11-1aa1-11aa-1aaa11a\".", "type": "string" diff --git a/src/apis/securitycenter/v1.ts b/src/apis/securitycenter/v1.ts index d642e5c250..e34b631c49 100644 --- a/src/apis/securitycenter/v1.ts +++ b/src/apis/securitycenter/v1.ts @@ -536,6 +536,10 @@ export namespace securitycenter_v1 { * Represents an Azure resource group. */ export interface Schema$AzureResourceGroup { + /** + * The ID of the Azure resource group. + */ + id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ @@ -558,6 +562,10 @@ export namespace securitycenter_v1 { * Represents a Microsoft Entra tenant. */ export interface Schema$AzureTenant { + /** + * The display name of the Azure tenant. + */ + displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ @@ -660,6 +668,15 @@ export namespace securitycenter_v1 { */ muteState?: string | null; } + /** + * YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: "compute.googleapis.com/Instance" - resource_types: "compute.googleapis.com/Firewall" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: \> instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: \> firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: \> instance.networkInterfaces.exists(net, firewall.network == net.network) output: \> {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name\} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies. + */ + export interface Schema$CelPolicySpec { + /** + * The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false. + */ + spec?: string | null; + } /** * Fields related to Google Cloud Armor findings. */ @@ -1640,6 +1657,10 @@ export namespace securitycenter_v1 { * Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify. */ export interface Schema$GoogleCloudSecuritycenterV1CustomConfig { + /** + * The CEL policy spec attached to the custom module. + */ + celPolicy?: Schema$CelPolicySpec; /** * Custom output properties. */ @@ -2387,6 +2408,10 @@ export namespace securitycenter_v1 { * Represents an Azure resource group. */ export interface Schema$GoogleCloudSecuritycenterV2AzureResourceGroup { + /** + * The ID of the Azure resource group. + */ + id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ @@ -2409,6 +2434,10 @@ export namespace securitycenter_v1 { * Represents a Microsoft Entra tenant. */ export interface Schema$GoogleCloudSecuritycenterV2AzureTenant { + /** + * The display name of the Azure tenant. + */ + displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ @@ -7717,104 +7746,6 @@ export namespace securitycenter_v1 { this.context = context; } - /** - * Creates a mute config. - * - * @param params - Parameters for request - * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. - * @param callback - Optional callback that handles the response. - * @returns A promise if used with async/await, or void if used with a callback. - */ - create( - params: Params$Resource$Folders$Locations$Muteconfigs$Create, - options: StreamMethodOptions - ): GaxiosPromise; - create( - params?: Params$Resource$Folders$Locations$Muteconfigs$Create, - options?: MethodOptions - ): GaxiosPromise; - create( - params: Params$Resource$Folders$Locations$Muteconfigs$Create, - options: StreamMethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - create( - params: Params$Resource$Folders$Locations$Muteconfigs$Create, - options: - | MethodOptions - | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - create( - params: Params$Resource$Folders$Locations$Muteconfigs$Create, - callback: BodyResponseCallback - ): void; - create( - callback: BodyResponseCallback - ): void; - create( - paramsOrCallback?: - | Params$Resource$Folders$Locations$Muteconfigs$Create - | BodyResponseCallback - | BodyResponseCallback, - optionsOrCallback?: - | MethodOptions - | StreamMethodOptions - | BodyResponseCallback - | BodyResponseCallback, - callback?: - | BodyResponseCallback - | BodyResponseCallback - ): - | void - | GaxiosPromise - | GaxiosPromise { - let params = (paramsOrCallback || - {}) as Params$Resource$Folders$Locations$Muteconfigs$Create; - let options = (optionsOrCallback || {}) as MethodOptions; - - if (typeof paramsOrCallback === 'function') { - callback = paramsOrCallback; - params = {} as Params$Resource$Folders$Locations$Muteconfigs$Create; - options = {}; - } - - if (typeof optionsOrCallback === 'function') { - callback = optionsOrCallback; - options = {}; - } - - const rootUrl = - options.rootUrl || 'https://securitycenter.googleapis.com/'; - const parameters = { - options: Object.assign( - { - url: (rootUrl + '/v1/{+parent}/muteConfigs').replace( - /([^:]\/)\/+/g, - '$1' - ), - method: 'POST', - apiVersion: '', - }, - options - ), - params, - requiredParams: ['parent'], - pathParams: ['parent'], - context: this.context, - }; - if (callback) { - createAPIRequest( - parameters, - callback as BodyResponseCallback - ); - } else { - return createAPIRequest( - parameters - ); - } - } - /** * Deletes an existing mute config. * @@ -7996,97 +7927,6 @@ export namespace securitycenter_v1 { } } - /** - * Lists mute configs. - * - * @param params - Parameters for request - * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. - * @param callback - Optional callback that handles the response. - * @returns A promise if used with async/await, or void if used with a callback. - */ - list( - params: Params$Resource$Folders$Locations$Muteconfigs$List, - options: StreamMethodOptions - ): GaxiosPromise; - list( - params?: Params$Resource$Folders$Locations$Muteconfigs$List, - options?: MethodOptions - ): GaxiosPromise; - list( - params: Params$Resource$Folders$Locations$Muteconfigs$List, - options: StreamMethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - list( - params: Params$Resource$Folders$Locations$Muteconfigs$List, - options: - | MethodOptions - | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - list( - params: Params$Resource$Folders$Locations$Muteconfigs$List, - callback: BodyResponseCallback - ): void; - list(callback: BodyResponseCallback): void; - list( - paramsOrCallback?: - | Params$Resource$Folders$Locations$Muteconfigs$List - | BodyResponseCallback - | BodyResponseCallback, - optionsOrCallback?: - | MethodOptions - | StreamMethodOptions - | BodyResponseCallback - | BodyResponseCallback, - callback?: - | BodyResponseCallback - | BodyResponseCallback - ): - | void - | GaxiosPromise - | GaxiosPromise { - let params = (paramsOrCallback || - {}) as Params$Resource$Folders$Locations$Muteconfigs$List; - let options = (optionsOrCallback || {}) as MethodOptions; - - if (typeof paramsOrCallback === 'function') { - callback = paramsOrCallback; - params = {} as Params$Resource$Folders$Locations$Muteconfigs$List; - options = {}; - } - - if (typeof optionsOrCallback === 'function') { - callback = optionsOrCallback; - options = {}; - } - - const rootUrl = - options.rootUrl || 'https://securitycenter.googleapis.com/'; - const parameters = { - options: Object.assign( - { - url: (rootUrl + '/v1/{+parent}').replace(/([^:]\/)\/+/g, '$1'), - method: 'GET', - apiVersion: '', - }, - options - ), - params, - requiredParams: ['parent'], - pathParams: ['parent'], - context: this.context, - }; - if (callback) { - createAPIRequest( - parameters, - callback as BodyResponseCallback - ); - } else { - return createAPIRequest(parameters); - } - } - /** * Updates a mute config. * @@ -8183,22 +8023,6 @@ export namespace securitycenter_v1 { } } - export interface Params$Resource$Folders$Locations$Muteconfigs$Create - extends StandardParameters { - /** - * Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. - */ - muteConfigId?: string; - /** - * Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`. - */ - parent?: string; - - /** - * Request body metadata - */ - requestBody?: Schema$GoogleCloudSecuritycenterV1MuteConfig; - } export interface Params$Resource$Folders$Locations$Muteconfigs$Delete extends StandardParameters { /** @@ -8213,21 +8037,6 @@ export namespace securitycenter_v1 { */ name?: string; } - export interface Params$Resource$Folders$Locations$Muteconfigs$List - extends StandardParameters { - /** - * The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. - */ - pageSize?: number; - /** - * A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token. - */ - pageToken?: string; - /** - * Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, `projects/[project_id]`. - */ - parent?: string; - } export interface Params$Resource$Folders$Locations$Muteconfigs$Patch extends StandardParameters { /** @@ -13586,139 +13395,40 @@ export namespace securitycenter_v1 { } /** - * Creates a mute config. + * Deletes an existing mute config. * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ - create( - params: Params$Resource$Organizations$Locations$Muteconfigs$Create, + delete( + params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, options: StreamMethodOptions ): GaxiosPromise; - create( - params?: Params$Resource$Organizations$Locations$Muteconfigs$Create, + delete( + params?: Params$Resource$Organizations$Locations$Muteconfigs$Delete, options?: MethodOptions - ): GaxiosPromise; - create( - params: Params$Resource$Organizations$Locations$Muteconfigs$Create, + ): GaxiosPromise; + delete( + params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, options: StreamMethodOptions | BodyResponseCallback, callback: BodyResponseCallback ): void; - create( - params: Params$Resource$Organizations$Locations$Muteconfigs$Create, - options: - | MethodOptions - | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - create( - params: Params$Resource$Organizations$Locations$Muteconfigs$Create, - callback: BodyResponseCallback + delete( + params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, + options: MethodOptions | BodyResponseCallback, + callback: BodyResponseCallback ): void; - create( - callback: BodyResponseCallback + delete( + params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, + callback: BodyResponseCallback ): void; - create( + delete(callback: BodyResponseCallback): void; + delete( paramsOrCallback?: - | Params$Resource$Organizations$Locations$Muteconfigs$Create - | BodyResponseCallback - | BodyResponseCallback, - optionsOrCallback?: - | MethodOptions - | StreamMethodOptions - | BodyResponseCallback - | BodyResponseCallback, - callback?: - | BodyResponseCallback - | BodyResponseCallback - ): - | void - | GaxiosPromise - | GaxiosPromise { - let params = (paramsOrCallback || - {}) as Params$Resource$Organizations$Locations$Muteconfigs$Create; - let options = (optionsOrCallback || {}) as MethodOptions; - - if (typeof paramsOrCallback === 'function') { - callback = paramsOrCallback; - params = - {} as Params$Resource$Organizations$Locations$Muteconfigs$Create; - options = {}; - } - - if (typeof optionsOrCallback === 'function') { - callback = optionsOrCallback; - options = {}; - } - - const rootUrl = - options.rootUrl || 'https://securitycenter.googleapis.com/'; - const parameters = { - options: Object.assign( - { - url: (rootUrl + '/v1/{+parent}/muteConfigs').replace( - /([^:]\/)\/+/g, - '$1' - ), - method: 'POST', - apiVersion: '', - }, - options - ), - params, - requiredParams: ['parent'], - pathParams: ['parent'], - context: this.context, - }; - if (callback) { - createAPIRequest( - parameters, - callback as BodyResponseCallback - ); - } else { - return createAPIRequest( - parameters - ); - } - } - - /** - * Deletes an existing mute config. - * - * @param params - Parameters for request - * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. - * @param callback - Optional callback that handles the response. - * @returns A promise if used with async/await, or void if used with a callback. - */ - delete( - params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, - options: StreamMethodOptions - ): GaxiosPromise; - delete( - params?: Params$Resource$Organizations$Locations$Muteconfigs$Delete, - options?: MethodOptions - ): GaxiosPromise; - delete( - params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, - options: StreamMethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - delete( - params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, - options: MethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - delete( - params: Params$Resource$Organizations$Locations$Muteconfigs$Delete, - callback: BodyResponseCallback - ): void; - delete(callback: BodyResponseCallback): void; - delete( - paramsOrCallback?: - | Params$Resource$Organizations$Locations$Muteconfigs$Delete - | BodyResponseCallback + | Params$Resource$Organizations$Locations$Muteconfigs$Delete + | BodyResponseCallback | BodyResponseCallback, optionsOrCallback?: | MethodOptions @@ -13866,97 +13576,6 @@ export namespace securitycenter_v1 { } } - /** - * Lists mute configs. - * - * @param params - Parameters for request - * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. - * @param callback - Optional callback that handles the response. - * @returns A promise if used with async/await, or void if used with a callback. - */ - list( - params: Params$Resource$Organizations$Locations$Muteconfigs$List, - options: StreamMethodOptions - ): GaxiosPromise; - list( - params?: Params$Resource$Organizations$Locations$Muteconfigs$List, - options?: MethodOptions - ): GaxiosPromise; - list( - params: Params$Resource$Organizations$Locations$Muteconfigs$List, - options: StreamMethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - list( - params: Params$Resource$Organizations$Locations$Muteconfigs$List, - options: - | MethodOptions - | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - list( - params: Params$Resource$Organizations$Locations$Muteconfigs$List, - callback: BodyResponseCallback - ): void; - list(callback: BodyResponseCallback): void; - list( - paramsOrCallback?: - | Params$Resource$Organizations$Locations$Muteconfigs$List - | BodyResponseCallback - | BodyResponseCallback, - optionsOrCallback?: - | MethodOptions - | StreamMethodOptions - | BodyResponseCallback - | BodyResponseCallback, - callback?: - | BodyResponseCallback - | BodyResponseCallback - ): - | void - | GaxiosPromise - | GaxiosPromise { - let params = (paramsOrCallback || - {}) as Params$Resource$Organizations$Locations$Muteconfigs$List; - let options = (optionsOrCallback || {}) as MethodOptions; - - if (typeof paramsOrCallback === 'function') { - callback = paramsOrCallback; - params = {} as Params$Resource$Organizations$Locations$Muteconfigs$List; - options = {}; - } - - if (typeof optionsOrCallback === 'function') { - callback = optionsOrCallback; - options = {}; - } - - const rootUrl = - options.rootUrl || 'https://securitycenter.googleapis.com/'; - const parameters = { - options: Object.assign( - { - url: (rootUrl + '/v1/{+parent}').replace(/([^:]\/)\/+/g, '$1'), - method: 'GET', - apiVersion: '', - }, - options - ), - params, - requiredParams: ['parent'], - pathParams: ['parent'], - context: this.context, - }; - if (callback) { - createAPIRequest( - parameters, - callback as BodyResponseCallback - ); - } else { - return createAPIRequest(parameters); - } - } - /** * Updates a mute config. * @@ -14054,22 +13673,6 @@ export namespace securitycenter_v1 { } } - export interface Params$Resource$Organizations$Locations$Muteconfigs$Create - extends StandardParameters { - /** - * Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. - */ - muteConfigId?: string; - /** - * Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`. - */ - parent?: string; - - /** - * Request body metadata - */ - requestBody?: Schema$GoogleCloudSecuritycenterV1MuteConfig; - } export interface Params$Resource$Organizations$Locations$Muteconfigs$Delete extends StandardParameters { /** @@ -14084,21 +13687,6 @@ export namespace securitycenter_v1 { */ name?: string; } - export interface Params$Resource$Organizations$Locations$Muteconfigs$List - extends StandardParameters { - /** - * The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. - */ - pageSize?: number; - /** - * A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token. - */ - pageToken?: string; - /** - * Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, `projects/[project_id]`. - */ - parent?: string; - } export interface Params$Resource$Organizations$Locations$Muteconfigs$Patch extends StandardParameters { /** @@ -21758,104 +21346,6 @@ export namespace securitycenter_v1 { this.context = context; } - /** - * Creates a mute config. - * - * @param params - Parameters for request - * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. - * @param callback - Optional callback that handles the response. - * @returns A promise if used with async/await, or void if used with a callback. - */ - create( - params: Params$Resource$Projects$Locations$Muteconfigs$Create, - options: StreamMethodOptions - ): GaxiosPromise; - create( - params?: Params$Resource$Projects$Locations$Muteconfigs$Create, - options?: MethodOptions - ): GaxiosPromise; - create( - params: Params$Resource$Projects$Locations$Muteconfigs$Create, - options: StreamMethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - create( - params: Params$Resource$Projects$Locations$Muteconfigs$Create, - options: - | MethodOptions - | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - create( - params: Params$Resource$Projects$Locations$Muteconfigs$Create, - callback: BodyResponseCallback - ): void; - create( - callback: BodyResponseCallback - ): void; - create( - paramsOrCallback?: - | Params$Resource$Projects$Locations$Muteconfigs$Create - | BodyResponseCallback - | BodyResponseCallback, - optionsOrCallback?: - | MethodOptions - | StreamMethodOptions - | BodyResponseCallback - | BodyResponseCallback, - callback?: - | BodyResponseCallback - | BodyResponseCallback - ): - | void - | GaxiosPromise - | GaxiosPromise { - let params = (paramsOrCallback || - {}) as Params$Resource$Projects$Locations$Muteconfigs$Create; - let options = (optionsOrCallback || {}) as MethodOptions; - - if (typeof paramsOrCallback === 'function') { - callback = paramsOrCallback; - params = {} as Params$Resource$Projects$Locations$Muteconfigs$Create; - options = {}; - } - - if (typeof optionsOrCallback === 'function') { - callback = optionsOrCallback; - options = {}; - } - - const rootUrl = - options.rootUrl || 'https://securitycenter.googleapis.com/'; - const parameters = { - options: Object.assign( - { - url: (rootUrl + '/v1/{+parent}/muteConfigs').replace( - /([^:]\/)\/+/g, - '$1' - ), - method: 'POST', - apiVersion: '', - }, - options - ), - params, - requiredParams: ['parent'], - pathParams: ['parent'], - context: this.context, - }; - if (callback) { - createAPIRequest( - parameters, - callback as BodyResponseCallback - ); - } else { - return createAPIRequest( - parameters - ); - } - } - /** * Deletes an existing mute config. * @@ -22037,97 +21527,6 @@ export namespace securitycenter_v1 { } } - /** - * Lists mute configs. - * - * @param params - Parameters for request - * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. - * @param callback - Optional callback that handles the response. - * @returns A promise if used with async/await, or void if used with a callback. - */ - list( - params: Params$Resource$Projects$Locations$Muteconfigs$List, - options: StreamMethodOptions - ): GaxiosPromise; - list( - params?: Params$Resource$Projects$Locations$Muteconfigs$List, - options?: MethodOptions - ): GaxiosPromise; - list( - params: Params$Resource$Projects$Locations$Muteconfigs$List, - options: StreamMethodOptions | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - list( - params: Params$Resource$Projects$Locations$Muteconfigs$List, - options: - | MethodOptions - | BodyResponseCallback, - callback: BodyResponseCallback - ): void; - list( - params: Params$Resource$Projects$Locations$Muteconfigs$List, - callback: BodyResponseCallback - ): void; - list(callback: BodyResponseCallback): void; - list( - paramsOrCallback?: - | Params$Resource$Projects$Locations$Muteconfigs$List - | BodyResponseCallback - | BodyResponseCallback, - optionsOrCallback?: - | MethodOptions - | StreamMethodOptions - | BodyResponseCallback - | BodyResponseCallback, - callback?: - | BodyResponseCallback - | BodyResponseCallback - ): - | void - | GaxiosPromise - | GaxiosPromise { - let params = (paramsOrCallback || - {}) as Params$Resource$Projects$Locations$Muteconfigs$List; - let options = (optionsOrCallback || {}) as MethodOptions; - - if (typeof paramsOrCallback === 'function') { - callback = paramsOrCallback; - params = {} as Params$Resource$Projects$Locations$Muteconfigs$List; - options = {}; - } - - if (typeof optionsOrCallback === 'function') { - callback = optionsOrCallback; - options = {}; - } - - const rootUrl = - options.rootUrl || 'https://securitycenter.googleapis.com/'; - const parameters = { - options: Object.assign( - { - url: (rootUrl + '/v1/{+parent}').replace(/([^:]\/)\/+/g, '$1'), - method: 'GET', - apiVersion: '', - }, - options - ), - params, - requiredParams: ['parent'], - pathParams: ['parent'], - context: this.context, - }; - if (callback) { - createAPIRequest( - parameters, - callback as BodyResponseCallback - ); - } else { - return createAPIRequest(parameters); - } - } - /** * Updates a mute config. * @@ -22224,22 +21623,6 @@ export namespace securitycenter_v1 { } } - export interface Params$Resource$Projects$Locations$Muteconfigs$Create - extends StandardParameters { - /** - * Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. - */ - muteConfigId?: string; - /** - * Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`. - */ - parent?: string; - - /** - * Request body metadata - */ - requestBody?: Schema$GoogleCloudSecuritycenterV1MuteConfig; - } export interface Params$Resource$Projects$Locations$Muteconfigs$Delete extends StandardParameters { /** @@ -22254,21 +21637,6 @@ export namespace securitycenter_v1 { */ name?: string; } - export interface Params$Resource$Projects$Locations$Muteconfigs$List - extends StandardParameters { - /** - * The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. - */ - pageSize?: number; - /** - * A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token. - */ - pageToken?: string; - /** - * Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]`, `folders/[folder_id]`, `projects/[project_id]`. - */ - parent?: string; - } export interface Params$Resource$Projects$Locations$Muteconfigs$Patch extends StandardParameters { /** diff --git a/src/apis/securitycenter/v1beta1.ts b/src/apis/securitycenter/v1beta1.ts index b58bde83c4..a0d76ff31b 100644 --- a/src/apis/securitycenter/v1beta1.ts +++ b/src/apis/securitycenter/v1beta1.ts @@ -436,6 +436,10 @@ export namespace securitycenter_v1beta1 { * Represents an Azure resource group. */ export interface Schema$AzureResourceGroup { + /** + * The ID of the Azure resource group. + */ + id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ @@ -458,6 +462,10 @@ export namespace securitycenter_v1beta1 { * Represents a Microsoft Entra tenant. */ export interface Schema$AzureTenant { + /** + * The display name of the Azure tenant. + */ + displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ @@ -529,6 +537,15 @@ export namespace securitycenter_v1beta1 { * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest {} + /** + * YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: "compute.googleapis.com/Instance" - resource_types: "compute.googleapis.com/Firewall" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: \> instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: \> firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: \> instance.networkInterfaces.exists(net, firewall.network == net.network) output: \> {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name\} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies. + */ + export interface Schema$CelPolicySpec { + /** + * The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false. + */ + spec?: string | null; + } /** * Fields related to Google Cloud Armor findings. */ @@ -1457,6 +1474,10 @@ export namespace securitycenter_v1beta1 { * Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify. */ export interface Schema$GoogleCloudSecuritycenterV1CustomConfig { + /** + * The CEL policy spec attached to the custom module. + */ + celPolicy?: Schema$CelPolicySpec; /** * Custom output properties. */ @@ -2204,6 +2225,10 @@ export namespace securitycenter_v1beta1 { * Represents an Azure resource group. */ export interface Schema$GoogleCloudSecuritycenterV2AzureResourceGroup { + /** + * The ID of the Azure resource group. + */ + id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ @@ -2226,6 +2251,10 @@ export namespace securitycenter_v1beta1 { * Represents a Microsoft Entra tenant. */ export interface Schema$GoogleCloudSecuritycenterV2AzureTenant { + /** + * The display name of the Azure tenant. + */ + displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ diff --git a/src/apis/securitycenter/v1beta2.ts b/src/apis/securitycenter/v1beta2.ts index 7bb7d20afc..18db93026d 100644 --- a/src/apis/securitycenter/v1beta2.ts +++ b/src/apis/securitycenter/v1beta2.ts @@ -394,6 +394,10 @@ export namespace securitycenter_v1beta2 { * Represents a Microsoft Entra tenant. */ export interface Schema$AzureTenant { + /** + * The display name of the Azure tenant. + */ + displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ @@ -2137,6 +2141,10 @@ export namespace securitycenter_v1beta2 { * Represents a Microsoft Entra tenant. */ export interface Schema$GoogleCloudSecuritycenterV2AzureTenant { + /** + * The display name of the Azure tenant. + */ + displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ @@ -6201,6 +6209,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the ContainerThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/containerThreatDetectionSettings * folders/{folder\}/containerThreatDetectionSettings * projects/{project\}/containerThreatDetectionSettings * projects/{project\}/locations/{location\}/clusters/{cluster\}/containerThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Folders$Eventthreatdetectionsettings { @@ -6315,6 +6327,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the EventThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/eventThreatDetectionSettings * folders/{folder\}/eventThreatDetectionSettings * projects/{project\}/eventThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Folders$Rapidvulnerabilitydetectionsettings { @@ -6543,6 +6559,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the SecurityHealthAnalyticsSettings to calculate. Formats: * organizations/{organization\}/securityHealthAnalyticsSettings * folders/{folder\}/securityHealthAnalyticsSettings * projects/{project\}/securityHealthAnalyticsSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Folders$Virtualmachinethreatdetectionsettings { @@ -6657,6 +6677,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the VirtualMachineThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/virtualMachineThreatDetectionSettings * folders/{folder\}/virtualMachineThreatDetectionSettings * projects/{project\}/virtualMachineThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Folders$Websecurityscannersettings { @@ -6769,6 +6793,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the WebSecurityScannerSettings to calculate. Formats: * organizations/{organization\}/webSecurityScannerSettings * folders/{folder\}/webSecurityScannerSettings * projects/{project\}/webSecurityScannerSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Organizations { @@ -8396,6 +8424,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the ContainerThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/containerThreatDetectionSettings * folders/{folder\}/containerThreatDetectionSettings * projects/{project\}/containerThreatDetectionSettings * projects/{project\}/locations/{location\}/clusters/{cluster\}/containerThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Organizations$Eventthreatdetectionsettings { @@ -8510,6 +8542,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the EventThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/eventThreatDetectionSettings * folders/{folder\}/eventThreatDetectionSettings * projects/{project\}/eventThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Organizations$Rapidvulnerabilitydetectionsettings { @@ -8738,6 +8774,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the SecurityHealthAnalyticsSettings to calculate. Formats: * organizations/{organization\}/securityHealthAnalyticsSettings * folders/{folder\}/securityHealthAnalyticsSettings * projects/{project\}/securityHealthAnalyticsSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Organizations$Virtualmachinethreatdetectionsettings { @@ -8852,6 +8892,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the VirtualMachineThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/virtualMachineThreatDetectionSettings * folders/{folder\}/virtualMachineThreatDetectionSettings * projects/{project\}/virtualMachineThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Organizations$Websecurityscannersettings { @@ -8964,6 +9008,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the WebSecurityScannerSettings to calculate. Formats: * organizations/{organization\}/webSecurityScannerSettings * folders/{folder\}/webSecurityScannerSettings * projects/{project\}/webSecurityScannerSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Projects { @@ -10492,6 +10540,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the ContainerThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/containerThreatDetectionSettings * folders/{folder\}/containerThreatDetectionSettings * projects/{project\}/containerThreatDetectionSettings * projects/{project\}/locations/{location\}/clusters/{cluster\}/containerThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Projects$Eventthreatdetectionsettings { @@ -10606,6 +10658,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the EventThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/eventThreatDetectionSettings * folders/{folder\}/eventThreatDetectionSettings * projects/{project\}/eventThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Projects$Locations { @@ -10957,6 +11013,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the ContainerThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/containerThreatDetectionSettings * folders/{folder\}/containerThreatDetectionSettings * projects/{project\}/containerThreatDetectionSettings * projects/{project\}/locations/{location\}/clusters/{cluster\}/containerThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Projects$Rapidvulnerabilitydetectionsettings { @@ -11185,6 +11245,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the SecurityHealthAnalyticsSettings to calculate. Formats: * organizations/{organization\}/securityHealthAnalyticsSettings * folders/{folder\}/securityHealthAnalyticsSettings * projects/{project\}/securityHealthAnalyticsSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Projects$Virtualmachinethreatdetectionsettings { @@ -11299,6 +11363,10 @@ export namespace securitycenter_v1beta2 { * Required. The name of the VirtualMachineThreatDetectionSettings to calculate. Formats: * organizations/{organization\}/virtualMachineThreatDetectionSettings * folders/{folder\}/virtualMachineThreatDetectionSettings * projects/{project\}/virtualMachineThreatDetectionSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } export class Resource$Projects$Websecurityscannersettings { @@ -11411,5 +11479,9 @@ export namespace securitycenter_v1beta2 { * Required. The name of the WebSecurityScannerSettings to calculate. Formats: * organizations/{organization\}/webSecurityScannerSettings * folders/{folder\}/webSecurityScannerSettings * projects/{project\}/webSecurityScannerSettings */ name?: string; + /** + * Optional. When set, will only retrieve the modules that are in scope. By default, all modules will be shown. + */ + showEligibleModulesOnly?: boolean; } }