Add protos as an artifact to library (#7205)

packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/asset.proto

@@ -0,0 +1,86 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+import "google/cloud/securitycenter/v1beta1/security_marks.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_multiple_files = true;
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud
+// Platform (GCP) resource.
+//
+// The Asset is a Cloud SCC resource that captures information about a single
+// GCP resource. All modifications to an Asset are only within the context of
+// Cloud SCC and don't affect the referenced GCP resource.
+message Asset {
+  // Cloud SCC managed properties. These properties are managed by Cloud SCC and
+  // cannot be modified by the user.
+  message SecurityCenterProperties {
+    // The full resource name of the GCP resource this asset
+    // represents. This field is immutable after create time. See:
+    // https://cloud.google.com/apis/design/resource_names#full_resource_name
+    string resource_name = 1;
+
+    // The type of the GCP resource. Examples include: APPLICATION,
+    // PROJECT, and ORGANIZATION. This is a case insensitive field defined by
+    // Cloud SCC and/or the producer of the resource and is immutable
+    // after create time.
+    string resource_type = 2;
+
+    // The full resource name of the immediate parent of the resource. See:
+    // https://cloud.google.com/apis/design/resource_names#full_resource_name
+    string resource_parent = 3;
+
+    // The full resource name of the project the resource belongs to. See:
+    // https://cloud.google.com/apis/design/resource_names#full_resource_name
+    string resource_project = 4;
+
+    // Owners of the Google Cloud resource.
+    repeated string resource_owners = 5;
+  }
+
+  // The relative resource name of this asset. See:
+  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+  // Example:
+  // "organizations/123/assets/456".
+  string name = 1;
+
+  // Cloud SCC managed properties. These properties are managed by
+  // Cloud SCC and cannot be modified by the user.
+  SecurityCenterProperties security_center_properties = 2;
+
+  // Resource managed properties. These properties are managed and defined by
+  // the GCP resource and cannot be modified by the user.
+  map<string, google.protobuf.Value> resource_properties = 7;
+
+  // User specified security marks. These marks are entirely managed by the user
+  // and come from the SecurityMarks resource that belongs to the asset.
+  SecurityMarks security_marks = 8;
+
+  // The time at which the asset was created in Cloud SCC.
+  google.protobuf.Timestamp create_time = 9;
+
+  // The time at which the asset was last updated, added, or deleted in Cloud
+  // SCC.
+  google.protobuf.Timestamp update_time = 10;
+}

packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/finding.proto

@@ -0,0 +1,99 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+import "google/cloud/securitycenter/v1beta1/security_marks.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_multiple_files = true;
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+// Cloud Security Command Center (Cloud SCC) finding.
+//
+// A finding is a record of assessment data (security, risk, health or privacy)
+// ingested into Cloud SCC for presentation, notification, analysis,
+// policy testing, and enforcement. For example, an XSS vulnerability in an
+// App Engine application is a finding.
+message Finding {
+  // The state of the finding.
+  enum State {
+    // Unspecified state.
+    STATE_UNSPECIFIED = 0;
+
+    // The finding requires attention and has not been addressed yet.
+    ACTIVE = 1;
+
+    // The finding has been fixed, triaged as a non-issue or otherwise addressed
+    // and is no longer active.
+    INACTIVE = 2;
+  }
+
+  // The relative resource name of this finding. See:
+  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+  // Example:
+  // "organizations/123/sources/456/findings/789"
+  string name = 1;
+
+  // The relative resource name of the source the finding belongs to. See:
+  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+  // This field is immutable after creation time.
+  // For example:
+  // "organizations/123/sources/456"
+  string parent = 2;
+
+  // The full resource name of the Google Cloud Platform (GCP) resource this
+  // finding is for. See:
+  // https://cloud.google.com/apis/design/resource_names#full_resource_name
+  // This field is immutable after creation time.
+  string resource_name = 3;
+
+  // The state of the finding.
+  State state = 4;
+
+  // The additional taxonomy group within findings from a given source.
+  // This field is immutable after creation time.
+  // Example: "XSS_FLASH_INJECTION"
+  string category = 5;
+
+  // The URI that, if available, points to a web page outside of Cloud SCC
+  // where additional information about the finding can be found. This field is
+  // guaranteed to be either empty or a well formed URL.
+  string external_uri = 6;
+
+  // Source specific properties. These properties are managed by the source
+  // that writes the finding. The key names in the source_properties map must be
+  // between 1 and 255 characters, and must start with a letter and contain
+  // alphanumeric characters or underscores only.
+  map<string, google.protobuf.Value> source_properties = 7;
+
+  // Output only. User specified security marks. These marks are entirely
+  // managed by the user and come from the SecurityMarks resource that belongs
+  // to the finding.
+  SecurityMarks security_marks = 8;
+
+  // The time at which the event took place. For example, if the finding
+  // represents an open firewall it would capture the time the open firewall was
+  // detected.
+  google.protobuf.Timestamp event_time = 9;
+
+  // The time at which the finding was created in Cloud SCC.
+  google.protobuf.Timestamp create_time = 10;
+}

packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/organization_settings.proto

@@ -0,0 +1,75 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_multiple_files = true;
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+
+// User specified settings that are attached to the Cloud Security Command
+// Center (Cloud SCC) organization.
+message OrganizationSettings {
+  // The configuration used for Asset Discovery runs.
+  message AssetDiscoveryConfig {
+    // The mode of inclusion when running Asset Discovery.
+    // Asset discovery can be limited by explicitly identifying projects to be
+    // included or excluded. If INCLUDE_ONLY is set, then only those projects
+    // within the organization and their children are discovered during asset
+    // discovery. If EXCLUDE is set, then projects that don't match those
+    // projects are discovered during asset discovery. If neither are set, then
+    // all projects within the organization are discovered during asset
+    // discovery.
+    enum InclusionMode {
+      // Unspecified. Setting the mode with this value will disable
+      // inclusion/exclusion filtering for Asset Discovery.
+      INCLUSION_MODE_UNSPECIFIED = 0;
+
+      // Asset Discovery will capture only the resources within the projects
+      // specified. All other resources will be ignored.
+      INCLUDE_ONLY = 1;
+
+      // Asset Discovery will ignore all resources under the projects specified.
+      // All other resources will be retrieved.
+      EXCLUDE = 2;
+    }
+
+    // The project ids to use for filtering asset discovery.
+    repeated string project_ids = 1;
+
+    // The mode to use for filtering asset discovery.
+    InclusionMode inclusion_mode = 2;
+  }
+
+  // The relative resource name of the settings. See:
+  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+  // Example:
+  // "organizations/123/organizationSettings".
+  string name = 1;
+
+  // A flag that indicates if Asset Discovery should be enabled. If the flag is
+  // set to `true`, then discovery of assets will occur. If it is set to `false,
+  // all historical assets will remain, but discovery of future assets will not
+  // occur.
+  bool enable_asset_discovery = 2;
+
+  // The configuration used for Asset Discovery runs.
+  AssetDiscoveryConfig asset_discovery_config = 3;
+}

packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/proto/security_marks.proto

@@ -0,0 +1,46 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1beta1;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
+option java_multiple_files = true;
+option java_package = "com.google.cloud.securitycenter.v1beta1";
+
+
+// User specified security marks that are attached to the parent Cloud Security
+// Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud
+// SCC organization -- they can be modified and viewed by all users who have
+// proper permissions on the organization.
+message SecurityMarks {
+  // The relative resource name of the SecurityMarks. See:
+  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
+  // Examples:
+  // "organizations/123/assets/456/securityMarks"
+  // "organizations/123/sources/456/findings/789/securityMarks".
+  string name = 1;
+
+  // Mutable user specified security marks belonging to the parent resource.
+  // Constraints are as follows:
+  //   - Keys and values are treated as case insensitive
+  //   - Keys must be alphanumeric and between 1 - 256 characters (inclusive)
+  //   - Values have leading and trailing whitespace trimmed, remaining
+  //     characters must be between 1 - 4096 characters (inclusive)
+  map<string, string> marks = 2;
+}