• Home
• com.google.api.grpc
• proto-google-cloud-securitycenter-v2
• 2.51.0
• source code
• resource_value_config.proto

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

google.cloud.securitycenter.v2.resource_value_config.proto Maven / Gradle / Ivy

// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v2;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.SecurityCenter.V2";
option go_package = "cloud.google.com/go/securitycenter/apiv2/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
option java_outer_classname = "ResourceValueConfigProto";
option java_package = "com.google.cloud.securitycenter.v2";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V2";
option ruby_package = "Google::Cloud::SecurityCenter::V2";

// A resource value config (RVC) is a mapping configuration of user's resources
// to resource values. Used in Attack path simulations.
message ResourceValueConfig {
  option (google.api.resource) = {
    type: "securitycenter.googleapis.com/ResourceValueConfig"
    pattern: "organizations/{organization}/resourceValueConfigs/{resource_value_config}"
  };

  // Resource value mapping for Sensitive Data Protection findings
  // If any of these mappings have a resource value that is not unspecified,
  // the resource_value field will be ignored when reading this configuration.
  message SensitiveDataProtectionMapping {
    // Resource value mapping for high-sensitivity Sensitive Data Protection
    // findings
    ResourceValue high_sensitivity_mapping = 1;

    // Resource value mapping for medium-sensitivity Sensitive Data Protection
    // findings
    ResourceValue medium_sensitivity_mapping = 2;
  }

  // Name for the resource value config
  string name = 1;

  // Resource value level this expression represents
  // Only required when there is no SDP mapping in the request
  ResourceValue resource_value = 2;

  // Required. Tag values combined with AND to check against.
  // Values in the form "tagValues/123"
  // E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
  // https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
  repeated string tag_values = 3 [(google.api.field_behavior) = REQUIRED];

  // Apply resource_value only to resources that match resource_type.
  // resource_type will be checked with "AND" of other resources.
  // E.g. "storage.googleapis.com/Bucket" with resource_value "HIGH" will
  // apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
  string resource_type = 4;

  // Project or folder to scope this config to.
  // For example, "project/456" would apply this config only to resources in
  // "project/456"
  // scope will be checked with "AND" of other resources.
  string scope = 5;

  // List of resource labels to search for, evaluated with AND.
  // E.g. "resource_labels_selector": {"key": "value", "env": "prod"}
  // will match resources with labels "key": "value" AND "env": "prod"
  // https://cloud.google.com/resource-manager/docs/creating-managing-labels
  map resource_labels_selector = 6;

  // Description of the resource value config.
  string description = 7;

  // Output only. Timestamp this resource value config was created.
  google.protobuf.Timestamp create_time = 8
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Timestamp this resource value config was last updated.
  google.protobuf.Timestamp update_time = 9
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // A mapping of the sensitivity on Sensitive Data Protection finding to
  // resource values. This mapping can only be used in combination with a
  // resource_type that is related to BigQuery, e.g.
  // "bigquery.googleapis.com/Dataset".
  SensitiveDataProtectionMapping sensitive_data_protection_mapping = 11;
}

// Value enum to map to a resource
enum ResourceValue {
  // Unspecific value
  RESOURCE_VALUE_UNSPECIFIED = 0;

  // High resource value
  HIGH = 1;

  // Medium resource value
  MEDIUM = 2;

  // Low resource value
  LOW = 3;

  // No resource value, e.g. ignore these resources
  NONE = 4;
}