+ getServiceAccountDelegationInfoList() {
+ return serviceAccountDelegationInfo_;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public java.util.List<
+ ? extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ getServiceAccountDelegationInfoOrBuilderList() {
+ return serviceAccountDelegationInfo_;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public int getServiceAccountDelegationInfoCount() {
+ return serviceAccountDelegationInfo_.size();
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getServiceAccountDelegationInfo(int index) {
+ return serviceAccountDelegationInfo_.get(index);
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder
+ getServiceAccountDelegationInfoOrBuilder(int index) {
+ return serviceAccountDelegationInfo_.get(index);
+ }
+
private byte memoizedIsInitialized = -1;
@java.lang.Override
@@ -490,6 +758,15 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(methodName_)) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 6, methodName_);
}
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 7, principalSubject_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(serviceAccountKeyName_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 8, serviceAccountKeyName_);
+ }
+ for (int i = 0; i < serviceAccountDelegationInfo_.size(); i++) {
+ output.writeMessage(9, serviceAccountDelegationInfo_.get(i));
+ }
unknownFields.writeTo(output);
}
@@ -517,6 +794,17 @@ public int getSerializedSize() {
if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(methodName_)) {
size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, methodName_);
}
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(7, principalSubject_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(serviceAccountKeyName_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(8, serviceAccountKeyName_);
+ }
+ for (int i = 0; i < serviceAccountDelegationInfo_.size(); i++) {
+ size +=
+ com.google.protobuf.CodedOutputStream.computeMessageSize(
+ 9, serviceAccountDelegationInfo_.get(i));
+ }
size += unknownFields.getSerializedSize();
memoizedSize = size;
return size;
@@ -542,6 +830,10 @@ public boolean equals(final java.lang.Object obj) {
if (!getUserAgentFamily().equals(other.getUserAgentFamily())) return false;
if (!getServiceName().equals(other.getServiceName())) return false;
if (!getMethodName().equals(other.getMethodName())) return false;
+ if (!getPrincipalSubject().equals(other.getPrincipalSubject())) return false;
+ if (!getServiceAccountKeyName().equals(other.getServiceAccountKeyName())) return false;
+ if (!getServiceAccountDelegationInfoList().equals(other.getServiceAccountDelegationInfoList()))
+ return false;
if (!unknownFields.equals(other.unknownFields)) return false;
return true;
}
@@ -567,6 +859,14 @@ public int hashCode() {
hash = (53 * hash) + getServiceName().hashCode();
hash = (37 * hash) + METHOD_NAME_FIELD_NUMBER;
hash = (53 * hash) + getMethodName().hashCode();
+ hash = (37 * hash) + PRINCIPAL_SUBJECT_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalSubject().hashCode();
+ hash = (37 * hash) + SERVICE_ACCOUNT_KEY_NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getServiceAccountKeyName().hashCode();
+ if (getServiceAccountDelegationInfoCount() > 0) {
+ hash = (37 * hash) + SERVICE_ACCOUNT_DELEGATION_INFO_FIELD_NUMBER;
+ hash = (53 * hash) + getServiceAccountDelegationInfoList().hashCode();
+ }
hash = (29 * hash) + unknownFields.hashCode();
memoizedHashCode = hash;
return hash;
@@ -706,7 +1006,9 @@ private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
}
private void maybeForceBuilderInitialization() {
- if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+ if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+ getServiceAccountDelegationInfoFieldBuilder();
+ }
}
@java.lang.Override
@@ -728,6 +1030,16 @@ public Builder clear() {
methodName_ = "";
+ principalSubject_ = "";
+
+ serviceAccountKeyName_ = "";
+
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ serviceAccountDelegationInfo_ = java.util.Collections.emptyList();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ } else {
+ serviceAccountDelegationInfoBuilder_.clear();
+ }
return this;
}
@@ -755,6 +1067,7 @@ public com.google.cloud.securitycenter.v1.Access build() {
public com.google.cloud.securitycenter.v1.Access buildPartial() {
com.google.cloud.securitycenter.v1.Access result =
new com.google.cloud.securitycenter.v1.Access(this);
+ int from_bitField0_ = bitField0_;
result.principalEmail_ = principalEmail_;
result.callerIp_ = callerIp_;
if (callerIpGeoBuilder_ == null) {
@@ -765,6 +1078,18 @@ public com.google.cloud.securitycenter.v1.Access buildPartial() {
result.userAgentFamily_ = userAgentFamily_;
result.serviceName_ = serviceName_;
result.methodName_ = methodName_;
+ result.principalSubject_ = principalSubject_;
+ result.serviceAccountKeyName_ = serviceAccountKeyName_;
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (((bitField0_ & 0x00000001) != 0)) {
+ serviceAccountDelegationInfo_ =
+ java.util.Collections.unmodifiableList(serviceAccountDelegationInfo_);
+ bitField0_ = (bitField0_ & ~0x00000001);
+ }
+ result.serviceAccountDelegationInfo_ = serviceAccountDelegationInfo_;
+ } else {
+ result.serviceAccountDelegationInfo_ = serviceAccountDelegationInfoBuilder_.build();
+ }
onBuilt();
return result;
}
@@ -837,6 +1162,42 @@ public Builder mergeFrom(com.google.cloud.securitycenter.v1.Access other) {
methodName_ = other.methodName_;
onChanged();
}
+ if (!other.getPrincipalSubject().isEmpty()) {
+ principalSubject_ = other.principalSubject_;
+ onChanged();
+ }
+ if (!other.getServiceAccountKeyName().isEmpty()) {
+ serviceAccountKeyName_ = other.serviceAccountKeyName_;
+ onChanged();
+ }
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (!other.serviceAccountDelegationInfo_.isEmpty()) {
+ if (serviceAccountDelegationInfo_.isEmpty()) {
+ serviceAccountDelegationInfo_ = other.serviceAccountDelegationInfo_;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ } else {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.addAll(other.serviceAccountDelegationInfo_);
+ }
+ onChanged();
+ }
+ } else {
+ if (!other.serviceAccountDelegationInfo_.isEmpty()) {
+ if (serviceAccountDelegationInfoBuilder_.isEmpty()) {
+ serviceAccountDelegationInfoBuilder_.dispose();
+ serviceAccountDelegationInfoBuilder_ = null;
+ serviceAccountDelegationInfo_ = other.serviceAccountDelegationInfo_;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ serviceAccountDelegationInfoBuilder_ =
+ com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+ ? getServiceAccountDelegationInfoFieldBuilder()
+ : null;
+ } else {
+ serviceAccountDelegationInfoBuilder_.addAllMessages(
+ other.serviceAccountDelegationInfo_);
+ }
+ }
+ }
this.mergeUnknownFields(other.unknownFields);
onChanged();
return this;
@@ -866,12 +1227,20 @@ public Builder mergeFrom(
return this;
}
+ private int bitField0_;
+
private java.lang.Object principalEmail_ = "";
/**
*
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -894,6 +1263,12 @@ public java.lang.String getPrincipalEmail() {
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -916,6 +1291,12 @@ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -937,6 +1318,12 @@ public Builder setPrincipalEmail(java.lang.String value) {
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -954,6 +1341,12 @@ public Builder clearPrincipalEmail() {
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -1592,6 +1985,745 @@ public Builder setMethodNameBytes(com.google.protobuf.ByteString value) {
return this;
}
+ private java.lang.Object principalSubject_ = "";
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @return The principalSubject.
+ */
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @return The bytes for principalSubject.
+ */
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @param value The principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubject(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalSubject() {
+
+ principalSubject_ = getDefaultInstance().getPrincipalSubject();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @param value The bytes for principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubjectBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object serviceAccountKeyName_ = "";
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @return The serviceAccountKeyName.
+ */
+ public java.lang.String getServiceAccountKeyName() {
+ java.lang.Object ref = serviceAccountKeyName_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ serviceAccountKeyName_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @return The bytes for serviceAccountKeyName.
+ */
+ public com.google.protobuf.ByteString getServiceAccountKeyNameBytes() {
+ java.lang.Object ref = serviceAccountKeyName_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ serviceAccountKeyName_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @param value The serviceAccountKeyName to set.
+ * @return This builder for chaining.
+ */
+ public Builder setServiceAccountKeyName(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ serviceAccountKeyName_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearServiceAccountKeyName() {
+
+ serviceAccountKeyName_ = getDefaultInstance().getServiceAccountKeyName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @param value The bytes for serviceAccountKeyName to set.
+ * @return This builder for chaining.
+ */
+ public Builder setServiceAccountKeyNameBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ serviceAccountKeyName_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.util.List
+ serviceAccountDelegationInfo_ = java.util.Collections.emptyList();
+
+ private void ensureServiceAccountDelegationInfoIsMutable() {
+ if (!((bitField0_ & 0x00000001) != 0)) {
+ serviceAccountDelegationInfo_ =
+ new java.util.ArrayList<
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo>(
+ serviceAccountDelegationInfo_);
+ bitField0_ |= 0x00000001;
+ }
+ }
+
+ private com.google.protobuf.RepeatedFieldBuilderV3<
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ serviceAccountDelegationInfoBuilder_;
+
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public java.util.List
+ getServiceAccountDelegationInfoList() {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return java.util.Collections.unmodifiableList(serviceAccountDelegationInfo_);
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getMessageList();
+ }
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public int getServiceAccountDelegationInfoCount() {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return serviceAccountDelegationInfo_.size();
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getCount();
+ }
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getServiceAccountDelegationInfo(int index) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return serviceAccountDelegationInfo_.get(index);
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getMessage(index);
+ }
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder setServiceAccountDelegationInfo(
+ int index, com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo value) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.set(index, value);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.setMessage(index, value);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder setServiceAccountDelegationInfo(
+ int index,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder builderForValue) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.set(index, builderForValue.build());
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.setMessage(index, builderForValue.build());
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo value) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(value);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(value);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ int index, com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo value) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(index, value);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(index, value);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder builderForValue) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(builderForValue.build());
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(builderForValue.build());
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addServiceAccountDelegationInfo(
+ int index,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder builderForValue) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.add(index, builderForValue.build());
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addMessage(index, builderForValue.build());
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder addAllServiceAccountDelegationInfo(
+ java.lang.Iterable<
+ ? extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo>
+ values) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ com.google.protobuf.AbstractMessageLite.Builder.addAll(
+ values, serviceAccountDelegationInfo_);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.addAllMessages(values);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder clearServiceAccountDelegationInfo() {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ serviceAccountDelegationInfo_ = java.util.Collections.emptyList();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.clear();
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public Builder removeServiceAccountDelegationInfo(int index) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ ensureServiceAccountDelegationInfoIsMutable();
+ serviceAccountDelegationInfo_.remove(index);
+ onChanged();
+ } else {
+ serviceAccountDelegationInfoBuilder_.remove(index);
+ }
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder
+ getServiceAccountDelegationInfoBuilder(int index) {
+ return getServiceAccountDelegationInfoFieldBuilder().getBuilder(index);
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder
+ getServiceAccountDelegationInfoOrBuilder(int index) {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ return serviceAccountDelegationInfo_.get(index);
+ } else {
+ return serviceAccountDelegationInfoBuilder_.getMessageOrBuilder(index);
+ }
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public java.util.List<
+ ? extends com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ getServiceAccountDelegationInfoOrBuilderList() {
+ if (serviceAccountDelegationInfoBuilder_ != null) {
+ return serviceAccountDelegationInfoBuilder_.getMessageOrBuilderList();
+ } else {
+ return java.util.Collections.unmodifiableList(serviceAccountDelegationInfo_);
+ }
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder
+ addServiceAccountDelegationInfoBuilder() {
+ return getServiceAccountDelegationInfoFieldBuilder()
+ .addBuilder(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.getDefaultInstance());
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder
+ addServiceAccountDelegationInfoBuilder(int index) {
+ return getServiceAccountDelegationInfoFieldBuilder()
+ .addBuilder(
+ index,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.getDefaultInstance());
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ public java.util.List
+ getServiceAccountDelegationInfoBuilderList() {
+ return getServiceAccountDelegationInfoFieldBuilder().getBuilderList();
+ }
+
+ private com.google.protobuf.RepeatedFieldBuilderV3<
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>
+ getServiceAccountDelegationInfoFieldBuilder() {
+ if (serviceAccountDelegationInfoBuilder_ == null) {
+ serviceAccountDelegationInfoBuilder_ =
+ new com.google.protobuf.RepeatedFieldBuilderV3<
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder>(
+ serviceAccountDelegationInfo_,
+ ((bitField0_ & 0x00000001) != 0),
+ getParentForChildren(),
+ isClean());
+ serviceAccountDelegationInfo_ = null;
+ }
+ return serviceAccountDelegationInfoBuilder_;
+ }
+
@java.lang.Override
public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
return super.setUnknownFields(unknownFields);
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessOrBuilder.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessOrBuilder.java
index d30c7599c34a..a8a4b86d3df4 100644
--- a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessOrBuilder.java
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessOrBuilder.java
@@ -28,6 +28,12 @@ public interface AccessOrBuilder
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -40,6 +46,12 @@ public interface AccessOrBuilder
*
*
* Associated email, such as "foo@google.com".
+ * The email address of the authenticated user (or service account on behalf
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see [Caller identities in audit
+ * logs](https://cloud.google.com/logging/docs/audit#user-id).
*
*
* string principal_email = 1;
@@ -186,4 +198,157 @@ public interface AccessOrBuilder
* @return The bytes for methodName.
*/
com.google.protobuf.ByteString getMethodNameBytes();
+
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @return The principalSubject.
+ */
+ java.lang.String getPrincipalSubject();
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 7;
+ *
+ * @return The bytes for principalSubject.
+ */
+ com.google.protobuf.ByteString getPrincipalSubjectBytes();
+
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @return The serviceAccountKeyName.
+ */
+ java.lang.String getServiceAccountKeyName();
+ /**
+ *
+ *
+ *
+ * The name of the service account key used to create or exchange
+ * credentials for authenticating the service account making the request.
+ * This is a scheme-less URI full resource name. For example:
+ * "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ *
+ *
+ * string service_account_key_name = 8;
+ *
+ * @return The bytes for serviceAccountKeyName.
+ */
+ com.google.protobuf.ByteString getServiceAccountKeyNameBytes();
+
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ java.util.List
+ getServiceAccountDelegationInfoList();
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo getServiceAccountDelegationInfo(
+ int index);
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ int getServiceAccountDelegationInfoCount();
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ java.util.List
+ getServiceAccountDelegationInfoOrBuilderList();
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account that makes
+ * the request. It contains information on the real authorities that try to
+ * access GCP resources by delegating on a service account. When multiple
+ * authorities are present, they are guaranteed to be sorted based on the
+ * original ordering of the identity delegation events.
+ *
+ *
+ *
+ * repeated .google.cloud.securitycenter.v1.ServiceAccountDelegationInfo service_account_delegation_info = 9;
+ *
+ */
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder
+ getServiceAccountDelegationInfoOrBuilder(int index);
}
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java
index efcf4ec4d20f..93ae5a0fee69 100644
--- a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/AccessProto.java
@@ -31,6 +31,10 @@ public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry r
internal_static_google_cloud_securitycenter_v1_Access_descriptor;
static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
internal_static_google_cloud_securitycenter_v1_Access_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor;
+ static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable;
static final com.google.protobuf.Descriptors.Descriptor
internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor;
static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
@@ -45,19 +49,25 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
static {
java.lang.String[] descriptorData = {
"\n+google/cloud/securitycenter/v1/access."
- + "proto\022\036google.cloud.securitycenter.v1\"\276\001"
+ + "proto\022\036google.cloud.securitycenter.v1\"\342\002"
+ "\n\006Access\022\027\n\017principal_email\030\001 \001(\t\022\021\n\tcal"
+ "ler_ip\030\002 \001(\t\022B\n\rcaller_ip_geo\030\003 \001(\0132+.go"
+ "ogle.cloud.securitycenter.v1.Geolocation"
+ "\022\031\n\021user_agent_family\030\004 \001(\t\022\024\n\014service_n"
- + "ame\030\005 \001(\t\022\023\n\013method_name\030\006 \001(\t\"\"\n\013Geoloc"
- + "ation\022\023\n\013region_code\030\001 \001(\tB\347\001\n\"com.googl"
- + "e.cloud.securitycenter.v1B\013AccessProtoP\001"
- + "ZLgoogle.golang.org/genproto/googleapis/"
- + "cloud/securitycenter/v1;securitycenter\252\002"
- + "\036Google.Cloud.SecurityCenter.V1\312\002\036Google"
- + "\\Cloud\\SecurityCenter\\V1\352\002!Google::Cloud"
- + "::SecurityCenter::V1b\006proto3"
+ + "ame\030\005 \001(\t\022\023\n\013method_name\030\006 \001(\t\022\031\n\021princi"
+ + "pal_subject\030\007 \001(\t\022 \n\030service_account_key"
+ + "_name\030\010 \001(\t\022e\n\037service_account_delegatio"
+ + "n_info\030\t \003(\0132<.google.cloud.securitycent"
+ + "er.v1.ServiceAccountDelegationInfo\"R\n\034Se"
+ + "rviceAccountDelegationInfo\022\027\n\017principal_"
+ + "email\030\001 \001(\t\022\031\n\021principal_subject\030\002 \001(\t\"\""
+ + "\n\013Geolocation\022\023\n\013region_code\030\001 \001(\tB\347\001\n\"c"
+ + "om.google.cloud.securitycenter.v1B\013Acces"
+ + "sProtoP\001ZLgoogle.golang.org/genproto/goo"
+ + "gleapis/cloud/securitycenter/v1;security"
+ + "center\252\002\036Google.Cloud.SecurityCenter.V1\312"
+ + "\002\036Google\\Cloud\\SecurityCenter\\V1\352\002!Googl"
+ + "e::Cloud::SecurityCenter::V1b\006proto3"
};
descriptor =
com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -74,9 +84,20 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
"UserAgentFamily",
"ServiceName",
"MethodName",
+ "PrincipalSubject",
+ "ServiceAccountKeyName",
+ "ServiceAccountDelegationInfo",
});
- internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor =
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor =
getDescriptor().getMessageTypes().get(1);
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable =
+ new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor,
+ new java.lang.String[] {
+ "PrincipalEmail", "PrincipalSubject",
+ });
+ internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor =
+ getDescriptor().getMessageTypes().get(2);
internal_static_google_cloud_securitycenter_v1_Geolocation_fieldAccessorTable =
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_google_cloud_securitycenter_v1_Geolocation_descriptor,
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java
new file mode 100644
index 000000000000..d48c4a817512
--- /dev/null
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfo.java
@@ -0,0 +1,867 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/cloud/securitycenter/v1/access.proto
+
+package com.google.cloud.securitycenter.v1;
+
+/**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account.
+ *
+ *
+ * Protobuf type {@code google.cloud.securitycenter.v1.ServiceAccountDelegationInfo}
+ */
+public final class ServiceAccountDelegationInfo extends com.google.protobuf.GeneratedMessageV3
+ implements
+ // @@protoc_insertion_point(message_implements:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ ServiceAccountDelegationInfoOrBuilder {
+ private static final long serialVersionUID = 0L;
+ // Use ServiceAccountDelegationInfo.newBuilder() to construct.
+ private ServiceAccountDelegationInfo(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+
+ private ServiceAccountDelegationInfo() {
+ principalEmail_ = "";
+ principalSubject_ = "";
+ }
+
+ @java.lang.Override
+ @SuppressWarnings({"unused"})
+ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+ return new ServiceAccountDelegationInfo();
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+ return this.unknownFields;
+ }
+
+ private ServiceAccountDelegationInfo(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10:
+ {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ principalEmail_ = s;
+ break;
+ }
+ case 18:
+ {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ principalSubject_ = s;
+ break;
+ }
+ default:
+ {
+ if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (com.google.protobuf.UninitializedMessageException e) {
+ throw e.asInvalidProtocolBufferException().setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+ } finally {
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+
+ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+ return com.google.cloud.securitycenter.v1.AccessProto
+ .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.cloud.securitycenter.v1.AccessProto
+ .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.class,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder.class);
+ }
+
+ public static final int PRINCIPAL_EMAIL_FIELD_NUMBER = 1;
+ private volatile java.lang.Object principalEmail_;
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return The principalEmail.
+ */
+ @java.lang.Override
+ public java.lang.String getPrincipalEmail() {
+ java.lang.Object ref = principalEmail_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalEmail_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return The bytes for principalEmail.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
+ java.lang.Object ref = principalEmail_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalEmail_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int PRINCIPAL_SUBJECT_FIELD_NUMBER = 2;
+ private volatile java.lang.Object principalSubject_;
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return The principalSubject.
+ */
+ @java.lang.Override
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return The bytes for principalSubject.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ private byte memoizedIsInitialized = -1;
+
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalEmail_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, principalEmail_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, principalSubject_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalEmail_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, principalEmail_);
+ }
+ if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(principalSubject_)) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, principalSubject_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)) {
+ return super.equals(obj);
+ }
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo other =
+ (com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo) obj;
+
+ if (!getPrincipalEmail().equals(other.getPrincipalEmail())) return false;
+ if (!getPrincipalSubject().equals(other.getPrincipalSubject())) return false;
+ if (!unknownFields.equals(other.unknownFields)) return false;
+ return true;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + PRINCIPAL_EMAIL_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalEmail().hashCode();
+ hash = (37 * hash) + PRINCIPAL_SUBJECT_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalSubject().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.io.InputStream input) throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+ PARSER, input, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseDelimitedFrom(
+ java.io.InputStream input) throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseDelimitedFrom(
+ java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+ PARSER, input, extensionRegistry);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+ PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() {
+ return newBuilder();
+ }
+
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+
+ public static Builder newBuilder(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ *
+ *
+ *
+ * Identity delegation history of an authenticated service account.
+ *
+ *
+ * Protobuf type {@code google.cloud.securitycenter.v1.ServiceAccountDelegationInfo}
+ */
+ public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder
+ implements
+ // @@protoc_insertion_point(builder_implements:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfoOrBuilder {
+ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+ return com.google.cloud.securitycenter.v1.AccessProto
+ .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.cloud.securitycenter.v1.AccessProto
+ .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.class,
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.Builder.class);
+ }
+
+ // Construct using com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.newBuilder()
+ private Builder() {
+ maybeForceBuilderInitialization();
+ }
+
+ private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ super(parent);
+ maybeForceBuilderInitialization();
+ }
+
+ private void maybeForceBuilderInitialization() {
+ if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+ }
+
+ @java.lang.Override
+ public Builder clear() {
+ super.clear();
+ principalEmail_ = "";
+
+ principalSubject_ = "";
+
+ return this;
+ }
+
+ @java.lang.Override
+ public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+ return com.google.cloud.securitycenter.v1.AccessProto
+ .internal_static_google_cloud_securitycenter_v1_ServiceAccountDelegationInfo_descriptor;
+ }
+
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getDefaultInstanceForType() {
+ return com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.getDefaultInstance();
+ }
+
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo build() {
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo result = buildPartial();
+ if (!result.isInitialized()) {
+ throw newUninitializedMessageException(result);
+ }
+ return result;
+ }
+
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo buildPartial() {
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo result =
+ new com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo(this);
+ result.principalEmail_ = principalEmail_;
+ result.principalSubject_ = principalSubject_;
+ onBuilt();
+ return result;
+ }
+
+ @java.lang.Override
+ public Builder clone() {
+ return super.clone();
+ }
+
+ @java.lang.Override
+ public Builder setField(
+ com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+ return super.setField(field, value);
+ }
+
+ @java.lang.Override
+ public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+ return super.clearField(field);
+ }
+
+ @java.lang.Override
+ public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+ return super.clearOneof(oneof);
+ }
+
+ @java.lang.Override
+ public Builder setRepeatedField(
+ com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+ return super.setRepeatedField(field, index, value);
+ }
+
+ @java.lang.Override
+ public Builder addRepeatedField(
+ com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+ return super.addRepeatedField(field, value);
+ }
+
+ @java.lang.Override
+ public Builder mergeFrom(com.google.protobuf.Message other) {
+ if (other instanceof com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo) {
+ return mergeFrom((com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo) other);
+ } else {
+ super.mergeFrom(other);
+ return this;
+ }
+ }
+
+ public Builder mergeFrom(
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo other) {
+ if (other
+ == com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo.getDefaultInstance())
+ return this;
+ if (!other.getPrincipalEmail().isEmpty()) {
+ principalEmail_ = other.principalEmail_;
+ onChanged();
+ }
+ if (!other.getPrincipalSubject().isEmpty()) {
+ principalSubject_ = other.principalSubject_;
+ onChanged();
+ }
+ this.mergeUnknownFields(other.unknownFields);
+ onChanged();
+ return this;
+ }
+
+ @java.lang.Override
+ public final boolean isInitialized() {
+ return true;
+ }
+
+ @java.lang.Override
+ public Builder mergeFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo parsedMessage = null;
+ try {
+ parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ parsedMessage =
+ (com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ e.getUnfinishedMessage();
+ throw e.unwrapIOException();
+ } finally {
+ if (parsedMessage != null) {
+ mergeFrom(parsedMessage);
+ }
+ }
+ return this;
+ }
+
+ private java.lang.Object principalEmail_ = "";
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return The principalEmail.
+ */
+ public java.lang.String getPrincipalEmail() {
+ java.lang.Object ref = principalEmail_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalEmail_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return The bytes for principalEmail.
+ */
+ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
+ java.lang.Object ref = principalEmail_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalEmail_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @param value The principalEmail to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalEmail(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalEmail_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalEmail() {
+
+ principalEmail_ = getDefaultInstance().getPrincipalEmail();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @param value The bytes for principalEmail to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalEmailBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalEmail_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object principalSubject_ = "";
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return The principalSubject.
+ */
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return The bytes for principalSubject.
+ */
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @param value The principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubject(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalSubject() {
+
+ principalSubject_ = getDefaultInstance().getPrincipalSubject();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @param value The bytes for principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubjectBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+
+ @java.lang.Override
+ public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFields(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+ // @@protoc_insertion_point(builder_scope:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ private static final com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ DEFAULT_INSTANCE;
+
+ static {
+ DEFAULT_INSTANCE = new com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo();
+ }
+
+ public static com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser PARSER =
+ new com.google.protobuf.AbstractParser() {
+ @java.lang.Override
+ public ServiceAccountDelegationInfo parsePartialFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return new ServiceAccountDelegationInfo(input, extensionRegistry);
+ }
+ };
+
+ public static com.google.protobuf.Parser parser() {
+ return PARSER;
+ }
+
+ @java.lang.Override
+ public com.google.protobuf.Parser getParserForType() {
+ return PARSER;
+ }
+
+ @java.lang.Override
+ public com.google.cloud.securitycenter.v1.ServiceAccountDelegationInfo
+ getDefaultInstanceForType() {
+ return DEFAULT_INSTANCE;
+ }
+}
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfoOrBuilder.java b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfoOrBuilder.java
new file mode 100644
index 000000000000..5fffeefdb7a4
--- /dev/null
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/java/com/google/cloud/securitycenter/v1/ServiceAccountDelegationInfoOrBuilder.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/cloud/securitycenter/v1/access.proto
+
+package com.google.cloud.securitycenter.v1;
+
+public interface ServiceAccountDelegationInfoOrBuilder
+ extends
+ // @@protoc_insertion_point(interface_extends:google.cloud.securitycenter.v1.ServiceAccountDelegationInfo)
+ com.google.protobuf.MessageOrBuilder {
+
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return The principalEmail.
+ */
+ java.lang.String getPrincipalEmail();
+ /**
+ *
+ *
+ *
+ * The email address of a Google account.
+ *
+ *
+ * string principal_email = 1;
+ *
+ * @return The bytes for principalEmail.
+ */
+ com.google.protobuf.ByteString getPrincipalEmailBytes();
+
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return The principalSubject.
+ */
+ java.lang.String getPrincipalSubject();
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * As compared to `principal_email`, supports principals that aren't
+ * associated with email addresses, such as third party principals. For most
+ * identities, the format will be `principal://iam.googleapis.com/{identity
+ * pool name}/subjects/{subject}` except for some GKE identities
+ * (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ * format `serviceAccount:{identity pool name}[{subject}]`
+ *
+ *
+ * string principal_subject = 2;
+ *
+ * @return The bytes for principalSubject.
+ */
+ com.google.protobuf.ByteString getPrincipalSubjectBytes();
+}
diff --git a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto
index e1b572471f16..799b84fcccb8 100644
--- a/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto
+++ b/java-securitycenter/proto-google-cloud-securitycenter-v1/src/main/proto/google/cloud/securitycenter/v1/access.proto
@@ -27,6 +27,13 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
// Represents an access event.
message Access {
// Associated email, such as "foo@google.com".
+ //
+ // The email address of the authenticated user (or service account on behalf
+ // of third party principal) making the request. For third party identity
+ // callers, the `principal_subject` field is populated instead of this field.
+ // For privacy reasons, the principal email address is sometimes redacted.
+ // For more information, see [Caller identities in audit
+ // logs](https://cloud.google.com/logging/docs/audit#user-id).
string principal_email = 1;
// Caller's IP address, such as "1.1.1.1".
@@ -45,6 +52,45 @@ message Access {
// The method that the service account called, e.g. "SetIamPolicy".
string method_name = 6;
+
+ // A string representing the principal_subject associated with the identity.
+ // As compared to `principal_email`, supports principals that aren't
+ // associated with email addresses, such as third party principals. For most
+ // identities, the format will be `principal://iam.googleapis.com/{identity
+ // pool name}/subjects/{subject}` except for some GKE identities
+ // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ // format `serviceAccount:{identity pool name}[{subject}]`
+ string principal_subject = 7;
+
+ // The name of the service account key used to create or exchange
+ // credentials for authenticating the service account making the request.
+ // This is a scheme-less URI full resource name. For example:
+ //
+ // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+ //
+ string service_account_key_name = 8;
+
+ // Identity delegation history of an authenticated service account that makes
+ // the request. It contains information on the real authorities that try to
+ // access GCP resources by delegating on a service account. When multiple
+ // authorities are present, they are guaranteed to be sorted based on the
+ // original ordering of the identity delegation events.
+ repeated ServiceAccountDelegationInfo service_account_delegation_info = 9;
+}
+
+// Identity delegation history of an authenticated service account.
+message ServiceAccountDelegationInfo {
+ // The email address of a Google account.
+ string principal_email = 1;
+
+ // A string representing the principal_subject associated with the identity.
+ // As compared to `principal_email`, supports principals that aren't
+ // associated with email addresses, such as third party principals. For most
+ // identities, the format will be `principal://iam.googleapis.com/{identity
+ // pool name}/subjects/{subject}` except for some GKE identities
+ // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
+ // format `serviceAccount:{identity pool name}[{subject}]`
+ string principal_subject = 2;
}
// Represents a geographical location for a given access.