-
Notifications
You must be signed in to change notification settings - Fork 596
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: allow passing gax instance to client constructor (#506)
- [ ] Regenerate this pull request now. PiperOrigin-RevId: 470911839 Source-Link: googleapis/googleapis@3527566 Source-Link: googleapis/googleapis-gen@f16a1d2 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZjE2YTFkMjI0ZjAwYTYzMGVhNDNkNmE5YTFhMzFmNTY2ZjQ1Y2RlYSJ9 feat: accept google-gax instance as a parameter Please see the documentation of the client constructor for details. PiperOrigin-RevId: 470332808 Source-Link: googleapis/googleapis@d4a2367 Source-Link: googleapis/googleapis-gen@e97a1ac Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZTk3YTFhYzIwNGVhZDRmZTczNDFmOTFlNzJkYjdjNmFjNjAxNjM0MSJ9 feat: serviceAccountKeyName, serviceAccountDelegationInfo, and principalSubject attributes added to the existing access attribute. These new attributes provide additional context about the principals that are associated with the finding PiperOrigin-RevId: 469787268 Source-Link: googleapis/googleapis@c7a52f4 Source-Link: googleapis/googleapis-gen@4e23576 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNGUyMzU3NjVjM2YwOTY2MjE0M2JjMGEyYjA4ZjEyYmMwZmUwYzkzZiJ9 feat: Adding database access information, such as queries field to a finding. A database may be a sub-resource of an instance (as in the case of CloudSQL instances or Cloud Spanner instances), or the database instance itself PiperOrigin-RevId: 469544940 Source-Link: googleapis/googleapis@a887434 Source-Link: googleapis/googleapis-gen@ca12635 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2ExMjYzNWUxYjA2NWRlOWVmY2FhNTUxNjY5NjQ4ZmNiZGUxYTk0NCJ9
- Loading branch information
1 parent
29ba8b1
commit 92393c6
Showing
10 changed files
with
1,271 additions
and
161 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,6 +27,13 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1"; | |
| // Represents an access event. | ||
| message Access { | ||
| // Associated email, such as "[email protected]". | ||
| // | ||
| // The email address of the authenticated user (or service account on behalf | ||
| // of third party principal) making the request. For third party identity | ||
| // callers, the `principal_subject` field is populated instead of this field. | ||
| // For privacy reasons, the principal email address is sometimes redacted. | ||
| // For more information, see [Caller identities in audit | ||
| // logs](https://cloud.google.com/logging/docs/audit#user-id). | ||
| string principal_email = 1; | ||
|
|
||
| // Caller's IP address, such as "1.1.1.1". | ||
|
|
@@ -45,6 +52,45 @@ message Access { | |
|
|
||
| // The method that the service account called, e.g. "SetIamPolicy". | ||
| string method_name = 6; | ||
|
|
||
| // A string representing the principal_subject associated with the identity. | ||
| // As compared to `principal_email`, supports principals that aren't | ||
| // associated with email addresses, such as third party principals. For most | ||
| // identities, the format will be `principal://iam.googleapis.com/{identity | ||
| // pool name}/subjects/{subject}` except for some GKE identities | ||
| // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy | ||
| // format `serviceAccount:{identity pool name}[{subject}]` | ||
| string principal_subject = 7; | ||
|
|
||
| // The name of the service account key used to create or exchange | ||
| // credentials for authenticating the service account making the request. | ||
| // This is a scheme-less URI full resource name. For example: | ||
| // | ||
| // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" | ||
| // | ||
| string service_account_key_name = 8; | ||
|
|
||
| // Identity delegation history of an authenticated service account that makes | ||
| // the request. It contains information on the real authorities that try to | ||
| // access GCP resources by delegating on a service account. When multiple | ||
| // authorities are present, they are guaranteed to be sorted based on the | ||
| // original ordering of the identity delegation events. | ||
| repeated ServiceAccountDelegationInfo service_account_delegation_info = 9; | ||
| } | ||
|
|
||
| // Identity delegation history of an authenticated service account. | ||
| message ServiceAccountDelegationInfo { | ||
| // The email address of a Google account. | ||
| string principal_email = 1; | ||
|
|
||
| // A string representing the principal_subject associated with the identity. | ||
| // As compared to `principal_email`, supports principals that aren't | ||
| // associated with email addresses, such as third party principals. For most | ||
| // identities, the format will be `principal://iam.googleapis.com/{identity | ||
| // pool name}/subjects/{subject}` except for some GKE identities | ||
| // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy | ||
| // format `serviceAccount:{identity pool name}[{subject}]` | ||
| string principal_subject = 2; | ||
| } | ||
|
|
||
| // Represents a geographical location for a given access. | ||
|
|
||
52 changes: 52 additions & 0 deletions
52
packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/database.proto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| // Copyright 2022 Google LLC | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| syntax = "proto3"; | ||
|
|
||
| package google.cloud.securitycenter.v1; | ||
|
|
||
| option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; | ||
| option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; | ||
| option java_multiple_files = true; | ||
| option java_outer_classname = "DatabaseProto"; | ||
| option java_package = "com.google.cloud.securitycenter.v1"; | ||
| option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; | ||
| option ruby_package = "Google::Cloud::SecurityCenter::V1"; | ||
|
|
||
| // Represents database access information, such as queries. | ||
| // A database may be a sub-resource of an instance (as in the case of CloudSQL | ||
| // instances or Cloud Spanner instances), or the database instance itself. | ||
| // Some database resources may not have the full resource name populated | ||
| // because these resource types are not yet supported by Cloud Asset Inventory | ||
| // (e.g. CloudSQL databases). In these cases only the display name will be | ||
| // provided. | ||
| message Database { | ||
| // The full resource name of the database the user connected to, if it is | ||
| // supported by CAI. (https://google.aip.dev/122#full-resource-names) | ||
| string name = 1; | ||
|
|
||
| // The human readable name of the database the user connected to. | ||
| string display_name = 2; | ||
|
|
||
| // The username used to connect to the DB. This may not necessarily be an IAM | ||
| // principal, and has no required format. | ||
| string user_name = 3; | ||
|
|
||
| // The SQL statement associated with the relevant access. | ||
| string query = 4; | ||
|
|
||
| // The target usernames/roles/groups of a SQL privilege grant (not an IAM | ||
| // policy change). | ||
| repeated string grantees = 5; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.