Skip to content
This repository has been archived by the owner on Sep 5, 2023. It is now read-only.

Commit

Permalink
feat: Add next_steps field to finding's list of attributes (#319)
Browse files Browse the repository at this point in the history 
- [ ] Regenerate this pull request now.

feat: AuditConfig for IAM v1
fix(deps): require grpc-google-iam-v1 >=0.12.4
docs: fix type in docstring for map fields

PiperOrigin-RevId: 440383959

Source-Link: googleapis/googleapis@6a276f6

Source-Link: googleapis/googleapis-gen@f94fc64
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZjk0ZmM2NDA2MTgzNzAzM2JhYjg4YzY1MDc1ZTE4MTRlZGI2MTMzYSJ9
  • Loading branch information
@gcf-owl-bot
gcf-owl-bot[bot] committed Apr 9, 2022
1 parent 4976756 commit 35ab26e
Show file tree
Hide file tree
Showing 34 changed files with 740 additions and 396 deletions.
2 changes: 2 additions & 0 deletions google/cloud/securitycenter/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
from google.cloud.securitycenter_v1.types.external_system import ExternalSystem
from google.cloud.securitycenter_v1.types.finding import Finding
from google.cloud.securitycenter_v1.types.folder import Folder
from google.cloud.securitycenter_v1.types.iam_binding import IamBinding
from google.cloud.securitycenter_v1.types.indicator import Indicator
from google.cloud.securitycenter_v1.types.mitre_attack import MitreAttack
from google.cloud.securitycenter_v1.types.mute_config import MuteConfig
Expand Down Expand Up @@ -182,6 +183,7 @@
"ExternalSystem",
"Finding",
"Folder",
"IamBinding",
"Indicator",
"MitreAttack",
"MuteConfig",
Expand Down
2 changes: 2 additions & 0 deletions google/cloud/securitycenter_v1/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
from .types.external_system import ExternalSystem
from .types.finding import Finding
from .types.folder import Folder
from .types.iam_binding import IamBinding
from .types.indicator import Indicator
from .types.mitre_attack import MitreAttack
from .types.mute_config import MuteConfig
Expand Down Expand Up @@ -113,6 +114,7 @@
"GroupFindingsRequest",
"GroupFindingsResponse",
"GroupResult",
"IamBinding",
"Indicator",
"ListAssetsRequest",
"ListAssetsResponse",
Expand Down
89 changes: 51 additions & 38 deletions google/cloud/securitycenter_v1/services/security_center/async_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
from google.cloud.securitycenter_v1.types import external_system as gcs_external_system
from google.cloud.securitycenter_v1.types import finding
from google.cloud.securitycenter_v1.types import finding as gcs_finding
from google.cloud.securitycenter_v1.types import iam_binding
from google.cloud.securitycenter_v1.types import indicator
from google.cloud.securitycenter_v1.types import mitre_attack
from google.cloud.securitycenter_v1.types import mute_config
Expand Down Expand Up @@ -1203,21 +1204,26 @@ def sample_get_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -1232,17 +1238,17 @@ def sample_get_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -1253,11 +1259,12 @@ def sample_get_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down Expand Up @@ -2958,21 +2965,26 @@ def sample_set_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -2987,17 +2999,17 @@ def sample_set_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -3008,11 +3020,12 @@ def sample_set_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down
89 changes: 51 additions & 38 deletions google/cloud/securitycenter_v1/services/security_center/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
from google.cloud.securitycenter_v1.types import external_system as gcs_external_system
from google.cloud.securitycenter_v1.types import finding
from google.cloud.securitycenter_v1.types import finding as gcs_finding
from google.cloud.securitycenter_v1.types import iam_binding
from google.cloud.securitycenter_v1.types import indicator
from google.cloud.securitycenter_v1.types import mitre_attack
from google.cloud.securitycenter_v1.types import mute_config
Expand Down Expand Up @@ -1581,21 +1582,26 @@ def sample_get_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -1610,17 +1616,17 @@ def sample_get_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -1631,11 +1637,12 @@ def sample_get_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down Expand Up @@ -3244,21 +3251,26 @@ def sample_set_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -3273,17 +3285,17 @@ def sample_set_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -3294,11 +3306,12 @@ def sample_set_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down
Loading

0 comments on commit 35ab26e

Please sign in to comment.