googleapis

/** * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import { OAuth2Client, JWT, Compute, UserRefreshClient } from 'google-auth-library'; import { GoogleConfigurable, MethodOptions, GlobalOptions, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { GaxiosPromise } from 'gaxios'; export declare namespace securitycenter_v1 { interface Options extends GlobalOptions { version: 'v1'; } interface StandardParameters { /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Cloud Security Command Center API * * Cloud Security Command Center API provides access to temporal views of assets and findings within an organization. * * @example * const {google} = require('googleapis'); * const securitycenter = google.securitycenter('v1'); * * @namespace securitycenter * @type {Function} * @version v1 * @variation v1 * @param {object=} options Options for Securitycenter */ class Securitycenter { context: APIRequestContext; organizations: Resource$Organizations; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud Platform (GCP) resource. The Asset is a Cloud SCC resource that captures information about a single GCP resource. All modifications to an Asset are only within the context of Cloud SCC and don't affect the referenced GCP resource. */ interface Schema$Asset { /** * The time at which the asset was created in Cloud SCC. */ createTime?: string; /** * IAM Policy information associated with the GCP resource described by the Cloud SCC asset. This information is managed and defined by the GCP resource and cannot be modified by the user. */ iamPolicy?: Schema$IamPolicy; /** * The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/assets/456". */ name?: string; /** * Resource managed properties. These properties are managed and defined by the GCP resource and cannot be modified by the user. */ resourceProperties?: { [key: string]: any; }; /** * Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user. */ securityCenterProperties?: Schema$SecurityCenterProperties; /** * User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset. */ securityMarks?: Schema$SecurityMarks; /** * The time at which the asset was last updated, added, or deleted in Cloud SCC. */ updateTime?: string; } /** * The configuration used for Asset Discovery runs. */ interface Schema$AssetDiscoveryConfig { /** * The mode to use for filtering asset discovery. */ inclusionMode?: string; /** * The project ids to use for filtering asset discovery. */ projectIds?: string[]; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices" "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE", }, { "log_type": "ADMIN_READ", } ] }, { "service": "sampleservice.googleapis.com" "audit_log_configs": [ { "log_type": "DATA_READ", }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. */ interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE", } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[]; /** * Specifies whether principals can be exempted for the same LogType in lower-level resource policies. If true, any lower-level exemptions will be ignored. */ ignoreChildExemptions?: boolean; /** * The log type that this config enables. */ logType?: string; } /** * Associates `members` with a `role`. */ interface Schema$Binding { /** * The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently. */ condition?: Schema$Expr; /** * Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. */ members?: string[]; /** * Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. */ role?: string; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`. */ interface Schema$Empty { } /** * Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" */ interface Schema$Expr { /** * An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. */ description?: string; /** * Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. */ expression?: string; /** * An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file. */ location?: string; /** * An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string; } /** * Cloud Security Command Center (Cloud SCC) finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Cloud SCC for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding. */ interface Schema$Finding { /** * The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION" */ category?: string; /** * The time at which the finding was created in Cloud SCC. */ createTime?: string; /** * The time at which the event took place. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. */ eventTime?: string; /** * The URI that, if available, points to a web page outside of Cloud SCC where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. */ externalUri?: string; /** * The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/findings/789" */ name?: string; /** * The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/123/sources/456" */ parent?: string; /** * The full resource name of the Google Cloud Platform (GCP) resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name This field is immutable after creation time. */ resourceName?: string; /** * Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. */ securityMarks?: Schema$SecurityMarks; /** * Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. */ sourceProperties?: { [key: string]: any; }; /** * The state of the finding. */ state?: string; } /** * Request message for `GetIamPolicy` method. */ interface Schema$GetIamPolicyRequest { /** * OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`. This field is only used by Cloud IAM. */ options?: Schema$GetPolicyOptions; } /** * Encapsulates settings provided to GetIamPolicy. */ interface Schema$GetPolicyOptions { /** * Optional. The policy format version to be returned. Acceptable values are 0 and 1. If the value is 0, or the field is omitted, policy format version 1 will be returned. */ requestedPolicyVersion?: number; } /** * Response of asset discovery run */ interface Schema$GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse { /** * The duration between asset discovery run start and end */ duration?: string; /** * The state of an asset discovery run. */ state?: string; } /** * Response of asset discovery run */ interface Schema$GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse { /** * The duration between asset discovery run start and end */ duration?: string; /** * The state of an asset discovery run. */ state?: string; } /** * Request message for grouping by assets. */ interface Schema$GroupAssetsRequest { /** * When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. If this field is set then `state_change` must be a specified field in `group_by`. */ compareDuration?: string; /** * Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form `<field> <operator> <value>` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * update_time: `>`, `<`, `>=`, `<=`, `=` * create_time: `>`, `<`, `>=`, `<=`, `=` * iam_policy.policy_blob: `=`, `:` * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` * security_marks: `=`, `:` * security_center_properties.resource_name: `=`, `:` * security_center_properties.resource_type: `=`, `:` * security_center_properties.resource_parent: `=`, `:` * security_center_properties.resource_project: `=`, `:` * security_center_properties.resource_owners: `=`, `:` For example, `resource_properties.size = 100` is a valid filter string. */ filter?: string; /** * Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project". The following fields are supported when compare_duration is not set: * security_center_properties.resource_project * security_center_properties.resource_type * security_center_properties.resource_parent The following fields are supported when compare_duration is set: * security_center_properties.resource_type */ groupBy?: string; /** * The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. */ pageSize?: number; /** * The value returned by the last `GroupAssetsResponse`; indicates that this is a continuation of a prior `GroupAssets` call, and that the system should return the next page of data. */ pageToken?: string; /** * Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. */ readTime?: string; } /** * Response message for grouping by assets. */ interface Schema$GroupAssetsResponse { /** * Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. */ groupByResults?: Schema$GroupResult[]; /** * Token to retrieve the next page of results, or empty if there are no more results. */ nextPageToken?: string; /** * Time used for executing the groupBy request. */ readTime?: string; /** * The total number of results matching the query. */ totalSize?: number; } /** * Request message for grouping by findings. */ interface Schema$GroupFindingsRequest { /** * When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding was not present at the start of compare_duration, but was present at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. If this field is set then `state_change` must be a specified field in `group_by`. */ compareDuration?: string; /** * Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form `<field> <operator> <value>` and may have a `-` character in front of them to indicate negation. Examples include: * name * source_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `>`, `<`, `>=`, `<=` * security_marks: `=`, `:` * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` For example, `source_properties.size = 100` is a valid filter string. */ filter?: string; /** * Expression that defines what assets fields to use for grouping (including `state_change`). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name". The following fields are supported: * resource_name * category * state * parent The following fields are supported when compare_duration is set: * state_change */ groupBy?: string; /** * The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. */ pageSize?: number; /** * The value returned by the last `GroupFindingsResponse`; indicates that this is a continuation of a prior `GroupFindings` call, and that the system should return the next page of data. */ pageToken?: string; /** * Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. */ readTime?: string; } /** * Response message for group by findings. */ interface Schema$GroupFindingsResponse { /** * Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. */ groupByResults?: Schema$GroupResult[]; /** * Token to retrieve the next page of results, or empty if there are no more results. */ nextPageToken?: string; /** * Time used for executing the groupBy request. */ readTime?: string; /** * The total number of results matching the query. */ totalSize?: number; } /** * Result containing the properties and count of a groupBy request. */ interface Schema$GroupResult { /** * Total count of resources for the given properties. */ count?: string; /** * Properties matching the groupBy fields in the request. */ properties?: { [key: string]: any; }; } /** * IAM Policy information associated with the GCP resource described by the Cloud SCC asset. This information is managed and defined by the GCP resource and cannot be modified by the user. */ interface Schema$IamPolicy { /** * The JSON representation of the Policy associated with the asset. See https://cloud.google.com/iam/reference/rest/v1/Policy for format details. */ policyBlob?: string; } /** * Response message for listing assets. */ interface Schema$ListAssetsResponse { /** * Assets matching the list request. */ listAssetsResults?: Schema$ListAssetsResult[]; /** * Token to retrieve the next page of results, or empty if there are no more results. */ nextPageToken?: string; /** * Time used for executing the list request. */ readTime?: string; /** * The total number of assets matching the query. */ totalSize?: number; } /** * Result containing the Asset and its State. */ interface Schema$ListAssetsResult { /** * Asset matching the search request. */ asset?: Schema$Asset; /** * State change of the asset between the points in time. */ stateChange?: string; } /** * Response message for listing findings. */ interface Schema$ListFindingsResponse { /** * Findings matching the list request. */ listFindingsResults?: Schema$ListFindingsResult[]; /** * Token to retrieve the next page of results, or empty if there are no more results. */ nextPageToken?: string; /** * Time used for executing the list request. */ readTime?: string; /** * The total number of findings matching the query. */ totalSize?: number; } /** * Result containing the Finding and its StateChange. */ interface Schema$ListFindingsResult { /** * Finding matching the search request. */ finding?: Schema$Finding; /** * State change of the finding between the points in time. */ stateChange?: string; } /** * The response message for Operations.ListOperations. */ interface Schema$ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string; /** * A list of operations that matches the specified filter in the request. */ operations?: Schema$Operation[]; } /** * Response message for listing sources. */ interface Schema$ListSourcesResponse { /** * Token to retrieve the next page of results, or empty if there are no more results. */ nextPageToken?: string; /** * Sources belonging to the requested parent. */ sources?: Schema$Source[]; } /** * This resource represents a long-running operation that is the result of a network API call. */ interface Schema$Operation { /** * If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Schema$Status; /** * Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any; }; /** * The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any; }; } /** * User specified settings that are attached to the Cloud Security Command Center (Cloud SCC) organization. */ interface Schema$OrganizationSettings { /** * The configuration used for Asset Discovery runs. */ assetDiscoveryConfig?: Schema$AssetDiscoveryConfig; /** * A flag that indicates if Asset Discovery should be enabled. If the flag is set to `true`, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur. */ enableAssetDiscovery?: boolean; /** * The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/organizationSettings". */ name?: string; } /** * Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **JSON Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } **YAML Example** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner - members: - user:sean@example.com role: roles/viewer For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam/docs). */ interface Schema$Policy { /** * Specifies cloud audit logging configuration for this policy. */ auditConfigs?: Schema$AuditConfig[]; /** * Associates a list of `members` to a `role`. `bindings` with no members will result in an error. */ bindings?: Schema$Binding[]; /** * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten. */ etag?: string; /** * Deprecated. */ version?: number; } /** * Request message for running asset discovery for an organization. */ interface Schema$RunAssetDiscoveryRequest { } /** * Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user. */ interface Schema$SecurityCenterProperties { /** * The full resource name of the GCP resource this asset represents. This field is immutable after create time. See: https://cloud.google.com/apis/design/resource_names#full_resource_name */ resourceName?: string; /** * Owners of the Google Cloud resource. */ resourceOwners?: string[]; /** * The full resource name of the immediate parent of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name */ resourceParent?: string; /** * The full resource name of the project the resource belongs to. See: https://cloud.google.com/apis/design/resource_names#full_resource_name */ resourceProject?: string; /** * The type of the GCP resource. Examples include: APPLICATION, PROJECT, and ORGANIZATION. This is a case insensitive field defined by Cloud SCC and/or the producer of the resource and is immutable after create time. */ resourceType?: string; } /** * User specified security marks that are attached to the parent Cloud Security Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud SCC organization -- they can be modified and viewed by all users who have proper permissions on the organization. */ interface Schema$SecurityMarks { /** * Mutable user specified security marks belonging to the parent resource. Constraints are as follows: - Keys and values are treated as case insensitive - Keys must be between 1 - 256 characters (inclusive) - Keys must be letters, numbers, underscores, or dashes - Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive) */ marks?: { [key: string]: string; }; /** * The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/123/assets/456/securityMarks" "organizations/123/sources/456/findings/789/securityMarks". */ name?: string; } /** * Request message for updating a finding's state. */ interface Schema$SetFindingStateRequest { /** * The time at which the updated state takes effect. */ startTime?: string; /** * The desired State of the finding. */ state?: string; } /** * Request message for `SetIamPolicy` method. */ interface Schema$SetIamPolicyRequest { /** * REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. */ policy?: Schema$Policy; /** * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag" This field is only used by Cloud IAM. */ updateMask?: string; } /** * Cloud Security Command Center's (Cloud SCC) finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc. */ interface Schema$Source { /** * The description of the source (max of 1024 characters). Example: "Cloud Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries." */ description?: string; /** * The source's display name. A source's display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must have a length between 1 and 64 characters (inclusive). */ displayName?: string; /** * The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456" */ name?: string; } /** * The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). */ interface Schema$Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of message types for APIs to use. */ details?: Array<{ [key: string]: any; }>; /** * A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * Request message for `TestIamPermissions` method. */ interface Schema$TestIamPermissionsRequest { /** * The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). */ permissions?: string[]; } /** * Response message for `TestIamPermissions` method. */ interface Schema$TestIamPermissionsResponse { /** * A subset of `TestPermissionsRequest.permissions` that the caller is allowed. */ permissions?: string[]; } class Resource$Organizations { context: APIRequestContext; assets: Resource$Organizations$Assets; operations: Resource$Organizations$Operations; sources: Resource$Organizations$Sources; constructor(context: APIRequestContext); /** * securitycenter.organizations.getOrganizationSettings * @desc Gets the settings for an organization. * @example * * // BEFORE RUNNING: * // --------------- * // 1. If not already done, enable the Cloud Security Command Center API * // and check the quota for your project at * // https://console.developers.google.com/apis/api/securitycenter * // 2. This sample uses Application Default Credentials for authentication. * // If not already done, install the gcloud CLI from * // https://cloud.google.com/sdk and run * // `gcloud beta auth application-default login`. * // For more information, see * // https://developers.google.com/identity/protocols/application-default-credentials * // 3. Install the Node.js client library by running * // `npm install googleapis --save` * * const {google} = require('googleapis'); * var securityCommandCenter = google.securitycommandcenter('v1'); * * authorize(function(authClient) { * var request = { * // Name of the organization to get organization settings for. Its format is * // "organizations/[organization_id]/organizationSettings". * name: 'organizations/my-organization/organizationSettings', // TODO: Update placeholder value. * * auth: authClient, * }; * * securityCommandCenter.organizations.getOrganizationSettings(request, function(err, response) { * if (err) { * console.error(err); * return; * } * * // TODO: Change code below to process the `response` object: * console.log(JSON.stringify(response, null, 2)); * }); * }); * * function authorize(callback) { * google.auth.getClient({ * scopes: ['https://www.googleapis.com/auth/cloud-platform'] * }).then(client => { * callback(client); * }).catch(err => { * console.error('authentication failed: ', err); * }); * } * @alias securitycenter.organizations.getOrganizationSettings * @memberOf! () * * @param {object} params Parameters for request * @param {string} params.name Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". * @param {object} [options] Optionally override request options, such as `url`, `method`, and `encoding`. * @param {callback} callback The callback that handles the response. * @return {object} Request object */ getOrganizationSettings(params?: Params$Resource$Organizations$Getorganizationsettings, options?: MethodOptions): GaxiosPromise<Schema$OrganizationSettings>; getOrganizationSettings(params: Params$Resource$Organizations$Getorganizationsettings, options: MethodOptions | BodyResponseCallback<Schema$OrganizationSettings>, callback: BodyResponseCallback<Schema$OrganizationSettings>): void; getOrganizationSettings(params: Params$Resource$Organizations$Getorganizationsettings, callback: BodyResponseCallback<Schema$OrganizationSettings>): void; getOrganizationSettings(callback: BodyResponseCallback<Schema$OrganizationSettings>): void; /** * securitycenter.organizations.updateOrganizationSettings * @desc Updates an organization's settings. * @example * * // BEFORE RUNNING: * // --------------- * // 1. If not already done, enable the Cloud Security Command Center API * // and check the quota for your project at * // https://console.developers.google.com/apis/api/securitycenter * // 2. This sample uses Application Default Credentials for authentication. * // If not already done, install the gcloud CLI from * // https://cloud.google.com/sdk and run * // `gcloud beta auth application-default login`. * // For more information, see * // https://developers.google.com/identity/protocols/application-default-credentials * // 3. Install the Node.js client library by running * // `npm install googleapis --save` * * const {google} = require('googleapis'); * var securityCommandCenter = google.securitycommandcenter('v1'); * * authorize(function(authClient) { * var request = { * // The relative resource name of the settings. See: * // https://cloud.google.com/apis/design/resource_names#relative_resource_name * // Example: * // "organizations/123/organizationSettings". * name: 'organizations/my-organization/organizationSettings', // TODO: Update placeholder value. * * resource: { * // TODO: Add desired properties to the request body. Only these properties * // will be changed. * }, * * auth: authClient, * }; * * securityCommandCenter.organizations.updateOrganizationSettings(request, function(err, response) { * if (err) { * console.error(err); * return; * } * * // TODO: Change code below to process the `response` object: * console.log(JSON.stringify(response, null, 2)); * }); * }); * * function authorize(callback) { * google.auth.getClient({ * scopes: ['https://www.googleapis.com/auth/cloud-platform'] * }).then(client => { * callback(client); * }).catch(err => { * console.error('authentication failed: ', err); * }); * } * @alias securitycenter.organizations.updateOrganizationSettings * @memberOf! () * * @param {object} params Parameters for request * @param {string} params.name The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/organizationSettings". * @param {string=} params.updateMask The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated. * @param {().OrganizationSettings} params.resource Request body data * @param {object} [options] Optionally override request options, such as `url`, `method`, and `encoding`. * @param {callback} callback The callback that handles the response. * @return {object} Request object */ updateOrganizationSettings(params?: Params$Resource$Organizations$Updateorganizationsettings, options?: MethodOptions): GaxiosPromise<Schema$OrganizationSettings>; updateOrganizationSettings(params: Params$Resource$Organizations$Updateorganizationsettings, options: MethodOptions | BodyResponseCallback<Schema$OrganizationSettings>, callback: BodyResponseCallback<Schema$OrganizationSettings>): void; updateOrganizationSettings(params: Params$Resource$Organizations$Updateorganizationsettings, callback: BodyResponseCallback<Schema$OrganizationSettings>): void; updateOrganizationSettings(callback: BodyResponseCallback<Schema$OrganizationSettings>): void; } interface Params$Resource$Organizations$Getorganizationsettings extends StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient; /** * Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". */ name?: string; } interface Params$Resource$Organizations$Updateorganizationsettings extends StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient; /** * The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/organizationSettings". */ name?: string; /** * The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated. */ updateMask?: string; /** * Request body metadata */ requestBody?: Schema$OrganizationSettings; } class Resource$Organizations$Assets { context: APIRequestContext; constructor(context: APIRequestContext); /** * securi