googleapis · gcf-merge-on-green · Mar 12, 2024 · Mar 12, 2024
@@ -20,7 +20,7 @@ defmodule GoogleApi.SecurityCenter.V1 do
   API client metadata for GoogleApi.SecurityCenter.V1.
   """
 
-  @discovery_revision "20221117"
+  @discovery_revision "20240302"
 
   def discovery_revision(), do: @discovery_revision
 end
@@ -24,13 +24,14 @@ defmodule GoogleApi.SecurityCenter.V1.Model.Access do
   *   `callerIp` (*type:* `String.t`, *default:* `nil`) - Caller's IP address, such as "1.1.1.1".
   *   `callerIpGeo` (*type:* `GoogleApi.SecurityCenter.V1.Model.Geolocation.t`, *default:* `nil`) - The caller IP's geolocation, which identifies where the call came from.
   *   `methodName` (*type:* `String.t`, *default:* `nil`) - The method that the service account called, e.g. "SetIamPolicy".
-  *   `principalEmail` (*type:* `String.t`, *default:* `nil`) - Associated email, such as "[email protected]". The email address of the authenticated user (or service account on behalf of third party principal) making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id).
-  *   `principalSubject` (*type:* `String.t`, *default:* `nil`) - A string representing the principal_subject associated with the identity. As compared to `principal_email`, supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format will be `principal://iam.googleapis.com/{identity pool name}/subjects/{subject}` except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:{identity pool name}[{subject}]`
-  *   `serviceAccountDelegationInfo` (*type:* `list(GoogleApi.SecurityCenter.V1.Model.ServiceAccountDelegationInfo.t)`, *default:* `nil`) - Identity delegation history of an authenticated service account that makes the request. It contains information on the real authorities that try to access GCP resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.
-  *   `serviceAccountKeyName` (*type:* `String.t`, *default:* `nil`) - The name of the service account key used to create or exchange credentials for authenticating the service account making the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" 
+  *   `principalEmail` (*type:* `String.t`, *default:* `nil`) - Associated email, such as "[email protected]". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id).
+  *   `principalSubject` (*type:* `String.t`, *default:* `nil`) - A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name}[{subject}]`.
+  *   `serviceAccountDelegationInfo` (*type:* `list(GoogleApi.SecurityCenter.V1.Model.ServiceAccountDelegationInfo.t)`, *default:* `nil`) - The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.
+  *   `serviceAccountKeyName` (*type:* `String.t`, *default:* `nil`) - The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}". 
   *   `serviceName` (*type:* `String.t`, *default:* `nil`) - This is the API service that the service account made a call to, e.g. "iam.googleapis.com"
-  *   `userAgentFamily` (*type:* `String.t`, *default:* `nil`) - What kind of user agent is associated, e.g. operating system shells, embedded or stand-alone applications, etc.
-  *   `userName` (*type:* `String.t`, *default:* `nil`) - A string representing a username. This is likely not an IAM principal. For instance, this may be the system user name if the finding is VM-related, or this may be some type of application login user name, depending on the type of finding.
+  *   `userAgent` (*type:* `String.t`, *default:* `nil`) - The caller's user agent string associated with the finding.
+  *   `userAgentFamily` (*type:* `String.t`, *default:* `nil`) - Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
+  *   `userName` (*type:* `String.t`, *default:* `nil`) - A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
   """
 
   use GoogleApi.Gax.ModelBase
@@ -45,6 +46,7 @@ defmodule GoogleApi.SecurityCenter.V1.Model.Access do
             list(GoogleApi.SecurityCenter.V1.Model.ServiceAccountDelegationInfo.t()) | nil,
           :serviceAccountKeyName => String.t() | nil,
           :serviceName => String.t() | nil,
+          :userAgent => String.t() | nil,
           :userAgentFamily => String.t() | nil,
           :userName => String.t() | nil
         }
@@ -62,6 +64,7 @@ defmodule GoogleApi.SecurityCenter.V1.Model.Access do
 
   field(:serviceAccountKeyName)
   field(:serviceName)
+  field(:userAgent)
   field(:userAgentFamily)
   field(:userName)
 end

@@ -17,17 +17,17 @@
 
 defmodule GoogleApi.SecurityCenter.V1.Model.AccessReview do
   @moduledoc """
-  Conveys information about a Kubernetes access review (e.g. kubectl auth can-i ...) that was involved in a finding.
+  Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding.
 
   ## Attributes
 
-  *   `group` (*type:* `String.t`, *default:* `nil`) - Group is the API Group of the Resource. "*" means all.
-  *   `name` (*type:* `String.t`, *default:* `nil`) - Name is the name of the resource being requested. Empty means all.
+  *   `group` (*type:* `String.t`, *default:* `nil`) - The API group of the resource. "*" means all.
+  *   `name` (*type:* `String.t`, *default:* `nil`) - The name of the resource being requested. Empty means all.
   *   `ns` (*type:* `String.t`, *default:* `nil`) - Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by "" (empty).
-  *   `resource` (*type:* `String.t`, *default:* `nil`) - Resource is the optional resource type requested. "*" means all.
-  *   `subresource` (*type:* `String.t`, *default:* `nil`) - Subresource is the optional subresource type.
-  *   `verb` (*type:* `String.t`, *default:* `nil`) - Verb is a Kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
-  *   `version` (*type:* `String.t`, *default:* `nil`) - Version is the API Version of the Resource. "*" means all.
+  *   `resource` (*type:* `String.t`, *default:* `nil`) - The optional resource type requested. "*" means all.
+  *   `subresource` (*type:* `String.t`, *default:* `nil`) - The optional subresource type.
+  *   `verb` (*type:* `String.t`, *default:* `nil`) - A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. "*" means all.
+  *   `version` (*type:* `String.t`, *default:* `nil`) - The API version of the resource. "*" means all.
   """
 
   use GoogleApi.Gax.ModelBase

@@ -0,0 +1,49 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.SecurityCenter.V1.Model.Application do
+  @moduledoc """
+  Represents an application associated with a finding.
+
+  ## Attributes
+
+  *   `baseUri` (*type:* `String.t`, *default:* `nil`) - The base URI that identifies the network location of the application in which the vulnerability was detected. For example, `http://example.com`.
+  *   `fullUri` (*type:* `String.t`, *default:* `nil`) - The full URI with payload that can be used to reproduce the vulnerability. For example, `http://example.com?p=aMmYgI6H`.
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :baseUri => String.t() | nil,
+          :fullUri => String.t() | nil
+        }
+
+  field(:baseUri)
+  field(:fullUri)
+end
+
+defimpl Poison.Decoder, for: GoogleApi.SecurityCenter.V1.Model.Application do
+  def decode(value, options) do
+    GoogleApi.SecurityCenter.V1.Model.Application.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.SecurityCenter.V1.Model.Application do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end
@@ -0,0 +1,64 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.SecurityCenter.V1.Model.AttackExposure do
+  @moduledoc """
+  An attack exposure contains the results of an attack path simulation run.
+
+  ## Attributes
+
+  *   `attackExposureResult` (*type:* `String.t`, *default:* `nil`) - The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/simulations/456/attackExposureResults/789
+  *   `exposedHighValueResourcesCount` (*type:* `integer()`, *default:* `nil`) - The number of high value resources that are exposed as a result of this finding.
+  *   `exposedLowValueResourcesCount` (*type:* `integer()`, *default:* `nil`) - The number of high value resources that are exposed as a result of this finding.
+  *   `exposedMediumValueResourcesCount` (*type:* `integer()`, *default:* `nil`) - The number of medium value resources that are exposed as a result of this finding.
+  *   `latestCalculationTime` (*type:* `DateTime.t`, *default:* `nil`) - The most recent time the attack exposure was updated on this finding.
+  *   `score` (*type:* `float()`, *default:* `nil`) - A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate.
+  *   `state` (*type:* `String.t`, *default:* `nil`) - What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not.
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :attackExposureResult => String.t() | nil,
+          :exposedHighValueResourcesCount => integer() | nil,
+          :exposedLowValueResourcesCount => integer() | nil,
+          :exposedMediumValueResourcesCount => integer() | nil,
+          :latestCalculationTime => DateTime.t() | nil,
+          :score => float() | nil,
+          :state => String.t() | nil
+        }
+
+  field(:attackExposureResult)
+  field(:exposedHighValueResourcesCount)
+  field(:exposedLowValueResourcesCount)
+  field(:exposedMediumValueResourcesCount)
+  field(:latestCalculationTime, as: DateTime)
+  field(:score)
+  field(:state)
+end
+
+defimpl Poison.Decoder, for: GoogleApi.SecurityCenter.V1.Model.AttackExposure do
+  def decode(value, options) do
+    GoogleApi.SecurityCenter.V1.Model.AttackExposure.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.SecurityCenter.V1.Model.AttackExposure do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end
@@ -0,0 +1,52 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.SecurityCenter.V1.Model.AttackPath do
+  @moduledoc """
+  A path that an attacker could take to reach an exposed resource.
+
+  ## Attributes
+
+  *   `edges` (*type:* `list(GoogleApi.SecurityCenter.V1.Model.AttackPathEdge.t)`, *default:* `nil`) - A list of the edges between nodes in this attack path.
+  *   `name` (*type:* `String.t`, *default:* `nil`) - The attack path name, for example, `organizations/12/simulation/34/valuedResources/56/attackPaths/78`
+  *   `pathNodes` (*type:* `list(GoogleApi.SecurityCenter.V1.Model.AttackPathNode.t)`, *default:* `nil`) - A list of nodes that exist in this attack path.
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :edges => list(GoogleApi.SecurityCenter.V1.Model.AttackPathEdge.t()) | nil,
+          :name => String.t() | nil,
+          :pathNodes => list(GoogleApi.SecurityCenter.V1.Model.AttackPathNode.t()) | nil
+        }
+
+  field(:edges, as: GoogleApi.SecurityCenter.V1.Model.AttackPathEdge, type: :list)
+  field(:name)
+  field(:pathNodes, as: GoogleApi.SecurityCenter.V1.Model.AttackPathNode, type: :list)
+end
+
+defimpl Poison.Decoder, for: GoogleApi.SecurityCenter.V1.Model.AttackPath do
+  def decode(value, options) do
+    GoogleApi.SecurityCenter.V1.Model.AttackPath.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.SecurityCenter.V1.Model.AttackPath do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end
@@ -15,14 +15,14 @@
 # NOTE: This file is auto generated by the elixir code generator program.
 # Do not edit this file manually.
 
-defmodule GoogleApi.SecurityCenter.V1.Model.Edge do
+defmodule GoogleApi.SecurityCenter.V1.Model.AttackPathEdge do
   @moduledoc """
-  Represents a connection between a source node and a destination node in this exposure path.
+  Represents a connection between a source node and a destination node in this attack path.
 
   ## Attributes
 
-  *   `destination` (*type:* `String.t`, *default:* `nil`) - This is the resource name of the destination node.
-  *   `source` (*type:* `String.t`, *default:* `nil`) - This is the resource name of the source node.
+  *   `destination` (*type:* `String.t`, *default:* `nil`) - The attack node uuid of the destination node.
+  *   `source` (*type:* `String.t`, *default:* `nil`) - The attack node uuid of the source node.
   """
 
   use GoogleApi.Gax.ModelBase
@@ -36,13 +36,13 @@ defmodule GoogleApi.SecurityCenter.V1.Model.Edge do
   field(:source)
 end
 
-defimpl Poison.Decoder, for: GoogleApi.SecurityCenter.V1.Model.Edge do
+defimpl Poison.Decoder, for: GoogleApi.SecurityCenter.V1.Model.AttackPathEdge do
   def decode(value, options) do
-    GoogleApi.SecurityCenter.V1.Model.Edge.decode(value, options)
+    GoogleApi.SecurityCenter.V1.Model.AttackPathEdge.decode(value, options)
   end
 end
 
-defimpl Poison.Encoder, for: GoogleApi.SecurityCenter.V1.Model.Edge do
+defimpl Poison.Encoder, for: GoogleApi.SecurityCenter.V1.Model.AttackPathEdge do
   def encode(value, options) do
     GoogleApi.Gax.ModelBase.encode(value, options)
   end