1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securitycenter.v1; 18 19option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; 20option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; 21option java_multiple_files = true; 22option java_outer_classname = "AccessProto"; 23option java_package = "com.google.cloud.securitycenter.v1"; 24option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; 25option ruby_package = "Google::Cloud::SecurityCenter::V1"; 26 27// Represents an access event. 28message Access { 29 // Associated email, such as "[email protected]". 30 // 31 // The email address of the authenticated user or a service account acting on 32 // behalf of a third party principal making the request. For third party 33 // identity callers, the `principal_subject` field is populated instead of 34 // this field. For privacy reasons, the principal email address is sometimes 35 // redacted. For more information, see [Caller identities in audit 36 // logs](https://cloud.google.com/logging/docs/audit#user-id). 37 string principal_email = 1; 38 39 // Caller's IP address, such as "1.1.1.1". 40 string caller_ip = 2; 41 42 // The caller IP's geolocation, which identifies where the call came from. 43 Geolocation caller_ip_geo = 3; 44 45 // Type of user agent associated with the finding. For example, an operating 46 // system shell or an embedded or standalone application. 47 string user_agent_family = 4; 48 49 // The caller's user agent string associated with the finding. 50 string user_agent = 12; 51 52 // This is the API service that the service account made a call to, e.g. 53 // "iam.googleapis.com" 54 string service_name = 5; 55 56 // The method that the service account called, e.g. "SetIamPolicy". 57 string method_name = 6; 58 59 // A string that represents the principal_subject that is associated with the 60 // identity. Unlike `principal_email`, `principal_subject` supports principals 61 // that aren't associated with email addresses, such as third party 62 // principals. For most identities, the format is 63 // `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. 64 // Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, 65 // still use the legacy format `serviceAccount:{identity pool 66 // name}[{subject}]`. 67 string principal_subject = 7; 68 69 // The name of the service account key that was used to create or exchange 70 // credentials when authenticating the service account that made the request. 71 // This is a scheme-less URI full resource name. For example: 72 // 73 // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}". 74 // 75 string service_account_key_name = 8; 76 77 // The identity delegation history of an authenticated service account that 78 // made the request. The `serviceAccountDelegationInfo[]` object contains 79 // information about the real authorities that try to access Google Cloud 80 // resources by delegating on a service account. When multiple authorities are 81 // present, they are guaranteed to be sorted based on the original ordering of 82 // the identity delegation events. 83 repeated ServiceAccountDelegationInfo service_account_delegation_info = 9; 84 85 // A string that represents a username. The username provided depends on the 86 // type of the finding and is likely not an IAM principal. For example, this 87 // can be a system username if the finding is related to a virtual machine, or 88 // it can be an application login username. 89 string user_name = 11; 90} 91 92// Identity delegation history of an authenticated service account. 93message ServiceAccountDelegationInfo { 94 // The email address of a Google account. 95 string principal_email = 1; 96 97 // A string representing the principal_subject associated with the identity. 98 // As compared to `principal_email`, supports principals that aren't 99 // associated with email addresses, such as third party principals. For most 100 // identities, the format will be `principal://iam.googleapis.com/{identity 101 // pool name}/subjects/{subject}` except for some GKE identities 102 // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy 103 // format `serviceAccount:{identity pool name}[{subject}]` 104 string principal_subject = 2; 105} 106 107// Represents a geographical location for a given access. 108message Geolocation { 109 // A CLDR. 110 string region_code = 1; 111} 112