xref: /aosp_15_r20/external/googleapis/google/cloud/securitycenter/v1/asset.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9)

// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v1;

import "google/api/resource.proto";
import "google/cloud/securitycenter/v1/folder.proto";
import "google/cloud/securitycenter/v1/security_marks.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// Security Command Center representation of a Google Cloud
// resource.
//
// The Asset is a Security Command Center resource that captures information
// about a single Google Cloud resource. All modifications to an Asset are only
// within the context of Security Command Center and don't affect the referenced
// Google Cloud resource.
message Asset {
  option (google.api.resource) = {
    type: "securitycenter.googleapis.com/Asset"
    pattern: "organizations/{organization}/assets/{asset}"
    pattern: "folders/{folder}/assets/{asset}"
    pattern: "projects/{project}/assets/{asset}"
  };

  // Security Command Center managed properties. These properties are managed by
  // Security Command Center and cannot be modified by the user.
  message SecurityCenterProperties {
    // The full resource name of the Google Cloud resource this asset
    // represents. This field is immutable after create time. See:
    // https://cloud.google.com/apis/design/resource_names#full_resource_name
    string resource_name = 1;

    // The type of the Google Cloud resource. Examples include: APPLICATION,
    // PROJECT, and ORGANIZATION. This is a case insensitive field defined by
    // Security Command Center and/or the producer of the resource and is
    // immutable after create time.
    string resource_type = 2;

    // The full resource name of the immediate parent of the resource. See:
    // https://cloud.google.com/apis/design/resource_names#full_resource_name
    string resource_parent = 3;

    // The full resource name of the project the resource belongs to. See:
    // https://cloud.google.com/apis/design/resource_names#full_resource_name
    string resource_project = 4;

    // Owners of the Google Cloud resource.
    repeated string resource_owners = 5;

    // The user defined display name for this resource.
    string resource_display_name = 6;

    // The user defined display name for the parent of this resource.
    string resource_parent_display_name = 7;

    // The user defined display name for the project of this resource.
    string resource_project_display_name = 8;

    // Contains a Folder message for each folder in the assets ancestry.
    // The first folder is the deepest nested folder, and the last folder is the
    // folder directly under the Organization.
    repeated Folder folders = 10;
  }

  // Cloud IAM Policy information associated with the Google Cloud resource
  // described by the Security Command Center asset. This information is managed
  // and defined by the Google Cloud resource and cannot be modified by the
  // user.
  message IamPolicy {
    // The JSON representation of the Policy associated with the asset.
    // See https://cloud.google.com/iam/reference/rest/v1/Policy for format
    // details.
    string policy_blob = 1;
  }

  // The relative resource name of this asset. See:
  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
  // Example:
  // "organizations/{organization_id}/assets/{asset_id}".
  string name = 1;

  // Security Command Center managed properties. These properties are managed by
  // Security Command Center and cannot be modified by the user.
  SecurityCenterProperties security_center_properties = 2;

  // Resource managed properties. These properties are managed and defined by
  // the Google Cloud resource and cannot be modified by the user.
  map<string, google.protobuf.Value> resource_properties = 7;

  // User specified security marks. These marks are entirely managed by the user
  // and come from the SecurityMarks resource that belongs to the asset.
  SecurityMarks security_marks = 8;

  // The time at which the asset was created in Security Command Center.
  google.protobuf.Timestamp create_time = 9;

  // The time at which the asset was last updated or added in Cloud SCC.
  google.protobuf.Timestamp update_time = 10;

  // Cloud IAM Policy information associated with the Google Cloud resource
  // described by the Security Command Center asset. This information is managed
  // and defined by the Google Cloud resource and cannot be modified by the
  // user.
  IamPolicy iam_policy = 11;

  // The canonical name of the resource. It's either
  // "organizations/{organization_id}/assets/{asset_id}",
  // "folders/{folder_id}/assets/{asset_id}" or
  // "projects/{project_number}/assets/{asset_id}", depending on the closest CRM
  // ancestor of the resource.
  string canonical_name = 13;
}