1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securityposture.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/cloud/securityposture/v1/org_policy_constraints.proto"; 24import "google/cloud/securityposture/v1/sha_constraints.proto"; 25import "google/longrunning/operations.proto"; 26import "google/protobuf/field_mask.proto"; 27import "google/protobuf/timestamp.proto"; 28 29option csharp_namespace = "Google.Cloud.Securityposture.V1"; 30option go_package = "cloud.google.com/go/securityposture/apiv1/securityposturepb;securityposturepb"; 31option java_multiple_files = true; 32option java_outer_classname = "V1mainProto"; 33option java_package = "com.google.cloud.securityposture.v1"; 34option php_namespace = "Google\\Cloud\\Securityposture\\V1"; 35option ruby_package = "Google::Cloud::Securityposture::V1"; 36option (google.api.resource_definition) = { 37 type: "securitposture.googleapis.com/Organization" 38 pattern: "organizations/{organization}/locations/{location}" 39}; 40 41// Service describing handlers for resources. 42service SecurityPosture { 43 option (google.api.default_host) = "securityposture.googleapis.com"; 44 option (google.api.oauth_scopes) = 45 "https://www.googleapis.com/auth/cloud-platform"; 46 47 // (-- This option restricts the visibility of the API to only projects that 48 // will 49 // (-- be labeled as `PREVIEW` or `GOOGLE_INTERNAL` by the service. 50 // (-- option (google.api.api_visibility).restriction = 51 // "PREVIEW,GOOGLE_INTERNAL"; Postures Lists Postures in a given organization 52 // and location. In case a posture has multiple revisions, the latest revision 53 // as per UpdateTime will be returned. 54 rpc ListPostures(ListPosturesRequest) returns (ListPosturesResponse) { 55 option (google.api.http) = { 56 get: "/v1/{parent=organizations/*/locations/*}/postures" 57 }; 58 option (google.api.method_signature) = "parent"; 59 } 60 61 // Lists revisions of a Posture in a given organization and location. 62 rpc ListPostureRevisions(ListPostureRevisionsRequest) 63 returns (ListPostureRevisionsResponse) { 64 option (google.api.http) = { 65 get: "/v1/{name=organizations/*/locations/*/postures/*}:listRevisions" 66 }; 67 } 68 69 // Gets a posture in a given organization and location. 70 // User must provide revision_id to retrieve a specific revision of the 71 // resource. 72 // NOT_FOUND error is returned if the revision_id or the Posture name does not 73 // exist. In case revision_id is not provided then the latest Posture revision 74 // by UpdateTime is returned. 75 rpc GetPosture(GetPostureRequest) returns (Posture) { 76 option (google.api.http) = { 77 get: "/v1/{name=organizations/*/locations/*/postures/*}" 78 }; 79 option (google.api.method_signature) = "name"; 80 } 81 82 // Creates a new Posture resource. 83 // If a Posture with the specified name already exists in the specified 84 // organization and location, the long running operation returns a 85 // [ALREADY_EXISTS][google.rpc.Code.ALREADY_EXISTS] error. 86 rpc CreatePosture(CreatePostureRequest) 87 returns (google.longrunning.Operation) { 88 option (google.api.http) = { 89 post: "/v1/{parent=organizations/*/locations/*}/postures" 90 body: "posture" 91 }; 92 option (google.api.method_signature) = "parent,posture,posture_id"; 93 option (google.longrunning.operation_info) = { 94 response_type: "Posture" 95 metadata_type: "OperationMetadata" 96 }; 97 } 98 99 // Updates an existing Posture. 100 // A new revision of the posture will be created if the revision to be 101 // updated is currently deployed on a workload. 102 // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the 103 // Posture does not exist. 104 // Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag 105 // supplied in the request does not match the persisted etag of the Posture. 106 // Updatable fields are state, description and policy_sets. 107 // State update operation cannot be clubbed with update of description and 108 // policy_sets. 109 // An ACTIVE posture can be updated to both DRAFT or DEPRECATED states. 110 // Postures in DRAFT or DEPRECATED states can only be updated to ACTIVE state. 111 rpc UpdatePosture(UpdatePostureRequest) 112 returns (google.longrunning.Operation) { 113 option (google.api.http) = { 114 patch: "/v1/{posture.name=organizations/*/locations/*/postures/*}" 115 body: "posture" 116 }; 117 option (google.api.method_signature) = "posture,update_mask"; 118 option (google.longrunning.operation_info) = { 119 response_type: "Posture" 120 metadata_type: "OperationMetadata" 121 }; 122 } 123 124 // Deletes all the revisions of a resource. 125 // A posture can only be deleted when none of the revisions are deployed to 126 // any workload. 127 rpc DeletePosture(DeletePostureRequest) 128 returns (google.longrunning.Operation) { 129 option (google.api.http) = { 130 delete: "/v1/{name=organizations/*/locations/*/postures/*}" 131 }; 132 option (google.api.method_signature) = "name"; 133 option (google.longrunning.operation_info) = { 134 response_type: "google.protobuf.Empty" 135 metadata_type: "OperationMetadata" 136 }; 137 } 138 139 // Extracts existing policies on a workload as a posture. 140 // If a Posture on the given workload already exists, the long running 141 // operation returns a [ALREADY_EXISTS][google.rpc.Code.ALREADY_EXISTS] error. 142 rpc ExtractPosture(ExtractPostureRequest) 143 returns (google.longrunning.Operation) { 144 option (google.api.http) = { 145 post: "/v1/{parent=organizations/*/locations/*}/postures:extract" 146 body: "*" 147 }; 148 option (google.api.method_signature) = "parent,posture_id,workload"; 149 option (google.longrunning.operation_info) = { 150 response_type: "Posture" 151 metadata_type: "OperationMetadata" 152 }; 153 } 154 155 // PostureDeployments 156 // Lists PostureDeployments in a given project and location. 157 rpc ListPostureDeployments(ListPostureDeploymentsRequest) 158 returns (ListPostureDeploymentsResponse) { 159 option (google.api.http) = { 160 get: "/v1/{parent=organizations/*/locations/*}/postureDeployments" 161 }; 162 option (google.api.method_signature) = "parent"; 163 } 164 165 // Gets details of a single PostureDeployment. 166 rpc GetPostureDeployment(GetPostureDeploymentRequest) 167 returns (PostureDeployment) { 168 option (google.api.http) = { 169 get: "/v1/{name=organizations/*/locations/*/postureDeployments/*}" 170 }; 171 option (google.api.method_signature) = "name"; 172 } 173 174 // Creates a new PostureDeployment in a given project and location. 175 rpc CreatePostureDeployment(CreatePostureDeploymentRequest) 176 returns (google.longrunning.Operation) { 177 option (google.api.http) = { 178 post: "/v1/{parent=organizations/*/locations/*}/postureDeployments" 179 body: "posture_deployment" 180 }; 181 option (google.api.method_signature) = 182 "parent,posture_deployment,posture_deployment_id"; 183 option (google.longrunning.operation_info) = { 184 response_type: "PostureDeployment" 185 metadata_type: "OperationMetadata" 186 }; 187 } 188 189 // Updates the parameters of a single PostureDeployment. 190 rpc UpdatePostureDeployment(UpdatePostureDeploymentRequest) 191 returns (google.longrunning.Operation) { 192 option (google.api.http) = { 193 patch: "/v1/{posture_deployment.name=organizations/*/locations/*/postureDeployments/*}" 194 body: "posture_deployment" 195 }; 196 option (google.api.method_signature) = "posture_deployment,update_mask"; 197 option (google.longrunning.operation_info) = { 198 response_type: "PostureDeployment" 199 metadata_type: "OperationMetadata" 200 }; 201 } 202 203 // Deletes a single PostureDeployment. 204 rpc DeletePostureDeployment(DeletePostureDeploymentRequest) 205 returns (google.longrunning.Operation) { 206 option (google.api.http) = { 207 delete: "/v1/{name=organizations/*/locations/*/postureDeployments/*}" 208 }; 209 option (google.api.method_signature) = "name"; 210 option (google.longrunning.operation_info) = { 211 response_type: "google.protobuf.Empty" 212 metadata_type: "OperationMetadata" 213 }; 214 } 215 216 // PostureTemplates 217 // Lists all the PostureTemplates available to the user. 218 rpc ListPostureTemplates(ListPostureTemplatesRequest) 219 returns (ListPostureTemplatesResponse) { 220 option (google.api.http) = { 221 get: "/v1/{parent=organizations/*/locations/*}/postureTemplates" 222 }; 223 option (google.api.method_signature) = "parent"; 224 } 225 226 // Gets a PostureTemplate. 227 // User must provide revision_id to retrieve a specific revision of the 228 // resource. 229 // NOT_FOUND error is returned if the revision_id or the PostureTemplate name 230 // does not exist. In case revision_id is not provided then the 231 // PostureTemplate with latest revision_id is returned. 232 rpc GetPostureTemplate(GetPostureTemplateRequest) returns (PostureTemplate) { 233 option (google.api.http) = { 234 get: "/v1/{name=organizations/*/locations/*/postureTemplates/*}" 235 }; 236 option (google.api.method_signature) = "name"; 237 } 238} 239 240// Represents the metadata of the long-running operation. 241message OperationMetadata { 242 // Output only. The time the operation was created. 243 google.protobuf.Timestamp create_time = 1 244 [(google.api.field_behavior) = OUTPUT_ONLY]; 245 246 // Output only. The time the operation finished running. 247 google.protobuf.Timestamp end_time = 2 248 [(google.api.field_behavior) = OUTPUT_ONLY]; 249 250 // Output only. Server-defined resource path for the target of the operation. 251 string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 252 253 // Output only. Name of the verb executed by the operation. 254 string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 255 256 // Output only. Human-readable status of the operation, if any. 257 string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 258 259 // Output only. Identifies whether the user has requested cancellation 260 // of the operation. Operations that have been cancelled successfully 261 // have [Operation.error][] value with a 262 // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to 263 // `Code.CANCELLED`. 264 bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 265 266 // Output only. API version used to start the operation. 267 string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 268 269 // Output only. This is a output only optional field which will be filled only 270 // in cases where PostureDeployments enter failure states like UPDATE_FAILED 271 // or CREATE_FAILED or DELETE_FAILED. 272 string error_message = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 273} 274 275// Postures 276// Definition of a Posture. 277message Posture { 278 option (google.api.resource) = { 279 type: "securityposture.googleapis.com/Posture" 280 pattern: "organizations/{organization}/locations/{location}/postures/{posture}" 281 plural: "postures" 282 singular: "posture" 283 style: DECLARATIVE_FRIENDLY 284 }; 285 286 // State of a Posture. 287 enum State { 288 // Unspecified operation state. 289 STATE_UNSPECIFIED = 0; 290 291 // The Posture is marked deprecated when it is not in use by the user. 292 DEPRECATED = 1; 293 294 // The Posture is created successfully but is not yet ready for usage. 295 DRAFT = 2; 296 297 // The Posture state is active. Ready for use/deployments. 298 ACTIVE = 3; 299 } 300 301 // Required. Identifier. The name of this Posture resource, in the format of 302 // organizations/{org_id}/locations/{location_id}/postures/{posture}. 303 string name = 1 [ 304 (google.api.field_behavior) = REQUIRED, 305 (google.api.field_behavior) = IDENTIFIER 306 ]; 307 308 // Required. State of Posture resource. 309 State state = 2 [(google.api.field_behavior) = REQUIRED]; 310 311 // Output only. Immutable. The revision ID of the posture. 312 // The format is an 8-character hexadecimal string. 313 // https://google.aip.dev/162 314 string revision_id = 3 [ 315 (google.api.field_behavior) = IMMUTABLE, 316 (google.api.field_behavior) = OUTPUT_ONLY 317 ]; 318 319 // Output only. The timestamp that the posture was created. 320 google.protobuf.Timestamp create_time = 4 321 [(google.api.field_behavior) = OUTPUT_ONLY]; 322 323 // Output only. The timestamp that the posture was updated. 324 google.protobuf.Timestamp update_time = 5 325 [(google.api.field_behavior) = OUTPUT_ONLY]; 326 327 // Optional. User provided description of the posture. 328 string description = 6 [(google.api.field_behavior) = OPTIONAL]; 329 330 // Required. List of Policy sets. 331 repeated PolicySet policy_sets = 7 [(google.api.field_behavior) = REQUIRED]; 332 333 // Optional. An opaque tag indicating the current version of the Posture, used 334 // for concurrency control. When the `Posture` is returned from either a 335 // `GetPosture` or a `ListPostures` request, this `etag` indicates the version 336 // of the current `Posture` to use when executing a read-modify-write loop. 337 // 338 // When the `Posture` is used in a `UpdatePosture` method, use the `etag` 339 // value that was returned from a `GetPosture` request as part of a 340 // read-modify-write loop for concurrency control. Not setting the `etag` in a 341 // `UpdatePosture` request will result in an unconditional write of the 342 // `Posture`. 343 string etag = 8 [(google.api.field_behavior) = OPTIONAL]; 344 345 // Optional. User annotations. These attributes can only be set and used by 346 // the user, and not by Google Security Postures. 347 // . 348 map<string, string> annotations = 9 [(google.api.field_behavior) = OPTIONAL]; 349 350 // Output only. Whether or not this Posture is in the process of being 351 // updated. 352 bool reconciling = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 353} 354 355// PolicySet representation. 356message PolicySet { 357 // Required. ID of the Policy set. 358 string policy_set_id = 1 [(google.api.field_behavior) = REQUIRED]; 359 360 // Optional. Description of the Policy set. 361 string description = 2 [(google.api.field_behavior) = OPTIONAL]; 362 363 // Required. List of policies. 364 repeated Policy policies = 3 [(google.api.field_behavior) = REQUIRED]; 365} 366 367// Policy representation. 368message Policy { 369 // Mapping for a Policy to standard and control. 370 message ComplianceStandard { 371 // Optional. The compliance standard that the Policy maps to, e.g.: CIS-2.0. 372 string standard = 1 [(google.api.field_behavior) = OPTIONAL]; 373 374 // Optional. Control mapping provided by user for this Policy. e.g.: 1.5. 375 string control = 2 [(google.api.field_behavior) = OPTIONAL]; 376 } 377 378 // Required. ID of the Policy that is user generated, immutable and unique 379 // within the scope of a policy set. 380 string policy_id = 1 [(google.api.field_behavior) = REQUIRED]; 381 382 // Optional. Contains list of mapping for a Policy to a standard and control. 383 repeated ComplianceStandard compliance_standards = 2 384 [(google.api.field_behavior) = OPTIONAL]; 385 386 // Required. Constraint details. 387 Constraint constraint = 3 [(google.api.field_behavior) = REQUIRED]; 388 389 // Optional. Description of the Policy. 390 string description = 4 [(google.api.field_behavior) = OPTIONAL]; 391} 392 393// Representation of a Constraint. 394message Constraint { 395 oneof implementation { 396 // Optional. SHA built-in detector. 397 SecurityHealthAnalyticsModule security_health_analytics_module = 3 398 [(google.api.field_behavior) = OPTIONAL]; 399 400 // Optional. SHA custom detector. 401 SecurityHealthAnalyticsCustomModule 402 security_health_analytics_custom_module = 4 403 [(google.api.field_behavior) = OPTIONAL]; 404 405 // Optional. Org Policy builtin constraint. 406 OrgPolicyConstraint org_policy_constraint = 5 407 [(google.api.field_behavior) = OPTIONAL]; 408 409 // Optional. Org Policy custom constraint. 410 OrgPolicyConstraintCustom org_policy_constraint_custom = 6 411 [(google.api.field_behavior) = OPTIONAL]; 412 } 413} 414 415// Message for requesting list of Postures. 416message ListPosturesRequest { 417 // Required. Parent value for ListPosturesRequest. 418 string parent = 1 [ 419 (google.api.field_behavior) = REQUIRED, 420 (google.api.resource_reference) = { 421 child_type: "securityposture.googleapis.com/Posture" 422 } 423 ]; 424 425 // Requested page size. Server may return fewer items than requested. 426 // If unspecified, server will pick an appropriate default. 427 int32 page_size = 2; 428 429 // A token identifying a page of results the server should return. 430 string page_token = 3; 431} 432 433// Message for response to listing Postures. 434message ListPosturesResponse { 435 // The list of Posture. 436 repeated Posture postures = 1; 437 438 // A token identifying a page of results the server should return. 439 string next_page_token = 2; 440 441 // Unreachable resources. 442 repeated string unreachable = 3; 443} 444 445// Message for requesting list of Posture revisions. 446message ListPostureRevisionsRequest { 447 // Required. Name value for ListPostureRevisionsRequest. 448 string name = 1 [ 449 (google.api.field_behavior) = REQUIRED, 450 (google.api.resource_reference) = { 451 type: "securityposture.googleapis.com/Posture" 452 } 453 ]; 454 455 // Optional. Requested page size. Server may return fewer items than 456 // requested. If unspecified, server will pick 100 as default. 457 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 458 459 // Optional. A token identifying a page of results the server should return. 460 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 461} 462 463// Message for response to listing PostureRevisions. 464message ListPostureRevisionsResponse { 465 // The list of Posture revisions. 466 repeated Posture revisions = 1; 467 468 // A token identifying a page of results the server should return. 469 string next_page_token = 2; 470} 471 472// Message for getting a Posture. 473message GetPostureRequest { 474 // Required. Name of the resource. 475 string name = 1 [ 476 (google.api.field_behavior) = REQUIRED, 477 (google.api.resource_reference) = { 478 type: "securityposture.googleapis.com/Posture" 479 } 480 ]; 481 482 // Optional. Posture revision which needs to be retrieved. 483 string revision_id = 3 [(google.api.field_behavior) = OPTIONAL]; 484} 485 486// Message for creating a Posture. 487message CreatePostureRequest { 488 // Required. Value for parent. 489 string parent = 1 [ 490 (google.api.field_behavior) = REQUIRED, 491 (google.api.resource_reference) = { 492 child_type: "securityposture.googleapis.com/Posture" 493 } 494 ]; 495 496 // Required. User provided identifier. It should be unique in scope of an 497 // Organization and location. 498 string posture_id = 2 [(google.api.field_behavior) = REQUIRED]; 499 500 // Required. The resource being created. 501 Posture posture = 3 [(google.api.field_behavior) = REQUIRED]; 502} 503 504// Message for updating a Posture. 505message UpdatePostureRequest { 506 // Required. Field mask is used to specify the fields to be overwritten in the 507 // Posture resource by the update. 508 // The fields specified in the update_mask are relative to the resource, not 509 // the full request. A field will be overwritten if it is in the mask. If the 510 // user does not provide a mask then all fields will be overwritten. 511 google.protobuf.FieldMask update_mask = 1 512 [(google.api.field_behavior) = REQUIRED]; 513 514 // Required. The resource being updated. 515 Posture posture = 2 [(google.api.field_behavior) = REQUIRED]; 516 517 // Required. Posture revision which needs to be updated. 518 string revision_id = 3 [(google.api.field_behavior) = REQUIRED]; 519} 520 521// Message for deleting a Posture. 522message DeletePostureRequest { 523 // Required. Name of the resource. 524 string name = 1 [ 525 (google.api.field_behavior) = REQUIRED, 526 (google.api.resource_reference) = { 527 type: "securityposture.googleapis.com/Posture" 528 } 529 ]; 530 531 // Optional. Etag value of the Posture to be deleted. 532 string etag = 2 [(google.api.field_behavior) = OPTIONAL]; 533} 534 535// Message for extracting existing policies on a workload as a Posture. 536message ExtractPostureRequest { 537 // Required. The parent resource name. The format of this value is as follows: 538 // `organizations/{organization}/locations/{location}` 539 string parent = 1 [ 540 (google.api.field_behavior) = REQUIRED, 541 (google.api.resource_reference) = { 542 child_type: "securityposture.googleapis.com/Posture" 543 } 544 ]; 545 546 // Required. User provided identifier. It should be unique in scope of an 547 // Organization and location. 548 string posture_id = 2 [(google.api.field_behavior) = REQUIRED]; 549 550 // Required. Workload from which the policies are to be extracted, it should 551 // belong to the same organization defined in parent. The format of this value 552 // varies depending on the scope of the request: 553 // - `folder/folderNumber` 554 // - `project/projectNumber` 555 // - `organization/organizationNumber` 556 string workload = 3 [(google.api.field_behavior) = REQUIRED]; 557} 558 559// ========================== PostureDeployments ========================== 560// Message describing PostureDeployment resource. 561message PostureDeployment { 562 option (google.api.resource) = { 563 type: "securityposture.googleapis.com/PostureDeployment" 564 pattern: "organizations/{organization}/locations/{location}/postureDeployments/{posture_deployment}" 565 plural: "postureDeployments" 566 singular: "postureDeployment" 567 style: DECLARATIVE_FRIENDLY 568 }; 569 570 // State of a PostureDeployment. 571 enum State { 572 // Unspecified operation state. 573 STATE_UNSPECIFIED = 0; 574 575 // The PostureDeployment is being created. 576 CREATING = 1; 577 578 // The PostureDeployment is being deleted. 579 DELETING = 2; 580 581 // The PostureDeployment state is being updated. 582 UPDATING = 3; 583 584 // The PostureDeployment state is active and in use. 585 ACTIVE = 4; 586 587 // The PostureDeployment creation failed. 588 CREATE_FAILED = 5; 589 590 // The PostureDeployment update failed. 591 UPDATE_FAILED = 6; 592 593 // The PostureDeployment deletion failed. 594 DELETE_FAILED = 7; 595 } 596 597 // Required. The name of this PostureDeployment resource, in the format of 598 // organizations/{organization}/locations/{location_id}/postureDeployments/{postureDeployment}. 599 string name = 1 [(google.api.field_behavior) = REQUIRED]; 600 601 // Required. Target resource where the Posture will be deployed. Currently 602 // supported resources are of types: projects/projectNumber, 603 // folders/folderNumber, organizations/organizationNumber. 604 string target_resource = 13 [(google.api.field_behavior) = REQUIRED]; 605 606 // Output only. State of PostureDeployment resource. 607 State state = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 608 609 // Required. Posture that needs to be deployed. 610 // Format: 611 // organizations/{org_id}/locations/{location_id}/postures/<posture> 612 // Example: 613 // organizations/99/locations/global/postures/les-miserables. 614 string posture_id = 3 [(google.api.field_behavior) = REQUIRED]; 615 616 // Required. Revision_id of the Posture that is to be deployed. 617 string posture_revision_id = 4 [(google.api.field_behavior) = REQUIRED]; 618 619 // Output only. The timestamp that the PostureDeployment was created. 620 google.protobuf.Timestamp create_time = 5 621 [(google.api.field_behavior) = OUTPUT_ONLY]; 622 623 // Output only. The timestamp that the PostureDeployment was updated. 624 google.protobuf.Timestamp update_time = 6 625 [(google.api.field_behavior) = OUTPUT_ONLY]; 626 627 // Optional. User provided description of the PostureDeployment. 628 string description = 7 [(google.api.field_behavior) = OPTIONAL]; 629 630 // Optional. An opaque tag indicating the current version of the 631 // PostureDeployment, used for concurrency control. When the 632 // `PostureDeployment` is returned from either a `GetPostureDeployment` or a 633 // `ListPostureDeployments` request, this `etag` indicates the version of the 634 // current `PostureDeployment` to use when executing a read-modify-write loop. 635 // 636 // When the `PostureDeployment` is used in a `UpdatePostureDeployment` method, 637 // use the `etag` value that was returned from a `GetPostureDeployment` 638 // request as part of a read-modify-write loop for concurrency control. Not 639 // setting the `etag` in a `UpdatePostureDeployment` request will result in an 640 // unconditional write of the `PostureDeployment`. 641 string etag = 8 [(google.api.field_behavior) = OPTIONAL]; 642 643 // Optional. User annotations. These attributes can only be set and used by 644 // the user, and not by Google Security Postures. 645 // . 646 map<string, string> annotations = 9 [(google.api.field_behavior) = OPTIONAL]; 647 648 // Output only. Whether or not this Posture is in the process of being 649 // updated. 650 bool reconciling = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 651 652 // Output only. This is a output only optional field which will be filled in 653 // case where PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or 654 // DELETE_FAILED. It denotes the desired Posture. 655 string desired_posture_id = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; 656 657 // Output only. Output only optional field which provides revision_id of the 658 // desired_posture_id. 659 string desired_posture_revision_id = 12 660 [(google.api.field_behavior) = OUTPUT_ONLY]; 661 662 // Output only. This is a output only optional field which will be filled in 663 // case where PostureDeployment enters a failure state like UPDATE_FAILED or 664 // CREATE_FAILED or DELETE_FAILED. 665 string failure_message = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; 666} 667 668// Message for requesting list of PostureDeployments. 669message ListPostureDeploymentsRequest { 670 // Required. Parent value for ListPostureDeploymentsRequest. 671 string parent = 1 [ 672 (google.api.field_behavior) = REQUIRED, 673 (google.api.resource_reference) = { 674 child_type: "securityposture.googleapis.com/PostureDeployment" 675 } 676 ]; 677 678 // Optional. Requested page size. Server may return fewer items than 679 // requested. If unspecified, server will pick an appropriate default. 680 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 681 682 // Optional. A token identifying a page of results the server should return. 683 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 684 685 // Optional. Filter to be applied on the resource, defined by EBNF grammar 686 // https://google.aip.dev/assets/misc/ebnf-filtering.txt. 687 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 688} 689 690// Message for response to listing PostureDeployments. 691message ListPostureDeploymentsResponse { 692 // The list of PostureDeployment. 693 repeated PostureDeployment posture_deployments = 1; 694 695 // A token identifying a page of results the server should return. 696 string next_page_token = 2; 697 698 // Locations that could not be reached. 699 repeated string unreachable = 3; 700} 701 702// Message for getting a PostureDeployment. 703message GetPostureDeploymentRequest { 704 // Required. Name of the resource. 705 string name = 1 [ 706 (google.api.field_behavior) = REQUIRED, 707 (google.api.resource_reference) = { 708 type: "securityposture.googleapis.com/PostureDeployment" 709 } 710 ]; 711} 712 713// Message for creating a PostureDeployment. 714message CreatePostureDeploymentRequest { 715 // Required. Value for parent. 716 // Format: organizations/{org_id}/locations/{location} 717 string parent = 1 [ 718 (google.api.field_behavior) = REQUIRED, 719 (google.api.resource_reference) = { 720 child_type: "securityposture.googleapis.com/PostureDeployment" 721 } 722 ]; 723 724 // Required. User provided identifier. It should be unique in scope of an 725 // Organization and location. 726 string posture_deployment_id = 2 [(google.api.field_behavior) = REQUIRED]; 727 728 // Required. The resource being created. 729 PostureDeployment posture_deployment = 3 730 [(google.api.field_behavior) = REQUIRED]; 731} 732 733// Message for updating a PostureDeployment. 734message UpdatePostureDeploymentRequest { 735 // Required. Field mask is used to specify the fields to be overwritten in the 736 // PostureDeployment resource by the update. 737 // The fields specified in the update_mask are relative to the resource, not 738 // the full request. A field will be overwritten if it is in the mask. If the 739 // user does not provide a mask then all fields will be overwritten. 740 google.protobuf.FieldMask update_mask = 1 741 [(google.api.field_behavior) = REQUIRED]; 742 743 // Required. The resource being updated. 744 PostureDeployment posture_deployment = 2 745 [(google.api.field_behavior) = REQUIRED]; 746} 747 748// Message for deleting a PostureDeployment. 749message DeletePostureDeploymentRequest { 750 // Required. Name of the resource. 751 string name = 1 [ 752 (google.api.field_behavior) = REQUIRED, 753 (google.api.resource_reference) = { 754 type: "securityposture.googleapis.com/PostureDeployment" 755 } 756 ]; 757 758 // Optional. Etag value of the PostureDeployment to be deleted. 759 string etag = 2 [(google.api.field_behavior) = OPTIONAL]; 760} 761 762// PostureTemplates 763// Message describing PostureTemplate object. 764message PostureTemplate { 765 option (google.api.resource) = { 766 type: "securityposture.googleapis.com/PostureTemplate" 767 pattern: "organizations/{organization}/locations/{location}/postureTemplates/{posture_template}" 768 plural: "postureTemplates" 769 singular: "postureTemplate" 770 }; 771 772 // State of a PostureTemplate 773 enum State { 774 // Unspecified state 775 STATE_UNSPECIFIED = 0; 776 777 // If the Posture template is adhering to the latest controls and standards. 778 ACTIVE = 1; 779 780 // If the Posture template controls and standards are outdated and not 781 // recommended for use. 782 DEPRECATED = 2; 783 } 784 785 // Output only. Identifier. The name of the Posture template will be of the 786 // format 787 // organizations/{organization}/locations/{location}/postureTemplates/{postureTemplate} 788 string name = 1 [ 789 (google.api.field_behavior) = OUTPUT_ONLY, 790 (google.api.field_behavior) = IDENTIFIER 791 ]; 792 793 // Output only. The revision_id of a PostureTemplate. 794 string revision_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 795 796 // Output only. Description of the Posture template. 797 string description = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 798 799 // Output only. State of PostureTemplate resource. 800 State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 801 802 // Output only. Policy_sets to be used by the user. 803 repeated PolicySet policy_sets = 5 804 [(google.api.field_behavior) = OUTPUT_ONLY]; 805} 806 807// Message for requesting list of Posture Templates. 808message ListPostureTemplatesRequest { 809 // Required. Parent value for ListPostureTemplatesRequest. 810 string parent = 1 [ 811 (google.api.field_behavior) = REQUIRED, 812 (google.api.resource_reference) = { 813 child_type: "securityposture.googleapis.com/PostureTemplate" 814 } 815 ]; 816 817 // Optional. Requested page size. Server may return fewer items than 818 // requested. If unspecified, server will pick an appropriate default. 819 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 820 821 // Optional. A token identifying a page of results the server should return. 822 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 823 824 // Optional. Filter to be applied on the resource, defined by EBNF grammar 825 // https://google.aip.dev/assets/misc/ebnf-filtering.txt. 826 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 827} 828 829// Message for response to listing PostureTemplates. 830message ListPostureTemplatesResponse { 831 // The list of PostureTemplate. 832 repeated PostureTemplate posture_templates = 1; 833 834 // A token identifying a page of results the server should return. 835 string next_page_token = 2; 836} 837 838// Message for getting a Posture Template. 839message GetPostureTemplateRequest { 840 // Required. Name of the resource. 841 string name = 1 [ 842 (google.api.field_behavior) = REQUIRED, 843 (google.api.resource_reference) = { 844 type: "securityposture.googleapis.com/PostureTemplate" 845 } 846 ]; 847 848 // Optional. Specific revision_id of a Posture Template. 849 // PostureTemplate revision_id which needs to be retrieved. 850 string revision_id = 2 [(google.api.field_behavior) = OPTIONAL]; 851} 852