Reference documentation and code samples for the Google Cloud Security Command Center V1p1beta1 Client class SecurityCenterClient.
Service Description: V1p1Beta1 APIs for Security Center service.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
$securityCenterClient = new SecurityCenterClient();
try {
$formattedParent = $securityCenterClient->sourceName('[ORGANIZATION]', '[SOURCE]');
$findingId = 'finding_id';
$finding = new Finding();
$response = $securityCenterClient->createFinding($formattedParent, $findingId, $finding);
} finally {
$securityCenterClient->close();
}
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.
Namespace
Google \ Cloud \ SecurityCenter \ V1p1beta1Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
options |
array
Optional. Options for configuring the service API wrapper. |
↳ apiEndpoint |
string
The address of the API remote host. May optionally include the port, formatted as "
|
↳ credentials |
string|array|FetchAuthTokenInterface|CredentialsWrapper
The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored. |
↳ credentialsConfig |
array
Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() . |
↳ disableRetries |
bool
Determines whether or not retries defined by the client configuration should be disabled. Defaults to |
↳ clientConfig |
string|array
Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder. |
↳ transport |
string|TransportInterface
The transport used for executing network requests. May be either the string |
↳ transportConfig |
array
Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options. |
↳ clientCertSource |
callable
A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS. |
createFinding
Creates a finding. The corresponding source must exist for finding creation to succeed.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". |
findingId |
string
Required. Unique identifier provided by the client within the parent scope. |
finding |
Google\Cloud\SecurityCenter\V1p1beta1\Finding
Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\Finding |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Resource name of the new finding's parent. Its format should be
* "organizations/[organization_id]/sources/[source_id]". Please see
* {@see SecurityCenterClient::sourceName()} for help formatting this field.
* @param string $findingId Unique identifier provided by the client within the parent scope.
*/
function create_finding_sample(string $formattedParent, string $findingId): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$finding = new Finding();
// Call the API and handle any network failures.
try {
/** @var Finding $response */
$response = $securityCenterClient->createFinding($formattedParent, $findingId, $finding);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');
$findingId = '[FINDING_ID]';
create_finding_sample($formattedParent, $findingId);
}
createNotificationConfig
Creates a notification config.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". |
configId |
string
Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. |
notificationConfig |
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig
Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Resource name of the new notification config's parent. Its format is
* "organizations/[organization_id]". Please see
* {@see SecurityCenterClient::organizationName()} for help formatting this field.
* @param string $configId Unique identifier provided by the client within the parent scope.
* It must be between 1 and 128 characters, and contains alphanumeric
* characters, underscores or hyphens only.
*/
function create_notification_config_sample(string $formattedParent, string $configId): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$notificationConfig = new NotificationConfig();
// Call the API and handle any network failures.
try {
/** @var NotificationConfig $response */
$response = $securityCenterClient->createNotificationConfig(
$formattedParent,
$configId,
$notificationConfig
);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');
$configId = '[CONFIG_ID]';
create_notification_config_sample($formattedParent, $configId);
}
createSource
Creates a source.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". |
source |
Google\Cloud\SecurityCenter\V1p1beta1\Source
Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\Source |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;
/**
* @param string $formattedParent Resource name of the new source's parent. Its format should be
* "organizations/[organization_id]". Please see
* {@see SecurityCenterClient::organizationName()} for help formatting this field.
*/
function create_source_sample(string $formattedParent): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$source = new Source();
// Call the API and handle any network failures.
try {
/** @var Source $response */
$response = $securityCenterClient->createSource($formattedParent, $source);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');
create_source_sample($formattedParent);
}
deleteNotificationConfig
Deletes a notification config.
| Parameters | |
|---|---|
| Name | Description |
name |
string
Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedName Name of the notification config to delete. Its format is
* "organizations/[organization_id]/notificationConfigs/[config_id]". Please see
* {@see SecurityCenterClient::notificationConfigName()} for help formatting this field.
*/
function delete_notification_config_sample(string $formattedName): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
$securityCenterClient->deleteNotificationConfig($formattedName);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = SecurityCenterClient::notificationConfigName(
'[ORGANIZATION]',
'[NOTIFICATION_CONFIG]'
);
delete_notification_config_sample($formattedName);
}
getIamPolicy
Gets the access control policy on the specified Source.
| Parameters | |
|---|---|
| Name | Description |
resource |
string
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. |
optionalArgs |
array
Optional. |
↳ options |
GetPolicyOptions
OPTIONAL: A |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Iam\V1\Policy |
|
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $resource REQUIRED: The resource for which the policy is being requested.
* See the operation documentation for the appropriate value for this field.
*/
function get_iam_policy_sample(string $resource): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $securityCenterClient->getIamPolicy($resource);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
get_iam_policy_sample($resource);
}
getNotificationConfig
Gets a notification config.
| Parameters | |
|---|---|
| Name | Description |
name |
string
Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedName Name of the notification config to get. Its format is
* "organizations/[organization_id]/notificationConfigs/[config_id]". Please see
* {@see SecurityCenterClient::notificationConfigName()} for help formatting this field.
*/
function get_notification_config_sample(string $formattedName): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var NotificationConfig $response */
$response = $securityCenterClient->getNotificationConfig($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = SecurityCenterClient::notificationConfigName(
'[ORGANIZATION]',
'[NOTIFICATION_CONFIG]'
);
get_notification_config_sample($formattedName);
}
getOrganizationSettings
Gets the settings for an organization.
| Parameters | |
|---|---|
| Name | Description |
name |
string
Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedName Name of the organization to get organization settings for. Its format is
* "organizations/[organization_id]/organizationSettings". Please see
* {@see SecurityCenterClient::organizationSettingsName()} for help formatting this field.
*/
function get_organization_settings_sample(string $formattedName): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var OrganizationSettings $response */
$response = $securityCenterClient->getOrganizationSettings($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = SecurityCenterClient::organizationSettingsName('[ORGANIZATION]');
get_organization_settings_sample($formattedName);
}
getSource
Gets a source.
| Parameters | |
|---|---|
| Name | Description |
name |
string
Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\Source |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;
/**
* @param string $formattedName Relative resource name of the source. Its format is
* "organizations/[organization_id]/source/[source_id]". Please see
* {@see SecurityCenterClient::sourceName()} for help formatting this field.
*/
function get_source_sample(string $formattedName): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var Source $response */
$response = $securityCenterClient->getSource($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');
get_source_sample($formattedName);
}
groupAssets
Filters an organization's assets and groups them by their specified properties.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Name of the organization to groupBy. Its format is "organizations/[organization_id], folders/[folder_id], or projects/[project_id]". |
groupBy |
string
Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project". The following fields are supported when compare_duration is not set:
The following fields are supported when compare_duration is set:
|
optionalArgs |
array
Optional. |
↳ filter |
string
Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators |
↳ compareDuration |
Duration
When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. If this field is set then |
↳ readTime |
Timestamp
Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\PagedListResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\GroupResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Name of the organization to groupBy. Its format is
* "organizations/[organization_id], folders/[folder_id], or
* projects/[project_id]". Please see
* {@see SecurityCenterClient::projectName()} for help formatting this field.
* @param string $groupBy Expression that defines what assets fields to use for grouping. The string
* value should follow SQL syntax: comma separated list of fields. For
* example:
* "security_center_properties.resource_project,security_center_properties.project".
*
* The following fields are supported when compare_duration is not set:
*
* * security_center_properties.resource_project
* * security_center_properties.resource_project_display_name
* * security_center_properties.resource_type
* * security_center_properties.resource_parent
* * security_center_properties.resource_parent_display_name
*
* The following fields are supported when compare_duration is set:
*
* * security_center_properties.resource_type
* * security_center_properties.resource_project_display_name
* * security_center_properties.resource_parent_display_name
*/
function group_assets_sample(string $formattedParent, string $groupBy): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $securityCenterClient->groupAssets($formattedParent, $groupBy);
/** @var GroupResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::projectName('[PROJECT]');
$groupBy = '[GROUP_BY]';
group_assets_sample($formattedParent, $groupBy);
}
groupFindings
Filters an organization or source's findings and groups them by their specified properties.
To group across all sources provide a - as the source id.
Example: /v1/organizations/{organization_id}/sources/-/findings,
/v1/folders/{folder_id}/sources/-/findings,
/v1/projects/{project_id}/sources/-/findings
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Name of the source to groupBy. Its format is
"organizations/[organization_id]/sources/[source_id]",
folders/[folder_id]/sources/[source_id], or
projects/[project_id]/sources/[source_id]. To groupBy across all sources
provide a source_id of |
groupBy |
string
Required. Expression that defines what assets fields to use for grouping (including
The following fields are supported:
The following fields are supported when compare_duration is set:
|
optionalArgs |
array
Optional. |
↳ filter |
string
Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators |
↳ readTime |
Timestamp
Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. |
↳ compareDuration |
Duration
When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time. * "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. If this field is set then |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\PagedListResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\GroupResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Name of the source to groupBy. Its format is
* "organizations/[organization_id]/sources/[source_id]",
* folders/[folder_id]/sources/[source_id], or
* projects/[project_id]/sources/[source_id]. To groupBy across all sources
* provide a source_id of `-`. For example:
* organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-,
* or projects/{project_id}/sources/-
* Please see {@see SecurityCenterClient::sourceName()} for help formatting this field.
* @param string $groupBy Expression that defines what assets fields to use for grouping (including
* `state_change`). The string value should follow SQL syntax: comma separated
* list of fields. For example: "parent,resource_name".
*
* The following fields are supported:
*
* * resource_name
* * category
* * state
* * parent
* * severity
*
* The following fields are supported when compare_duration is set:
*
* * state_change
*/
function group_findings_sample(string $formattedParent, string $groupBy): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $securityCenterClient->groupFindings($formattedParent, $groupBy);
/** @var GroupResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');
$groupBy = '[GROUP_BY]';
group_findings_sample($formattedParent, $groupBy);
}
listAssets
Lists an organization's assets.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id], folders/[folder_id], or projects/[project_id]". |
optionalArgs |
array
Optional. |
↳ filter |
string
Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators |
↳ orderBy |
string
Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent. The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type |
↳ readTime |
Timestamp
Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. |
↳ compareDuration |
Duration
When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at read_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. |
↳ fieldMask |
FieldMask
A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\PagedListResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\ListAssetsResponse\ListAssetsResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Name of the organization assets should belong to. Its format is
* "organizations/[organization_id], folders/[folder_id], or
* projects/[project_id]". Please see
* {@see SecurityCenterClient::projectName()} for help formatting this field.
*/
function list_assets_sample(string $formattedParent): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $securityCenterClient->listAssets($formattedParent);
/** @var ListAssetsResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::projectName('[PROJECT]');
list_assets_sample($formattedParent);
}
listFindings
Lists an organization or source's findings.
To list across all sources provide a - as the source id.
Example: /v1p1beta1/organizations/{organization_id}/sources/-/findings
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Name of the source the findings belong to. Its format is
"organizations/[organization_id]/sources/[source_id],
folders/[folder_id]/sources/[source_id], or
projects/[project_id]/sources/[source_id]". To list across all sources
provide a source_id of |
optionalArgs |
array
Optional. |
↳ filter |
string
Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators |
↳ orderBy |
string
Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent. The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks |
↳ readTime |
Timestamp
Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. |
↳ compareDuration |
Duration
When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time. * "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. |
↳ fieldMask |
FieldMask
A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\PagedListResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\ListFindingsResponse\ListFindingsResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Name of the source the findings belong to. Its format is
* "organizations/[organization_id]/sources/[source_id],
* folders/[folder_id]/sources/[source_id], or
* projects/[project_id]/sources/[source_id]". To list across all sources
* provide a source_id of `-`. For example:
* organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or
* projects/{projects_id}/sources/-
* Please see {@see SecurityCenterClient::sourceName()} for help formatting this field.
*/
function list_findings_sample(string $formattedParent): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $securityCenterClient->listFindings($formattedParent);
/** @var ListFindingsResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');
list_findings_sample($formattedParent);
}
listNotificationConfigs
Lists notification configs.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". |
optionalArgs |
array
Optional. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\PagedListResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $formattedParent Name of the organization to list notification configs.
* Its format is "organizations/[organization_id]". Please see
* {@see SecurityCenterClient::organizationName()} for help formatting this field.
*/
function list_notification_configs_sample(string $formattedParent): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $securityCenterClient->listNotificationConfigs($formattedParent);
/** @var NotificationConfig $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');
list_notification_configs_sample($formattedParent);
}
listSources
Lists all sources belonging to an organization.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id], folders/[folder_id], or projects/[project_id]". |
optionalArgs |
array
Optional. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\PagedListResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;
/**
* @param string $formattedParent Resource name of the parent of sources to list. Its format should be
* "organizations/[organization_id], folders/[folder_id], or
* projects/[project_id]". Please see
* {@see SecurityCenterClient::projectName()} for help formatting this field.
*/
function list_sources_sample(string $formattedParent): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $securityCenterClient->listSources($formattedParent);
/** @var Source $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::projectName('[PROJECT]');
list_sources_sample($formattedParent);
}
runAssetDiscovery
Runs asset discovery. The discovery is tracked with a long-running operation.
This API can only be called with limited frequency for an organization. If it is called too frequently the caller will receive a TOO_MANY_REQUESTS error.
| Parameters | |
|---|---|
| Name | Description |
parent |
string
Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\OperationResponse |
|
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\RunAssetDiscoveryResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Rpc\Status;
/**
* @param string $formattedParent Name of the organization to run asset discovery for. Its format is
* "organizations/[organization_id]". Please see
* {@see SecurityCenterClient::organizationName()} for help formatting this field.
*/
function run_asset_discovery_sample(string $formattedParent): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Call the API and handle any network failures.
try {
/** @var OperationResponse $response */
$response = $securityCenterClient->runAssetDiscovery($formattedParent);
$response->pollUntilComplete();
if ($response->operationSucceeded()) {
/** @var RunAssetDiscoveryResponse $result */
$result = $response->getResult();
printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
} else {
/** @var Status $error */
$error = $response->getError();
printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');
run_asset_discovery_sample($formattedParent);
}
setFindingState
Updates the state of a finding.
| Parameters | |
|---|---|
| Name | Description |
name |
string
Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". |
state |
int
Required. The desired State of the finding. For allowed values, use constants defined on Google\Cloud\SecurityCenter\V1p1beta1\Finding\State |
startTime |
Google\Protobuf\Timestamp
Required. The time at which the updated state takes effect. |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\Finding |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding\State;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Protobuf\Timestamp;
/**
* @param string $formattedName The relative resource name of the finding. See:
* https://cloud.google.com/apis/design/resource_names#relative_resource_name
* Example:
* "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". Please see
* {@see SecurityCenterClient::findingName()} for help formatting this field.
* @param int $state The desired State of the finding.
*/
function set_finding_state_sample(string $formattedName, int $state): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$startTime = new Timestamp();
// Call the API and handle any network failures.
try {
/** @var Finding $response */
$response = $securityCenterClient->setFindingState($formattedName, $state, $startTime);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = SecurityCenterClient::findingName('[ORGANIZATION]', '[SOURCE]', '[FINDING]');
$state = State::STATE_UNSPECIFIED;
set_finding_state_sample($formattedName, $state);
}
setIamPolicy
Sets the access control policy on the specified Source.
| Parameters | |
|---|---|
| Name | Description |
resource |
string
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. |
policy |
Google\Cloud\Iam\V1\Policy
REQUIRED: The complete policy to be applied to the |
optionalArgs |
array
Optional. |
↳ updateMask |
FieldMask
OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Iam\V1\Policy |
|
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $resource REQUIRED: The resource for which the policy is being specified.
* See the operation documentation for the appropriate value for this field.
*/
function set_iam_policy_sample(string $resource): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$policy = new Policy();
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $securityCenterClient->setIamPolicy($resource, $policy);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
set_iam_policy_sample($resource);
}
testIamPermissions
Returns the permissions that a caller has on the specified source.
| Parameters | |
|---|---|
| Name | Description |
resource |
string
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. |
permissions |
string[]
The set of permissions to check for the |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Iam\V1\TestIamPermissionsResponse |
|
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* @param string $resource REQUIRED: The resource for which the policy detail is being requested.
* See the operation documentation for the appropriate value for this field.
* @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
* wildcards (such as '*' or 'storage.*') are not allowed. For more
* information see
* [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
*/
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$permissions = [$permissionsElement,];
// Call the API and handle any network failures.
try {
/** @var TestIamPermissionsResponse $response */
$response = $securityCenterClient->testIamPermissions($resource, $permissions);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
$permissionsElement = '[PERMISSIONS]';
test_iam_permissions_sample($resource, $permissionsElement);
}
updateFinding
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.
| Parameters | |
|---|---|
| Name | Description |
finding |
Google\Cloud\SecurityCenter\V1p1beta1\Finding
Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. |
optionalArgs |
array
Optional. |
↳ updateMask |
FieldMask
The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties.
|
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\Finding |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_finding_sample(): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$finding = new Finding();
// Call the API and handle any network failures.
try {
/** @var Finding $response */
$response = $securityCenterClient->updateFinding($finding);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
updateNotificationConfig
Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter
| Parameters | |
|---|---|
| Name | Description |
notificationConfig |
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig
Required. The notification config to update. |
optionalArgs |
array
Optional. |
↳ updateMask |
FieldMask
The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_notification_config_sample(): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$notificationConfig = new NotificationConfig();
// Call the API and handle any network failures.
try {
/** @var NotificationConfig $response */
$response = $securityCenterClient->updateNotificationConfig($notificationConfig);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
updateOrganizationSettings
Updates an organization's settings.
| Parameters | |
|---|---|
| Name | Description |
organizationSettings |
Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings
Required. The organization settings resource to update. |
optionalArgs |
array
Optional. |
↳ updateMask |
FieldMask
The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_organization_settings_sample(): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$organizationSettings = new OrganizationSettings();
// Call the API and handle any network failures.
try {
/** @var OrganizationSettings $response */
$response = $securityCenterClient->updateOrganizationSettings($organizationSettings);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
updateSecurityMarks
Updates security marks.
| Parameters | |
|---|---|
| Name | Description |
securityMarks |
Google\Cloud\SecurityCenter\V1p1beta1\SecurityMarks
Required. The security marks resource to update. |
optionalArgs |
array
Optional. |
↳ updateMask |
FieldMask
The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.<mark_key>". |
↳ startTime |
Timestamp
The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\SecurityMarks |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityMarks;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_security_marks_sample(): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$securityMarks = new SecurityMarks();
// Call the API and handle any network failures.
try {
/** @var SecurityMarks $response */
$response = $securityCenterClient->updateSecurityMarks($securityMarks);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
updateSource
Updates a source.
| Parameters | |
|---|---|
| Name | Description |
source |
Google\Cloud\SecurityCenter\V1p1beta1\Source
Required. The source resource to update. |
optionalArgs |
array
Optional. |
↳ updateMask |
FieldMask
The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\SecurityCenter\V1p1beta1\Source |
|
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_source_sample(): void
{
// Create a client.
$securityCenterClient = new SecurityCenterClient();
// Prepare any non-scalar elements to be passed along with the request.
$source = new Source();
// Call the API and handle any network failures.
try {
/** @var Source $response */
$response = $securityCenterClient->updateSource($source);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
getOperationsClient
Return an OperationsClient object with the same endpoint as $this.
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\LongRunning\OperationsClient |
|
resumeOperation
Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.
| Parameters | |
|---|---|
| Name | Description |
operationName |
string
The name of the long running operation |
methodName |
string
The name of the method used to start the operation |
| Returns | |
|---|---|
| Type | Description |
Google\ApiCore\OperationResponse |
|
static::findingName
Formats a string containing the fully-qualified path to represent a finding resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted finding resource. |
static::folderName
Formats a string containing the fully-qualified path to represent a folder resource.
| Parameter | |
|---|---|
| Name | Description |
folder |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted folder resource. |
static::folderAssetSecurityMarksName
Formats a string containing the fully-qualified path to represent a folder_asset_securityMarks resource.
| Parameters | |
|---|---|
| Name | Description |
folder |
string
|
asset |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted folder_asset_securityMarks resource. |
static::folderSourceName
Formats a string containing the fully-qualified path to represent a folder_source resource.
| Parameters | |
|---|---|
| Name | Description |
folder |
string
|
source |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted folder_source resource. |
static::folderSourceFindingName
Formats a string containing the fully-qualified path to represent a folder_source_finding resource.
| Parameters | |
|---|---|
| Name | Description |
folder |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted folder_source_finding resource. |
static::folderSourceFindingSecurityMarksName
Formats a string containing the fully-qualified path to represent a folder_source_finding_securityMarks resource.
| Parameters | |
|---|---|
| Name | Description |
folder |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted folder_source_finding_securityMarks resource. |
static::notificationConfigName
Formats a string containing the fully-qualified path to represent a notification_config resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
notificationConfig |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted notification_config resource. |
static::organizationName
Formats a string containing the fully-qualified path to represent a organization resource.
| Parameter | |
|---|---|
| Name | Description |
organization |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted organization resource. |
static::organizationAssetSecurityMarksName
Formats a string containing the fully-qualified path to represent a organization_asset_securityMarks resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
asset |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted organization_asset_securityMarks resource. |
static::organizationSettingsName
Formats a string containing the fully-qualified path to represent a organization_settings resource.
| Parameter | |
|---|---|
| Name | Description |
organization |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted organization_settings resource. |
static::organizationSourceName
Formats a string containing the fully-qualified path to represent a organization_source resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
source |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted organization_source resource. |
static::organizationSourceFindingName
Formats a string containing the fully-qualified path to represent a organization_source_finding resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted organization_source_finding resource. |
static::organizationSourceFindingSecurityMarksName
Formats a string containing the fully-qualified path to represent a organization_source_finding_securityMarks resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted organization_source_finding_securityMarks resource. |
static::projectName
Formats a string containing the fully-qualified path to represent a project resource.
| Parameter | |
|---|---|
| Name | Description |
project |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted project resource. |
static::projectAssetSecurityMarksName
Formats a string containing the fully-qualified path to represent a project_asset_securityMarks resource.
| Parameters | |
|---|---|
| Name | Description |
project |
string
|
asset |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted project_asset_securityMarks resource. |
static::projectSourceName
Formats a string containing the fully-qualified path to represent a project_source resource.
| Parameters | |
|---|---|
| Name | Description |
project |
string
|
source |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted project_source resource. |
static::projectSourceFindingName
Formats a string containing the fully-qualified path to represent a project_source_finding resource.
| Parameters | |
|---|---|
| Name | Description |
project |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted project_source_finding resource. |
static::projectSourceFindingSecurityMarksName
Formats a string containing the fully-qualified path to represent a project_source_finding_securityMarks resource.
| Parameters | |
|---|---|
| Name | Description |
project |
string
|
source |
string
|
finding |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted project_source_finding_securityMarks resource. |
static::securityMarksName
Formats a string containing the fully-qualified path to represent a security_marks resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
asset |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted security_marks resource. |
static::sourceName
Formats a string containing the fully-qualified path to represent a source resource.
| Parameters | |
|---|---|
| Name | Description |
organization |
string
|
source |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted source resource. |
static::topicName
Formats a string containing the fully-qualified path to represent a topic resource.
| Parameters | |
|---|---|
| Name | Description |
project |
string
|
topic |
string
|
| Returns | |
|---|---|
| Type | Description |
string |
The formatted topic resource. |
static::parseName
Parses a formatted name string and returns an associative array of the components in the name.
The following name formats are supported: Template: Pattern
- finding: organizations/{organization}/sources/{source}/findings/{finding}
- folder: folders/{folder}
- folderAssetSecurityMarks: folders/{folder}/assets/{asset}/securityMarks
- folderSource: folders/{folder}/sources/{source}
- folderSourceFinding: folders/{folder}/sources/{source}/findings/{finding}
- folderSourceFindingSecurityMarks: folders/{folder}/sources/{source}/findings/{finding}/securityMarks
- notificationConfig: organizations/{organization}/notificationConfigs/{notification_config}
- organization: organizations/{organization}
- organizationAssetSecurityMarks: organizations/{organization}/assets/{asset}/securityMarks
- organizationSettings: organizations/{organization}/organizationSettings
- organizationSource: organizations/{organization}/sources/{source}
- organizationSourceFinding: organizations/{organization}/sources/{source}/findings/{finding}
- organizationSourceFindingSecurityMarks: organizations/{organization}/sources/{source}/findings/{finding}/securityMarks
- project: projects/{project}
- projectAssetSecurityMarks: projects/{project}/assets/{asset}/securityMarks
- projectSource: projects/{project}/sources/{source}
- projectSourceFinding: projects/{project}/sources/{source}/findings/{finding}
- projectSourceFindingSecurityMarks: projects/{project}/sources/{source}/findings/{finding}/securityMarks
- securityMarks: organizations/{organization}/assets/{asset}/securityMarks
- source: organizations/{organization}/sources/{source}
- topic: projects/{project}/topics/{topic}
The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.
| Parameters | |
|---|---|
| Name | Description |
formattedName |
string
The formatted name string |
template |
string
Optional name of template to match |
| Returns | |
|---|---|
| Type | Description |
array |
An associative array from name component IDs to component values. |
Constants
SERVICE_NAME
Value: 'google.cloud.securitycenter.v1p1beta1.SecurityCenter'The name of the service.
SERVICE_ADDRESS
Value: 'securitycenter.googleapis.com'The default address of the service.
DEFAULT_SERVICE_PORT
Value: 443The default port of the service.
CODEGEN_NAME
Value: 'gapic'The name of the code generator, to be included in the agent header.