SecurityCenterClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.securitycenter_v1p1beta1.services.security_center.transports.base.SecurityCenterTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
V1p1Beta1 APIs for Security Center service.
Properties
transport
Return the transport used by the client instance.
Returns | |
---|---|
Type | Description |
SecurityCenterTransport | The transport used by the client instance. |
Methods
SecurityCenterClient
SecurityCenterClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.securitycenter_v1p1beta1.services.security_center.transports.base.SecurityCenterTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiate the security center client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str,
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
client_options_lib.ClientOptions
Custom options for the client. It won't take effect if a |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
asset_path
asset_path(organization: str, asset: str)
Return a fully-qualified asset string.
common_billing_account_path
common_billing_account_path(billing_account: str)
Return a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Return a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Return a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Return a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Return a fully-qualified project string.
create_finding
create_finding(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.CreateFindingRequest] = None, *, parent: Optional[str] = None, finding_id: Optional[str] = None, finding: Optional[google.cloud.securitycenter_v1p1beta1.types.finding.Finding] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a finding. The corresponding source must exist for finding creation to succeed.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for creating a finding. |
parent |
Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". This corresponds to the |
finding_id |
Required. Unique identifier provided by the client within the parent scope. This corresponds to the |
finding |
Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding. |
create_notification_config
create_notification_config(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.CreateNotificationConfigRequest] = None, *, parent: Optional[str] = None, config_id: Optional[str] = None, notification_config: Optional[google.cloud.securitycenter_v1p1beta1.types.notification_config.NotificationConfig] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a notification config.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for creating a notification config. |
parent |
Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". This corresponds to the |
config_id |
Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. This corresponds to the |
notification_config |
Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center notification configs. A notification config is a Security Command Center resource that contains the configuration to send notifications for create/update events of findings, assets and etc. |
create_source
create_source(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.CreateSourceRequest] = None, *, parent: Optional[str] = None, source: Optional[google.cloud.securitycenter_v1p1beta1.types.source.Source] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a source.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for creating a source. |
parent |
Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". This corresponds to the |
source |
Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc. |
delete_notification_config
delete_notification_config(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.DeleteNotificationConfigRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Deletes a notification config.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for deleting a notification config. |
name |
Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
finding_path
finding_path(organization: str, source: str, finding: str)
Return a fully-qualified finding string.
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
{@api.name} | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
{@api.name} | The constructed client. |
get_iam_policy
get_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the access control policy on the specified Source.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings . A binding binds one or more members to a single role . Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition , which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" ::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __. |
get_notification_config
get_notification_config(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.GetNotificationConfigRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets a notification config.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for getting a notification config. |
name |
Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center notification configs. A notification config is a Security Command Center resource that contains the configuration to send notifications for create/update events of findings, assets and etc. |
get_organization_settings
get_organization_settings(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.GetOrganizationSettingsRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the settings for an organization.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for getting organization settings. |
name |
Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| User specified settings that are attached to the Security Command Center organization. |
get_source
get_source(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.GetSourceRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets a source.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for getting a source. |
name |
Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc. |
group_assets
group_assets(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.GroupAssetsRequest] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Filters an organization's assets and groups them by their specified properties.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for grouping by assets. |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for grouping by assets. Iterating over this object will yield results and resolve additional pages automatically. |
group_findings
group_findings(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.GroupFindingsRequest] = None, *, parent: Optional[str] = None, group_by: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Filters an organization or source's findings and groups them by their specified properties.
To group across all sources provide a -
as the source id.
Example:
/v1p1beta1/organizations/{organization_id}/sources/-/findings
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for grouping by findings. |
parent |
Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of |
group_by |
Required. Expression that defines what assets fields to use for grouping (including |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for group by findings. Iterating over this object will yield results and resolve additional pages automatically. |
list_assets
list_assets(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.ListAssetsRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists an organization's assets.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for listing assets. |
parent |
Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for listing assets. Iterating over this object will yield results and resolve additional pages automatically. |
list_findings
list_findings(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.ListFindingsRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists an organization or source's findings.
To list across all sources provide a -
as the source id.
Example:
/v1p1beta1/organizations/{organization_id}/sources/-/findings
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for listing findings. |
parent |
Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for listing findings. Iterating over this object will yield results and resolve additional pages automatically. |
list_notification_configs
list_notification_configs(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.ListNotificationConfigsRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists notification configs.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for listing notification configs. |
parent |
Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for listing notification configs. Iterating over this object will yield results and resolve additional pages automatically. |
list_sources
list_sources(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.ListSourcesRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists all sources belonging to an organization.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for listing sources. |
parent |
Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for listing sources. Iterating over this object will yield results and resolve additional pages automatically. |
notification_config_path
notification_config_path(organization: str, notification_config: str)
Return a fully-qualified notification_config string.
organization_settings_path
organization_settings_path(organization: str)
Return a fully-qualified organization_settings string.
parse_asset_path
parse_asset_path(path: str)
Parse a asset path into its component segments.
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_finding_path
parse_finding_path(path: str)
Parse a finding path into its component segments.
parse_notification_config_path
parse_notification_config_path(path: str)
Parse a notification_config path into its component segments.
parse_organization_settings_path
parse_organization_settings_path(path: str)
Parse a organization_settings path into its component segments.
parse_security_marks_path
parse_security_marks_path(path: str)
Parse a security_marks path into its component segments.
parse_source_path
parse_source_path(path: str)
Parse a source path into its component segments.
parse_topic_path
parse_topic_path(path: str)
Parse a topic path into its component segments.
run_asset_discovery
run_asset_discovery(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.RunAssetDiscoveryRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Runs asset discovery. The discovery is tracked with a long-running operation.
This API can only be called with limited frequency for an organization. If it is called too frequently the caller will receive a TOO_MANY_REQUESTS error.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for running asset discovery for an organization. |
parent |
Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| An object representing a long-running operation. The result type for the operation will be .run_asset_discovery_response.RunAssetDiscoveryResponse |
security_marks_path
security_marks_path(organization: str, asset: str)
Return a fully-qualified security_marks string.
set_finding_state
set_finding_state(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.SetFindingStateRequest] = None, *, name: Optional[str] = None, state: Optional[google.cloud.securitycenter_v1p1beta1.types.finding.Finding.State] = None, start_time: Optional[google.protobuf.timestamp_pb2.Timestamp] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates the state of a finding.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for updating a finding's state. |
name |
Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". This corresponds to the |
state |
Required. The desired State of the finding. This corresponds to the |
start_time |
Required. The time at which the updated state takes effect. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding. |
set_iam_policy
set_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Sets the access control policy on the specified Source.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings . A binding binds one or more members to a single role . Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition , which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" ::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __. |
source_path
source_path(organization: str, source: str)
Return a fully-qualified source string.
test_iam_permissions
test_iam_permissions(request: Optional[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest] = None, *, resource: Optional[str] = None, permissions: Optional[Sequence[str]] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Returns the permissions that a caller has on the specified source.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
permissions |
:class:
The set of permissions to check for the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for TestIamPermissions method. |
topic_path
topic_path(project: str, topic: str)
Return a fully-qualified topic string.
update_finding
update_finding(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.UpdateFindingRequest] = None, *, finding: Optional[google.cloud.securitycenter_v1p1beta1.types.finding.Finding] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for updating or creating a finding. |
finding |
Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. This corresponds to the |
update_mask |
The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding. |
update_notification_config
update_notification_config(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.UpdateNotificationConfigRequest] = None, *, notification_config: Optional[google.cloud.securitycenter_v1p1beta1.types.notification_config.NotificationConfig] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for updating a notification config. |
notification_config |
Required. The notification config to update. This corresponds to the |
update_mask |
The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center notification configs. A notification config is a Security Command Center resource that contains the configuration to send notifications for create/update events of findings, assets and etc. |
update_organization_settings
update_organization_settings(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.UpdateOrganizationSettingsRequest] = None, *, organization_settings: Optional[google.cloud.securitycenter_v1p1beta1.types.organization_settings.OrganizationSettings] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates an organization's settings.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for updating an organization's settings. |
organization_settings |
Required. The organization settings resource to update. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| User specified settings that are attached to the Security Command Center organization. |
update_security_marks
update_security_marks(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.UpdateSecurityMarksRequest] = None, *, security_marks: Optional[google.cloud.securitycenter_v1p1beta1.types.security_marks.SecurityMarks] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates security marks.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for updating a SecurityMarks resource. |
security_marks |
Required. The security marks resource to update. This corresponds to the |
update_mask |
The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.<mark_key>". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization. |
update_source
update_source(request: Optional[google.cloud.securitycenter_v1p1beta1.types.securitycenter_service.UpdateSourceRequest] = None, *, source: Optional[google.cloud.securitycenter_v1p1beta1.types.source.Source] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates a source.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for updating a source. |
source |
Required. The source resource to update. This corresponds to the |
update_mask |
The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc. |