feat(securitycenter): update the api

#### securitycenter:v1beta2 The following keys were added: - schemas.AzureResourceGroup.properties.id.type (Total Keys: 1) - schemas.CelPolicySpec (Total Keys: 3) - schemas.GoogleCloudSecuritycenterV1CustomConfig.properties.celPolicy.$ref (Total Keys: 1) - schemas.GoogleCloudSecuritycenterV2AzureResourceGroup.properties.id.type (Total Keys: 1)
googleapis · Oct 15, 2024 · 87e6b17 · 87e6b17
1 parent fdb5e8a
commit 87e6b17
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
@@ -1993,7 +1993,7 @@
 }
 }
 },
-"revision": "20240927",
+"revision": "20241004",
 "rootUrl": "https://securitycenter.googleapis.com/",
 "schemas": {
 "Access": {
@@ -2291,6 +2291,10 @@
 "description": "Represents an Azure resource group.",
 "id": "AzureResourceGroup",
 "properties": {
+"id": {
+"description": "The ID of the Azure resource group.",
+"type": "string"
+},
 "name": {
 "description": "The name of the Azure resource group. This is not a UUID.",
 "type": "string"
@@ -2385,6 +2389,17 @@
 },
 "type": "object"
 },
+"CelPolicySpec": {
+"description": "YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: \"compute.googleapis.com/Instance\" - resource_types: \"compute.googleapis.com/Firewall\" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: > instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies.",
+"id": "CelPolicySpec",
+"properties": {
+"spec": {
+"description": "The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "CloudArmor": {
 "description": "Fields related to Google Cloud Armor findings.",
 "id": "CloudArmor",
@@ -3782,6 +3797,10 @@
 "description": "Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.",
 "id": "GoogleCloudSecuritycenterV1CustomConfig",
 "properties": {
+"celPolicy": {
+"$ref": "CelPolicySpec",
+"description": "The CEL policy spec attached to the custom module."
+},
 "customOutput": {
 "$ref": "GoogleCloudSecuritycenterV1CustomOutputSpec",
 "description": "Custom output properties."
@@ -4864,6 +4883,10 @@
 "description": "Represents an Azure resource group.",
 "id": "GoogleCloudSecuritycenterV2AzureResourceGroup",
 "properties": {
+"id": {
+"description": "The ID of the Azure resource group.",
+"type": "string"
+},
 "name": {
 "description": "The name of the Azure resource group. This is not a UUID.",
 "type": "string"