diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json index 856b7f65da..1dceb3abbc 100644 --- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json +++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json @@ -1993,7 +1993,7 @@ } } }, -"revision": "20240927", +"revision": "20241004", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -2291,6 +2291,10 @@ "description": "Represents an Azure resource group.", "id": "AzureResourceGroup", "properties": { +"id": { +"description": "The ID of the Azure resource group.", +"type": "string" +}, "name": { "description": "The name of the Azure resource group. This is not a UUID.", "type": "string" @@ -2385,6 +2389,17 @@ }, "type": "object" }, +"CelPolicySpec": { +"description": "YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: \"compute.googleapis.com/Instance\" - resource_types: \"compute.googleapis.com/Firewall\" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: > instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies.", +"id": "CelPolicySpec", +"properties": { +"spec": { +"description": "The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false.", +"type": "string" +} +}, +"type": "object" +}, "CloudArmor": { "description": "Fields related to Google Cloud Armor findings.", "id": "CloudArmor", @@ -3782,6 +3797,10 @@ "description": "Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.", "id": "GoogleCloudSecuritycenterV1CustomConfig", "properties": { +"celPolicy": { +"$ref": "CelPolicySpec", +"description": "The CEL policy spec attached to the custom module." +}, "customOutput": { "$ref": "GoogleCloudSecuritycenterV1CustomOutputSpec", "description": "Custom output properties." @@ -4864,6 +4883,10 @@ "description": "Represents an Azure resource group.", "id": "GoogleCloudSecuritycenterV2AzureResourceGroup", "properties": { +"id": { +"description": "The ID of the Azure resource group.", +"type": "string" +}, "name": { "description": "The name of the Azure resource group. This is not a UUID.", "type": "string"