You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/securitycenter_v1.folders.securityHealthAnalyticsSettings.customModules.html
+15-6Lines changed: 15 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -583,7 +583,7 @@ <h3>Method Details</h3>
583
583
"members": [ # Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `[email protected]` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `[email protected]`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `[email protected]`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
584
584
"A String",
585
585
],
586
-
"role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
586
+
"role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
587
587
},
588
588
],
589
589
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -641,7 +641,7 @@ <h3>Method Details</h3>
641
641
"fullUri": "A String", # The full URI with payload that can be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H
642
642
},
643
643
"attackExposure": { # An attack exposure contains the results of an attack path simulation run. # The results of an attack path simulation relevant to this finding.
644
-
"attackExposureResult": "A String", # The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/attackExposureResults/456
644
+
"attackExposureResult": "A String", # The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/simulations/456/attackExposureResults/789
645
645
"exposedHighValueResourcesCount": 42, # The number of high value resources that are exposed as a result of this finding.
646
646
"exposedLowValueResourcesCount": 42, # The number of high value resources that are exposed as a result of this finding.
647
647
"exposedMediumValueResourcesCount": 42, # The number of medium value resources that are exposed as a result of this finding.
@@ -1043,10 +1043,19 @@ <h3>Method Details</h3>
1043
1043
"name": "A String", # The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
1044
1044
},
1045
1045
"securityPosture": { # Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud. # The security posture associated with the finding.
1046
-
"changedPolicy": "A String", # The name of the policy that has been updated, for example, `projects/{project_id}/policies/{constraint_name}`.
1047
-
"name": "A String", # Name of the posture, for example, `organizations/{org_id}/locations/{location}/postures/{posture_name}`.
1048
-
"postureDeployment": "A String", # The name of the posture deployment, for example, `projects/{project_id}/posturedeployments/{posture_deployment_id}`.
1049
-
"postureDeploymentResource": "A String", # The project, folder, or organization on which the posture is deployed, for example, `projects/{project_id}`.
1046
+
"changedPolicy": "A String", # The name of the updated policy, for example, `projects/{project_id}/policies/{constraint_name}`.
1047
+
"name": "A String", # Name of the posture, for example, `CIS-Posture`.
1048
+
"policy": "A String", # The ID of the updated policy, for example, `compute-policy-1`.
1049
+
"policyDriftDetails": [ # The details about a change in an updated policy that violates the deployed posture.
1050
+
{ # The policy field that violates the deployed posture and its expected and and detected values.
1051
+
"detectedValue": "A String", # The detected value that violates the deployed posture, for example, `false` or `allowed_values={"projects/22831892”}`.
1052
+
"expectedValue": "A String", # The value of this field that was configured in a posture, for example, `true` or `allowed_values={"projects/29831892”}`.
1053
+
"field": "A String", # The name of the updated field, for example constraint.implementation.policy_rules[0].enforce
1054
+
},
1055
+
],
1056
+
"policySet": "A String", # The name of the updated policyset, for example, `cis-policyset`.
1057
+
"postureDeployment": "A String", # The name of the posture deployment, for example, `organizations/{org_id}/posturedeployments/{posture_deployment_id}`.
1058
+
"postureDeploymentResource": "A String", # The project, folder, or organization on which the posture is deployed, for example, `projects/{project_number}`.
1050
1059
"revisionId": "A String", # The version of the posture, for example, `c7cfa2a8`.
1051
1060
},
1052
1061
"severity": "A String", # The severity of the finding. This field is managed by the source that writes the finding.
0 commit comments