diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py index 6021ddf1711a..c92bf1f4b387 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py @@ -23,8 +23,15 @@ from google.cloud.securitycenter_v1.types.access import Access, Geolocation from google.cloud.securitycenter_v1.types.asset import Asset from google.cloud.securitycenter_v1.types.bigquery_export import BigQueryExport +from google.cloud.securitycenter_v1.types.compliance import Compliance from google.cloud.securitycenter_v1.types.connection import Connection +from google.cloud.securitycenter_v1.types.contact_details import Contact, ContactDetails +from google.cloud.securitycenter_v1.types.exfiltration import ( + ExfilResource, + Exfiltration, +) from google.cloud.securitycenter_v1.types.external_system import ExternalSystem +from google.cloud.securitycenter_v1.types.file import File from google.cloud.securitycenter_v1.types.finding import Finding from google.cloud.securitycenter_v1.types.folder import Folder from google.cloud.securitycenter_v1.types.iam_binding import IamBinding @@ -38,6 +45,7 @@ from google.cloud.securitycenter_v1.types.organization_settings import ( OrganizationSettings, ) +from google.cloud.securitycenter_v1.types.process import EnvironmentVariable, Process from google.cloud.securitycenter_v1.types.resource import Resource from google.cloud.securitycenter_v1.types.run_asset_discovery_response import ( RunAssetDiscoveryResponse, @@ -103,8 +111,14 @@ "Geolocation", "Asset", "BigQueryExport", + "Compliance", "Connection", + "Contact", + "ContactDetails", + "ExfilResource", + "Exfiltration", "ExternalSystem", + "File", "Finding", "Folder", "IamBinding", @@ -114,6 +128,8 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "EnvironmentVariable", + "Process", "Resource", "RunAssetDiscoveryResponse", "SecurityMarks", diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py index 5ab63a3834e7..1c989b555bdf 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py @@ -18,8 +18,12 @@ from .types.access import Access, Geolocation from .types.asset import Asset from .types.bigquery_export import BigQueryExport +from .types.compliance import Compliance from .types.connection import Connection +from .types.contact_details import Contact, ContactDetails +from .types.exfiltration import ExfilResource, Exfiltration from .types.external_system import ExternalSystem +from .types.file import File from .types.finding import Finding from .types.folder import Folder from .types.iam_binding import IamBinding @@ -29,6 +33,7 @@ from .types.notification_config import NotificationConfig from .types.notification_message import NotificationMessage from .types.organization_settings import OrganizationSettings +from .types.process import EnvironmentVariable, Process from .types.resource import Resource from .types.run_asset_discovery_response import RunAssetDiscoveryResponse from .types.security_marks import SecurityMarks @@ -87,7 +92,10 @@ "BigQueryExport", "BulkMuteFindingsRequest", "BulkMuteFindingsResponse", + "Compliance", "Connection", + "Contact", + "ContactDetails", "CreateBigQueryExportRequest", "CreateFindingRequest", "CreateMuteConfigRequest", @@ -98,7 +106,11 @@ "DeleteBigQueryExportRequest", "DeleteMuteConfigRequest", "DeleteNotificationConfigRequest", + "EnvironmentVariable", + "ExfilResource", + "Exfiltration", "ExternalSystem", + "File", "Finding", "Folder", "Geolocation", @@ -131,6 +143,7 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "Process", "Reference", "Resource", "RunAssetDiscoveryRequest", diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py index 66489e75405b..d7d5a114db29 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py @@ -40,8 +40,15 @@ from google.protobuf import timestamp_pb2 # type: ignore from google.cloud.securitycenter_v1.services.security_center import pagers -from google.cloud.securitycenter_v1.types import access, bigquery_export, connection +from google.cloud.securitycenter_v1.types import ( + access, + bigquery_export, + compliance, + connection, + exfiltration, +) from google.cloud.securitycenter_v1.types import iam_binding, indicator, mitre_attack +from google.cloud.securitycenter_v1.types import process, run_asset_discovery_response from google.cloud.securitycenter_v1.types import external_system as gcs_external_system from google.cloud.securitycenter_v1.types import ( notification_config as gcs_notification_config, @@ -56,7 +63,6 @@ from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import organization_settings -from google.cloud.securitycenter_v1.types import run_asset_discovery_response from google.cloud.securitycenter_v1.types import security_marks from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py index 9de82d0495fe..ae5eb0bdb877 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py @@ -43,8 +43,15 @@ from google.protobuf import timestamp_pb2 # type: ignore from google.cloud.securitycenter_v1.services.security_center import pagers -from google.cloud.securitycenter_v1.types import access, bigquery_export, connection +from google.cloud.securitycenter_v1.types import ( + access, + bigquery_export, + compliance, + connection, + exfiltration, +) from google.cloud.securitycenter_v1.types import iam_binding, indicator, mitre_attack +from google.cloud.securitycenter_v1.types import process, run_asset_discovery_response from google.cloud.securitycenter_v1.types import external_system as gcs_external_system from google.cloud.securitycenter_v1.types import ( notification_config as gcs_notification_config, @@ -59,7 +66,6 @@ from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import organization_settings -from google.cloud.securitycenter_v1.types import run_asset_discovery_response from google.cloud.securitycenter_v1.types import security_marks from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source @@ -632,6 +638,7 @@ def __init__( quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=True, + api_audience=client_options.api_audience, ) def bulk_mute_findings( diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py index 2dba334fceed..abd748d0cbf7 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py @@ -75,6 +75,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, **kwargs, ) -> None: """Instantiate the transport. @@ -102,11 +103,6 @@ def __init__( be used for service account credentials. """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} # Save the scopes. @@ -127,6 +123,11 @@ def __init__( credentials, _ = google.auth.default( **scopes_kwargs, quota_project_id=quota_project_id ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) # If the credentials are service account credentials, then always try to use self signed JWT. if ( @@ -139,6 +140,11 @@ def __init__( # Save the credentials. self._credentials = credentials + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py index aff9a3231f67..7926759ddb4d 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py @@ -78,6 +78,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -174,6 +175,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py index cd3dd78f2a05..6cb585c4425b 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py @@ -123,6 +123,7 @@ def __init__( quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -219,6 +220,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py index 99528e69167d..8303395eea43 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py @@ -16,8 +16,12 @@ from .access import Access, Geolocation from .asset import Asset from .bigquery_export import BigQueryExport +from .compliance import Compliance from .connection import Connection +from .contact_details import Contact, ContactDetails +from .exfiltration import ExfilResource, Exfiltration from .external_system import ExternalSystem +from .file import File from .finding import Finding from .folder import Folder from .iam_binding import IamBinding @@ -27,6 +31,7 @@ from .notification_config import NotificationConfig from .notification_message import NotificationMessage from .organization_settings import OrganizationSettings +from .process import EnvironmentVariable, Process from .resource import Resource from .run_asset_discovery_response import RunAssetDiscoveryResponse from .security_marks import SecurityMarks @@ -83,8 +88,14 @@ "Geolocation", "Asset", "BigQueryExport", + "Compliance", "Connection", + "Contact", + "ContactDetails", + "ExfilResource", + "Exfiltration", "ExternalSystem", + "File", "Finding", "Folder", "IamBinding", @@ -94,6 +105,8 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "EnvironmentVariable", + "Process", "Resource", "RunAssetDiscoveryResponse", "SecurityMarks", diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py new file mode 100644 index 000000000000..b096b6fa6230 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "Compliance", + }, +) + + +class Compliance(proto.Message): + r"""Contains compliance information about a security standard + indicating unmet recommendations. + + Attributes: + standard (str): + Refers to industry wide standards or + benchmarks e.g. "cis", "pci", "owasp", etc. + version (str): + Version of the standard/benchmark e.g. 1.1 + ids (Sequence[str]): + Policies within the standard/benchmark e.g. + A.12.4.1 + """ + + standard = proto.Field( + proto.STRING, + number=1, + ) + version = proto.Field( + proto.STRING, + number=2, + ) + ids = proto.RepeatedField( + proto.STRING, + number=3, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py new file mode 100644 index 000000000000..d74a54e63353 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "ContactDetails", + "Contact", + }, +) + + +class ContactDetails(proto.Message): + r"""The details pertaining to specific contacts + + Attributes: + contacts (Sequence[google.cloud.securitycenter_v1.types.Contact]): + A list of contacts + """ + + contacts = proto.RepeatedField( + proto.MESSAGE, + number=1, + message="Contact", + ) + + +class Contact(proto.Message): + r"""Representa a single contact's email address + + Attributes: + email (str): + An email address e.g. "person123@company.com". + """ + + email = proto.Field( + proto.STRING, + number=1, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py new file mode 100644 index 000000000000..f7c4e71d97d5 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py @@ -0,0 +1,84 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "Exfiltration", + "ExfilResource", + }, +) + + +class Exfiltration(proto.Message): + r"""Exfiltration represents a data exfiltration attempt of one or + more sources to one or more targets. Sources represent the + source of data that is exfiltrated, and Targets represents the + destination the data was copied to. + + Attributes: + sources (Sequence[google.cloud.securitycenter_v1.types.ExfilResource]): + If there are multiple sources, then the data + is considered "joined" between them. For + instance, BigQuery can join multiple tables, and + each table would be considered a source. + targets (Sequence[google.cloud.securitycenter_v1.types.ExfilResource]): + If there are multiple targets, each target + would get a complete copy of the "joined" source + data. + """ + + sources = proto.RepeatedField( + proto.MESSAGE, + number=1, + message="ExfilResource", + ) + targets = proto.RepeatedField( + proto.MESSAGE, + number=2, + message="ExfilResource", + ) + + +class ExfilResource(proto.Message): + r"""Resource that has been exfiltrated or exfiltrated_to. + + Attributes: + name (str): + Resource's URI + (https://google.aip.dev/122#full-resource-names) + components (Sequence[str]): + Subcomponents of the asset that is + exfiltrated - these could be URIs used during + exfiltration, table names, databases, filenames, + etc. For example, multiple tables may be + exfiltrated from the same CloudSQL instance, or + multiple files from the same Cloud Storage + bucket. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + components = proto.RepeatedField( + proto.STRING, + number=2, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py new file mode 100644 index 000000000000..64d65725418e --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py @@ -0,0 +1,79 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "File", + }, +) + + +class File(proto.Message): + r"""File information about the related binary/library used by an + executable, or the script used by a script interpreter + + Attributes: + path (str): + Absolute path of the file as a JSON encoded + string. + size (int): + Size of the file in bytes. + sha256 (str): + SHA256 hash of the first hashed_size bytes of the file + encoded as a hex string. If hashed_size == size, sha256 + represents the SHA256 hash of the entire file. + hashed_size (int): + The length in bytes of the file prefix that was hashed. If + hashed_size == size, any hashes reported represent the + entire file. + partially_hashed (bool): + True when the hash covers only a prefix of + the file. + contents (str): + Prefix of the file contents as a JSON encoded + string. (Currently only populated for Malicious + Script Executed findings.) + """ + + path = proto.Field( + proto.STRING, + number=1, + ) + size = proto.Field( + proto.INT64, + number=2, + ) + sha256 = proto.Field( + proto.STRING, + number=3, + ) + hashed_size = proto.Field( + proto.INT64, + number=4, + ) + partially_hashed = proto.Field( + proto.BOOL, + number=5, + ) + contents = proto.Field( + proto.STRING, + number=6, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py index 98c651797636..9793c9e561a2 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py @@ -17,16 +17,15 @@ from google.protobuf import timestamp_pb2 # type: ignore import proto # type: ignore -from google.cloud.securitycenter_v1.types import ( - connection, - external_system, - iam_binding, -) +from google.cloud.securitycenter_v1.types import compliance, connection, contact_details +from google.cloud.securitycenter_v1.types import exfiltration as gcs_exfiltration from google.cloud.securitycenter_v1.types import mitre_attack as gcs_mitre_attack from google.cloud.securitycenter_v1.types import security_marks as gcs_security_marks from google.cloud.securitycenter_v1.types import vulnerability as gcs_vulnerability from google.cloud.securitycenter_v1.types import access as gcs_access +from google.cloud.securitycenter_v1.types import external_system, iam_binding from google.cloud.securitycenter_v1.types import indicator as gcs_indicator +from google.cloud.securitycenter_v1.types import process __protobuf__ = proto.module( package="google.cloud.securitycenter.v1", @@ -152,8 +151,38 @@ class Finding(proto.Message): muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. + processes (Sequence[google.cloud.securitycenter_v1.types.Process]): + Represents operating system processes + associated with the Finding. + contacts (Mapping[str, google.cloud.securitycenter_v1.types.ContactDetails]): + Output only. Map containing the point of contacts for the + given finding. The key represents the type of contact, while + the value contains a list of all the contacts that pertain. + Please refer to: + https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories + + :: + + { + "security": { + "contacts": [ + { + "email": "person1@company.com" + }, + { + "email": "person2@company.com" + } + ] + } + } + compliances (Sequence[google.cloud.securitycenter_v1.types.Compliance]): + Contains compliance information for security + standards associated to the finding. description (str): Contains more detail about the finding. + exfiltration (google.cloud.securitycenter_v1.types.Exfiltration): + Represents exfiltration associated with the + Finding. iam_bindings (Sequence[google.cloud.securitycenter_v1.types.IamBinding]): Represents IAM bindings associated with the Finding. @@ -296,10 +325,31 @@ class FindingClass(proto.Enum): proto.STRING, number=28, ) + processes = proto.RepeatedField( + proto.MESSAGE, + number=30, + message=process.Process, + ) + contacts = proto.MapField( + proto.STRING, + proto.MESSAGE, + number=33, + message=contact_details.ContactDetails, + ) + compliances = proto.RepeatedField( + proto.MESSAGE, + number=34, + message=compliance.Compliance, + ) description = proto.Field( proto.STRING, number=37, ) + exfiltration = proto.Field( + proto.MESSAGE, + number=38, + message=gcs_exfiltration.Exfiltration, + ) iam_bindings = proto.RepeatedField( proto.MESSAGE, number=39, diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py index 90c64e3c22e8..f6c7fa810b9a 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py @@ -36,8 +36,104 @@ class Indicator(proto.Message): Finding. domains (Sequence[str]): List of domains associated to the Finding. + signatures (Sequence[google.cloud.securitycenter_v1.types.Indicator.ProcessSignature]): + The list of matched signatures indicating + that the given process is present in the + environment. """ + class ProcessSignature(proto.Message): + r"""Indicates what signature matched this process. + + This message has `oneof`_ fields (mutually exclusive fields). + For each oneof, at most one member field can be set at the same time. + Setting any member of the oneof automatically clears all other + members. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + memory_hash_signature (google.cloud.securitycenter_v1.types.Indicator.ProcessSignature.MemoryHashSignature): + Signature indicating that a binary family was + matched. + + This field is a member of `oneof`_ ``signature``. + yara_rule_signature (google.cloud.securitycenter_v1.types.Indicator.ProcessSignature.YaraRuleSignature): + Signature indicating that a YARA rule was + matched. + + This field is a member of `oneof`_ ``signature``. + """ + + class MemoryHashSignature(proto.Message): + r"""A signature corresponding to memory page hashes. + + Attributes: + binary_family (str): + The binary family. + detections (Sequence[google.cloud.securitycenter_v1.types.Indicator.ProcessSignature.MemoryHashSignature.Detection]): + The list of memory hash detections + contributing to the binary family match. + """ + + class Detection(proto.Message): + r"""Memory hash detection contributing to the binary family + match. + + Attributes: + binary (str): + The name of the binary associated with the + memory hash signature detection. + percent_pages_matched (float): + The percentage of memory page hashes in the + signature that were matched. + """ + + binary = proto.Field( + proto.STRING, + number=2, + ) + percent_pages_matched = proto.Field( + proto.DOUBLE, + number=3, + ) + + binary_family = proto.Field( + proto.STRING, + number=1, + ) + detections = proto.RepeatedField( + proto.MESSAGE, + number=4, + message="Indicator.ProcessSignature.MemoryHashSignature.Detection", + ) + + class YaraRuleSignature(proto.Message): + r"""A signature corresponding to a YARA rule. + + Attributes: + yara_rule (str): + The name of the YARA rule. + """ + + yara_rule = proto.Field( + proto.STRING, + number=5, + ) + + memory_hash_signature = proto.Field( + proto.MESSAGE, + number=6, + oneof="signature", + message="Indicator.ProcessSignature.MemoryHashSignature", + ) + yara_rule_signature = proto.Field( + proto.MESSAGE, + number=7, + oneof="signature", + message="Indicator.ProcessSignature.YaraRuleSignature", + ) + ip_addresses = proto.RepeatedField( proto.STRING, number=1, @@ -46,6 +142,11 @@ class Indicator(proto.Message): proto.STRING, number=2, ) + signatures = proto.RepeatedField( + proto.MESSAGE, + number=3, + message=ProcessSignature, + ) __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py index fa112fd39ae2..7de0015be623 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py @@ -75,7 +75,6 @@ class Tactic(proto.Enum): class Technique(proto.Enum): r"""MITRE ATT&CK techniques that can be referenced by SCC findings. See: https://attack.mitre.org/techniques/enterprise/ - Next ID: 31 """ TECHNIQUE_UNSPECIFIED = 0 ACTIVE_SCANNING = 1 @@ -108,6 +107,7 @@ class Technique(proto.Enum): MODIFY_AUTHENTICATION_PROCESS = 28 DATA_DESTRUCTION = 29 DOMAIN_POLICY_MODIFICATION = 30 + IMPAIR_DEFENSES = 31 primary_tactic = proto.Field( proto.ENUM, diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py new file mode 100644 index 000000000000..9d0327473719 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py @@ -0,0 +1,130 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +from google.cloud.securitycenter_v1.types import file + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "Process", + "EnvironmentVariable", + }, +) + + +class Process(proto.Message): + r"""Represents an operating system process. + + Attributes: + name (str): + The process name visible in utilities like ``top`` and + ``ps``; it can be accessed via ``/proc/[pid]/comm`` and + changed with ``prctl(PR_SET_NAME)``. + binary (google.cloud.securitycenter_v1.types.File): + File information for the process executable. + libraries (Sequence[google.cloud.securitycenter_v1.types.File]): + File information for libraries loaded by the + process. + script (google.cloud.securitycenter_v1.types.File): + When the process represents the invocation of a script, + ``binary`` provides information about the interpreter while + ``script`` provides information about the script file + provided to the interpreter. + args (Sequence[str]): + Process arguments as JSON encoded strings. + arguments_truncated (bool): + True if ``args`` is incomplete. + env_variables (Sequence[google.cloud.securitycenter_v1.types.EnvironmentVariable]): + Process environment variables. + env_variables_truncated (bool): + True if ``env_variables`` is incomplete. + pid (int): + The process id. + parent_pid (int): + The parent process id. + """ + + name = proto.Field( + proto.STRING, + number=12, + ) + binary = proto.Field( + proto.MESSAGE, + number=3, + message=file.File, + ) + libraries = proto.RepeatedField( + proto.MESSAGE, + number=4, + message=file.File, + ) + script = proto.Field( + proto.MESSAGE, + number=5, + message=file.File, + ) + args = proto.RepeatedField( + proto.STRING, + number=6, + ) + arguments_truncated = proto.Field( + proto.BOOL, + number=7, + ) + env_variables = proto.RepeatedField( + proto.MESSAGE, + number=8, + message="EnvironmentVariable", + ) + env_variables_truncated = proto.Field( + proto.BOOL, + number=9, + ) + pid = proto.Field( + proto.INT64, + number=10, + ) + parent_pid = proto.Field( + proto.INT64, + number=11, + ) + + +class EnvironmentVariable(proto.Message): + r"""EnvironmentVariable is a name-value pair to store environment + variables for Process. + + Attributes: + name (str): + Environment variable name as a JSON encoded + string. + val (str): + Environment variable value as a JSON encoded + string. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + val = proto.Field( + proto.STRING, + number=2, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py index 9f93d41b2e2e..863016afda2e 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py @@ -521,6 +521,7 @@ def __init__( quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=True, + api_audience=client_options.api_audience, ) def create_source( diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py index 95ff4c164584..e558392be01d 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py @@ -68,6 +68,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, **kwargs, ) -> None: """Instantiate the transport. @@ -95,11 +96,6 @@ def __init__( be used for service account credentials. """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} # Save the scopes. @@ -120,6 +116,11 @@ def __init__( credentials, _ = google.auth.default( **scopes_kwargs, quota_project_id=quota_project_id ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) # If the credentials are service account credentials, then always try to use self signed JWT. if ( @@ -132,6 +133,11 @@ def __init__( # Save the credentials. self._credentials = credentials + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py index 1556167793ae..04151bdb2c17 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py @@ -71,6 +71,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -167,6 +168,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py index c9a583cbbd44..2aef9562a9b7 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py @@ -116,6 +116,7 @@ def __init__( quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -212,6 +213,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py index 560cd3cfc879..ac98e1b27b15 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py @@ -564,6 +564,7 @@ def __init__( quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=True, + api_audience=client_options.api_audience, ) def create_source( diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py index 0622595f5a2a..7accc85152d9 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py @@ -73,6 +73,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, **kwargs, ) -> None: """Instantiate the transport. @@ -100,11 +101,6 @@ def __init__( be used for service account credentials. """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} # Save the scopes. @@ -125,6 +121,11 @@ def __init__( credentials, _ = google.auth.default( **scopes_kwargs, quota_project_id=quota_project_id ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) # If the credentials are service account credentials, then always try to use self signed JWT. if ( @@ -137,6 +138,11 @@ def __init__( # Save the credentials. self._credentials = credentials + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py index 48390bca21b6..355fd3f799fb 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py @@ -76,6 +76,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -172,6 +173,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py index bea8c37617e3..d7f15fac4897 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py @@ -121,6 +121,7 @@ def __init__( quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -217,6 +218,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/setup.py b/packages/google-cloud-securitycenter/setup.py index 175fa24f065b..6ea9e1fb8a08 100644 --- a/packages/google-cloud-securitycenter/setup.py +++ b/packages/google-cloud-securitycenter/setup.py @@ -24,10 +24,7 @@ version = "1.11.1" release_status = "Development Status :: 5 - Production/Stable" dependencies = [ - # NOTE: Maintainers, please do not require google-api-core>=2.x.x - # Until this issue is closed - # https://github.com/googleapis/google-cloud-python/issues/10566 - "google-api-core[grpc] >= 1.31.5, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.0", + "google-api-core[grpc] >= 1.32.0, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*", "grpc-google-iam-v1 >= 0.12.4, <1.0.0dev", "proto-plus >= 1.15.0, <2.0.0dev", "protobuf >= 3.19.0, <4.0.0dev", diff --git a/packages/google-cloud-securitycenter/testing/constraints-3.6.txt b/packages/google-cloud-securitycenter/testing/constraints-3.6.txt deleted file mode 100644 index c4e0fd7dec6c..000000000000 --- a/packages/google-cloud-securitycenter/testing/constraints-3.6.txt +++ /dev/null @@ -1,12 +0,0 @@ -# This constraints file is used to check that lower bounds -# are correct in setup.py -# List *all* library dependencies and extras in this file. -# Pin the version to the lower bound. -# -# e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", -# Then this file should have foo==1.14.0 -google-api-core==1.31.5 -grpc-google-iam-v1==0.12.4 -proto-plus==1.15.0 -libcst==0.2.5 -protobuf==3.19.0 diff --git a/packages/google-cloud-securitycenter/testing/constraints-3.7.txt b/packages/google-cloud-securitycenter/testing/constraints-3.7.txt index c4e0fd7dec6c..39a7c58e1e8c 100644 --- a/packages/google-cloud-securitycenter/testing/constraints-3.7.txt +++ b/packages/google-cloud-securitycenter/testing/constraints-3.7.txt @@ -5,7 +5,7 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-api-core==1.31.5 +google-api-core==1.32.0 grpc-google-iam-v1==0.12.4 proto-plus==1.15.0 libcst==0.2.5 diff --git a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py index b1251c4eed27..968e09a59c36 100644 --- a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -60,8 +60,16 @@ pagers, transports, ) -from google.cloud.securitycenter_v1.types import access, bigquery_export, connection +from google.cloud.securitycenter_v1.types import ( + access, + bigquery_export, + compliance, + connection, + contact_details, + exfiltration, +) from google.cloud.securitycenter_v1.types import iam_binding, indicator, mitre_attack +from google.cloud.securitycenter_v1.types import process, run_asset_discovery_response from google.cloud.securitycenter_v1.types import external_system as gcs_external_system from google.cloud.securitycenter_v1.types import ( notification_config as gcs_notification_config, @@ -71,13 +79,13 @@ ) from google.cloud.securitycenter_v1.types import security_marks as gcs_security_marks from google.cloud.securitycenter_v1.types import external_system +from google.cloud.securitycenter_v1.types import file from google.cloud.securitycenter_v1.types import finding from google.cloud.securitycenter_v1.types import finding as gcs_finding from google.cloud.securitycenter_v1.types import mute_config from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import organization_settings -from google.cloud.securitycenter_v1.types import run_asset_discovery_response from google.cloud.securitycenter_v1.types import security_marks from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source @@ -263,6 +271,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -280,6 +289,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -297,6 +307,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -326,6 +337,25 @@ def test_security_center_client_client_options( quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", ) @@ -393,6 +423,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -427,6 +458,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -449,6 +481,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -563,6 +596,7 @@ def test_security_center_client_client_options_scopes( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -601,6 +635,7 @@ def test_security_center_client_client_options_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -621,6 +656,7 @@ def test_security_center_client_client_options_from_dict(): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -659,6 +695,7 @@ def test_security_center_client_create_channel_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # test that the credentials from file are saved and used as the credentials. @@ -11547,6 +11584,28 @@ def test_security_center_transport_auth_adc(transport_class): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + @pytest.mark.parametrize( "transport_class,grpc_helpers", [ @@ -12267,4 +12326,5 @@ def test_api_key_credentials(client_class, transport_class): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) diff --git a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py index 804633e9725b..3a734aa54cc8 100644 --- a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py +++ b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py @@ -253,6 +253,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -270,6 +271,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -287,6 +289,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -316,6 +319,25 @@ def test_security_center_client_client_options( quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", ) @@ -383,6 +405,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -417,6 +440,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -439,6 +463,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -553,6 +578,7 @@ def test_security_center_client_client_options_scopes( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -591,6 +617,7 @@ def test_security_center_client_client_options_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -611,6 +638,7 @@ def test_security_center_client_client_options_from_dict(): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -649,6 +677,7 @@ def test_security_center_client_create_channel_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # test that the credentials from file are saved and used as the credentials. @@ -6099,6 +6128,28 @@ def test_security_center_transport_auth_adc(transport_class): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + @pytest.mark.parametrize( "transport_class,grpc_helpers", [ @@ -6692,4 +6743,5 @@ def test_api_key_credentials(client_class, transport_class): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) diff --git a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py index fba9d9be3031..8571956d8cb1 100644 --- a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py +++ b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py @@ -258,6 +258,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -275,6 +276,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -292,6 +294,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -321,6 +324,25 @@ def test_security_center_client_client_options( quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", ) @@ -388,6 +410,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -422,6 +445,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -444,6 +468,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -558,6 +583,7 @@ def test_security_center_client_client_options_scopes( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -596,6 +622,7 @@ def test_security_center_client_client_options_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -616,6 +643,7 @@ def test_security_center_client_client_options_from_dict(): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -654,6 +682,7 @@ def test_security_center_client_create_channel_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # test that the credentials from file are saved and used as the credentials. @@ -7903,6 +7932,28 @@ def test_security_center_transport_auth_adc(transport_class): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + @pytest.mark.parametrize( "transport_class,grpc_helpers", [ @@ -8546,4 +8597,5 @@ def test_api_key_credentials(client_class, transport_class): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, )