diff --git a/.coveragerc b/.coveragerc
index 2f4aeed0..f9eb6a20 100644
--- a/.coveragerc
+++ b/.coveragerc
@@ -4,7 +4,8 @@ branch = True
[report]
fail_under = 100
show_missing = True
-omit = google/cloud/securitycenter/__init__.py
+omit =
+ google/cloud/securitycenter/__init__.py
exclude_lines =
# Re-enable the standard pragma
pragma: NO COVER
@@ -14,4 +15,4 @@ exclude_lines =
# This is added at the module level as a safeguard for if someone
# generates the code and tries to run it without pip installing. This
# makes it virtually impossible to test properly.
- except pkg_resources.DistributionNotFound
\ No newline at end of file
+ except pkg_resources.DistributionNotFound
diff --git a/.github/header-checker-lint.yml b/.github/header-checker-lint.yml
new file mode 100644
index 00000000..fc281c05
--- /dev/null
+++ b/.github/header-checker-lint.yml
@@ -0,0 +1,15 @@
+{"allowedCopyrightHolders": ["Google LLC"],
+ "allowedLicenses": ["Apache-2.0", "MIT", "BSD-3"],
+ "ignoreFiles": ["**/requirements.txt", "**/requirements-test.txt"],
+ "sourceFileExtensions": [
+ "ts",
+ "js",
+ "java",
+ "sh",
+ "Dockerfile",
+ "yaml",
+ "py",
+ "html",
+ "txt"
+ ]
+}
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index b9daa52f..b4243ced 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,8 +50,10 @@ docs.metadata
# Virtual environment
env/
+
+# Test logs
coverage.xml
-sponge_log.xml
+*sponge_log.xml
# System test environment variables.
system_tests/local_test_setup
diff --git a/.kokoro/build.sh b/.kokoro/build.sh
index 662b06bc..3b55f5c8 100755
--- a/.kokoro/build.sh
+++ b/.kokoro/build.sh
@@ -15,7 +15,11 @@
set -eo pipefail
-cd github/python-securitycenter
+if [[ -z "${PROJECT_ROOT:-}" ]]; then
+ PROJECT_ROOT="github/python-securitycenter"
+fi
+
+cd "${PROJECT_ROOT}"
# Disable buffering, so that the logs stream through.
export PYTHONUNBUFFERED=1
@@ -30,16 +34,26 @@ export GOOGLE_APPLICATION_CREDENTIALS=${KOKORO_GFILE_DIR}/service-account.json
export PROJECT_ID=$(cat "${KOKORO_GFILE_DIR}/project-id.json")
# Remove old nox
-python3.6 -m pip uninstall --yes --quiet nox-automation
+python3 -m pip uninstall --yes --quiet nox-automation
# Install nox
-python3.6 -m pip install --upgrade --quiet nox
-python3.6 -m nox --version
+python3 -m pip install --upgrade --quiet nox
+python3 -m nox --version
+
+# If this is a continuous build, send the test log to the FlakyBot.
+# See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
+if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"continuous"* ]]; then
+ cleanup() {
+ chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ }
+ trap cleanup EXIT HUP
+fi
# If NOX_SESSION is set, it only runs the specified session,
# otherwise run all the sessions.
if [[ -n "${NOX_SESSION:-}" ]]; then
- python3.6 -m nox -s "${NOX_SESSION:-}"
+ python3 -m nox -s ${NOX_SESSION:-}
else
- python3.6 -m nox
+ python3 -m nox
fi
diff --git a/.kokoro/docs/docs-presubmit.cfg b/.kokoro/docs/docs-presubmit.cfg
index 11181078..5713bf2f 100644
--- a/.kokoro/docs/docs-presubmit.cfg
+++ b/.kokoro/docs/docs-presubmit.cfg
@@ -15,3 +15,14 @@ env_vars: {
key: "TRAMPOLINE_IMAGE_UPLOAD"
value: "false"
}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-securitycenter/.kokoro/build.sh"
+}
+
+# Only run this nox session.
+env_vars: {
+ key: "NOX_SESSION"
+ value: "docs docfx"
+}
diff --git a/.kokoro/samples/python3.6/periodic-head.cfg b/.kokoro/samples/python3.6/periodic-head.cfg
new file mode 100644
index 00000000..f9cfcd33
--- /dev/null
+++ b/.kokoro/samples/python3.6/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.7/periodic-head.cfg b/.kokoro/samples/python3.7/periodic-head.cfg
new file mode 100644
index 00000000..f9cfcd33
--- /dev/null
+++ b/.kokoro/samples/python3.7/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.8/periodic-head.cfg b/.kokoro/samples/python3.8/periodic-head.cfg
new file mode 100644
index 00000000..f9cfcd33
--- /dev/null
+++ b/.kokoro/samples/python3.8/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/test-samples-against-head.sh b/.kokoro/test-samples-against-head.sh
new file mode 100755
index 00000000..8df9b139
--- /dev/null
+++ b/.kokoro/test-samples-against-head.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# A customized test runner for samples.
+#
+# For periodic builds, you can specify this file for testing against head.
+
+# `-e` enables the script to automatically fail when a command fails
+# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero
+set -eo pipefail
+# Enables `**` to include files nested inside sub-folders
+shopt -s globstar
+
+cd github/python-securitycenter
+
+exec .kokoro/test-samples-impl.sh
diff --git a/.kokoro/test-samples-impl.sh b/.kokoro/test-samples-impl.sh
new file mode 100755
index 00000000..cf5de74c
--- /dev/null
+++ b/.kokoro/test-samples-impl.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# `-e` enables the script to automatically fail when a command fails
+# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero
+set -eo pipefail
+# Enables `**` to include files nested inside sub-folders
+shopt -s globstar
+
+# Exit early if samples directory doesn't exist
+if [ ! -d "./samples" ]; then
+ echo "No tests run. `./samples` not found"
+ exit 0
+fi
+
+# Disable buffering, so that the logs stream through.
+export PYTHONUNBUFFERED=1
+
+# Debug: show build environment
+env | grep KOKORO
+
+# Install nox
+python3.6 -m pip install --upgrade --quiet nox
+
+# Use secrets acessor service account to get secrets
+if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then
+ gcloud auth activate-service-account \
+ --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
+ --project="cloud-devrel-kokoro-resources"
+fi
+
+# This script will create 3 files:
+# - testing/test-env.sh
+# - testing/service-account.json
+# - testing/client-secrets.json
+./scripts/decrypt-secrets.sh
+
+source ./testing/test-env.sh
+export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json
+
+# For cloud-run session, we activate the service account for gcloud sdk.
+gcloud auth activate-service-account \
+ --key-file "${GOOGLE_APPLICATION_CREDENTIALS}"
+
+export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json
+
+echo -e "\n******************** TESTING PROJECTS ********************"
+
+# Switch to 'fail at end' to allow all tests to complete before exiting.
+set +e
+# Use RTN to return a non-zero value if the test fails.
+RTN=0
+ROOT=$(pwd)
+# Find all requirements.txt in the samples directory (may break on whitespace).
+for file in samples/**/requirements.txt; do
+ cd "$ROOT"
+ # Navigate to the project folder.
+ file=$(dirname "$file")
+ cd "$file"
+
+ echo "------------------------------------------------------------"
+ echo "- testing $file"
+ echo "------------------------------------------------------------"
+
+ # Use nox to execute the tests for the project.
+ python3.6 -m nox -s "$RUN_TESTS_SESSION"
+ EXIT=$?
+
+ # If this is a periodic build, send the test log to the FlakyBot.
+ # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
+ if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
+ chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ fi
+
+ if [[ $EXIT -ne 0 ]]; then
+ RTN=1
+ echo -e "\n Testing failed: Nox returned a non-zero exit code. \n"
+ else
+ echo -e "\n Testing completed.\n"
+ fi
+
+done
+cd "$ROOT"
+
+# Workaround for Kokoro permissions issue: delete secrets
+rm testing/{test-env.sh,client-secrets.json,service-account.json}
+
+exit "$RTN"
diff --git a/.kokoro/test-samples.sh b/.kokoro/test-samples.sh
index 92115ca2..348ce519 100755
--- a/.kokoro/test-samples.sh
+++ b/.kokoro/test-samples.sh
@@ -13,6 +13,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+# The default test runner for samples.
+#
+# For periodic builds, we rewinds the repo to the latest release, and
+# run test-samples-impl.sh.
# `-e` enables the script to automatically fail when a command fails
# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero
@@ -24,87 +28,19 @@ cd github/python-securitycenter
# Run periodic samples tests at latest release
if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
+ # preserving the test runner implementation.
+ cp .kokoro/test-samples-impl.sh "${TMPDIR}/test-samples-impl.sh"
+ echo "--- IMPORTANT IMPORTANT IMPORTANT ---"
+ echo "Now we rewind the repo back to the latest release..."
LATEST_RELEASE=$(git describe --abbrev=0 --tags)
git checkout $LATEST_RELEASE
-fi
-
-# Exit early if samples directory doesn't exist
-if [ ! -d "./samples" ]; then
- echo "No tests run. `./samples` not found"
- exit 0
-fi
-
-# Disable buffering, so that the logs stream through.
-export PYTHONUNBUFFERED=1
-
-# Debug: show build environment
-env | grep KOKORO
-
-# Install nox
-python3.6 -m pip install --upgrade --quiet nox
-
-# Use secrets acessor service account to get secrets
-if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then
- gcloud auth activate-service-account \
- --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
- --project="cloud-devrel-kokoro-resources"
-fi
-
-# This script will create 3 files:
-# - testing/test-env.sh
-# - testing/service-account.json
-# - testing/client-secrets.json
-./scripts/decrypt-secrets.sh
-
-source ./testing/test-env.sh
-export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json
-
-# For cloud-run session, we activate the service account for gcloud sdk.
-gcloud auth activate-service-account \
- --key-file "${GOOGLE_APPLICATION_CREDENTIALS}"
-
-export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json
-
-echo -e "\n******************** TESTING PROJECTS ********************"
-
-# Switch to 'fail at end' to allow all tests to complete before exiting.
-set +e
-# Use RTN to return a non-zero value if the test fails.
-RTN=0
-ROOT=$(pwd)
-# Find all requirements.txt in the samples directory (may break on whitespace).
-for file in samples/**/requirements.txt; do
- cd "$ROOT"
- # Navigate to the project folder.
- file=$(dirname "$file")
- cd "$file"
-
- echo "------------------------------------------------------------"
- echo "- testing $file"
- echo "------------------------------------------------------------"
-
- # Use nox to execute the tests for the project.
- python3.6 -m nox -s "$RUN_TESTS_SESSION"
- EXIT=$?
-
- # If this is a periodic build, send the test log to the FlakyBot.
- # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
- if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
- chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
- $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ echo "The current head is: "
+ echo $(git rev-parse --verify HEAD)
+ echo "--- IMPORTANT IMPORTANT IMPORTANT ---"
+ # move back the test runner implementation if there's no file.
+ if [ ! -f .kokoro/test-samples-impl.sh ]; then
+ cp "${TMPDIR}/test-samples-impl.sh" .kokoro/test-samples-impl.sh
fi
+fi
- if [[ $EXIT -ne 0 ]]; then
- RTN=1
- echo -e "\n Testing failed: Nox returned a non-zero exit code. \n"
- else
- echo -e "\n Testing completed.\n"
- fi
-
-done
-cd "$ROOT"
-
-# Workaround for Kokoro permissions issue: delete secrets
-rm testing/{test-env.sh,client-secrets.json,service-account.json}
-
-exit "$RTN"
+exec .kokoro/test-samples-impl.sh
diff --git a/.trampolinerc b/.trampolinerc
index 995ee291..383b6ec8 100644
--- a/.trampolinerc
+++ b/.trampolinerc
@@ -24,6 +24,7 @@ required_envvars+=(
pass_down_envvars+=(
"STAGING_BUCKET"
"V2_STAGING_BUCKET"
+ "NOX_SESSION"
)
# Prevent unintentional override on the default image.
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 373badc1..d5b4b7f3 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -70,9 +70,14 @@ We use `nox `__ to instrument our tests.
- To test your changes, run unit tests with ``nox``::
$ nox -s unit-2.7
- $ nox -s unit-3.7
+ $ nox -s unit-3.8
$ ...
+- Args to pytest can be passed through the nox command separated by a `--`. For
+ example, to run a single test::
+
+ $ nox -s unit-3.8 -- -k
+
.. note::
The unit tests and system tests are described in the
@@ -93,8 +98,12 @@ On Debian/Ubuntu::
************
Coding Style
************
+- We use the automatic code formatter ``black``. You can run it using
+ the nox session ``blacken``. This will eliminate many lint errors. Run via::
+
+ $ nox -s blacken
-- PEP8 compliance, with exceptions defined in the linter configuration.
+- PEP8 compliance is required, with exceptions defined in the linter configuration.
If you have ``nox`` installed, you can test that you have not introduced
any non-compliant code via::
@@ -133,13 +142,18 @@ Running System Tests
- To run system tests, you can execute::
- $ nox -s system-3.7
+ # Run all system tests
+ $ nox -s system-3.8
$ nox -s system-2.7
+ # Run a single system test
+ $ nox -s system-3.8 -- -k
+
+
.. note::
System tests are only configured to run under Python 2.7 and
- Python 3.7. For expediency, we do not run them in older versions
+ Python 3.8. For expediency, we do not run them in older versions
of Python 3.
This alone will not run the tests. You'll need to change some local
diff --git a/MANIFEST.in b/MANIFEST.in
index e9e29d12..e783f4c6 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -16,10 +16,10 @@
# Generated by synthtool. DO NOT EDIT!
include README.rst LICENSE
-recursive-include google *.json *.proto
+recursive-include google *.json *.proto py.typed
recursive-include tests *
global-exclude *.py[co]
global-exclude __pycache__
# Exclude scripts for samples readmegen
-prune scripts/readme-gen
\ No newline at end of file
+prune scripts/readme-gen
diff --git a/UPGRADING.md b/UPGRADING.md
index 15a2ee0c..dec82d7d 100644
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -17,10 +17,10 @@ The 1.0.0 release requires Python 3.6+.
Methods expect request objects. We provide a script that will convert most common use cases.
-* Install the library
+* Install the library with `libcst`.
```py
-python3 -m pip install google-cloud-securitycenter
+python3 -m pip install google-cloud-securitycenter[libcst]
```
* The script `fixup_securitycenter_v1_keywords.py` is shipped with the library. It expects
@@ -50,7 +50,7 @@ client = securitycenter.securitycenterClient()
assets = client.list_assets(
request={
- "org_name": org_name,
+ "org_name": org_name,
"filter_:": project_filter,
"read_time": timestamp_proto
}
diff --git a/docs/securitycenter_v1/security_center.rst b/docs/securitycenter_v1/security_center.rst
new file mode 100644
index 00000000..0d7d0e97
--- /dev/null
+++ b/docs/securitycenter_v1/security_center.rst
@@ -0,0 +1,11 @@
+SecurityCenter
+--------------------------------
+
+.. automodule:: google.cloud.securitycenter_v1.services.security_center
+ :members:
+ :inherited-members:
+
+
+.. automodule:: google.cloud.securitycenter_v1.services.security_center.pagers
+ :members:
+ :inherited-members:
diff --git a/docs/securitycenter_v1/services.rst b/docs/securitycenter_v1/services.rst
index d1a1378e..295acede 100644
--- a/docs/securitycenter_v1/services.rst
+++ b/docs/securitycenter_v1/services.rst
@@ -1,6 +1,6 @@
Services for Google Cloud Securitycenter v1 API
===============================================
+.. toctree::
+ :maxdepth: 2
-.. automodule:: google.cloud.securitycenter_v1.services.security_center
- :members:
- :inherited-members:
+ security_center
diff --git a/docs/securitycenter_v1/types.rst b/docs/securitycenter_v1/types.rst
index f7497757..460aec08 100644
--- a/docs/securitycenter_v1/types.rst
+++ b/docs/securitycenter_v1/types.rst
@@ -3,4 +3,5 @@ Types for Google Cloud Securitycenter v1 API
.. automodule:: google.cloud.securitycenter_v1.types
:members:
+ :undoc-members:
:show-inheritance:
diff --git a/docs/securitycenter_v1beta1/security_center.rst b/docs/securitycenter_v1beta1/security_center.rst
new file mode 100644
index 00000000..f7b00994
--- /dev/null
+++ b/docs/securitycenter_v1beta1/security_center.rst
@@ -0,0 +1,11 @@
+SecurityCenter
+--------------------------------
+
+.. automodule:: google.cloud.securitycenter_v1beta1.services.security_center
+ :members:
+ :inherited-members:
+
+
+.. automodule:: google.cloud.securitycenter_v1beta1.services.security_center.pagers
+ :members:
+ :inherited-members:
diff --git a/docs/securitycenter_v1beta1/services.rst b/docs/securitycenter_v1beta1/services.rst
index 212796c8..a09a4b86 100644
--- a/docs/securitycenter_v1beta1/services.rst
+++ b/docs/securitycenter_v1beta1/services.rst
@@ -1,6 +1,6 @@
Services for Google Cloud Securitycenter v1beta1 API
====================================================
+.. toctree::
+ :maxdepth: 2
-.. automodule:: google.cloud.securitycenter_v1beta1.services.security_center
- :members:
- :inherited-members:
+ security_center
diff --git a/docs/securitycenter_v1beta1/types.rst b/docs/securitycenter_v1beta1/types.rst
index 0bbeba06..44bb4fec 100644
--- a/docs/securitycenter_v1beta1/types.rst
+++ b/docs/securitycenter_v1beta1/types.rst
@@ -3,4 +3,5 @@ Types for Google Cloud Securitycenter v1beta1 API
.. automodule:: google.cloud.securitycenter_v1beta1.types
:members:
+ :undoc-members:
:show-inheritance:
diff --git a/docs/securitycenter_v1p1beta1/security_center.rst b/docs/securitycenter_v1p1beta1/security_center.rst
new file mode 100644
index 00000000..afda133c
--- /dev/null
+++ b/docs/securitycenter_v1p1beta1/security_center.rst
@@ -0,0 +1,11 @@
+SecurityCenter
+--------------------------------
+
+.. automodule:: google.cloud.securitycenter_v1p1beta1.services.security_center
+ :members:
+ :inherited-members:
+
+
+.. automodule:: google.cloud.securitycenter_v1p1beta1.services.security_center.pagers
+ :members:
+ :inherited-members:
diff --git a/docs/securitycenter_v1p1beta1/services.rst b/docs/securitycenter_v1p1beta1/services.rst
index 5034b831..7f537e85 100644
--- a/docs/securitycenter_v1p1beta1/services.rst
+++ b/docs/securitycenter_v1p1beta1/services.rst
@@ -1,6 +1,6 @@
Services for Google Cloud Securitycenter v1p1beta1 API
======================================================
+.. toctree::
+ :maxdepth: 2
-.. automodule:: google.cloud.securitycenter_v1p1beta1.services.security_center
- :members:
- :inherited-members:
+ security_center
diff --git a/docs/securitycenter_v1p1beta1/types.rst b/docs/securitycenter_v1p1beta1/types.rst
index a68ac5c6..1facc905 100644
--- a/docs/securitycenter_v1p1beta1/types.rst
+++ b/docs/securitycenter_v1p1beta1/types.rst
@@ -3,4 +3,5 @@ Types for Google Cloud Securitycenter v1p1beta1 API
.. automodule:: google.cloud.securitycenter_v1p1beta1.types
:members:
+ :undoc-members:
:show-inheritance:
diff --git a/google/cloud/securitycenter_v1/services/security_center/async_client.py b/google/cloud/securitycenter_v1/services/security_center/async_client.py
index b0b01027..644bdf4c 100644
--- a/google/cloud/securitycenter_v1/services/security_center/async_client.py
+++ b/google/cloud/securitycenter_v1/services/security_center/async_client.py
@@ -120,7 +120,36 @@ class SecurityCenterAsyncClient:
SecurityCenterClient.parse_common_location_path
)
- from_service_account_file = SecurityCenterClient.from_service_account_file
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterAsyncClient: The constructed client.
+ """
+ return SecurityCenterClient.from_service_account_info.__func__(SecurityCenterAsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterAsyncClient: The constructed client.
+ """
+ return SecurityCenterClient.from_service_account_file.__func__(SecurityCenterAsyncClient, filename, *args, **kwargs) # type: ignore
+
from_service_account_json = from_service_account_file
@property
@@ -197,19 +226,21 @@ async def create_source(
r"""Creates a source.
Args:
- request (:class:`~.securitycenter_service.CreateSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.CreateSourceRequest`):
The request object. Request message for creating a
source.
parent (:class:`str`):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- source (:class:`~.gcs_source.Source`):
+ source (:class:`google.cloud.securitycenter_v1.types.Source`):
Required. The Source being created, only the
display_name and description will be used. All other
fields will be ignored.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -221,7 +252,7 @@ async def create_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -285,13 +316,14 @@ async def create_finding(
exist for finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.CreateFindingRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.CreateFindingRequest`):
The request object. Request message for creating a
finding.
parent (:class:`str`):
Required. Resource name of the new finding's parent. Its
format should be
"organizations/[organization_id]/sources/[source_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -301,13 +333,15 @@ async def create_finding(
It must be alphanumeric and less than or
equal to 32 characters and greater than
0 characters in length.
+
This corresponds to the ``finding_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (:class:`google.cloud.securitycenter_v1.types.Finding`):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output
only fields on this resource.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -319,7 +353,7 @@ async def create_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
like security, risk, health, or privacy,
@@ -387,12 +421,13 @@ async def create_notification_config(
r"""Creates a notification config.
Args:
- request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.CreateNotificationConfigRequest`):
The request object. Request message for creating a
notification config.
parent (:class:`str`):
Required. Resource name of the new notification config's
parent. Its format is "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -403,14 +438,16 @@ async def create_notification_config(
between 1 and 128 characters, and
contains alphanumeric characters,
underscores or hyphens only.
+
This corresponds to the ``config_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (:class:`google.cloud.securitycenter_v1.types.NotificationConfig`):
Required. The notification config
being created. The name and the service
account will be ignored as they are both
output only fields on this resource.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -422,7 +459,7 @@ async def create_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1.types.NotificationConfig:
Cloud Security Command Center (Cloud
SCC) notification configs.
A notification config is a Cloud SCC
@@ -485,13 +522,14 @@ async def delete_notification_config(
r"""Deletes a notification config.
Args:
- request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.DeleteNotificationConfigRequest`):
The request object. Request message for deleting a
notification config.
name (:class:`str`):
Required. Name of the notification config to delete. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -552,7 +590,7 @@ async def get_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.GetIamPolicyRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`):
The request object. Request message for `GetIamPolicy`
method.
resource (:class:`str`):
@@ -560,6 +598,7 @@ async def get_iam_policy(
policy is being requested. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -571,72 +610,62 @@ async def get_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -668,6 +697,7 @@ async def get_iam_policy(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -697,13 +727,14 @@ async def get_notification_config(
r"""Gets a notification config.
Args:
- request (:class:`~.securitycenter_service.GetNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.GetNotificationConfigRequest`):
The request object. Request message for getting a
notification config.
name (:class:`str`):
Required. Name of the notification config to get. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -715,7 +746,7 @@ async def get_notification_config(
sent along with the request as metadata.
Returns:
- ~.notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1.types.NotificationConfig:
Cloud Security Command Center (Cloud
SCC) notification configs.
A notification config is a Cloud SCC
@@ -753,6 +784,7 @@ async def get_notification_config(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -782,13 +814,14 @@ async def get_organization_settings(
r"""Gets the settings for an organization.
Args:
- request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.GetOrganizationSettingsRequest`):
The request object. Request message for getting
organization settings.
name (:class:`str`):
Required. Name of the organization to get organization
settings for. Its format is
"organizations/[organization_id]/organizationSettings".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -800,7 +833,7 @@ async def get_organization_settings(
sent along with the request as metadata.
Returns:
- ~.organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -835,6 +868,7 @@ async def get_organization_settings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -864,13 +898,14 @@ async def get_source(
r"""Gets a source.
Args:
- request (:class:`~.securitycenter_service.GetSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.GetSourceRequest`):
The request object. Request message for getting a
source.
name (:class:`str`):
Required. Relative resource name of the source. Its
format is
"organizations/[organization_id]/source/[source_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -882,7 +917,7 @@ async def get_source(
sent along with the request as metadata.
Returns:
- ~.source.Source:
+ google.cloud.securitycenter_v1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -920,6 +955,7 @@ async def get_source(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -949,7 +985,7 @@ async def group_assets(
their specified properties.
Args:
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.GroupAssetsRequest`):
The request object. Request message for grouping by
assets.
@@ -960,7 +996,7 @@ async def group_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupAssetsAsyncPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.GroupAssetsAsyncPager:
Response message for grouping by
assets.
Iterating over this object will yield
@@ -983,6 +1019,7 @@ async def group_assets(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1023,7 +1060,7 @@ async def group_findings(
Example: /v1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.GroupFindingsRequest`):
The request object. Request message for grouping by
findings.
parent (:class:`str`):
@@ -1032,6 +1069,7 @@ async def group_findings(
To groupBy across all sources provide a source_id of
``-``. For example:
organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1046,8 +1084,7 @@ async def group_findings(
- resource_name
- category
- state
- - parent
-
+ - parent
- severity
The following fields are supported when compare_duration
@@ -1066,7 +1103,7 @@ async def group_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupFindingsAsyncPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.GroupFindingsAsyncPager:
Response message for group by
findings.
Iterating over this object will yield
@@ -1105,6 +1142,7 @@ async def group_findings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1139,7 +1177,7 @@ async def list_assets(
r"""Lists an organization's assets.
Args:
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.ListAssetsRequest`):
The request object. Request message for listing assets.
retry (google.api_core.retry.Retry): Designation of what errors, if any,
@@ -1149,7 +1187,7 @@ async def list_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.ListAssetsAsyncPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListAssetsAsyncPager:
Response message for listing assets.
Iterating over this object will yield
results and resolve additional pages
@@ -1171,6 +1209,7 @@ async def list_assets(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1208,7 +1247,7 @@ async def list_findings(
Example: /v1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.ListFindingsRequest`):
The request object. Request message for listing
findings.
@@ -1219,7 +1258,7 @@ async def list_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.ListFindingsAsyncPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListFindingsAsyncPager:
Response message for listing
findings.
Iterating over this object will yield
@@ -1242,6 +1281,7 @@ async def list_findings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1277,13 +1317,14 @@ async def list_notification_configs(
r"""Lists notification configs.
Args:
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest`):
The request object. Request message for listing
notification configs.
parent (:class:`str`):
Required. Name of the organization to list notification
configs. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1295,7 +1336,7 @@ async def list_notification_configs(
sent along with the request as metadata.
Returns:
- ~.pagers.ListNotificationConfigsAsyncPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListNotificationConfigsAsyncPager:
Response message for listing
notification configs.
Iterating over this object will yield
@@ -1332,6 +1373,7 @@ async def list_notification_configs(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1367,12 +1409,13 @@ async def list_sources(
r"""Lists all sources belonging to an organization.
Args:
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.ListSourcesRequest`):
The request object. Request message for listing sources.
parent (:class:`str`):
Required. Resource name of the parent of sources to
list. Its format should be
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1384,7 +1427,7 @@ async def list_sources(
sent along with the request as metadata.
Returns:
- ~.pagers.ListSourcesAsyncPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListSourcesAsyncPager:
Response message for listing sources.
Iterating over this object will yield
results and resolve additional pages
@@ -1420,6 +1463,7 @@ async def list_sources(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1460,13 +1504,14 @@ async def run_asset_discovery(
receive a TOO_MANY_REQUESTS error.
Args:
- request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.RunAssetDiscoveryRequest`):
The request object. Request message for running asset
discovery for an organization.
parent (:class:`str`):
Required. Name of the organization to run asset
discovery for. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1478,11 +1523,11 @@ async def run_asset_discovery(
sent along with the request as metadata.
Returns:
- ~.operation_async.AsyncOperation:
+ google.api_core.operation_async.AsyncOperation:
An object representing a long-running operation.
The result type for the operation will be
- :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``:
+ :class:`google.cloud.securitycenter_v1.types.RunAssetDiscoveryResponse`
Response of asset discovery run
"""
@@ -1546,7 +1591,7 @@ async def set_finding_state(
r"""Updates the state of a finding.
Args:
- request (:class:`~.securitycenter_service.SetFindingStateRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.SetFindingStateRequest`):
The request object. Request message for updating a
finding's state.
name (:class:`str`):
@@ -1555,18 +1600,21 @@ async def set_finding_state(
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- state (:class:`~.finding.Finding.State`):
+ state (:class:`google.cloud.securitycenter_v1.types.Finding.State`):
Required. The desired State of the
finding.
+
This corresponds to the ``state`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- start_time (:class:`~.timestamp.Timestamp`):
+ start_time (:class:`google.protobuf.timestamp_pb2.Timestamp`):
Required. The time at which the
updated state takes effect.
+
This corresponds to the ``start_time`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1578,7 +1626,7 @@ async def set_finding_state(
sent along with the request as metadata.
Returns:
- ~.finding.Finding:
+ google.cloud.securitycenter_v1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
like security, risk, health, or privacy,
@@ -1645,7 +1693,7 @@ async def set_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.SetIamPolicyRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`):
The request object. Request message for `SetIamPolicy`
method.
resource (:class:`str`):
@@ -1653,6 +1701,7 @@ async def set_iam_policy(
policy is being specified. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1664,72 +1713,62 @@ async def set_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -1784,7 +1823,7 @@ async def test_iam_permissions(
specified source.
Args:
- request (:class:`~.iam_policy.TestIamPermissionsRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`):
The request object. Request message for
`TestIamPermissions` method.
resource (:class:`str`):
@@ -1792,6 +1831,7 @@ async def test_iam_permissions(
policy detail is being requested. See
the operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1800,6 +1840,7 @@ async def test_iam_permissions(
Permissions with wildcards (such as '*' or 'storage.*')
are not allowed. For more information see `IAM
Overview `__.
+
This corresponds to the ``permissions`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1811,8 +1852,8 @@ async def test_iam_permissions(
sent along with the request as metadata.
Returns:
- ~.iam_policy.TestIamPermissionsResponse:
- Response message for ``TestIamPermissions`` method.
+ google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
+ Response message for TestIamPermissions method.
"""
# Create or coerce a protobuf request object.
# Sanity check: If we got a request object, we should *not* have
@@ -1845,6 +1886,7 @@ async def test_iam_permissions(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1875,10 +1917,10 @@ async def update_finding(
source must exist for a finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.UpdateFindingRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.UpdateFindingRequest`):
The request object. Request message for updating or
creating a finding.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (:class:`google.cloud.securitycenter_v1.types.Finding`):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -1886,6 +1928,7 @@ async def update_finding(
In the case of creation, the finding id portion of the
name must be alphanumeric and less than or equal to 32
characters and greater than 0 characters in length.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1897,7 +1940,7 @@ async def update_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
like security, risk, health, or privacy,
@@ -1963,20 +2006,22 @@ async def update_notification_config(
allowed: description, pubsub_topic, streaming_config.filter
Args:
- request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.UpdateNotificationConfigRequest`):
The request object. Request message for updating a
notification config.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (:class:`google.cloud.securitycenter_v1.types.NotificationConfig`):
Required. The notification config to
update.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
The FieldMask to use when updating
the notification config.
If empty all mutable fields will be
updated.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1988,7 +2033,7 @@ async def update_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1.types.NotificationConfig:
Cloud Security Command Center (Cloud
SCC) notification configs.
A notification config is a Cloud SCC
@@ -2051,12 +2096,13 @@ async def update_organization_settings(
r"""Updates an organization's settings.
Args:
- request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.UpdateOrganizationSettingsRequest`):
The request object. Request message for updating an
organization's settings.
- organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`):
+ organization_settings (:class:`google.cloud.securitycenter_v1.types.OrganizationSettings`):
Required. The organization settings
resource to update.
+
This corresponds to the ``organization_settings`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2068,7 +2114,7 @@ async def update_organization_settings(
sent along with the request as metadata.
Returns:
- ~.gcs_organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -2126,12 +2172,13 @@ async def update_source(
r"""Updates a source.
Args:
- request (:class:`~.securitycenter_service.UpdateSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.UpdateSourceRequest`):
The request object. Request message for updating a
source.
- source (:class:`~.gcs_source.Source`):
+ source (:class:`google.cloud.securitycenter_v1.types.Source`):
Required. The source resource to
update.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2143,7 +2190,7 @@ async def update_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -2204,12 +2251,13 @@ async def update_security_marks(
r"""Updates security marks.
Args:
- request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`):
+ request (:class:`google.cloud.securitycenter_v1.types.UpdateSecurityMarksRequest`):
The request object. Request message for updating a
SecurityMarks resource.
- security_marks (:class:`~.gcs_security_marks.SecurityMarks`):
+ security_marks (:class:`google.cloud.securitycenter_v1.types.SecurityMarks`):
Required. The security marks resource
to update.
+
This corresponds to the ``security_marks`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2221,7 +2269,7 @@ async def update_security_marks(
sent along with the request as metadata.
Returns:
- ~.gcs_security_marks.SecurityMarks:
+ google.cloud.securitycenter_v1.types.SecurityMarks:
User specified security marks that
are attached to the parent Security
Command Center resource. Security marks
diff --git a/google/cloud/securitycenter_v1/services/security_center/client.py b/google/cloud/securitycenter_v1/services/security_center/client.py
index 319ca077..5e85db59 100644
--- a/google/cloud/securitycenter_v1/services/security_center/client.py
+++ b/google/cloud/securitycenter_v1/services/security_center/client.py
@@ -132,6 +132,22 @@ def _get_default_mtls_endpoint(api_endpoint):
DEFAULT_ENDPOINT
)
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterClient: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_info(info)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
@classmethod
def from_service_account_file(cls, filename: str, *args, **kwargs):
"""Creates an instance of this client using the provided credentials
@@ -144,7 +160,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs):
kwargs: Additional arguments to pass to the constructor.
Returns:
- {@api.name}: The constructed client.
+ SecurityCenterClient: The constructed client.
"""
credentials = service_account.Credentials.from_service_account_file(filename)
kwargs["credentials"] = credentials
@@ -340,10 +356,10 @@ def __init__(
credentials identify the application to the service; if none
are specified, the client will attempt to ascertain the
credentials from the environment.
- transport (Union[str, ~.SecurityCenterTransport]): The
+ transport (Union[str, SecurityCenterTransport]): The
transport to use. If set to None, a transport is chosen
automatically.
- client_options (client_options_lib.ClientOptions): Custom options for the
+ client_options (google.api_core.client_options.ClientOptions): Custom options for the
client. It won't take effect if a ``transport`` instance is provided.
(1) The ``api_endpoint`` property can be used to override the
default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
@@ -379,21 +395,17 @@ def __init__(
util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
)
- ssl_credentials = None
+ client_cert_source_func = None
is_mtls = False
if use_client_cert:
if client_options.client_cert_source:
- import grpc # type: ignore
-
- cert, key = client_options.client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
else:
- creds = SslCredentials()
- is_mtls = creds.is_mtls
- ssl_credentials = creds.ssl_credentials if is_mtls else None
+ is_mtls = mtls.has_default_client_cert_source()
+ client_cert_source_func = (
+ mtls.default_client_cert_source() if is_mtls else None
+ )
# Figure out which api endpoint to use.
if client_options.api_endpoint is not None:
@@ -436,7 +448,7 @@ def __init__(
credentials_file=client_options.credentials_file,
host=api_endpoint,
scopes=client_options.scopes,
- ssl_channel_credentials=ssl_credentials,
+ client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
)
@@ -454,19 +466,21 @@ def create_source(
r"""Creates a source.
Args:
- request (:class:`~.securitycenter_service.CreateSourceRequest`):
+ request (google.cloud.securitycenter_v1.types.CreateSourceRequest):
The request object. Request message for creating a
source.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- source (:class:`~.gcs_source.Source`):
+ source (google.cloud.securitycenter_v1.types.Source):
Required. The Source being created, only the
display_name and description will be used. All other
fields will be ignored.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -478,7 +492,7 @@ def create_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -543,29 +557,32 @@ def create_finding(
exist for finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.CreateFindingRequest`):
+ request (google.cloud.securitycenter_v1.types.CreateFindingRequest):
The request object. Request message for creating a
finding.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new finding's parent. Its
format should be
"organizations/[organization_id]/sources/[source_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding_id (:class:`str`):
+ finding_id (str):
Required. Unique identifier provided
by the client within the parent scope.
It must be alphanumeric and less than or
equal to 32 characters and greater than
0 characters in length.
+
This corresponds to the ``finding_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (google.cloud.securitycenter_v1.types.Finding):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output
only fields on this resource.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -577,7 +594,7 @@ def create_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
like security, risk, health, or privacy,
@@ -646,30 +663,33 @@ def create_notification_config(
r"""Creates a notification config.
Args:
- request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1.types.CreateNotificationConfigRequest):
The request object. Request message for creating a
notification config.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new notification config's
parent. Its format is "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- config_id (:class:`str`):
+ config_id (str):
Required.
Unique identifier provided by the client
within the parent scope. It must be
between 1 and 128 characters, and
contains alphanumeric characters,
underscores or hyphens only.
+
This corresponds to the ``config_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (google.cloud.securitycenter_v1.types.NotificationConfig):
Required. The notification config
being created. The name and the service
account will be ignored as they are both
output only fields on this resource.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -681,7 +701,7 @@ def create_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1.types.NotificationConfig:
Cloud Security Command Center (Cloud
SCC) notification configs.
A notification config is a Cloud SCC
@@ -749,13 +769,14 @@ def delete_notification_config(
r"""Deletes a notification config.
Args:
- request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1.types.DeleteNotificationConfigRequest):
The request object. Request message for deleting a
notification config.
- name (:class:`str`):
+ name (str):
Required. Name of the notification config to delete. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -821,14 +842,15 @@ def get_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.GetIamPolicyRequest`):
+ request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest):
The request object. Request message for `GetIamPolicy`
method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy is being requested. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -840,72 +862,62 @@ def get_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -918,13 +930,16 @@ def get_iam_policy(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.GetIamPolicyRequest(**request)
-
elif not request:
- request = iam_policy.GetIamPolicyRequest(resource=resource,)
+ # Null request, just make one.
+ request = iam_policy.GetIamPolicyRequest()
+
+ if resource is not None:
+ request.resource = resource
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -954,13 +969,14 @@ def get_notification_config(
r"""Gets a notification config.
Args:
- request (:class:`~.securitycenter_service.GetNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1.types.GetNotificationConfigRequest):
The request object. Request message for getting a
notification config.
- name (:class:`str`):
+ name (str):
Required. Name of the notification config to get. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -972,7 +988,7 @@ def get_notification_config(
sent along with the request as metadata.
Returns:
- ~.notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1.types.NotificationConfig:
Cloud Security Command Center (Cloud
SCC) notification configs.
A notification config is a Cloud SCC
@@ -1032,13 +1048,14 @@ def get_organization_settings(
r"""Gets the settings for an organization.
Args:
- request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`):
+ request (google.cloud.securitycenter_v1.types.GetOrganizationSettingsRequest):
The request object. Request message for getting
organization settings.
- name (:class:`str`):
+ name (str):
Required. Name of the organization to get organization
settings for. Its format is
"organizations/[organization_id]/organizationSettings".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1050,7 +1067,7 @@ def get_organization_settings(
sent along with the request as metadata.
Returns:
- ~.organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -1111,13 +1128,14 @@ def get_source(
r"""Gets a source.
Args:
- request (:class:`~.securitycenter_service.GetSourceRequest`):
+ request (google.cloud.securitycenter_v1.types.GetSourceRequest):
The request object. Request message for getting a
source.
- name (:class:`str`):
+ name (str):
Required. Relative resource name of the source. Its
format is
"organizations/[organization_id]/source/[source_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1129,7 +1147,7 @@ def get_source(
sent along with the request as metadata.
Returns:
- ~.source.Source:
+ google.cloud.securitycenter_v1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -1189,7 +1207,7 @@ def group_assets(
their specified properties.
Args:
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1.types.GroupAssetsRequest):
The request object. Request message for grouping by
assets.
@@ -1200,7 +1218,7 @@ def group_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupAssetsPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.GroupAssetsPager:
Response message for grouping by
assets.
Iterating over this object will yield
@@ -1256,19 +1274,20 @@ def group_findings(
Example: /v1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1.types.GroupFindingsRequest):
The request object. Request message for grouping by
findings.
- parent (:class:`str`):
+ parent (str):
Required. Name of the source to groupBy. Its format is
"organizations/[organization_id]/sources/[source_id]".
To groupBy across all sources provide a source_id of
``-``. For example:
organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- group_by (:class:`str`):
+ group_by (str):
Required. Expression that defines what assets fields to
use for grouping (including ``state_change``). The
string value should follow SQL syntax: comma separated
@@ -1279,8 +1298,7 @@ def group_findings(
- resource_name
- category
- state
- - parent
-
+ - parent
- severity
The following fields are supported when compare_duration
@@ -1299,7 +1317,7 @@ def group_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupFindingsPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.GroupFindingsPager:
Response message for group by
findings.
Iterating over this object will yield
@@ -1365,7 +1383,7 @@ def list_assets(
r"""Lists an organization's assets.
Args:
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListAssetsRequest):
The request object. Request message for listing assets.
retry (google.api_core.retry.Retry): Designation of what errors, if any,
@@ -1375,7 +1393,7 @@ def list_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.ListAssetsPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListAssetsPager:
Response message for listing assets.
Iterating over this object will yield
results and resolve additional pages
@@ -1427,7 +1445,7 @@ def list_findings(
Example: /v1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListFindingsRequest):
The request object. Request message for listing
findings.
@@ -1438,7 +1456,7 @@ def list_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.ListFindingsPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListFindingsPager:
Response message for listing
findings.
Iterating over this object will yield
@@ -1489,13 +1507,14 @@ def list_notification_configs(
r"""Lists notification configs.
Args:
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest):
The request object. Request message for listing
notification configs.
- parent (:class:`str`):
+ parent (str):
Required. Name of the organization to list notification
configs. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1507,7 +1526,7 @@ def list_notification_configs(
sent along with the request as metadata.
Returns:
- ~.pagers.ListNotificationConfigsPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListNotificationConfigsPager:
Response message for listing
notification configs.
Iterating over this object will yield
@@ -1576,12 +1595,13 @@ def list_sources(
r"""Lists all sources belonging to an organization.
Args:
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1.types.ListSourcesRequest):
The request object. Request message for listing sources.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the parent of sources to
list. Its format should be
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1593,7 +1613,7 @@ def list_sources(
sent along with the request as metadata.
Returns:
- ~.pagers.ListSourcesPager:
+ google.cloud.securitycenter_v1.services.security_center.pagers.ListSourcesPager:
Response message for listing sources.
Iterating over this object will yield
results and resolve additional pages
@@ -1662,13 +1682,14 @@ def run_asset_discovery(
receive a TOO_MANY_REQUESTS error.
Args:
- request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`):
+ request (google.cloud.securitycenter_v1.types.RunAssetDiscoveryRequest):
The request object. Request message for running asset
discovery for an organization.
- parent (:class:`str`):
+ parent (str):
Required. Name of the organization to run asset
discovery for. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1680,11 +1701,11 @@ def run_asset_discovery(
sent along with the request as metadata.
Returns:
- ~.operation.Operation:
+ google.api_core.operation.Operation:
An object representing a long-running operation.
The result type for the operation will be
- :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``:
+ :class:`google.cloud.securitycenter_v1.types.RunAssetDiscoveryResponse`
Response of asset discovery run
"""
@@ -1749,27 +1770,30 @@ def set_finding_state(
r"""Updates the state of a finding.
Args:
- request (:class:`~.securitycenter_service.SetFindingStateRequest`):
+ request (google.cloud.securitycenter_v1.types.SetFindingStateRequest):
The request object. Request message for updating a
finding's state.
- name (:class:`str`):
+ name (str):
Required. The relative resource name of the finding.
See:
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- state (:class:`~.finding.Finding.State`):
+ state (google.cloud.securitycenter_v1.types.Finding.State):
Required. The desired State of the
finding.
+
This corresponds to the ``state`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- start_time (:class:`~.timestamp.Timestamp`):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
Required. The time at which the
updated state takes effect.
+
This corresponds to the ``start_time`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1781,7 +1805,7 @@ def set_finding_state(
sent along with the request as metadata.
Returns:
- ~.finding.Finding:
+ google.cloud.securitycenter_v1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
like security, risk, health, or privacy,
@@ -1849,14 +1873,15 @@ def set_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.SetIamPolicyRequest`):
+ request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest):
The request object. Request message for `SetIamPolicy`
method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy is being specified. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1868,72 +1893,62 @@ def set_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -1946,13 +1961,16 @@ def set_iam_policy(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.SetIamPolicyRequest(**request)
-
elif not request:
- request = iam_policy.SetIamPolicyRequest(resource=resource,)
+ # Null request, just make one.
+ request = iam_policy.SetIamPolicyRequest()
+
+ if resource is not None:
+ request.resource = resource
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -1984,22 +2002,24 @@ def test_iam_permissions(
specified source.
Args:
- request (:class:`~.iam_policy.TestIamPermissionsRequest`):
+ request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest):
The request object. Request message for
`TestIamPermissions` method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy detail is being requested. See
the operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- permissions (:class:`Sequence[str]`):
+ permissions (Sequence[str]):
The set of permissions to check for the ``resource``.
Permissions with wildcards (such as '*' or 'storage.*')
are not allowed. For more information see `IAM
Overview `__.
+
This corresponds to the ``permissions`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2011,8 +2031,8 @@ def test_iam_permissions(
sent along with the request as metadata.
Returns:
- ~.iam_policy.TestIamPermissionsResponse:
- Response message for ``TestIamPermissions`` method.
+ google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
+ Response message for TestIamPermissions method.
"""
# Create or coerce a protobuf request object.
# Sanity check: If we got a request object, we should *not* have
@@ -2024,15 +2044,19 @@ def test_iam_permissions(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.TestIamPermissionsRequest(**request)
-
elif not request:
- request = iam_policy.TestIamPermissionsRequest(
- resource=resource, permissions=permissions,
- )
+ # Null request, just make one.
+ request = iam_policy.TestIamPermissionsRequest()
+
+ if resource is not None:
+ request.resource = resource
+
+ if permissions:
+ request.permissions.extend(permissions)
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -2063,10 +2087,10 @@ def update_finding(
source must exist for a finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.UpdateFindingRequest`):
+ request (google.cloud.securitycenter_v1.types.UpdateFindingRequest):
The request object. Request message for updating or
creating a finding.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (google.cloud.securitycenter_v1.types.Finding):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -2074,6 +2098,7 @@ def update_finding(
In the case of creation, the finding id portion of the
name must be alphanumeric and less than or equal to 32
characters and greater than 0 characters in length.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2085,7 +2110,7 @@ def update_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
like security, risk, health, or privacy,
@@ -2152,20 +2177,22 @@ def update_notification_config(
allowed: description, pubsub_topic, streaming_config.filter
Args:
- request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1.types.UpdateNotificationConfigRequest):
The request object. Request message for updating a
notification config.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (google.cloud.securitycenter_v1.types.NotificationConfig):
Required. The notification config to
update.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating
the notification config.
If empty all mutable fields will be
updated.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2177,7 +2204,7 @@ def update_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1.types.NotificationConfig:
Cloud Security Command Center (Cloud
SCC) notification configs.
A notification config is a Cloud SCC
@@ -2245,12 +2272,13 @@ def update_organization_settings(
r"""Updates an organization's settings.
Args:
- request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`):
+ request (google.cloud.securitycenter_v1.types.UpdateOrganizationSettingsRequest):
The request object. Request message for updating an
organization's settings.
- organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`):
+ organization_settings (google.cloud.securitycenter_v1.types.OrganizationSettings):
Required. The organization settings
resource to update.
+
This corresponds to the ``organization_settings`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2262,7 +2290,7 @@ def update_organization_settings(
sent along with the request as metadata.
Returns:
- ~.gcs_organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -2325,12 +2353,13 @@ def update_source(
r"""Updates a source.
Args:
- request (:class:`~.securitycenter_service.UpdateSourceRequest`):
+ request (google.cloud.securitycenter_v1.types.UpdateSourceRequest):
The request object. Request message for updating a
source.
- source (:class:`~.gcs_source.Source`):
+ source (google.cloud.securitycenter_v1.types.Source):
Required. The source resource to
update.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2342,7 +2371,7 @@ def update_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -2404,12 +2433,13 @@ def update_security_marks(
r"""Updates security marks.
Args:
- request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`):
+ request (google.cloud.securitycenter_v1.types.UpdateSecurityMarksRequest):
The request object. Request message for updating a
SecurityMarks resource.
- security_marks (:class:`~.gcs_security_marks.SecurityMarks`):
+ security_marks (google.cloud.securitycenter_v1.types.SecurityMarks):
Required. The security marks resource
to update.
+
This corresponds to the ``security_marks`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2421,7 +2451,7 @@ def update_security_marks(
sent along with the request as metadata.
Returns:
- ~.gcs_security_marks.SecurityMarks:
+ google.cloud.securitycenter_v1.types.SecurityMarks:
User specified security marks that
are attached to the parent Security
Command Center resource. Security marks
diff --git a/google/cloud/securitycenter_v1/services/security_center/pagers.py b/google/cloud/securitycenter_v1/services/security_center/pagers.py
index 98a0cc03..e887de53 100644
--- a/google/cloud/securitycenter_v1/services/security_center/pagers.py
+++ b/google/cloud/securitycenter_v1/services/security_center/pagers.py
@@ -15,7 +15,16 @@
# limitations under the License.
#
-from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple
+from typing import (
+ Any,
+ AsyncIterable,
+ Awaitable,
+ Callable,
+ Iterable,
+ Sequence,
+ Tuple,
+ Optional,
+)
from google.cloud.securitycenter_v1.types import notification_config
from google.cloud.securitycenter_v1.types import securitycenter_service
@@ -26,7 +35,7 @@ class GroupAssetsPager:
"""A pager for iterating through ``group_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse` object, and
provides an ``__iter__`` method to iterate through its
``group_by_results`` field.
@@ -35,7 +44,7 @@ class GroupAssetsPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -53,9 +62,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1.types.GroupAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupAssetsResponse`):
+ response (google.cloud.securitycenter_v1.types.GroupAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -88,7 +97,7 @@ class GroupAssetsAsyncPager:
"""A pager for iterating through ``group_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``group_by_results`` field.
@@ -97,7 +106,7 @@ class GroupAssetsAsyncPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -115,9 +124,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1.types.GroupAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupAssetsResponse`):
+ response (google.cloud.securitycenter_v1.types.GroupAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -154,7 +163,7 @@ class GroupFindingsPager:
"""A pager for iterating through ``group_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse` object, and
provides an ``__iter__`` method to iterate through its
``group_by_results`` field.
@@ -163,7 +172,7 @@ class GroupFindingsPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -181,9 +190,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1.types.GroupFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupFindingsResponse`):
+ response (google.cloud.securitycenter_v1.types.GroupFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -216,7 +225,7 @@ class GroupFindingsAsyncPager:
"""A pager for iterating through ``group_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``group_by_results`` field.
@@ -225,7 +234,7 @@ class GroupFindingsAsyncPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -243,9 +252,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1.types.GroupFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupFindingsResponse`):
+ response (google.cloud.securitycenter_v1.types.GroupFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -284,7 +293,7 @@ class ListAssetsPager:
"""A pager for iterating through ``list_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse` object, and
provides an ``__iter__`` method to iterate through its
``list_assets_results`` field.
@@ -293,7 +302,7 @@ class ListAssetsPager:
through the ``list_assets_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -311,9 +320,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListAssetsResponse`):
+ response (google.cloud.securitycenter_v1.types.ListAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -348,7 +357,7 @@ class ListAssetsAsyncPager:
"""A pager for iterating through ``list_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``list_assets_results`` field.
@@ -357,7 +366,7 @@ class ListAssetsAsyncPager:
through the ``list_assets_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -375,9 +384,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListAssetsResponse`):
+ response (google.cloud.securitycenter_v1.types.ListAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -416,7 +425,7 @@ class ListFindingsPager:
"""A pager for iterating through ``list_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse` object, and
provides an ``__iter__`` method to iterate through its
``list_findings_results`` field.
@@ -425,7 +434,7 @@ class ListFindingsPager:
through the ``list_findings_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -443,9 +452,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListFindingsResponse`):
+ response (google.cloud.securitycenter_v1.types.ListFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -480,7 +489,7 @@ class ListFindingsAsyncPager:
"""A pager for iterating through ``list_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``list_findings_results`` field.
@@ -489,7 +498,7 @@ class ListFindingsAsyncPager:
through the ``list_findings_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -507,9 +516,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListFindingsResponse`):
+ response (google.cloud.securitycenter_v1.types.ListFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -548,7 +557,7 @@ class ListNotificationConfigsPager:
"""A pager for iterating through ``list_notification_configs`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse` object, and
provides an ``__iter__`` method to iterate through its
``notification_configs`` field.
@@ -557,7 +566,7 @@ class ListNotificationConfigsPager:
through the ``notification_configs`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -575,9 +584,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`):
+ response (google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -610,7 +619,7 @@ class ListNotificationConfigsAsyncPager:
"""A pager for iterating through ``list_notification_configs`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``notification_configs`` field.
@@ -619,7 +628,7 @@ class ListNotificationConfigsAsyncPager:
through the ``notification_configs`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -639,9 +648,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`):
+ response (google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -680,7 +689,7 @@ class ListSourcesPager:
"""A pager for iterating through ``list_sources`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListSourcesResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse` object, and
provides an ``__iter__`` method to iterate through its
``sources`` field.
@@ -689,7 +698,7 @@ class ListSourcesPager:
through the ``sources`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListSourcesResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -707,9 +716,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1.types.ListSourcesRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListSourcesResponse`):
+ response (google.cloud.securitycenter_v1.types.ListSourcesResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -742,7 +751,7 @@ class ListSourcesAsyncPager:
"""A pager for iterating through ``list_sources`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListSourcesResponse` object, and
+ :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse` object, and
provides an ``__aiter__`` method to iterate through its
``sources`` field.
@@ -751,7 +760,7 @@ class ListSourcesAsyncPager:
through the ``sources`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListSourcesResponse`
+ All the usual :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -769,9 +778,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1.types.ListSourcesRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListSourcesResponse`):
+ response (google.cloud.securitycenter_v1.types.ListSourcesResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1/services/security_center/transports/base.py
index 896b834a..82541447 100644
--- a/google/cloud/securitycenter_v1/services/security_center/transports/base.py
+++ b/google/cloud/securitycenter_v1/services/security_center/transports/base.py
@@ -23,7 +23,6 @@
from google.api_core import exceptions # type: ignore
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
-from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials # type: ignore
@@ -88,10 +87,10 @@ def __init__(
scope (Optional[Sequence[str]]): A list of scopes.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
@@ -99,6 +98,9 @@ def __init__(
host += ":443"
self._host = host
+ # Save the scopes.
+ self._scopes = scopes or self.AUTH_SCOPES
+
# If no credentials are provided, then determine the appropriate
# defaults.
if credentials and credentials_file:
@@ -108,20 +110,17 @@ def __init__(
if credentials_file is not None:
credentials, _ = auth.load_credentials_from_file(
- credentials_file, scopes=scopes, quota_project_id=quota_project_id
+ credentials_file, scopes=self._scopes, quota_project_id=quota_project_id
)
elif credentials is None:
credentials, _ = auth.default(
- scopes=scopes, quota_project_id=quota_project_id
+ scopes=self._scopes, quota_project_id=quota_project_id
)
# Save the credentials.
self._credentials = credentials
- # Lifted into its own function so it can be stubbed out during tests.
- self._prep_wrapped_messages(client_info)
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
@@ -150,6 +149,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -163,6 +163,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -176,6 +177,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -189,6 +191,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -202,6 +205,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -215,6 +219,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -228,6 +233,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -241,6 +247,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -254,6 +261,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -267,6 +275,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -289,6 +298,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py
index 8d8c03c3..59612c98 100644
--- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py
+++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py
@@ -75,6 +75,7 @@ def __init__(
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
@@ -105,6 +106,10 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
client_info (google.api_core.gapic_v1.client_info.ClientInfo):
@@ -119,72 +124,61 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+ self._operations_client = None
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -192,18 +186,8 @@ def __init__(
],
)
- self._stubs = {} # type: Dict[str, Callable]
- self._operations_client = None
-
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@classmethod
def create_channel(
@@ -217,7 +201,7 @@ def create_channel(
) -> grpc.Channel:
"""Create and return a gRPC channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py
index b44d5ce1..8c4e9bef 100644
--- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py
+++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py
@@ -79,7 +79,7 @@ def create_channel(
) -> aio.Channel:
"""Create and return a gRPC AsyncIO channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
@@ -119,6 +119,7 @@ def __init__(
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
@@ -150,12 +151,16 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
Raises:
@@ -164,72 +169,61 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+ self._operations_client = None
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -237,18 +231,8 @@ def __init__(
],
)
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
-
- self._stubs = {}
- self._operations_client = None
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@property
def grpc_channel(self) -> aio.Channel:
diff --git a/google/cloud/securitycenter_v1/types/__init__.py b/google/cloud/securitycenter_v1/types/__init__.py
index 1a1ebb24..0d3cb34a 100644
--- a/google/cloud/securitycenter_v1/types/__init__.py
+++ b/google/cloud/securitycenter_v1/types/__init__.py
@@ -15,15 +15,14 @@
# limitations under the License.
#
-from .security_marks import SecurityMarks
from .asset import Asset
from .finding import Finding
from .notification_config import NotificationConfig
-from .resource import Resource
from .notification_message import NotificationMessage
from .organization_settings import OrganizationSettings
+from .resource import Resource
from .run_asset_discovery_response import RunAssetDiscoveryResponse
-from .source import Source
+from .security_marks import SecurityMarks
from .securitycenter_service import (
CreateFindingRequest,
CreateNotificationConfigRequest,
@@ -37,33 +36,33 @@
GroupFindingsRequest,
GroupFindingsResponse,
GroupResult,
- ListNotificationConfigsRequest,
- ListNotificationConfigsResponse,
- ListSourcesRequest,
- ListSourcesResponse,
ListAssetsRequest,
ListAssetsResponse,
ListFindingsRequest,
ListFindingsResponse,
- SetFindingStateRequest,
+ ListNotificationConfigsRequest,
+ ListNotificationConfigsResponse,
+ ListSourcesRequest,
+ ListSourcesResponse,
RunAssetDiscoveryRequest,
+ SetFindingStateRequest,
UpdateFindingRequest,
UpdateNotificationConfigRequest,
UpdateOrganizationSettingsRequest,
- UpdateSourceRequest,
UpdateSecurityMarksRequest,
+ UpdateSourceRequest,
)
+from .source import Source
__all__ = (
- "SecurityMarks",
"Asset",
"Finding",
"NotificationConfig",
- "Resource",
"NotificationMessage",
"OrganizationSettings",
+ "Resource",
"RunAssetDiscoveryResponse",
- "Source",
+ "SecurityMarks",
"CreateFindingRequest",
"CreateNotificationConfigRequest",
"CreateSourceRequest",
@@ -76,19 +75,20 @@
"GroupFindingsRequest",
"GroupFindingsResponse",
"GroupResult",
- "ListNotificationConfigsRequest",
- "ListNotificationConfigsResponse",
- "ListSourcesRequest",
- "ListSourcesResponse",
"ListAssetsRequest",
"ListAssetsResponse",
"ListFindingsRequest",
"ListFindingsResponse",
- "SetFindingStateRequest",
+ "ListNotificationConfigsRequest",
+ "ListNotificationConfigsResponse",
+ "ListSourcesRequest",
+ "ListSourcesResponse",
"RunAssetDiscoveryRequest",
+ "SetFindingStateRequest",
"UpdateFindingRequest",
"UpdateNotificationConfigRequest",
"UpdateOrganizationSettingsRequest",
- "UpdateSourceRequest",
"UpdateSecurityMarksRequest",
+ "UpdateSourceRequest",
+ "Source",
)
diff --git a/google/cloud/securitycenter_v1/types/asset.py b/google/cloud/securitycenter_v1/types/asset.py
index d1992e53..7ec5e67c 100644
--- a/google/cloud/securitycenter_v1/types/asset.py
+++ b/google/cloud/securitycenter_v1/types/asset.py
@@ -44,26 +44,26 @@ class Asset(proto.Message):
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/assets/{asset_id}".
- security_center_properties (~.asset.Asset.SecurityCenterProperties):
+ security_center_properties (google.cloud.securitycenter_v1.types.Asset.SecurityCenterProperties):
Security Command Center managed properties.
These properties are managed by Security Command
Center and cannot be modified by the user.
- resource_properties (Sequence[~.asset.Asset.ResourcePropertiesEntry]):
+ resource_properties (Sequence[google.cloud.securitycenter_v1.types.Asset.ResourcePropertiesEntry]):
Resource managed properties. These properties
are managed and defined by the Google Cloud
resource and cannot be modified by the user.
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1.types.SecurityMarks):
User specified security marks. These marks
are entirely managed by the user and come from
the SecurityMarks resource that belongs to the
asset.
- create_time (~.timestamp.Timestamp):
+ create_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the asset was created in
Security Command Center.
- update_time (~.timestamp.Timestamp):
+ update_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the asset was last updated,
added, or deleted in Security Command Center.
- iam_policy (~.asset.Asset.IamPolicy):
+ iam_policy (google.cloud.securitycenter_v1.types.Asset.IamPolicy):
Cloud IAM Policy information associated with
the Google Cloud resource described by the
Security Command Center asset. This information
diff --git a/google/cloud/securitycenter_v1/types/finding.py b/google/cloud/securitycenter_v1/types/finding.py
index 5c5e3146..7fb6a109 100644
--- a/google/cloud/securitycenter_v1/types/finding.py
+++ b/google/cloud/securitycenter_v1/types/finding.py
@@ -55,7 +55,7 @@ class Finding(proto.Message):
When the finding is for a non-Google Cloud resource, the
resourceName can be a customer or partner defined string.
This field is immutable after creation time.
- state (~.finding.Finding.State):
+ state (google.cloud.securitycenter_v1.types.Finding.State):
The state of the finding.
category (str):
The additional taxonomy group within findings from a given
@@ -67,18 +67,18 @@ class Finding(proto.Message):
additional information about the finding can be
found. This field is guaranteed to be either
empty or a well formed URL.
- source_properties (Sequence[~.finding.Finding.SourcePropertiesEntry]):
+ source_properties (Sequence[google.cloud.securitycenter_v1.types.Finding.SourcePropertiesEntry]):
Source specific properties. These properties are managed by
the source that writes the finding. The key names in the
source_properties map must be between 1 and 255 characters,
and must start with a letter and contain alphanumeric
characters or underscores only.
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1.types.SecurityMarks):
Output only. User specified security marks.
These marks are entirely managed by the user and
come from the SecurityMarks resource that
belongs to the finding.
- event_time (~.timestamp.Timestamp):
+ event_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the event took place, or
when an update to the finding occurred. For
example, if the finding represents an open
@@ -87,10 +87,10 @@ class Finding(proto.Message):
is determined by the detector. If the finding
were to be resolved afterward, this time would
reflect when the finding was resolved.
- create_time (~.timestamp.Timestamp):
+ create_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the finding was created in
Security Command Center.
- severity (~.finding.Finding.Severity):
+ severity (google.cloud.securitycenter_v1.types.Finding.Severity):
The severity of the finding. This field is
managed by the source that writes the finding.
"""
diff --git a/google/cloud/securitycenter_v1/types/notification_config.py b/google/cloud/securitycenter_v1/types/notification_config.py
index 13cd5c90..d6876046 100644
--- a/google/cloud/securitycenter_v1/types/notification_config.py
+++ b/google/cloud/securitycenter_v1/types/notification_config.py
@@ -46,7 +46,7 @@ class NotificationConfig(proto.Message):
Output only. The service account that needs
"pubsub.topics.publish" permission to publish to
the Pub/Sub topic.
- streaming_config (~.notification_config.NotificationConfig.StreamingConfig):
+ streaming_config (google.cloud.securitycenter_v1.types.NotificationConfig.StreamingConfig):
The config for triggering streaming-based
notifications.
"""
diff --git a/google/cloud/securitycenter_v1/types/notification_message.py b/google/cloud/securitycenter_v1/types/notification_message.py
index c836cad9..c3a6436f 100644
--- a/google/cloud/securitycenter_v1/types/notification_message.py
+++ b/google/cloud/securitycenter_v1/types/notification_message.py
@@ -34,10 +34,10 @@ class NotificationMessage(proto.Message):
notification_config_name (str):
Name of the notification config that
generated current notification.
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1.types.Finding):
If it's a Finding based notification config,
this field will be populated.
- resource (~.gcs_resource.Resource):
+ resource (google.cloud.securitycenter_v1.types.Resource):
The Cloud resource tied to this
notification's Finding.
"""
diff --git a/google/cloud/securitycenter_v1/types/organization_settings.py b/google/cloud/securitycenter_v1/types/organization_settings.py
index ad4bc9f8..a1135a8d 100644
--- a/google/cloud/securitycenter_v1/types/organization_settings.py
+++ b/google/cloud/securitycenter_v1/types/organization_settings.py
@@ -38,7 +38,7 @@ class OrganizationSettings(proto.Message):
If the flag is set to ``true``, then discovery of assets
will occur. If it is set to \`false, all historical assets
will remain, but discovery of future assets will not occur.
- asset_discovery_config (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig):
+ asset_discovery_config (google.cloud.securitycenter_v1.types.OrganizationSettings.AssetDiscoveryConfig):
The configuration used for Asset Discovery
runs.
"""
@@ -50,7 +50,7 @@ class AssetDiscoveryConfig(proto.Message):
project_ids (Sequence[str]):
The project ids to use for filtering asset
discovery.
- inclusion_mode (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig.InclusionMode):
+ inclusion_mode (google.cloud.securitycenter_v1.types.OrganizationSettings.AssetDiscoveryConfig.InclusionMode):
The mode to use for filtering asset
discovery.
"""
diff --git a/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py
index eeed56ef..845adafd 100644
--- a/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py
+++ b/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py
@@ -30,9 +30,9 @@ class RunAssetDiscoveryResponse(proto.Message):
r"""Response of asset discovery run
Attributes:
- state (~.run_asset_discovery_response.RunAssetDiscoveryResponse.State):
+ state (google.cloud.securitycenter_v1.types.RunAssetDiscoveryResponse.State):
The state of an asset discovery run.
- duration (~.gp_duration.Duration):
+ duration (google.protobuf.duration_pb2.Duration):
The duration between asset discovery run
start and end
"""
diff --git a/google/cloud/securitycenter_v1/types/security_marks.py b/google/cloud/securitycenter_v1/types/security_marks.py
index 21bf0b0a..181d1d74 100644
--- a/google/cloud/securitycenter_v1/types/security_marks.py
+++ b/google/cloud/securitycenter_v1/types/security_marks.py
@@ -37,7 +37,7 @@ class SecurityMarks(proto.Message):
Examples:
"organizations/{organization_id}/assets/{asset_id}/securityMarks"
"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
- marks (Sequence[~.security_marks.SecurityMarks.MarksEntry]):
+ marks (Sequence[google.cloud.securitycenter_v1.types.SecurityMarks.MarksEntry]):
Mutable user specified security marks belonging to the
parent resource. Constraints are as follows:
diff --git a/google/cloud/securitycenter_v1/types/securitycenter_service.py b/google/cloud/securitycenter_v1/types/securitycenter_service.py
index 486003a5..9b80e842 100644
--- a/google/cloud/securitycenter_v1/types/securitycenter_service.py
+++ b/google/cloud/securitycenter_v1/types/securitycenter_service.py
@@ -82,7 +82,7 @@ class CreateFindingRequest(proto.Message):
alphanumeric and less than or equal to 32
characters and greater than 0 characters in
length.
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1.types.Finding):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output only
fields on this resource.
@@ -108,7 +108,7 @@ class CreateNotificationConfigRequest(proto.Message):
the parent scope. It must be between 1 and 128
characters, and contains alphanumeric
characters, underscores or hyphens only.
- notification_config (~.gcs_notification_config.NotificationConfig):
+ notification_config (google.cloud.securitycenter_v1.types.NotificationConfig):
Required. The notification config being
created. The name and the service account will
be ignored as they are both output only fields
@@ -131,7 +131,7 @@ class CreateSourceRequest(proto.Message):
parent (str):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
- source (~.gcs_source.Source):
+ source (google.cloud.securitycenter_v1.types.Source):
Required. The Source being created, only the display_name
and description will be used. All other fields will be
ignored.
@@ -303,7 +303,7 @@ class GroupAssetsRequest(proto.Message):
- security_center_properties.resource_type
- security_center_properties.resource_project_display_name
- security_center_properties.resource_parent_display_name
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the GroupResult's
"state_change" property is updated to indicate whether the
asset was added, removed, or remained present during the
@@ -335,7 +335,7 @@ class GroupAssetsRequest(proto.Message):
If this field is set then ``state_change`` must be a
specified field in ``group_by``.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
assets. The filter is limited to assets existing
at the supplied time and their values are those
@@ -371,13 +371,13 @@ class GroupAssetsResponse(proto.Message):
r"""Response message for grouping by assets.
Attributes:
- group_by_results (Sequence[~.securitycenter_service.GroupResult]):
+ group_by_results (Sequence[google.cloud.securitycenter_v1.types.GroupResult]):
Group results. There exists an element for
each existing unique combination of
property/values. The element contains a count
for the number of times those specific
property/values appear.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the groupBy request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -493,13 +493,13 @@ class GroupFindingsRequest(proto.Message):
set:
- state_change
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
findings. The filter is limited to findings
existing at the supplied time and their values
are those at that specific time. Absence of this
field will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the GroupResult's
"state_change" attribute is updated to indicate whether the
finding had its state changed, the finding's state remained
@@ -566,13 +566,13 @@ class GroupFindingsResponse(proto.Message):
r"""Response message for group by findings.
Attributes:
- group_by_results (Sequence[~.securitycenter_service.GroupResult]):
+ group_by_results (Sequence[google.cloud.securitycenter_v1.types.GroupResult]):
Group results. There exists an element for
each existing unique combination of
property/values. The element contains a count
for the number of times those specific
property/values appear.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the groupBy request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -602,7 +602,7 @@ class GroupResult(proto.Message):
request.
Attributes:
- properties (Sequence[~.securitycenter_service.GroupResult.PropertiesEntry]):
+ properties (Sequence[google.cloud.securitycenter_v1.types.GroupResult.PropertiesEntry]):
Properties matching the groupBy fields in the
request.
count (int):
@@ -646,7 +646,7 @@ class ListNotificationConfigsResponse(proto.Message):
r"""Response message for listing notification configs.
Attributes:
- notification_configs (Sequence[~.gcs_notification_config.NotificationConfig]):
+ notification_configs (Sequence[google.cloud.securitycenter_v1.types.NotificationConfig]):
Notification configs belonging to the
requested parent.
next_page_token (str):
@@ -694,7 +694,7 @@ class ListSourcesResponse(proto.Message):
r"""Response message for listing sources.
Attributes:
- sources (Sequence[~.gcs_source.Source]):
+ sources (Sequence[google.cloud.securitycenter_v1.types.Source]):
Sources belonging to the requested parent.
next_page_token (str):
Token to retrieve the next page of results,
@@ -821,13 +821,13 @@ class ListAssetsRequest(proto.Message):
security_center_properties.resource_project
security_center_properties.resource_project_display_name
security_center_properties.resource_type
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
assets. The filter is limited to assets existing
at the supplied time and their values are those
at that specific time. Absence of this field
will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the ListAssetsResult's
"state_change" attribute is updated to indicate whether the
asset was added, removed, or remained present during the
@@ -855,7 +855,7 @@ class ListAssetsRequest(proto.Message):
If compare_duration is not specified, then the only possible
state_change is "UNUSED", which will be the state_change set
for all assets present at read_time.
- field_mask (~.gp_field_mask.FieldMask):
+ field_mask (google.protobuf.field_mask_pb2.FieldMask):
A field mask to specify the ListAssetsResult
fields to be listed in the response.
An empty field mask will list all fields.
@@ -891,9 +891,9 @@ class ListAssetsResponse(proto.Message):
r"""Response message for listing assets.
Attributes:
- list_assets_results (Sequence[~.securitycenter_service.ListAssetsResponse.ListAssetsResult]):
+ list_assets_results (Sequence[google.cloud.securitycenter_v1.types.ListAssetsResponse.ListAssetsResult]):
Assets matching the list request.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the list request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -907,9 +907,9 @@ class ListAssetsResult(proto.Message):
r"""Result containing the Asset and its State.
Attributes:
- asset (~.gcs_asset.Asset):
+ asset (google.cloud.securitycenter_v1.types.Asset):
Asset matching the search request.
- state_change (~.securitycenter_service.ListAssetsResponse.ListAssetsResult.StateChange):
+ state_change (google.cloud.securitycenter_v1.types.ListAssetsResponse.ListAssetsResult.StateChange):
State change of the asset between the points
in time.
"""
@@ -1037,13 +1037,13 @@ class ListFindingsRequest(proto.Message):
The following fields are supported: name parent state
category resource_name event_time source_properties
security_marks.marks
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
findings. The filter is limited to findings
existing at the supplied time and their values
are those at that specific time. Absence of this
field will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the ListFindingsResult's
"state_change" attribute is updated to indicate whether the
finding had its state changed, the finding's state remained
@@ -1077,7 +1077,7 @@ class ListFindingsRequest(proto.Message):
If compare_duration is not specified, then the only possible
state_change is "UNUSED", which will be the state_change set
for all findings present at read_time.
- field_mask (~.gp_field_mask.FieldMask):
+ field_mask (google.protobuf.field_mask_pb2.FieldMask):
A field mask to specify the Finding fields to
be listed in the response. An empty field mask
will list all fields.
@@ -1113,9 +1113,9 @@ class ListFindingsResponse(proto.Message):
r"""Response message for listing findings.
Attributes:
- list_findings_results (Sequence[~.securitycenter_service.ListFindingsResponse.ListFindingsResult]):
+ list_findings_results (Sequence[google.cloud.securitycenter_v1.types.ListFindingsResponse.ListFindingsResult]):
Findings matching the list request.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the list request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -1129,12 +1129,12 @@ class ListFindingsResult(proto.Message):
r"""Result containing the Finding and its StateChange.
Attributes:
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1.types.Finding):
Finding matching the search request.
- state_change (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.StateChange):
+ state_change (google.cloud.securitycenter_v1.types.ListFindingsResponse.ListFindingsResult.StateChange):
State change of the finding between the
points in time.
- resource (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.Resource):
+ resource (google.cloud.securitycenter_v1.types.ListFindingsResponse.ListFindingsResult.Resource):
Output only. Resource that is associated with
this finding.
"""
@@ -1223,9 +1223,9 @@ class SetFindingStateRequest(proto.Message):
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
- state (~.gcs_finding.Finding.State):
+ state (google.cloud.securitycenter_v1.types.Finding.State):
Required. The desired State of the finding.
- start_time (~.timestamp.Timestamp):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
Required. The time at which the updated state
takes effect.
"""
@@ -1254,7 +1254,7 @@ class UpdateFindingRequest(proto.Message):
r"""Request message for updating or creating a finding.
Attributes:
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1.types.Finding):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -1262,7 +1262,7 @@ class UpdateFindingRequest(proto.Message):
In the case of creation, the finding id portion of the name
must be alphanumeric and less than or equal to 32 characters
and greater than 0 characters in length.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the finding resource.
This field should not be specified when creating a finding.
@@ -1281,9 +1281,9 @@ class UpdateNotificationConfigRequest(proto.Message):
r"""Request message for updating a notification config.
Attributes:
- notification_config (~.gcs_notification_config.NotificationConfig):
+ notification_config (google.cloud.securitycenter_v1.types.NotificationConfig):
Required. The notification config to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
notification config.
If empty all mutable fields will be updated.
@@ -1300,10 +1300,10 @@ class UpdateOrganizationSettingsRequest(proto.Message):
r"""Request message for updating an organization's settings.
Attributes:
- organization_settings (~.gcs_organization_settings.OrganizationSettings):
+ organization_settings (google.cloud.securitycenter_v1.types.OrganizationSettings):
Required. The organization settings resource
to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
settings resource.
@@ -1321,9 +1321,9 @@ class UpdateSourceRequest(proto.Message):
r"""Request message for updating a source.
Attributes:
- source (~.gcs_source.Source):
+ source (google.cloud.securitycenter_v1.types.Source):
Required. The source resource to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the source
resource.
If empty all mutable fields will be updated.
@@ -1338,17 +1338,17 @@ class UpdateSecurityMarksRequest(proto.Message):
r"""Request message for updating a SecurityMarks resource.
Attributes:
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1.types.SecurityMarks):
Required. The security marks resource to
update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the security marks
resource.
The field mask must not contain duplicate fields. If empty
or set to "marks", all marks will be replaced. Individual
marks can be updated using "marks.".
- start_time (~.timestamp.Timestamp):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the updated SecurityMarks
take effect. If not set uses current server
time. Updates will be applied to the
diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py b/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py
index c9dccb0d..14c5d94f 100644
--- a/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py
+++ b/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py
@@ -108,7 +108,36 @@ class SecurityCenterAsyncClient:
SecurityCenterClient.parse_common_location_path
)
- from_service_account_file = SecurityCenterClient.from_service_account_file
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterAsyncClient: The constructed client.
+ """
+ return SecurityCenterClient.from_service_account_info.__func__(SecurityCenterAsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterAsyncClient: The constructed client.
+ """
+ return SecurityCenterClient.from_service_account_file.__func__(SecurityCenterAsyncClient, filename, *args, **kwargs) # type: ignore
+
from_service_account_json = from_service_account_file
@property
@@ -185,19 +214,21 @@ async def create_source(
r"""Creates a source.
Args:
- request (:class:`~.securitycenter_service.CreateSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.CreateSourceRequest`):
The request object. Request message for creating a
source.
parent (:class:`str`):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- source (:class:`~.gcs_source.Source`):
+ source (:class:`google.cloud.securitycenter_v1beta1.types.Source`):
Required. The Source being created, only the
display_name and description will be used. All other
fields will be ignored.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -209,7 +240,7 @@ async def create_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -273,13 +304,14 @@ async def create_finding(
exist for finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.CreateFindingRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.CreateFindingRequest`):
The request object. Request message for creating a
finding.
parent (:class:`str`):
Required. Resource name of the new finding's parent. Its
format should be
"organizations/[organization_id]/sources/[source_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -289,13 +321,15 @@ async def create_finding(
It must be alphanumeric and less than or
equal to 32 characters and greater than
0 characters in length.
+
This corresponds to the ``finding_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (:class:`google.cloud.securitycenter_v1beta1.types.Finding`):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output
only fields on this resource.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -307,7 +341,7 @@ async def create_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -374,7 +408,7 @@ async def get_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.GetIamPolicyRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`):
The request object. Request message for `GetIamPolicy`
method.
resource (:class:`str`):
@@ -382,6 +416,7 @@ async def get_iam_policy(
policy is being requested. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -393,72 +428,62 @@ async def get_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -490,6 +515,7 @@ async def get_iam_policy(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -519,13 +545,14 @@ async def get_organization_settings(
r"""Gets the settings for an organization.
Args:
- request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.GetOrganizationSettingsRequest`):
The request object. Request message for getting
organization settings.
name (:class:`str`):
Required. Name of the organization to get organization
settings for. Its format is
"organizations/[organization_id]/organizationSettings".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -537,7 +564,7 @@ async def get_organization_settings(
sent along with the request as metadata.
Returns:
- ~.organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -572,6 +599,7 @@ async def get_organization_settings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -601,13 +629,14 @@ async def get_source(
r"""Gets a source.
Args:
- request (:class:`~.securitycenter_service.GetSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.GetSourceRequest`):
The request object. Request message for getting a
source.
name (:class:`str`):
Required. Relative resource name of the source. Its
format is
"organizations/[organization_id]/source/[source_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -619,7 +648,7 @@ async def get_source(
sent along with the request as metadata.
Returns:
- ~.source.Source:
+ google.cloud.securitycenter_v1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -657,6 +686,7 @@ async def get_source(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -686,7 +716,7 @@ async def group_assets(
their specified properties.
Args:
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest`):
The request object. Request message for grouping by
assets.
@@ -697,7 +727,7 @@ async def group_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupAssetsAsyncPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupAssetsAsyncPager:
Response message for grouping by
assets.
Iterating over this object will yield
@@ -720,6 +750,7 @@ async def group_assets(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -761,7 +792,7 @@ async def group_findings(
/v1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest`):
The request object. Request message for grouping by
findings.
parent (:class:`str`):
@@ -770,6 +801,7 @@ async def group_findings(
To groupBy across all sources provide a source_id of
``-``. For example:
organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -784,7 +816,7 @@ async def group_findings(
- resource_name
- category
- state
- - parent
+ - parent
This corresponds to the ``group_by`` field
on the ``request`` instance; if ``request`` is provided, this
@@ -797,7 +829,7 @@ async def group_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupFindingsAsyncPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupFindingsAsyncPager:
Response message for group by
findings.
Iterating over this object will yield
@@ -836,6 +868,7 @@ async def group_findings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -870,7 +903,7 @@ async def list_assets(
r"""Lists an organization's assets.
Args:
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.ListAssetsRequest`):
The request object. Request message for listing assets.
retry (google.api_core.retry.Retry): Designation of what errors, if any,
@@ -880,7 +913,7 @@ async def list_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.ListAssetsAsyncPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListAssetsAsyncPager:
Response message for listing assets.
Iterating over this object will yield
results and resolve additional pages
@@ -902,6 +935,7 @@ async def list_assets(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -940,7 +974,7 @@ async def list_findings(
/v1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.ListFindingsRequest`):
The request object. Request message for listing
findings.
@@ -951,7 +985,7 @@ async def list_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.ListFindingsAsyncPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListFindingsAsyncPager:
Response message for listing
findings.
Iterating over this object will yield
@@ -974,6 +1008,7 @@ async def list_findings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1009,12 +1044,13 @@ async def list_sources(
r"""Lists all sources belonging to an organization.
Args:
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.ListSourcesRequest`):
The request object. Request message for listing sources.
parent (:class:`str`):
Required. Resource name of the parent of sources to
list. Its format should be
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1026,7 +1062,7 @@ async def list_sources(
sent along with the request as metadata.
Returns:
- ~.pagers.ListSourcesAsyncPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListSourcesAsyncPager:
Response message for listing sources.
Iterating over this object will yield
results and resolve additional pages
@@ -1062,6 +1098,7 @@ async def list_sources(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1102,13 +1139,14 @@ async def run_asset_discovery(
receive a TOO_MANY_REQUESTS error.
Args:
- request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.RunAssetDiscoveryRequest`):
The request object. Request message for running asset
discovery for an organization.
parent (:class:`str`):
Required. Name of the organization to run asset
discovery for. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1120,24 +1158,22 @@ async def run_asset_discovery(
sent along with the request as metadata.
Returns:
- ~.operation_async.AsyncOperation:
+ google.api_core.operation_async.AsyncOperation:
An object representing a long-running operation.
- The result type for the operation will be
- :class:``~.empty.Empty``: A generic empty message that
- you can re-use to avoid defining duplicated empty
- messages in your APIs. A typical example is to use it as
- the request or the response type of an API method. For
- instance:
+ The result type for the operation will be :class:`google.protobuf.empty_pb2.Empty` A generic empty message that you can re-use to avoid defining duplicated
+ empty messages in your APIs. A typical example is to
+ use it as the request or the response type of an API
+ method. For instance:
- ::
+ service Foo {
+ rpc Bar(google.protobuf.Empty) returns
+ (google.protobuf.Empty);
- service Foo {
- rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
- }
+ }
- The JSON representation for ``Empty`` is empty JSON
- object ``{}``.
+ The JSON representation for Empty is empty JSON
+ object {}.
"""
# Create or coerce a protobuf request object.
@@ -1200,7 +1236,7 @@ async def set_finding_state(
r"""Updates the state of a finding.
Args:
- request (:class:`~.securitycenter_service.SetFindingStateRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.SetFindingStateRequest`):
The request object. Request message for updating a
finding's state.
name (:class:`str`):
@@ -1209,18 +1245,21 @@ async def set_finding_state(
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- state (:class:`~.finding.Finding.State`):
+ state (:class:`google.cloud.securitycenter_v1beta1.types.Finding.State`):
Required. The desired State of the
finding.
+
This corresponds to the ``state`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- start_time (:class:`~.timestamp.Timestamp`):
+ start_time (:class:`google.protobuf.timestamp_pb2.Timestamp`):
Required. The time at which the
updated state takes effect.
+
This corresponds to the ``start_time`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1232,7 +1271,7 @@ async def set_finding_state(
sent along with the request as metadata.
Returns:
- ~.finding.Finding:
+ google.cloud.securitycenter_v1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -1299,7 +1338,7 @@ async def set_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.SetIamPolicyRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`):
The request object. Request message for `SetIamPolicy`
method.
resource (:class:`str`):
@@ -1307,6 +1346,7 @@ async def set_iam_policy(
policy is being specified. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1318,72 +1358,62 @@ async def set_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -1438,7 +1468,7 @@ async def test_iam_permissions(
specified source.
Args:
- request (:class:`~.iam_policy.TestIamPermissionsRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`):
The request object. Request message for
`TestIamPermissions` method.
resource (:class:`str`):
@@ -1446,6 +1476,7 @@ async def test_iam_permissions(
policy detail is being requested. See
the operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1454,6 +1485,7 @@ async def test_iam_permissions(
Permissions with wildcards (such as '*' or 'storage.*')
are not allowed. For more information see `IAM
Overview `__.
+
This corresponds to the ``permissions`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1465,8 +1497,8 @@ async def test_iam_permissions(
sent along with the request as metadata.
Returns:
- ~.iam_policy.TestIamPermissionsResponse:
- Response message for ``TestIamPermissions`` method.
+ google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
+ Response message for TestIamPermissions method.
"""
# Create or coerce a protobuf request object.
# Sanity check: If we got a request object, we should *not* have
@@ -1499,6 +1531,7 @@ async def test_iam_permissions(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1529,10 +1562,10 @@ async def update_finding(
source must exist for a finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.UpdateFindingRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateFindingRequest`):
The request object. Request message for updating or
creating a finding.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (:class:`google.cloud.securitycenter_v1beta1.types.Finding`):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -1540,6 +1573,7 @@ async def update_finding(
In the case of creation, the finding id portion of the
name must alphanumeric and less than or equal to 32
characters and greater than 0 characters in length.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1551,7 +1585,7 @@ async def update_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -1615,12 +1649,13 @@ async def update_organization_settings(
r"""Updates an organization's settings.
Args:
- request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateOrganizationSettingsRequest`):
The request object. Request message for updating an
organization's settings.
- organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`):
+ organization_settings (:class:`google.cloud.securitycenter_v1beta1.types.OrganizationSettings`):
Required. The organization settings
resource to update.
+
This corresponds to the ``organization_settings`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1632,7 +1667,7 @@ async def update_organization_settings(
sent along with the request as metadata.
Returns:
- ~.gcs_organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -1690,12 +1725,13 @@ async def update_source(
r"""Updates a source.
Args:
- request (:class:`~.securitycenter_service.UpdateSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateSourceRequest`):
The request object. Request message for updating a
source.
- source (:class:`~.gcs_source.Source`):
+ source (:class:`google.cloud.securitycenter_v1beta1.types.Source`):
Required. The source resource to
update.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1707,7 +1743,7 @@ async def update_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -1768,12 +1804,13 @@ async def update_security_marks(
r"""Updates security marks.
Args:
- request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`):
+ request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateSecurityMarksRequest`):
The request object. Request message for updating a
SecurityMarks resource.
- security_marks (:class:`~.gcs_security_marks.SecurityMarks`):
+ security_marks (:class:`google.cloud.securitycenter_v1beta1.types.SecurityMarks`):
Required. The security marks resource
to update.
+
This corresponds to the ``security_marks`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1785,7 +1822,7 @@ async def update_security_marks(
sent along with the request as metadata.
Returns:
- ~.gcs_security_marks.SecurityMarks:
+ google.cloud.securitycenter_v1beta1.types.SecurityMarks:
User specified security marks that
are attached to the parent Security
Command Center resource. Security marks
diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/client.py b/google/cloud/securitycenter_v1beta1/services/security_center/client.py
index a27f307b..73dd2f2a 100644
--- a/google/cloud/securitycenter_v1beta1/services/security_center/client.py
+++ b/google/cloud/securitycenter_v1beta1/services/security_center/client.py
@@ -128,6 +128,22 @@ def _get_default_mtls_endpoint(api_endpoint):
DEFAULT_ENDPOINT
)
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterClient: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_info(info)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
@classmethod
def from_service_account_file(cls, filename: str, *args, **kwargs):
"""Creates an instance of this client using the provided credentials
@@ -140,7 +156,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs):
kwargs: Additional arguments to pass to the constructor.
Returns:
- {@api.name}: The constructed client.
+ SecurityCenterClient: The constructed client.
"""
credentials = service_account.Credentials.from_service_account_file(filename)
kwargs["credentials"] = credentials
@@ -309,10 +325,10 @@ def __init__(
credentials identify the application to the service; if none
are specified, the client will attempt to ascertain the
credentials from the environment.
- transport (Union[str, ~.SecurityCenterTransport]): The
+ transport (Union[str, SecurityCenterTransport]): The
transport to use. If set to None, a transport is chosen
automatically.
- client_options (client_options_lib.ClientOptions): Custom options for the
+ client_options (google.api_core.client_options.ClientOptions): Custom options for the
client. It won't take effect if a ``transport`` instance is provided.
(1) The ``api_endpoint`` property can be used to override the
default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
@@ -348,21 +364,17 @@ def __init__(
util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
)
- ssl_credentials = None
+ client_cert_source_func = None
is_mtls = False
if use_client_cert:
if client_options.client_cert_source:
- import grpc # type: ignore
-
- cert, key = client_options.client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
else:
- creds = SslCredentials()
- is_mtls = creds.is_mtls
- ssl_credentials = creds.ssl_credentials if is_mtls else None
+ is_mtls = mtls.has_default_client_cert_source()
+ client_cert_source_func = (
+ mtls.default_client_cert_source() if is_mtls else None
+ )
# Figure out which api endpoint to use.
if client_options.api_endpoint is not None:
@@ -405,7 +417,7 @@ def __init__(
credentials_file=client_options.credentials_file,
host=api_endpoint,
scopes=client_options.scopes,
- ssl_channel_credentials=ssl_credentials,
+ client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
)
@@ -423,19 +435,21 @@ def create_source(
r"""Creates a source.
Args:
- request (:class:`~.securitycenter_service.CreateSourceRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.CreateSourceRequest):
The request object. Request message for creating a
source.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- source (:class:`~.gcs_source.Source`):
+ source (google.cloud.securitycenter_v1beta1.types.Source):
Required. The Source being created, only the
display_name and description will be used. All other
fields will be ignored.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -447,7 +461,7 @@ def create_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -512,29 +526,32 @@ def create_finding(
exist for finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.CreateFindingRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.CreateFindingRequest):
The request object. Request message for creating a
finding.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new finding's parent. Its
format should be
"organizations/[organization_id]/sources/[source_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding_id (:class:`str`):
+ finding_id (str):
Required. Unique identifier provided
by the client within the parent scope.
It must be alphanumeric and less than or
equal to 32 characters and greater than
0 characters in length.
+
This corresponds to the ``finding_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (google.cloud.securitycenter_v1beta1.types.Finding):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output
only fields on this resource.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -546,7 +563,7 @@ def create_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -614,14 +631,15 @@ def get_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.GetIamPolicyRequest`):
+ request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest):
The request object. Request message for `GetIamPolicy`
method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy is being requested. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -633,72 +651,62 @@ def get_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -711,13 +719,16 @@ def get_iam_policy(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.GetIamPolicyRequest(**request)
-
elif not request:
- request = iam_policy.GetIamPolicyRequest(resource=resource,)
+ # Null request, just make one.
+ request = iam_policy.GetIamPolicyRequest()
+
+ if resource is not None:
+ request.resource = resource
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -747,13 +758,14 @@ def get_organization_settings(
r"""Gets the settings for an organization.
Args:
- request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GetOrganizationSettingsRequest):
The request object. Request message for getting
organization settings.
- name (:class:`str`):
+ name (str):
Required. Name of the organization to get organization
settings for. Its format is
"organizations/[organization_id]/organizationSettings".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -765,7 +777,7 @@ def get_organization_settings(
sent along with the request as metadata.
Returns:
- ~.organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -826,13 +838,14 @@ def get_source(
r"""Gets a source.
Args:
- request (:class:`~.securitycenter_service.GetSourceRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GetSourceRequest):
The request object. Request message for getting a
source.
- name (:class:`str`):
+ name (str):
Required. Relative resource name of the source. Its
format is
"organizations/[organization_id]/source/[source_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -844,7 +857,7 @@ def get_source(
sent along with the request as metadata.
Returns:
- ~.source.Source:
+ google.cloud.securitycenter_v1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -904,7 +917,7 @@ def group_assets(
their specified properties.
Args:
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest):
The request object. Request message for grouping by
assets.
@@ -915,7 +928,7 @@ def group_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupAssetsPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupAssetsPager:
Response message for grouping by
assets.
Iterating over this object will yield
@@ -972,19 +985,20 @@ def group_findings(
/v1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest):
The request object. Request message for grouping by
findings.
- parent (:class:`str`):
+ parent (str):
Required. Name of the source to groupBy. Its format is
"organizations/[organization_id]/sources/[source_id]".
To groupBy across all sources provide a source_id of
``-``. For example:
organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- group_by (:class:`str`):
+ group_by (str):
Required. Expression that defines what assets fields to
use for grouping (including ``state``). The string value
should follow SQL syntax: comma separated list of
@@ -995,7 +1009,7 @@ def group_findings(
- resource_name
- category
- state
- - parent
+ - parent
This corresponds to the ``group_by`` field
on the ``request`` instance; if ``request`` is provided, this
@@ -1008,7 +1022,7 @@ def group_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupFindingsPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupFindingsPager:
Response message for group by
findings.
Iterating over this object will yield
@@ -1074,7 +1088,7 @@ def list_assets(
r"""Lists an organization's assets.
Args:
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListAssetsRequest):
The request object. Request message for listing assets.
retry (google.api_core.retry.Retry): Designation of what errors, if any,
@@ -1084,7 +1098,7 @@ def list_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.ListAssetsPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListAssetsPager:
Response message for listing assets.
Iterating over this object will yield
results and resolve additional pages
@@ -1137,7 +1151,7 @@ def list_findings(
/v1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListFindingsRequest):
The request object. Request message for listing
findings.
@@ -1148,7 +1162,7 @@ def list_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.ListFindingsPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListFindingsPager:
Response message for listing
findings.
Iterating over this object will yield
@@ -1199,12 +1213,13 @@ def list_sources(
r"""Lists all sources belonging to an organization.
Args:
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListSourcesRequest):
The request object. Request message for listing sources.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the parent of sources to
list. Its format should be
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1216,7 +1231,7 @@ def list_sources(
sent along with the request as metadata.
Returns:
- ~.pagers.ListSourcesPager:
+ google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListSourcesPager:
Response message for listing sources.
Iterating over this object will yield
results and resolve additional pages
@@ -1285,13 +1300,14 @@ def run_asset_discovery(
receive a TOO_MANY_REQUESTS error.
Args:
- request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.RunAssetDiscoveryRequest):
The request object. Request message for running asset
discovery for an organization.
- parent (:class:`str`):
+ parent (str):
Required. Name of the organization to run asset
discovery for. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1303,24 +1319,22 @@ def run_asset_discovery(
sent along with the request as metadata.
Returns:
- ~.operation.Operation:
+ google.api_core.operation.Operation:
An object representing a long-running operation.
- The result type for the operation will be
- :class:``~.empty.Empty``: A generic empty message that
- you can re-use to avoid defining duplicated empty
- messages in your APIs. A typical example is to use it as
- the request or the response type of an API method. For
- instance:
+ The result type for the operation will be :class:`google.protobuf.empty_pb2.Empty` A generic empty message that you can re-use to avoid defining duplicated
+ empty messages in your APIs. A typical example is to
+ use it as the request or the response type of an API
+ method. For instance:
- ::
+ service Foo {
+ rpc Bar(google.protobuf.Empty) returns
+ (google.protobuf.Empty);
- service Foo {
- rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
- }
+ }
- The JSON representation for ``Empty`` is empty JSON
- object ``{}``.
+ The JSON representation for Empty is empty JSON
+ object {}.
"""
# Create or coerce a protobuf request object.
@@ -1384,27 +1398,30 @@ def set_finding_state(
r"""Updates the state of a finding.
Args:
- request (:class:`~.securitycenter_service.SetFindingStateRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.SetFindingStateRequest):
The request object. Request message for updating a
finding's state.
- name (:class:`str`):
+ name (str):
Required. The relative resource name of the finding.
See:
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- state (:class:`~.finding.Finding.State`):
+ state (google.cloud.securitycenter_v1beta1.types.Finding.State):
Required. The desired State of the
finding.
+
This corresponds to the ``state`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- start_time (:class:`~.timestamp.Timestamp`):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
Required. The time at which the
updated state takes effect.
+
This corresponds to the ``start_time`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1416,7 +1433,7 @@ def set_finding_state(
sent along with the request as metadata.
Returns:
- ~.finding.Finding:
+ google.cloud.securitycenter_v1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -1484,14 +1501,15 @@ def set_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.SetIamPolicyRequest`):
+ request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest):
The request object. Request message for `SetIamPolicy`
method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy is being specified. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1503,72 +1521,62 @@ def set_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -1581,13 +1589,16 @@ def set_iam_policy(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.SetIamPolicyRequest(**request)
-
elif not request:
- request = iam_policy.SetIamPolicyRequest(resource=resource,)
+ # Null request, just make one.
+ request = iam_policy.SetIamPolicyRequest()
+
+ if resource is not None:
+ request.resource = resource
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -1619,22 +1630,24 @@ def test_iam_permissions(
specified source.
Args:
- request (:class:`~.iam_policy.TestIamPermissionsRequest`):
+ request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest):
The request object. Request message for
`TestIamPermissions` method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy detail is being requested. See
the operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- permissions (:class:`Sequence[str]`):
+ permissions (Sequence[str]):
The set of permissions to check for the ``resource``.
Permissions with wildcards (such as '*' or 'storage.*')
are not allowed. For more information see `IAM
Overview `__.
+
This corresponds to the ``permissions`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1646,8 +1659,8 @@ def test_iam_permissions(
sent along with the request as metadata.
Returns:
- ~.iam_policy.TestIamPermissionsResponse:
- Response message for ``TestIamPermissions`` method.
+ google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
+ Response message for TestIamPermissions method.
"""
# Create or coerce a protobuf request object.
# Sanity check: If we got a request object, we should *not* have
@@ -1659,15 +1672,19 @@ def test_iam_permissions(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.TestIamPermissionsRequest(**request)
-
elif not request:
- request = iam_policy.TestIamPermissionsRequest(
- resource=resource, permissions=permissions,
- )
+ # Null request, just make one.
+ request = iam_policy.TestIamPermissionsRequest()
+
+ if resource is not None:
+ request.resource = resource
+
+ if permissions:
+ request.permissions.extend(permissions)
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -1698,10 +1715,10 @@ def update_finding(
source must exist for a finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.UpdateFindingRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.UpdateFindingRequest):
The request object. Request message for updating or
creating a finding.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (google.cloud.securitycenter_v1beta1.types.Finding):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -1709,6 +1726,7 @@ def update_finding(
In the case of creation, the finding id portion of the
name must alphanumeric and less than or equal to 32
characters and greater than 0 characters in length.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1720,7 +1738,7 @@ def update_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -1785,12 +1803,13 @@ def update_organization_settings(
r"""Updates an organization's settings.
Args:
- request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.UpdateOrganizationSettingsRequest):
The request object. Request message for updating an
organization's settings.
- organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`):
+ organization_settings (google.cloud.securitycenter_v1beta1.types.OrganizationSettings):
Required. The organization settings
resource to update.
+
This corresponds to the ``organization_settings`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1802,7 +1821,7 @@ def update_organization_settings(
sent along with the request as metadata.
Returns:
- ~.gcs_organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -1865,12 +1884,13 @@ def update_source(
r"""Updates a source.
Args:
- request (:class:`~.securitycenter_service.UpdateSourceRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.UpdateSourceRequest):
The request object. Request message for updating a
source.
- source (:class:`~.gcs_source.Source`):
+ source (google.cloud.securitycenter_v1beta1.types.Source):
Required. The source resource to
update.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1882,7 +1902,7 @@ def update_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -1944,12 +1964,13 @@ def update_security_marks(
r"""Updates security marks.
Args:
- request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.UpdateSecurityMarksRequest):
The request object. Request message for updating a
SecurityMarks resource.
- security_marks (:class:`~.gcs_security_marks.SecurityMarks`):
+ security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks):
Required. The security marks resource
to update.
+
This corresponds to the ``security_marks`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1961,7 +1982,7 @@ def update_security_marks(
sent along with the request as metadata.
Returns:
- ~.gcs_security_marks.SecurityMarks:
+ google.cloud.securitycenter_v1beta1.types.SecurityMarks:
User specified security marks that
are attached to the parent Security
Command Center resource. Security marks
diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py b/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py
index 64ef79bd..a3a18cc4 100644
--- a/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py
+++ b/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py
@@ -15,7 +15,16 @@
# limitations under the License.
#
-from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple
+from typing import (
+ Any,
+ AsyncIterable,
+ Awaitable,
+ Callable,
+ Iterable,
+ Sequence,
+ Tuple,
+ Optional,
+)
from google.cloud.securitycenter_v1beta1.types import finding
from google.cloud.securitycenter_v1beta1.types import securitycenter_service
@@ -26,7 +35,7 @@ class GroupAssetsPager:
"""A pager for iterating through ``group_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse` object, and
provides an ``__iter__`` method to iterate through its
``group_by_results`` field.
@@ -35,7 +44,7 @@ class GroupAssetsPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -53,9 +62,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupAssetsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -88,7 +97,7 @@ class GroupAssetsAsyncPager:
"""A pager for iterating through ``group_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``group_by_results`` field.
@@ -97,7 +106,7 @@ class GroupAssetsAsyncPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -115,9 +124,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupAssetsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -154,7 +163,7 @@ class GroupFindingsPager:
"""A pager for iterating through ``group_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse` object, and
provides an ``__iter__`` method to iterate through its
``group_by_results`` field.
@@ -163,7 +172,7 @@ class GroupFindingsPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -181,9 +190,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupFindingsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -216,7 +225,7 @@ class GroupFindingsAsyncPager:
"""A pager for iterating through ``group_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``group_by_results`` field.
@@ -225,7 +234,7 @@ class GroupFindingsAsyncPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -243,9 +252,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupFindingsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -284,7 +293,7 @@ class ListAssetsPager:
"""A pager for iterating through ``list_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse` object, and
provides an ``__iter__`` method to iterate through its
``list_assets_results`` field.
@@ -293,7 +302,7 @@ class ListAssetsPager:
through the ``list_assets_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -311,9 +320,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListAssetsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.ListAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -348,7 +357,7 @@ class ListAssetsAsyncPager:
"""A pager for iterating through ``list_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``list_assets_results`` field.
@@ -357,7 +366,7 @@ class ListAssetsAsyncPager:
through the ``list_assets_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -375,9 +384,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListAssetsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.ListAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -416,7 +425,7 @@ class ListFindingsPager:
"""A pager for iterating through ``list_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse` object, and
provides an ``__iter__`` method to iterate through its
``findings`` field.
@@ -425,7 +434,7 @@ class ListFindingsPager:
through the ``findings`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -443,9 +452,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListFindingsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.ListFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -478,7 +487,7 @@ class ListFindingsAsyncPager:
"""A pager for iterating through ``list_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``findings`` field.
@@ -487,7 +496,7 @@ class ListFindingsAsyncPager:
through the ``findings`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -505,9 +514,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListFindingsResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.ListFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -544,7 +553,7 @@ class ListSourcesPager:
"""A pager for iterating through ``list_sources`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListSourcesResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse` object, and
provides an ``__iter__`` method to iterate through its
``sources`` field.
@@ -553,7 +562,7 @@ class ListSourcesPager:
through the ``sources`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListSourcesResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -571,9 +580,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListSourcesRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListSourcesResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.ListSourcesResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -606,7 +615,7 @@ class ListSourcesAsyncPager:
"""A pager for iterating through ``list_sources`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListSourcesResponse` object, and
+ :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse` object, and
provides an ``__aiter__`` method to iterate through its
``sources`` field.
@@ -615,7 +624,7 @@ class ListSourcesAsyncPager:
through the ``sources`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListSourcesResponse`
+ All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -633,9 +642,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1beta1.types.ListSourcesRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListSourcesResponse`):
+ response (google.cloud.securitycenter_v1beta1.types.ListSourcesResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py
index df35096b..3a22dfc9 100644
--- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py
+++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py
@@ -23,7 +23,6 @@
from google.api_core import exceptions # type: ignore
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
-from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials # type: ignore
@@ -85,10 +84,10 @@ def __init__(
scope (Optional[Sequence[str]]): A list of scopes.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
@@ -96,6 +95,9 @@ def __init__(
host += ":443"
self._host = host
+ # Save the scopes.
+ self._scopes = scopes or self.AUTH_SCOPES
+
# If no credentials are provided, then determine the appropriate
# defaults.
if credentials and credentials_file:
@@ -105,20 +107,17 @@ def __init__(
if credentials_file is not None:
credentials, _ = auth.load_credentials_from_file(
- credentials_file, scopes=scopes, quota_project_id=quota_project_id
+ credentials_file, scopes=self._scopes, quota_project_id=quota_project_id
)
elif credentials is None:
credentials, _ = auth.default(
- scopes=scopes, quota_project_id=quota_project_id
+ scopes=self._scopes, quota_project_id=quota_project_id
)
# Save the credentials.
self._credentials = credentials
- # Lifted into its own function so it can be stubbed out during tests.
- self._prep_wrapped_messages(client_info)
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
@@ -137,6 +136,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -150,6 +150,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -163,6 +164,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -176,6 +178,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -189,6 +192,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -202,6 +206,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -215,6 +220,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -228,6 +234,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -250,6 +257,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py
index a7447d0b..2bcfb198 100644
--- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py
+++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py
@@ -72,6 +72,7 @@ def __init__(
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
@@ -102,6 +103,10 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
client_info (google.api_core.gapic_v1.client_info.ClientInfo):
@@ -116,72 +121,61 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+ self._operations_client = None
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -189,18 +183,8 @@ def __init__(
],
)
- self._stubs = {} # type: Dict[str, Callable]
- self._operations_client = None
-
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@classmethod
def create_channel(
@@ -214,7 +198,7 @@ def create_channel(
) -> grpc.Channel:
"""Create and return a gRPC channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py
index 2a2d3551..f401d887 100644
--- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py
+++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py
@@ -76,7 +76,7 @@ def create_channel(
) -> aio.Channel:
"""Create and return a gRPC AsyncIO channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
@@ -116,6 +116,7 @@ def __init__(
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
@@ -147,12 +148,16 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
Raises:
@@ -161,72 +166,61 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+ self._operations_client = None
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -234,18 +228,8 @@ def __init__(
],
)
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
-
- self._stubs = {}
- self._operations_client = None
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@property
def grpc_channel(self) -> aio.Channel:
diff --git a/google/cloud/securitycenter_v1beta1/types/__init__.py b/google/cloud/securitycenter_v1beta1/types/__init__.py
index 11c4424f..1f373080 100644
--- a/google/cloud/securitycenter_v1beta1/types/__init__.py
+++ b/google/cloud/securitycenter_v1beta1/types/__init__.py
@@ -15,12 +15,11 @@
# limitations under the License.
#
-from .security_marks import SecurityMarks
from .asset import Asset
from .finding import Finding
from .organization_settings import OrganizationSettings
from .run_asset_discovery_response import RunAssetDiscoveryResponse
-from .source import Source
+from .security_marks import SecurityMarks
from .securitycenter_service import (
CreateFindingRequest,
CreateSourceRequest,
@@ -31,27 +30,27 @@
GroupFindingsRequest,
GroupFindingsResponse,
GroupResult,
- ListSourcesRequest,
- ListSourcesResponse,
ListAssetsRequest,
ListAssetsResponse,
ListFindingsRequest,
ListFindingsResponse,
- SetFindingStateRequest,
+ ListSourcesRequest,
+ ListSourcesResponse,
RunAssetDiscoveryRequest,
+ SetFindingStateRequest,
UpdateFindingRequest,
UpdateOrganizationSettingsRequest,
- UpdateSourceRequest,
UpdateSecurityMarksRequest,
+ UpdateSourceRequest,
)
+from .source import Source
__all__ = (
- "SecurityMarks",
"Asset",
"Finding",
"OrganizationSettings",
"RunAssetDiscoveryResponse",
- "Source",
+ "SecurityMarks",
"CreateFindingRequest",
"CreateSourceRequest",
"GetOrganizationSettingsRequest",
@@ -61,16 +60,17 @@
"GroupFindingsRequest",
"GroupFindingsResponse",
"GroupResult",
- "ListSourcesRequest",
- "ListSourcesResponse",
"ListAssetsRequest",
"ListAssetsResponse",
"ListFindingsRequest",
"ListFindingsResponse",
- "SetFindingStateRequest",
+ "ListSourcesRequest",
+ "ListSourcesResponse",
"RunAssetDiscoveryRequest",
+ "SetFindingStateRequest",
"UpdateFindingRequest",
"UpdateOrganizationSettingsRequest",
- "UpdateSourceRequest",
"UpdateSecurityMarksRequest",
+ "UpdateSourceRequest",
+ "Source",
)
diff --git a/google/cloud/securitycenter_v1beta1/types/asset.py b/google/cloud/securitycenter_v1beta1/types/asset.py
index 80b4082d..75d676b8 100644
--- a/google/cloud/securitycenter_v1beta1/types/asset.py
+++ b/google/cloud/securitycenter_v1beta1/types/asset.py
@@ -46,23 +46,23 @@ class Asset(proto.Message):
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/assets/{asset_id}".
- security_center_properties (~.asset.Asset.SecurityCenterProperties):
+ security_center_properties (google.cloud.securitycenter_v1beta1.types.Asset.SecurityCenterProperties):
Security Command Center managed properties.
These properties are managed by Security Command
Center and cannot be modified by the user.
- resource_properties (Sequence[~.asset.Asset.ResourcePropertiesEntry]):
+ resource_properties (Sequence[google.cloud.securitycenter_v1beta1.types.Asset.ResourcePropertiesEntry]):
Resource managed properties. These properties
are managed and defined by the Google Cloud
resource and cannot be modified by the user.
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks):
User specified security marks. These marks
are entirely managed by the user and come from
the SecurityMarks resource that belongs to the
asset.
- create_time (~.timestamp.Timestamp):
+ create_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the asset was created in
Security Command Center.
- update_time (~.timestamp.Timestamp):
+ update_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the asset was last updated,
added, or deleted in Security Command Center.
"""
diff --git a/google/cloud/securitycenter_v1beta1/types/finding.py b/google/cloud/securitycenter_v1beta1/types/finding.py
index b2a07a64..6b48d620 100644
--- a/google/cloud/securitycenter_v1beta1/types/finding.py
+++ b/google/cloud/securitycenter_v1beta1/types/finding.py
@@ -57,7 +57,7 @@ class Finding(proto.Message):
When the finding is for a non-Google Cloud resource, the
resourceName can be a customer or partner defined string.
This field is immutable after creation time.
- state (~.finding.Finding.State):
+ state (google.cloud.securitycenter_v1beta1.types.Finding.State):
The state of the finding.
category (str):
The additional taxonomy group within findings from a given
@@ -69,18 +69,18 @@ class Finding(proto.Message):
additional information about the finding can be
found. This field is guaranteed to be either
empty or a well formed URL.
- source_properties (Sequence[~.finding.Finding.SourcePropertiesEntry]):
+ source_properties (Sequence[google.cloud.securitycenter_v1beta1.types.Finding.SourcePropertiesEntry]):
Source specific properties. These properties are managed by
the source that writes the finding. The key names in the
source_properties map must be between 1 and 255 characters,
and must start with a letter and contain alphanumeric
characters or underscores only.
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks):
Output only. User specified security marks.
These marks are entirely managed by the user and
come from the SecurityMarks resource that
belongs to the finding.
- event_time (~.timestamp.Timestamp):
+ event_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the event took place, or
when an update to the finding occurred. For
example, if the finding represents an open
@@ -89,7 +89,7 @@ class Finding(proto.Message):
is determined by the detector. If the finding
were to be resolved afterward, this time would
reflect when the finding was resolved.
- create_time (~.timestamp.Timestamp):
+ create_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the finding was created in
Security Command Center.
"""
diff --git a/google/cloud/securitycenter_v1beta1/types/organization_settings.py b/google/cloud/securitycenter_v1beta1/types/organization_settings.py
index 3b3ae0b1..f8a2a563 100644
--- a/google/cloud/securitycenter_v1beta1/types/organization_settings.py
+++ b/google/cloud/securitycenter_v1beta1/types/organization_settings.py
@@ -38,7 +38,7 @@ class OrganizationSettings(proto.Message):
If the flag is set to ``true``, then discovery of assets
will occur. If it is set to \`false, all historical assets
will remain, but discovery of future assets will not occur.
- asset_discovery_config (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig):
+ asset_discovery_config (google.cloud.securitycenter_v1beta1.types.OrganizationSettings.AssetDiscoveryConfig):
The configuration used for Asset Discovery
runs.
"""
@@ -50,7 +50,7 @@ class AssetDiscoveryConfig(proto.Message):
project_ids (Sequence[str]):
The project ids to use for filtering asset
discovery.
- inclusion_mode (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig.InclusionMode):
+ inclusion_mode (google.cloud.securitycenter_v1beta1.types.OrganizationSettings.AssetDiscoveryConfig.InclusionMode):
The mode to use for filtering asset
discovery.
"""
diff --git a/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py
index 0b9e9d95..5d444d6b 100644
--- a/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py
+++ b/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py
@@ -31,9 +31,9 @@ class RunAssetDiscoveryResponse(proto.Message):
r"""Response of asset discovery run
Attributes:
- state (~.run_asset_discovery_response.RunAssetDiscoveryResponse.State):
+ state (google.cloud.securitycenter_v1beta1.types.RunAssetDiscoveryResponse.State):
The state of an asset discovery run.
- duration (~.gp_duration.Duration):
+ duration (google.protobuf.duration_pb2.Duration):
The duration between asset discovery run
start and end
"""
diff --git a/google/cloud/securitycenter_v1beta1/types/security_marks.py b/google/cloud/securitycenter_v1beta1/types/security_marks.py
index 7964b095..fa5b1795 100644
--- a/google/cloud/securitycenter_v1beta1/types/security_marks.py
+++ b/google/cloud/securitycenter_v1beta1/types/security_marks.py
@@ -37,7 +37,7 @@ class SecurityMarks(proto.Message):
Examples:
"organizations/{organization_id}/assets/{asset_id}/securityMarks"
"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
- marks (Sequence[~.security_marks.SecurityMarks.MarksEntry]):
+ marks (Sequence[google.cloud.securitycenter_v1beta1.types.SecurityMarks.MarksEntry]):
Mutable user specified security marks belonging to the
parent resource. Constraints are as follows:
diff --git a/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py b/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py
index 833f60fc..dec898c5 100644
--- a/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py
+++ b/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py
@@ -75,7 +75,7 @@ class CreateFindingRequest(proto.Message):
alphanumeric and less than or equal to 32
characters and greater than 0 characters in
length.
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1beta1.types.Finding):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output only
fields on this resource.
@@ -95,7 +95,7 @@ class CreateSourceRequest(proto.Message):
parent (str):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
- source (~.gcs_source.Source):
+ source (google.cloud.securitycenter_v1beta1.types.Source):
Required. The Source being created, only the display_name
and description will be used. All other fields will be
ignored.
@@ -186,7 +186,7 @@ class GroupAssetsRequest(proto.Message):
set:
- security_center_properties.resource_type
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the Asset's "state" property
is updated to indicate whether the asset was added, removed,
or remained present during the compare_duration period of
@@ -212,7 +212,7 @@ class GroupAssetsRequest(proto.Message):
This field is ignored if ``state`` is not a field in
``group_by``.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
assets. The filter is limited to assets existing
at the supplied time and their values are those
@@ -248,13 +248,13 @@ class GroupAssetsResponse(proto.Message):
r"""Response message for grouping by assets.
Attributes:
- group_by_results (Sequence[~.securitycenter_service.GroupResult]):
+ group_by_results (Sequence[google.cloud.securitycenter_v1beta1.types.GroupResult]):
Group results. There exists an element for
each existing unique combination of
property/values. The element contains a count
for the number of times those specific
property/values appear.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the groupBy request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -324,7 +324,7 @@ class GroupFindingsRequest(proto.Message):
- category
- state
- parent
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
findings. The filter is limited to findings
existing at the supplied time and their values
@@ -358,13 +358,13 @@ class GroupFindingsResponse(proto.Message):
r"""Response message for group by findings.
Attributes:
- group_by_results (Sequence[~.securitycenter_service.GroupResult]):
+ group_by_results (Sequence[google.cloud.securitycenter_v1beta1.types.GroupResult]):
Group results. There exists an element for
each existing unique combination of
property/values. The element contains a count
for the number of times those specific
property/values appear.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the groupBy request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -389,7 +389,7 @@ class GroupResult(proto.Message):
request.
Attributes:
- properties (Sequence[~.securitycenter_service.GroupResult.PropertiesEntry]):
+ properties (Sequence[google.cloud.securitycenter_v1beta1.types.GroupResult.PropertiesEntry]):
Properties matching the groupBy fields in the
request.
count (int):
@@ -433,7 +433,7 @@ class ListSourcesResponse(proto.Message):
r"""Response message for listing sources.
Attributes:
- sources (Sequence[~.gcs_source.Source]):
+ sources (Sequence[google.cloud.securitycenter_v1beta1.types.Source]):
Sources belonging to the requested parent.
next_page_token (str):
Token to retrieve the next page of results,
@@ -498,13 +498,13 @@ class ListAssetsRequest(proto.Message):
Redundant space characters in the syntax are insignificant.
"name desc,resource_properties.a_property" and " name desc ,
resource_properties.a_property " are equivalent.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
assets. The filter is limited to assets existing
at the supplied time and their values are those
at that specific time. Absence of this field
will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the ListAssetResult's "state"
attribute is updated to indicate whether the asset was
added, removed, or remained present during the
@@ -531,7 +531,7 @@ class ListAssetsRequest(proto.Message):
If compare_duration is not specified, then the only possible
state is "UNUSED", which indicates that the asset is present
at read_time.
- field_mask (~.gp_field_mask.FieldMask):
+ field_mask (google.protobuf.field_mask_pb2.FieldMask):
Optional. A field mask to specify the
ListAssetsResult fields to be listed in the
response. An empty field mask will list all
@@ -568,9 +568,9 @@ class ListAssetsResponse(proto.Message):
r"""Response message for listing assets.
Attributes:
- list_assets_results (Sequence[~.securitycenter_service.ListAssetsResponse.ListAssetsResult]):
+ list_assets_results (Sequence[google.cloud.securitycenter_v1beta1.types.ListAssetsResponse.ListAssetsResult]):
Assets matching the list request.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the list request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -584,9 +584,9 @@ class ListAssetsResult(proto.Message):
r"""Result containing the Asset and its State.
Attributes:
- asset (~.gcs_asset.Asset):
+ asset (google.cloud.securitycenter_v1beta1.types.Asset):
Asset matching the search request.
- state (~.securitycenter_service.ListAssetsResponse.ListAssetsResult.State):
+ state (google.cloud.securitycenter_v1beta1.types.ListAssetsResponse.ListAssetsResult.State):
State of the asset.
"""
@@ -674,13 +674,13 @@ class ListFindingsRequest(proto.Message):
space characters in the syntax are insignificant. "name
desc,source_properties.a_property" and " name desc ,
source_properties.a_property " are equivalent.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
findings. The filter is limited to findings
existing at the supplied time and their values
are those at that specific time. Absence of this
field will default to the API's version of NOW.
- field_mask (~.gp_field_mask.FieldMask):
+ field_mask (google.protobuf.field_mask_pb2.FieldMask):
Optional. A field mask to specify the Finding
fields to be listed in the response. An empty
field mask will list all fields.
@@ -714,9 +714,9 @@ class ListFindingsResponse(proto.Message):
r"""Response message for listing findings.
Attributes:
- findings (Sequence[~.gcs_finding.Finding]):
+ findings (Sequence[google.cloud.securitycenter_v1beta1.types.Finding]):
Findings matching the list request.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the list request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -750,9 +750,9 @@ class SetFindingStateRequest(proto.Message):
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
- state (~.gcs_finding.Finding.State):
+ state (google.cloud.securitycenter_v1beta1.types.Finding.State):
Required. The desired State of the finding.
- start_time (~.timestamp.Timestamp):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
Required. The time at which the updated state
takes effect.
"""
@@ -781,7 +781,7 @@ class UpdateFindingRequest(proto.Message):
r"""Request message for updating or creating a finding.
Attributes:
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1beta1.types.Finding):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -789,7 +789,7 @@ class UpdateFindingRequest(proto.Message):
In the case of creation, the finding id portion of the name
must alphanumeric and less than or equal to 32 characters
and greater than 0 characters in length.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
finding resource. This field should not be
specified when creating a finding.
@@ -804,10 +804,10 @@ class UpdateOrganizationSettingsRequest(proto.Message):
r"""Request message for updating an organization's settings.
Attributes:
- organization_settings (~.gcs_organization_settings.OrganizationSettings):
+ organization_settings (google.cloud.securitycenter_v1beta1.types.OrganizationSettings):
Required. The organization settings resource
to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
settings resource.
"""
@@ -823,9 +823,9 @@ class UpdateSourceRequest(proto.Message):
r"""Request message for updating a source.
Attributes:
- source (~.gcs_source.Source):
+ source (google.cloud.securitycenter_v1beta1.types.Source):
Required. The source resource to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the source
resource.
"""
@@ -839,13 +839,13 @@ class UpdateSecurityMarksRequest(proto.Message):
r"""Request message for updating a SecurityMarks resource.
Attributes:
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks):
Required. The security marks resource to
update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
security marks resource.
- start_time (~.timestamp.Timestamp):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the updated SecurityMarks
take effect.
"""
diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py
index a3a51ca4..ac8719ec 100644
--- a/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py
+++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py
@@ -122,7 +122,36 @@ class SecurityCenterAsyncClient:
SecurityCenterClient.parse_common_location_path
)
- from_service_account_file = SecurityCenterClient.from_service_account_file
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterAsyncClient: The constructed client.
+ """
+ return SecurityCenterClient.from_service_account_info.__func__(SecurityCenterAsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterAsyncClient: The constructed client.
+ """
+ return SecurityCenterClient.from_service_account_file.__func__(SecurityCenterAsyncClient, filename, *args, **kwargs) # type: ignore
+
from_service_account_json = from_service_account_file
@property
@@ -199,19 +228,21 @@ async def create_source(
r"""Creates a source.
Args:
- request (:class:`~.securitycenter_service.CreateSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.CreateSourceRequest`):
The request object. Request message for creating a
source.
parent (:class:`str`):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- source (:class:`~.gcs_source.Source`):
+ source (:class:`google.cloud.securitycenter_v1p1beta1.types.Source`):
Required. The Source being created, only the
display_name and description will be used. All other
fields will be ignored.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -223,7 +254,7 @@ async def create_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1p1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -287,26 +318,29 @@ async def create_finding(
exist for finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.CreateFindingRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.CreateFindingRequest`):
The request object. Request message for creating a
finding.
parent (:class:`str`):
Required. Resource name of the new finding's parent. Its
format should be
"organizations/[organization_id]/sources/[source_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
finding_id (:class:`str`):
Required. Unique identifier provided
by the client within the parent scope.
+
This corresponds to the ``finding_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (:class:`google.cloud.securitycenter_v1p1beta1.types.Finding`):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output
only fields on this resource.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -318,7 +352,7 @@ async def create_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1p1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -386,12 +420,13 @@ async def create_notification_config(
r"""Creates a notification config.
Args:
- request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.CreateNotificationConfigRequest`):
The request object. Request message for creating a
notification config.
parent (:class:`str`):
Required. Resource name of the new notification config's
parent. Its format is "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -401,14 +436,16 @@ async def create_notification_config(
It must be between 1 and 128 characters,
and contains alphanumeric characters,
underscores or hyphens only.
+
This corresponds to the ``config_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (:class:`google.cloud.securitycenter_v1p1beta1.types.NotificationConfig`):
Required. The notification config
being created. The name and the service
account will be ignored as they are both
output only fields on this resource.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -420,7 +457,7 @@ async def create_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1p1beta1.types.NotificationConfig:
Security Command Center notification
configs.
A notification config is a Security
@@ -484,13 +521,14 @@ async def delete_notification_config(
r"""Deletes a notification config.
Args:
- request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.DeleteNotificationConfigRequest`):
The request object. Request message for deleting a
notification config.
name (:class:`str`):
Required. Name of the notification config to delete. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -551,7 +589,7 @@ async def get_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.GetIamPolicyRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`):
The request object. Request message for `GetIamPolicy`
method.
resource (:class:`str`):
@@ -559,6 +597,7 @@ async def get_iam_policy(
policy is being requested. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -570,72 +609,62 @@ async def get_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -667,6 +696,7 @@ async def get_iam_policy(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -696,13 +726,14 @@ async def get_notification_config(
r"""Gets a notification config.
Args:
- request (:class:`~.securitycenter_service.GetNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.GetNotificationConfigRequest`):
The request object. Request message for getting a
notification config.
name (:class:`str`):
Required. Name of the notification config to get. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -714,7 +745,7 @@ async def get_notification_config(
sent along with the request as metadata.
Returns:
- ~.notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1p1beta1.types.NotificationConfig:
Security Command Center notification
configs.
A notification config is a Security
@@ -753,6 +784,7 @@ async def get_notification_config(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -782,13 +814,14 @@ async def get_organization_settings(
r"""Gets the settings for an organization.
Args:
- request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.GetOrganizationSettingsRequest`):
The request object. Request message for getting
organization settings.
name (:class:`str`):
Required. Name of the organization to get organization
settings for. Its format is
"organizations/[organization_id]/organizationSettings".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -800,7 +833,7 @@ async def get_organization_settings(
sent along with the request as metadata.
Returns:
- ~.organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -835,6 +868,7 @@ async def get_organization_settings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -864,13 +898,14 @@ async def get_source(
r"""Gets a source.
Args:
- request (:class:`~.securitycenter_service.GetSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.GetSourceRequest`):
The request object. Request message for getting a
source.
name (:class:`str`):
Required. Relative resource name of the source. Its
format is
"organizations/[organization_id]/source/[source_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -882,7 +917,7 @@ async def get_source(
sent along with the request as metadata.
Returns:
- ~.source.Source:
+ google.cloud.securitycenter_v1p1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -920,6 +955,7 @@ async def get_source(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -949,7 +985,7 @@ async def group_assets(
their specified properties.
Args:
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest`):
The request object. Request message for grouping by
assets.
@@ -960,7 +996,7 @@ async def group_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupAssetsAsyncPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupAssetsAsyncPager:
Response message for grouping by
assets.
Iterating over this object will yield
@@ -983,6 +1019,7 @@ async def group_assets(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1024,7 +1061,7 @@ async def group_findings(
/v1p1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest`):
The request object. Request message for grouping by
findings.
parent (:class:`str`):
@@ -1033,6 +1070,7 @@ async def group_findings(
To groupBy across all sources provide a source_id of
``-``. For example:
organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1047,8 +1085,7 @@ async def group_findings(
- resource_name
- category
- state
- - parent
-
+ - parent
- severity
The following fields are supported when compare_duration
@@ -1067,7 +1104,7 @@ async def group_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupFindingsAsyncPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupFindingsAsyncPager:
Response message for group by
findings.
Iterating over this object will yield
@@ -1106,6 +1143,7 @@ async def group_findings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1141,11 +1179,12 @@ async def list_assets(
r"""Lists an organization's assets.
Args:
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest`):
The request object. Request message for listing assets.
parent (:class:`str`):
Required. Name of the organization assets should belong
to. Its format is "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1157,7 +1196,7 @@ async def list_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.ListAssetsAsyncPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListAssetsAsyncPager:
Response message for listing assets.
Iterating over this object will yield
results and resolve additional pages
@@ -1193,6 +1232,7 @@ async def list_assets(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1232,7 +1272,7 @@ async def list_findings(
/v1p1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest`):
The request object. Request message for listing
findings.
parent (:class:`str`):
@@ -1241,6 +1281,7 @@ async def list_findings(
"organizations/[organization_id]/sources/[source_id]".
To list across all sources provide a source_id of ``-``.
For example: organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1252,7 +1293,7 @@ async def list_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.ListFindingsAsyncPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListFindingsAsyncPager:
Response message for listing
findings.
Iterating over this object will yield
@@ -1289,6 +1330,7 @@ async def list_findings(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1324,13 +1366,14 @@ async def list_notification_configs(
r"""Lists notification configs.
Args:
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest`):
The request object. Request message for listing
notification configs.
parent (:class:`str`):
Required. Name of the organization to list notification
configs. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1342,7 +1385,7 @@ async def list_notification_configs(
sent along with the request as metadata.
Returns:
- ~.pagers.ListNotificationConfigsAsyncPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListNotificationConfigsAsyncPager:
Response message for listing
notification configs.
Iterating over this object will yield
@@ -1379,6 +1422,7 @@ async def list_notification_configs(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1414,12 +1458,13 @@ async def list_sources(
r"""Lists all sources belonging to an organization.
Args:
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest`):
The request object. Request message for listing sources.
parent (:class:`str`):
Required. Resource name of the parent of sources to
list. Its format should be
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1431,7 +1476,7 @@ async def list_sources(
sent along with the request as metadata.
Returns:
- ~.pagers.ListSourcesAsyncPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListSourcesAsyncPager:
Response message for listing sources.
Iterating over this object will yield
results and resolve additional pages
@@ -1467,6 +1512,7 @@ async def list_sources(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1507,13 +1553,14 @@ async def run_asset_discovery(
receive a TOO_MANY_REQUESTS error.
Args:
- request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryRequest`):
The request object. Request message for running asset
discovery for an organization.
parent (:class:`str`):
Required. Name of the organization to run asset
discovery for. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1525,11 +1572,11 @@ async def run_asset_discovery(
sent along with the request as metadata.
Returns:
- ~.operation_async.AsyncOperation:
+ google.api_core.operation_async.AsyncOperation:
An object representing a long-running operation.
The result type for the operation will be
- :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``:
+ :class:`google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse`
Response of asset discovery run
"""
@@ -1593,7 +1640,7 @@ async def set_finding_state(
r"""Updates the state of a finding.
Args:
- request (:class:`~.securitycenter_service.SetFindingStateRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.SetFindingStateRequest`):
The request object. Request message for updating a
finding's state.
name (:class:`str`):
@@ -1602,18 +1649,21 @@ async def set_finding_state(
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- state (:class:`~.finding.Finding.State`):
+ state (:class:`google.cloud.securitycenter_v1p1beta1.types.Finding.State`):
Required. The desired State of the
finding.
+
This corresponds to the ``state`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- start_time (:class:`~.timestamp.Timestamp`):
+ start_time (:class:`google.protobuf.timestamp_pb2.Timestamp`):
Required. The time at which the
updated state takes effect.
+
This corresponds to the ``start_time`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1625,7 +1675,7 @@ async def set_finding_state(
sent along with the request as metadata.
Returns:
- ~.finding.Finding:
+ google.cloud.securitycenter_v1p1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -1692,7 +1742,7 @@ async def set_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.SetIamPolicyRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`):
The request object. Request message for `SetIamPolicy`
method.
resource (:class:`str`):
@@ -1700,6 +1750,7 @@ async def set_iam_policy(
policy is being specified. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1711,72 +1762,62 @@ async def set_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -1831,7 +1872,7 @@ async def test_iam_permissions(
specified source.
Args:
- request (:class:`~.iam_policy.TestIamPermissionsRequest`):
+ request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`):
The request object. Request message for
`TestIamPermissions` method.
resource (:class:`str`):
@@ -1839,6 +1880,7 @@ async def test_iam_permissions(
policy detail is being requested. See
the operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1847,6 +1889,7 @@ async def test_iam_permissions(
Permissions with wildcards (such as '*' or 'storage.*')
are not allowed. For more information see `IAM
Overview `__.
+
This corresponds to the ``permissions`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1858,8 +1901,8 @@ async def test_iam_permissions(
sent along with the request as metadata.
Returns:
- ~.iam_policy.TestIamPermissionsResponse:
- Response message for ``TestIamPermissions`` method.
+ google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
+ Response message for TestIamPermissions method.
"""
# Create or coerce a protobuf request object.
# Sanity check: If we got a request object, we should *not* have
@@ -1892,6 +1935,7 @@ async def test_iam_permissions(
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -1923,10 +1967,10 @@ async def update_finding(
source must exist for a finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.UpdateFindingRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateFindingRequest`):
The request object. Request message for updating or
creating a finding.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (:class:`google.cloud.securitycenter_v1p1beta1.types.Finding`):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -1934,10 +1978,11 @@ async def update_finding(
In the case of creation, the finding id portion of the
name must be alphanumeric and less than or equal to 32
characters and greater than 0 characters in length.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
The FieldMask to use when updating the finding resource.
This field should not be specified when creating a
finding.
@@ -1947,6 +1992,7 @@ async def update_finding(
source_properties. Individual source_properties can be
added/updated by using "source_properties." in the field
mask.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1958,7 +2004,7 @@ async def update_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1p1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -2026,20 +2072,22 @@ async def update_notification_config(
allowed: description, pubsub_topic, streaming_config.filter
Args:
- request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateNotificationConfigRequest`):
The request object. Request message for updating a
notification config.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (:class:`google.cloud.securitycenter_v1p1beta1.types.NotificationConfig`):
Required. The notification config to
update.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
The FieldMask to use when updating
the notification config.
If empty all mutable fields will be
updated.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2051,7 +2099,7 @@ async def update_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1p1beta1.types.NotificationConfig:
Security Command Center notification
configs.
A notification config is a Security
@@ -2115,12 +2163,13 @@ async def update_organization_settings(
r"""Updates an organization's settings.
Args:
- request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateOrganizationSettingsRequest`):
The request object. Request message for updating an
organization's settings.
- organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`):
+ organization_settings (:class:`google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings`):
Required. The organization settings
resource to update.
+
This corresponds to the ``organization_settings`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2132,7 +2181,7 @@ async def update_organization_settings(
sent along with the request as metadata.
Returns:
- ~.gcs_organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -2191,20 +2240,22 @@ async def update_source(
r"""Updates a source.
Args:
- request (:class:`~.securitycenter_service.UpdateSourceRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateSourceRequest`):
The request object. Request message for updating a
source.
- source (:class:`~.gcs_source.Source`):
+ source (:class:`google.cloud.securitycenter_v1p1beta1.types.Source`):
Required. The source resource to
update.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
The FieldMask to use when updating
the source resource.
If empty all mutable fields will be
updated.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2216,7 +2267,7 @@ async def update_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1p1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -2280,16 +2331,17 @@ async def update_security_marks(
r"""Updates security marks.
Args:
- request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`):
+ request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateSecurityMarksRequest`):
The request object. Request message for updating a
SecurityMarks resource.
- security_marks (:class:`~.gcs_security_marks.SecurityMarks`):
+ security_marks (:class:`google.cloud.securitycenter_v1p1beta1.types.SecurityMarks`):
Required. The security marks resource
to update.
+
This corresponds to the ``security_marks`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
The FieldMask to use when updating the security marks
resource.
@@ -2297,6 +2349,7 @@ async def update_security_marks(
empty or set to "marks", all marks will be replaced.
Individual marks can be updated using
"marks.".
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2308,7 +2361,7 @@ async def update_security_marks(
sent along with the request as metadata.
Returns:
- ~.gcs_security_marks.SecurityMarks:
+ google.cloud.securitycenter_v1p1beta1.types.SecurityMarks:
User specified security marks that
are attached to the parent Security
Command Center resource. Security marks
diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py
index b2b042e8..bbee6898 100644
--- a/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py
+++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py
@@ -134,6 +134,22 @@ def _get_default_mtls_endpoint(api_endpoint):
DEFAULT_ENDPOINT
)
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SecurityCenterClient: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_info(info)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
@classmethod
def from_service_account_file(cls, filename: str, *args, **kwargs):
"""Creates an instance of this client using the provided credentials
@@ -146,7 +162,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs):
kwargs: Additional arguments to pass to the constructor.
Returns:
- {@api.name}: The constructed client.
+ SecurityCenterClient: The constructed client.
"""
credentials = service_account.Credentials.from_service_account_file(filename)
kwargs["credentials"] = credentials
@@ -342,10 +358,10 @@ def __init__(
credentials identify the application to the service; if none
are specified, the client will attempt to ascertain the
credentials from the environment.
- transport (Union[str, ~.SecurityCenterTransport]): The
+ transport (Union[str, SecurityCenterTransport]): The
transport to use. If set to None, a transport is chosen
automatically.
- client_options (client_options_lib.ClientOptions): Custom options for the
+ client_options (google.api_core.client_options.ClientOptions): Custom options for the
client. It won't take effect if a ``transport`` instance is provided.
(1) The ``api_endpoint`` property can be used to override the
default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
@@ -381,21 +397,17 @@ def __init__(
util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
)
- ssl_credentials = None
+ client_cert_source_func = None
is_mtls = False
if use_client_cert:
if client_options.client_cert_source:
- import grpc # type: ignore
-
- cert, key = client_options.client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
else:
- creds = SslCredentials()
- is_mtls = creds.is_mtls
- ssl_credentials = creds.ssl_credentials if is_mtls else None
+ is_mtls = mtls.has_default_client_cert_source()
+ client_cert_source_func = (
+ mtls.default_client_cert_source() if is_mtls else None
+ )
# Figure out which api endpoint to use.
if client_options.api_endpoint is not None:
@@ -438,7 +450,7 @@ def __init__(
credentials_file=client_options.credentials_file,
host=api_endpoint,
scopes=client_options.scopes,
- ssl_channel_credentials=ssl_credentials,
+ client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
)
@@ -456,19 +468,21 @@ def create_source(
r"""Creates a source.
Args:
- request (:class:`~.securitycenter_service.CreateSourceRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.CreateSourceRequest):
The request object. Request message for creating a
source.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- source (:class:`~.gcs_source.Source`):
+ source (google.cloud.securitycenter_v1p1beta1.types.Source):
Required. The Source being created, only the
display_name and description will be used. All other
fields will be ignored.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -480,7 +494,7 @@ def create_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1p1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -545,26 +559,29 @@ def create_finding(
exist for finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.CreateFindingRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.CreateFindingRequest):
The request object. Request message for creating a
finding.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new finding's parent. Its
format should be
"organizations/[organization_id]/sources/[source_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding_id (:class:`str`):
+ finding_id (str):
Required. Unique identifier provided
by the client within the parent scope.
+
This corresponds to the ``finding_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (google.cloud.securitycenter_v1p1beta1.types.Finding):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output
only fields on this resource.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -576,7 +593,7 @@ def create_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1p1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -645,29 +662,32 @@ def create_notification_config(
r"""Creates a notification config.
Args:
- request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.CreateNotificationConfigRequest):
The request object. Request message for creating a
notification config.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the new notification config's
parent. Its format is "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- config_id (:class:`str`):
+ config_id (str):
Required. Unique identifier provided
by the client within the parent scope.
It must be between 1 and 128 characters,
and contains alphanumeric characters,
underscores or hyphens only.
+
This corresponds to the ``config_id`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig):
Required. The notification config
being created. The name and the service
account will be ignored as they are both
output only fields on this resource.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -679,7 +699,7 @@ def create_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1p1beta1.types.NotificationConfig:
Security Command Center notification
configs.
A notification config is a Security
@@ -748,13 +768,14 @@ def delete_notification_config(
r"""Deletes a notification config.
Args:
- request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.DeleteNotificationConfigRequest):
The request object. Request message for deleting a
notification config.
- name (:class:`str`):
+ name (str):
Required. Name of the notification config to delete. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -820,14 +841,15 @@ def get_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.GetIamPolicyRequest`):
+ request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest):
The request object. Request message for `GetIamPolicy`
method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy is being requested. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -839,72 +861,62 @@ def get_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -917,13 +929,16 @@ def get_iam_policy(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.GetIamPolicyRequest(**request)
-
elif not request:
- request = iam_policy.GetIamPolicyRequest(resource=resource,)
+ # Null request, just make one.
+ request = iam_policy.GetIamPolicyRequest()
+
+ if resource is not None:
+ request.resource = resource
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -953,13 +968,14 @@ def get_notification_config(
r"""Gets a notification config.
Args:
- request (:class:`~.securitycenter_service.GetNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GetNotificationConfigRequest):
The request object. Request message for getting a
notification config.
- name (:class:`str`):
+ name (str):
Required. Name of the notification config to get. Its
format is
"organizations/[organization_id]/notificationConfigs/[config_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -971,7 +987,7 @@ def get_notification_config(
sent along with the request as metadata.
Returns:
- ~.notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1p1beta1.types.NotificationConfig:
Security Command Center notification
configs.
A notification config is a Security
@@ -1032,13 +1048,14 @@ def get_organization_settings(
r"""Gets the settings for an organization.
Args:
- request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GetOrganizationSettingsRequest):
The request object. Request message for getting
organization settings.
- name (:class:`str`):
+ name (str):
Required. Name of the organization to get organization
settings for. Its format is
"organizations/[organization_id]/organizationSettings".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1050,7 +1067,7 @@ def get_organization_settings(
sent along with the request as metadata.
Returns:
- ~.organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -1111,13 +1128,14 @@ def get_source(
r"""Gets a source.
Args:
- request (:class:`~.securitycenter_service.GetSourceRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GetSourceRequest):
The request object. Request message for getting a
source.
- name (:class:`str`):
+ name (str):
Required. Relative resource name of the source. Its
format is
"organizations/[organization_id]/source/[source_id]".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1129,7 +1147,7 @@ def get_source(
sent along with the request as metadata.
Returns:
- ~.source.Source:
+ google.cloud.securitycenter_v1p1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -1189,7 +1207,7 @@ def group_assets(
their specified properties.
Args:
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest):
The request object. Request message for grouping by
assets.
@@ -1200,7 +1218,7 @@ def group_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupAssetsPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupAssetsPager:
Response message for grouping by
assets.
Iterating over this object will yield
@@ -1257,19 +1275,20 @@ def group_findings(
/v1p1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest):
The request object. Request message for grouping by
findings.
- parent (:class:`str`):
+ parent (str):
Required. Name of the source to groupBy. Its format is
"organizations/[organization_id]/sources/[source_id]".
To groupBy across all sources provide a source_id of
``-``. For example:
organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- group_by (:class:`str`):
+ group_by (str):
Required. Expression that defines what assets fields to
use for grouping (including ``state_change``). The
string value should follow SQL syntax: comma separated
@@ -1280,8 +1299,7 @@ def group_findings(
- resource_name
- category
- state
- - parent
-
+ - parent
- severity
The following fields are supported when compare_duration
@@ -1300,7 +1318,7 @@ def group_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.GroupFindingsPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupFindingsPager:
Response message for group by
findings.
Iterating over this object will yield
@@ -1367,11 +1385,12 @@ def list_assets(
r"""Lists an organization's assets.
Args:
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest):
The request object. Request message for listing assets.
- parent (:class:`str`):
+ parent (str):
Required. Name of the organization assets should belong
to. Its format is "organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1383,7 +1402,7 @@ def list_assets(
sent along with the request as metadata.
Returns:
- ~.pagers.ListAssetsPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListAssetsPager:
Response message for listing assets.
Iterating over this object will yield
results and resolve additional pages
@@ -1451,15 +1470,16 @@ def list_findings(
/v1p1beta1/organizations/{organization_id}/sources/-/findings
Args:
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest):
The request object. Request message for listing
findings.
- parent (:class:`str`):
+ parent (str):
Required. Name of the source the findings belong to. Its
format is
"organizations/[organization_id]/sources/[source_id]".
To list across all sources provide a source_id of ``-``.
For example: organizations/{organization_id}/sources/-
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1471,7 +1491,7 @@ def list_findings(
sent along with the request as metadata.
Returns:
- ~.pagers.ListFindingsPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListFindingsPager:
Response message for listing
findings.
Iterating over this object will yield
@@ -1536,13 +1556,14 @@ def list_notification_configs(
r"""Lists notification configs.
Args:
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest):
The request object. Request message for listing
notification configs.
- parent (:class:`str`):
+ parent (str):
Required. Name of the organization to list notification
configs. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1554,7 +1575,7 @@ def list_notification_configs(
sent along with the request as metadata.
Returns:
- ~.pagers.ListNotificationConfigsPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListNotificationConfigsPager:
Response message for listing
notification configs.
Iterating over this object will yield
@@ -1623,12 +1644,13 @@ def list_sources(
r"""Lists all sources belonging to an organization.
Args:
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest):
The request object. Request message for listing sources.
- parent (:class:`str`):
+ parent (str):
Required. Resource name of the parent of sources to
list. Its format should be
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1640,7 +1662,7 @@ def list_sources(
sent along with the request as metadata.
Returns:
- ~.pagers.ListSourcesPager:
+ google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListSourcesPager:
Response message for listing sources.
Iterating over this object will yield
results and resolve additional pages
@@ -1709,13 +1731,14 @@ def run_asset_discovery(
receive a TOO_MANY_REQUESTS error.
Args:
- request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryRequest):
The request object. Request message for running asset
discovery for an organization.
- parent (:class:`str`):
+ parent (str):
Required. Name of the organization to run asset
discovery for. Its format is
"organizations/[organization_id]".
+
This corresponds to the ``parent`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1727,11 +1750,11 @@ def run_asset_discovery(
sent along with the request as metadata.
Returns:
- ~.operation.Operation:
+ google.api_core.operation.Operation:
An object representing a long-running operation.
The result type for the operation will be
- :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``:
+ :class:`google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse`
Response of asset discovery run
"""
@@ -1796,27 +1819,30 @@ def set_finding_state(
r"""Updates the state of a finding.
Args:
- request (:class:`~.securitycenter_service.SetFindingStateRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.SetFindingStateRequest):
The request object. Request message for updating a
finding's state.
- name (:class:`str`):
+ name (str):
Required. The relative resource name of the finding.
See:
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
+
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- state (:class:`~.finding.Finding.State`):
+ state (google.cloud.securitycenter_v1p1beta1.types.Finding.State):
Required. The desired State of the
finding.
+
This corresponds to the ``state`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- start_time (:class:`~.timestamp.Timestamp`):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
Required. The time at which the
updated state takes effect.
+
This corresponds to the ``start_time`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1828,7 +1854,7 @@ def set_finding_state(
sent along with the request as metadata.
Returns:
- ~.finding.Finding:
+ google.cloud.securitycenter_v1p1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -1896,14 +1922,15 @@ def set_iam_policy(
Source.
Args:
- request (:class:`~.iam_policy.SetIamPolicyRequest`):
+ request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest):
The request object. Request message for `SetIamPolicy`
method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy is being specified. See the
operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -1915,72 +1942,62 @@ def set_iam_policy(
sent along with the request as metadata.
Returns:
- ~.policy.Policy:
- Defines an Identity and Access Management (IAM) policy.
- It is used to specify access control policies for Cloud
- Platform resources.
-
- A ``Policy`` is a collection of ``bindings``. A
- ``binding`` binds one or more ``members`` to a single
- ``role``. Members can be user accounts, service
- accounts, Google groups, and domains (such as G Suite).
- A ``role`` is a named list of permissions (defined by
- IAM or configured by users). A ``binding`` can
- optionally specify a ``condition``, which is a logic
- expression that further constrains the role binding
- based on attributes about the request and/or target
- resource.
-
- **JSON Example**
-
- ::
-
- {
- "bindings": [
- {
- "role": "roles/resourcemanager.organizationAdmin",
- "members": [
- "user:mike@example.com",
- "group:admins@example.com",
- "domain:google.com",
- "serviceAccount:my-project-id@appspot.gserviceaccount.com"
- ]
- },
- {
- "role": "roles/resourcemanager.organizationViewer",
- "members": ["user:eve@example.com"],
- "condition": {
- "title": "expirable access",
- "description": "Does not grant access after Sep 2020",
- "expression": "request.time <
- timestamp('2020-10-01T00:00:00.000Z')",
- }
- }
- ]
- }
-
- **YAML Example**
-
- ::
-
- bindings:
- - members:
- - user:mike@example.com
- - group:admins@example.com
- - domain:google.com
- - serviceAccount:my-project-id@appspot.gserviceaccount.com
- role: roles/resourcemanager.organizationAdmin
- - members:
- - user:eve@example.com
- role: roles/resourcemanager.organizationViewer
- condition:
- title: expirable access
- description: Does not grant access after Sep 2020
- expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-
- For a description of IAM and its features, see the `IAM
- developer's
- guide `__.
+ google.iam.v1.policy_pb2.Policy:
+ Defines an Identity and Access Management (IAM) policy. It is used to
+ specify access control policies for Cloud Platform
+ resources.
+
+ A Policy is a collection of bindings. A binding binds
+ one or more members to a single role. Members can be
+ user accounts, service accounts, Google groups, and
+ domains (such as G Suite). A role is a named list of
+ permissions (defined by IAM or configured by users).
+ A binding can optionally specify a condition, which
+ is a logic expression that further constrains the
+ role binding based on attributes about the request
+ and/or target resource.
+
+ **JSON Example**
+
+ {
+ "bindings": [
+ {
+ "role":
+ "roles/resourcemanager.organizationAdmin",
+ "members": [ "user:mike@example.com",
+ "group:admins@example.com",
+ "domain:google.com",
+ "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ ]
+
+ }, { "role":
+ "roles/resourcemanager.organizationViewer",
+ "members": ["user:eve@example.com"],
+ "condition": { "title": "expirable access",
+ "description": "Does not grant access after
+ Sep 2020", "expression": "request.time <
+ timestamp('2020-10-01T00:00:00.000Z')", } }
+
+ ]
+
+ }
+
+ **YAML Example**
+
+ bindings: - members: - user:\ mike@example.com -
+ group:\ admins@example.com - domain:google.com -
+ serviceAccount:\ my-project-id@appspot.gserviceaccount.com
+ role: roles/resourcemanager.organizationAdmin -
+ members: - user:\ eve@example.com role:
+ roles/resourcemanager.organizationViewer
+ condition: title: expirable access description:
+ Does not grant access after Sep 2020 expression:
+ request.time <
+ timestamp('2020-10-01T00:00:00.000Z')
+
+ For a description of IAM and its features, see the
+ [IAM developer's
+ guide](\ https://cloud.google.com/iam/docs).
"""
# Create or coerce a protobuf request object.
@@ -1993,13 +2010,16 @@ def set_iam_policy(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.SetIamPolicyRequest(**request)
-
elif not request:
- request = iam_policy.SetIamPolicyRequest(resource=resource,)
+ # Null request, just make one.
+ request = iam_policy.SetIamPolicyRequest()
+
+ if resource is not None:
+ request.resource = resource
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -2031,22 +2051,24 @@ def test_iam_permissions(
specified source.
Args:
- request (:class:`~.iam_policy.TestIamPermissionsRequest`):
+ request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest):
The request object. Request message for
`TestIamPermissions` method.
- resource (:class:`str`):
+ resource (str):
REQUIRED: The resource for which the
policy detail is being requested. See
the operation documentation for the
appropriate value for this field.
+
This corresponds to the ``resource`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- permissions (:class:`Sequence[str]`):
+ permissions (Sequence[str]):
The set of permissions to check for the ``resource``.
Permissions with wildcards (such as '*' or 'storage.*')
are not allowed. For more information see `IAM
Overview `__.
+
This corresponds to the ``permissions`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2058,8 +2080,8 @@ def test_iam_permissions(
sent along with the request as metadata.
Returns:
- ~.iam_policy.TestIamPermissionsResponse:
- Response message for ``TestIamPermissions`` method.
+ google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
+ Response message for TestIamPermissions method.
"""
# Create or coerce a protobuf request object.
# Sanity check: If we got a request object, we should *not* have
@@ -2071,15 +2093,19 @@ def test_iam_permissions(
"the individual field arguments should be set."
)
- # The request isn't a proto-plus wrapped type,
- # so it must be constructed via keyword expansion.
if isinstance(request, dict):
+ # The request isn't a proto-plus wrapped type,
+ # so it must be constructed via keyword expansion.
request = iam_policy.TestIamPermissionsRequest(**request)
-
elif not request:
- request = iam_policy.TestIamPermissionsRequest(
- resource=resource, permissions=permissions,
- )
+ # Null request, just make one.
+ request = iam_policy.TestIamPermissionsRequest()
+
+ if resource is not None:
+ request.resource = resource
+
+ if permissions:
+ request.permissions.extend(permissions)
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
@@ -2111,10 +2137,10 @@ def update_finding(
source must exist for a finding creation to succeed.
Args:
- request (:class:`~.securitycenter_service.UpdateFindingRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.UpdateFindingRequest):
The request object. Request message for updating or
creating a finding.
- finding (:class:`~.gcs_finding.Finding`):
+ finding (google.cloud.securitycenter_v1p1beta1.types.Finding):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -2122,10 +2148,11 @@ def update_finding(
In the case of creation, the finding id portion of the
name must be alphanumeric and less than or equal to 32
characters and greater than 0 characters in length.
+
This corresponds to the ``finding`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the finding resource.
This field should not be specified when creating a
finding.
@@ -2135,6 +2162,7 @@ def update_finding(
source_properties. Individual source_properties can be
added/updated by using "source_properties." in the field
mask.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2146,7 +2174,7 @@ def update_finding(
sent along with the request as metadata.
Returns:
- ~.gcs_finding.Finding:
+ google.cloud.securitycenter_v1p1beta1.types.Finding:
Security Command Center finding.
A finding is a record of assessment data
(security, risk, health or privacy)
@@ -2215,20 +2243,22 @@ def update_notification_config(
allowed: description, pubsub_topic, streaming_config.filter
Args:
- request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.UpdateNotificationConfigRequest):
The request object. Request message for updating a
notification config.
- notification_config (:class:`~.gcs_notification_config.NotificationConfig`):
+ notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig):
Required. The notification config to
update.
+
This corresponds to the ``notification_config`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating
the notification config.
If empty all mutable fields will be
updated.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2240,7 +2270,7 @@ def update_notification_config(
sent along with the request as metadata.
Returns:
- ~.gcs_notification_config.NotificationConfig:
+ google.cloud.securitycenter_v1p1beta1.types.NotificationConfig:
Security Command Center notification
configs.
A notification config is a Security
@@ -2309,12 +2339,13 @@ def update_organization_settings(
r"""Updates an organization's settings.
Args:
- request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.UpdateOrganizationSettingsRequest):
The request object. Request message for updating an
organization's settings.
- organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`):
+ organization_settings (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings):
Required. The organization settings
resource to update.
+
This corresponds to the ``organization_settings`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2326,7 +2357,7 @@ def update_organization_settings(
sent along with the request as metadata.
Returns:
- ~.gcs_organization_settings.OrganizationSettings:
+ google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings:
User specified settings that are
attached to the Security Command Center
organization.
@@ -2390,20 +2421,22 @@ def update_source(
r"""Updates a source.
Args:
- request (:class:`~.securitycenter_service.UpdateSourceRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.UpdateSourceRequest):
The request object. Request message for updating a
source.
- source (:class:`~.gcs_source.Source`):
+ source (google.cloud.securitycenter_v1p1beta1.types.Source):
Required. The source resource to
update.
+
This corresponds to the ``source`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating
the source resource.
If empty all mutable fields will be
updated.
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2415,7 +2448,7 @@ def update_source(
sent along with the request as metadata.
Returns:
- ~.gcs_source.Source:
+ google.cloud.securitycenter_v1p1beta1.types.Source:
Security Command Center finding
source. A finding source is an entity or
a mechanism that can produce a finding.
@@ -2480,16 +2513,17 @@ def update_security_marks(
r"""Updates security marks.
Args:
- request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.UpdateSecurityMarksRequest):
The request object. Request message for updating a
SecurityMarks resource.
- security_marks (:class:`~.gcs_security_marks.SecurityMarks`):
+ security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks):
Required. The security marks resource
to update.
+
This corresponds to the ``security_marks`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
- update_mask (:class:`~.field_mask.FieldMask`):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the security marks
resource.
@@ -2497,6 +2531,7 @@ def update_security_marks(
empty or set to "marks", all marks will be replaced.
Individual marks can be updated using
"marks.".
+
This corresponds to the ``update_mask`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
@@ -2508,7 +2543,7 @@ def update_security_marks(
sent along with the request as metadata.
Returns:
- ~.gcs_security_marks.SecurityMarks:
+ google.cloud.securitycenter_v1p1beta1.types.SecurityMarks:
User specified security marks that
are attached to the parent Security
Command Center resource. Security marks
diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py
index 561db76f..712fa98f 100644
--- a/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py
+++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py
@@ -15,7 +15,16 @@
# limitations under the License.
#
-from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple
+from typing import (
+ Any,
+ AsyncIterable,
+ Awaitable,
+ Callable,
+ Iterable,
+ Sequence,
+ Tuple,
+ Optional,
+)
from google.cloud.securitycenter_v1p1beta1.types import notification_config
from google.cloud.securitycenter_v1p1beta1.types import securitycenter_service
@@ -26,7 +35,7 @@ class GroupAssetsPager:
"""A pager for iterating through ``group_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse` object, and
provides an ``__iter__`` method to iterate through its
``group_by_results`` field.
@@ -35,7 +44,7 @@ class GroupAssetsPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -53,9 +62,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupAssetsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -88,7 +97,7 @@ class GroupAssetsAsyncPager:
"""A pager for iterating through ``group_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``group_by_results`` field.
@@ -97,7 +106,7 @@ class GroupAssetsAsyncPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -115,9 +124,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupAssetsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupAssetsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -154,7 +163,7 @@ class GroupFindingsPager:
"""A pager for iterating through ``group_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse` object, and
provides an ``__iter__`` method to iterate through its
``group_by_results`` field.
@@ -163,7 +172,7 @@ class GroupFindingsPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -181,9 +190,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupFindingsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -216,7 +225,7 @@ class GroupFindingsAsyncPager:
"""A pager for iterating through ``group_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.GroupFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``group_by_results`` field.
@@ -225,7 +234,7 @@ class GroupFindingsAsyncPager:
through the ``group_by_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.GroupFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -243,9 +252,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.GroupFindingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.GroupFindingsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -284,7 +293,7 @@ class ListAssetsPager:
"""A pager for iterating through ``list_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse` object, and
provides an ``__iter__`` method to iterate through its
``list_assets_results`` field.
@@ -293,7 +302,7 @@ class ListAssetsPager:
through the ``list_assets_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -311,9 +320,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListAssetsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -348,7 +357,7 @@ class ListAssetsAsyncPager:
"""A pager for iterating through ``list_assets`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListAssetsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``list_assets_results`` field.
@@ -357,7 +366,7 @@ class ListAssetsAsyncPager:
through the ``list_assets_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListAssetsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -375,9 +384,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListAssetsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListAssetsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -416,7 +425,7 @@ class ListFindingsPager:
"""A pager for iterating through ``list_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse` object, and
provides an ``__iter__`` method to iterate through its
``list_findings_results`` field.
@@ -425,7 +434,7 @@ class ListFindingsPager:
through the ``list_findings_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -443,9 +452,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListFindingsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -480,7 +489,7 @@ class ListFindingsAsyncPager:
"""A pager for iterating through ``list_findings`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListFindingsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``list_findings_results`` field.
@@ -489,7 +498,7 @@ class ListFindingsAsyncPager:
through the ``list_findings_results`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListFindingsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -507,9 +516,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListFindingsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListFindingsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -548,7 +557,7 @@ class ListNotificationConfigsPager:
"""A pager for iterating through ``list_notification_configs`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse` object, and
provides an ``__iter__`` method to iterate through its
``notification_configs`` field.
@@ -557,7 +566,7 @@ class ListNotificationConfigsPager:
through the ``notification_configs`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -575,9 +584,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -610,7 +619,7 @@ class ListNotificationConfigsAsyncPager:
"""A pager for iterating through ``list_notification_configs`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse` object, and
provides an ``__aiter__`` method to iterate through its
``notification_configs`` field.
@@ -619,7 +628,7 @@ class ListNotificationConfigsAsyncPager:
through the ``notification_configs`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -639,9 +648,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -680,7 +689,7 @@ class ListSourcesPager:
"""A pager for iterating through ``list_sources`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListSourcesResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse` object, and
provides an ``__iter__`` method to iterate through its
``sources`` field.
@@ -689,7 +698,7 @@ class ListSourcesPager:
through the ``sources`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListSourcesResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -707,9 +716,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListSourcesResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
@@ -742,7 +751,7 @@ class ListSourcesAsyncPager:
"""A pager for iterating through ``list_sources`` requests.
This class thinly wraps an initial
- :class:`~.securitycenter_service.ListSourcesResponse` object, and
+ :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse` object, and
provides an ``__aiter__`` method to iterate through its
``sources`` field.
@@ -751,7 +760,7 @@ class ListSourcesAsyncPager:
through the ``sources`` field on the
corresponding responses.
- All the usual :class:`~.securitycenter_service.ListSourcesResponse`
+ All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse`
attributes are available on the pager. If multiple requests are made, only
the most recent response is retained, and thus used for attribute lookup.
"""
@@ -769,9 +778,9 @@ def __init__(
Args:
method (Callable): The method that was originally called, and
which instantiated this pager.
- request (:class:`~.securitycenter_service.ListSourcesRequest`):
+ request (google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest):
The initial request object.
- response (:class:`~.securitycenter_service.ListSourcesResponse`):
+ response (google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse):
The initial response object.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py
index 59b77852..fddc88f5 100644
--- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py
+++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py
@@ -23,7 +23,6 @@
from google.api_core import exceptions # type: ignore
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
-from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials # type: ignore
@@ -90,10 +89,10 @@ def __init__(
scope (Optional[Sequence[str]]): A list of scopes.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
@@ -101,6 +100,9 @@ def __init__(
host += ":443"
self._host = host
+ # Save the scopes.
+ self._scopes = scopes or self.AUTH_SCOPES
+
# If no credentials are provided, then determine the appropriate
# defaults.
if credentials and credentials_file:
@@ -110,20 +112,17 @@ def __init__(
if credentials_file is not None:
credentials, _ = auth.load_credentials_from_file(
- credentials_file, scopes=scopes, quota_project_id=quota_project_id
+ credentials_file, scopes=self._scopes, quota_project_id=quota_project_id
)
elif credentials is None:
credentials, _ = auth.default(
- scopes=scopes, quota_project_id=quota_project_id
+ scopes=self._scopes, quota_project_id=quota_project_id
)
# Save the credentials.
self._credentials = credentials
- # Lifted into its own function so it can be stubbed out during tests.
- self._prep_wrapped_messages(client_info)
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
@@ -152,6 +151,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -165,6 +165,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -178,6 +179,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -191,6 +193,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -204,6 +207,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -217,6 +221,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -230,6 +235,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -243,6 +249,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=480.0,
),
default_timeout=480.0,
client_info=client_info,
@@ -256,6 +263,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -269,6 +277,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -291,6 +300,7 @@ def _prep_wrapped_messages(self, client_info):
predicate=retries.if_exception_type(
exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py
index d402248c..15182889 100644
--- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py
+++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py
@@ -77,6 +77,7 @@ def __init__(
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
@@ -107,6 +108,10 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
client_info (google.api_core.gapic_v1.client_info.ClientInfo):
@@ -121,72 +126,61 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+ self._operations_client = None
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -194,18 +188,8 @@ def __init__(
],
)
- self._stubs = {} # type: Dict[str, Callable]
- self._operations_client = None
-
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@classmethod
def create_channel(
@@ -219,7 +203,7 @@ def create_channel(
) -> grpc.Channel:
"""Create and return a gRPC channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py
index 3269c916..dfb65374 100644
--- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py
+++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py
@@ -81,7 +81,7 @@ def create_channel(
) -> aio.Channel:
"""Create and return a gRPC AsyncIO channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
@@ -121,6 +121,7 @@ def __init__(
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
@@ -152,12 +153,16 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
Raises:
@@ -166,72 +171,61 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+ self._operations_client = None
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -239,18 +233,8 @@ def __init__(
],
)
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
-
- self._stubs = {}
- self._operations_client = None
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@property
def grpc_channel(self) -> aio.Channel:
diff --git a/google/cloud/securitycenter_v1p1beta1/types/__init__.py b/google/cloud/securitycenter_v1p1beta1/types/__init__.py
index 1a1ebb24..0d3cb34a 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/__init__.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/__init__.py
@@ -15,15 +15,14 @@
# limitations under the License.
#
-from .security_marks import SecurityMarks
from .asset import Asset
from .finding import Finding
from .notification_config import NotificationConfig
-from .resource import Resource
from .notification_message import NotificationMessage
from .organization_settings import OrganizationSettings
+from .resource import Resource
from .run_asset_discovery_response import RunAssetDiscoveryResponse
-from .source import Source
+from .security_marks import SecurityMarks
from .securitycenter_service import (
CreateFindingRequest,
CreateNotificationConfigRequest,
@@ -37,33 +36,33 @@
GroupFindingsRequest,
GroupFindingsResponse,
GroupResult,
- ListNotificationConfigsRequest,
- ListNotificationConfigsResponse,
- ListSourcesRequest,
- ListSourcesResponse,
ListAssetsRequest,
ListAssetsResponse,
ListFindingsRequest,
ListFindingsResponse,
- SetFindingStateRequest,
+ ListNotificationConfigsRequest,
+ ListNotificationConfigsResponse,
+ ListSourcesRequest,
+ ListSourcesResponse,
RunAssetDiscoveryRequest,
+ SetFindingStateRequest,
UpdateFindingRequest,
UpdateNotificationConfigRequest,
UpdateOrganizationSettingsRequest,
- UpdateSourceRequest,
UpdateSecurityMarksRequest,
+ UpdateSourceRequest,
)
+from .source import Source
__all__ = (
- "SecurityMarks",
"Asset",
"Finding",
"NotificationConfig",
- "Resource",
"NotificationMessage",
"OrganizationSettings",
+ "Resource",
"RunAssetDiscoveryResponse",
- "Source",
+ "SecurityMarks",
"CreateFindingRequest",
"CreateNotificationConfigRequest",
"CreateSourceRequest",
@@ -76,19 +75,20 @@
"GroupFindingsRequest",
"GroupFindingsResponse",
"GroupResult",
- "ListNotificationConfigsRequest",
- "ListNotificationConfigsResponse",
- "ListSourcesRequest",
- "ListSourcesResponse",
"ListAssetsRequest",
"ListAssetsResponse",
"ListFindingsRequest",
"ListFindingsResponse",
- "SetFindingStateRequest",
+ "ListNotificationConfigsRequest",
+ "ListNotificationConfigsResponse",
+ "ListSourcesRequest",
+ "ListSourcesResponse",
"RunAssetDiscoveryRequest",
+ "SetFindingStateRequest",
"UpdateFindingRequest",
"UpdateNotificationConfigRequest",
"UpdateOrganizationSettingsRequest",
- "UpdateSourceRequest",
"UpdateSecurityMarksRequest",
+ "UpdateSourceRequest",
+ "Source",
)
diff --git a/google/cloud/securitycenter_v1p1beta1/types/asset.py b/google/cloud/securitycenter_v1p1beta1/types/asset.py
index 9d7f0742..50406de4 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/asset.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/asset.py
@@ -46,26 +46,26 @@ class Asset(proto.Message):
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/assets/{asset_id}".
- security_center_properties (~.asset.Asset.SecurityCenterProperties):
+ security_center_properties (google.cloud.securitycenter_v1p1beta1.types.Asset.SecurityCenterProperties):
Security Command Center managed properties.
These properties are managed by Security Command
Center and cannot be modified by the user.
- resource_properties (Sequence[~.asset.Asset.ResourcePropertiesEntry]):
+ resource_properties (Sequence[google.cloud.securitycenter_v1p1beta1.types.Asset.ResourcePropertiesEntry]):
Resource managed properties. These properties
are managed and defined by the Google Cloud
resource and cannot be modified by the user.
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks):
User specified security marks. These marks
are entirely managed by the user and come from
the SecurityMarks resource that belongs to the
asset.
- create_time (~.timestamp.Timestamp):
+ create_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the asset was created in
Security Command Center.
- update_time (~.timestamp.Timestamp):
+ update_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the asset was last updated,
added, or deleted in Cloud SCC.
- iam_policy (~.asset.Asset.IamPolicy):
+ iam_policy (google.cloud.securitycenter_v1p1beta1.types.Asset.IamPolicy):
Cloud IAM Policy information associated with
the Google Cloud resource described by the
Security Command Center asset. This information
diff --git a/google/cloud/securitycenter_v1p1beta1/types/finding.py b/google/cloud/securitycenter_v1p1beta1/types/finding.py
index 1d6e12cb..0e667d8c 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/finding.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/finding.py
@@ -57,7 +57,7 @@ class Finding(proto.Message):
When the finding is for a non-Google Cloud resource, the
resourceName can be a customer or partner defined string.
This field is immutable after creation time.
- state (~.finding.Finding.State):
+ state (google.cloud.securitycenter_v1p1beta1.types.Finding.State):
The state of the finding.
category (str):
The additional taxonomy group within findings from a given
@@ -69,18 +69,18 @@ class Finding(proto.Message):
additional information about the finding can be
found. This field is guaranteed to be either
empty or a well formed URL.
- source_properties (Sequence[~.finding.Finding.SourcePropertiesEntry]):
+ source_properties (Sequence[google.cloud.securitycenter_v1p1beta1.types.Finding.SourcePropertiesEntry]):
Source specific properties. These properties are managed by
the source that writes the finding. The key names in the
source_properties map must be between 1 and 255 characters,
and must start with a letter and contain alphanumeric
characters or underscores only.
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks):
Output only. User specified security marks.
These marks are entirely managed by the user and
come from the SecurityMarks resource that
belongs to the finding.
- event_time (~.timestamp.Timestamp):
+ event_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the event took place, or
when an update to the finding occurred. For
example, if the finding represents an open
@@ -89,10 +89,10 @@ class Finding(proto.Message):
is determined by the detector. If the finding
were to be resolved afterward, this time would
reflect when the finding was resolved.
- create_time (~.timestamp.Timestamp):
+ create_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the finding was created in
Security Command Center.
- severity (~.finding.Finding.Severity):
+ severity (google.cloud.securitycenter_v1p1beta1.types.Finding.Severity):
The severity of the finding. This field is
managed by the source that writes the finding.
"""
diff --git a/google/cloud/securitycenter_v1p1beta1/types/notification_config.py b/google/cloud/securitycenter_v1p1beta1/types/notification_config.py
index 2be493b4..99befd9d 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/notification_config.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/notification_config.py
@@ -38,7 +38,7 @@ class NotificationConfig(proto.Message):
description (str):
The description of the notification config
(max of 1024 characters).
- event_type (~.notification_config.NotificationConfig.EventType):
+ event_type (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig.EventType):
The type of events the config is for, e.g.
FINDING.
pubsub_topic (str):
@@ -48,7 +48,7 @@ class NotificationConfig(proto.Message):
Output only. The service account that needs
"pubsub.topics.publish" permission to publish to
the Pub/Sub topic.
- streaming_config (~.notification_config.NotificationConfig.StreamingConfig):
+ streaming_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig.StreamingConfig):
The config for triggering streaming-based
notifications.
"""
diff --git a/google/cloud/securitycenter_v1p1beta1/types/notification_message.py b/google/cloud/securitycenter_v1p1beta1/types/notification_message.py
index 700d68eb..215cd555 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/notification_message.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/notification_message.py
@@ -34,10 +34,10 @@ class NotificationMessage(proto.Message):
notification_config_name (str):
Name of the notification config that
generated current notification.
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1p1beta1.types.Finding):
If it's a Finding based notification config,
this field will be populated.
- resource (~.gcs_resource.Resource):
+ resource (google.cloud.securitycenter_v1p1beta1.types.Resource):
The Cloud resource tied to the notification.
"""
diff --git a/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py b/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py
index 70fec686..1cc1caeb 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py
@@ -38,7 +38,7 @@ class OrganizationSettings(proto.Message):
If the flag is set to ``true``, then discovery of assets
will occur. If it is set to \`false, all historical assets
will remain, but discovery of future assets will not occur.
- asset_discovery_config (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig):
+ asset_discovery_config (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings.AssetDiscoveryConfig):
The configuration used for Asset Discovery
runs.
"""
@@ -50,7 +50,7 @@ class AssetDiscoveryConfig(proto.Message):
project_ids (Sequence[str]):
The project ids to use for filtering asset
discovery.
- inclusion_mode (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig.InclusionMode):
+ inclusion_mode (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings.AssetDiscoveryConfig.InclusionMode):
The mode to use for filtering asset
discovery.
"""
diff --git a/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py
index 9c474a45..d1201368 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py
@@ -31,9 +31,9 @@ class RunAssetDiscoveryResponse(proto.Message):
r"""Response of asset discovery run
Attributes:
- state (~.run_asset_discovery_response.RunAssetDiscoveryResponse.State):
+ state (google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse.State):
The state of an asset discovery run.
- duration (~.gp_duration.Duration):
+ duration (google.protobuf.duration_pb2.Duration):
The duration between asset discovery run
start and end
"""
diff --git a/google/cloud/securitycenter_v1p1beta1/types/security_marks.py b/google/cloud/securitycenter_v1p1beta1/types/security_marks.py
index a7671f48..1d84bd55 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/security_marks.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/security_marks.py
@@ -37,7 +37,7 @@ class SecurityMarks(proto.Message):
Examples:
"organizations/{organization_id}/assets/{asset_id}/securityMarks"
"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
- marks (Sequence[~.security_marks.SecurityMarks.MarksEntry]):
+ marks (Sequence[google.cloud.securitycenter_v1p1beta1.types.SecurityMarks.MarksEntry]):
Mutable user specified security marks belonging to the
parent resource. Constraints are as follows:
diff --git a/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py b/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py
index bd319164..e608de04 100644
--- a/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py
+++ b/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py
@@ -81,7 +81,7 @@ class CreateFindingRequest(proto.Message):
finding_id (str):
Required. Unique identifier provided by the
client within the parent scope.
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1p1beta1.types.Finding):
Required. The Finding being created. The name and
security_marks will be ignored as they are both output only
fields on this resource.
@@ -107,7 +107,7 @@ class CreateNotificationConfigRequest(proto.Message):
between 1 and 128 characters, and contains
alphanumeric characters, underscores or hyphens
only.
- notification_config (~.gcs_notification_config.NotificationConfig):
+ notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig):
Required. The notification config being
created. The name and the service account will
be ignored as they are both output only fields
@@ -130,7 +130,7 @@ class CreateSourceRequest(proto.Message):
parent (str):
Required. Resource name of the new source's parent. Its
format should be "organizations/[organization_id]".
- source (~.gcs_source.Source):
+ source (google.cloud.securitycenter_v1p1beta1.types.Source):
Required. The Source being created, only the display_name
and description will be used. All other fields will be
ignored.
@@ -302,7 +302,7 @@ class GroupAssetsRequest(proto.Message):
- security_center_properties.resource_type
- security_center_properties.resource_project_display_name
- security_center_properties.resource_parent_display_name
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the GroupResult's
"state_change" property is updated to indicate whether the
asset was added, removed, or remained present during the
@@ -334,7 +334,7 @@ class GroupAssetsRequest(proto.Message):
If this field is set then ``state_change`` must be a
specified field in ``group_by``.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
assets. The filter is limited to assets existing
at the supplied time and their values are those
@@ -370,13 +370,13 @@ class GroupAssetsResponse(proto.Message):
r"""Response message for grouping by assets.
Attributes:
- group_by_results (Sequence[~.securitycenter_service.GroupResult]):
+ group_by_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult]):
Group results. There exists an element for
each existing unique combination of
property/values. The element contains a count
for the number of times those specific
property/values appear.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the groupBy request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -492,13 +492,13 @@ class GroupFindingsRequest(proto.Message):
set:
- state_change
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
findings. The filter is limited to findings
existing at the supplied time and their values
are those at that specific time. Absence of this
field will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the GroupResult's
"state_change" attribute is updated to indicate whether the
finding had its state changed, the finding's state remained
@@ -565,13 +565,13 @@ class GroupFindingsResponse(proto.Message):
r"""Response message for group by findings.
Attributes:
- group_by_results (Sequence[~.securitycenter_service.GroupResult]):
+ group_by_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult]):
Group results. There exists an element for
each existing unique combination of
property/values. The element contains a count
for the number of times those specific
property/values appear.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the groupBy request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -601,7 +601,7 @@ class GroupResult(proto.Message):
request.
Attributes:
- properties (Sequence[~.securitycenter_service.GroupResult.PropertiesEntry]):
+ properties (Sequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult.PropertiesEntry]):
Properties matching the groupBy fields in the
request.
count (int):
@@ -645,7 +645,7 @@ class ListNotificationConfigsResponse(proto.Message):
r"""Response message for listing notification configs.
Attributes:
- notification_configs (Sequence[~.gcs_notification_config.NotificationConfig]):
+ notification_configs (Sequence[google.cloud.securitycenter_v1p1beta1.types.NotificationConfig]):
Notification configs belonging to the
requested parent.
next_page_token (str):
@@ -693,7 +693,7 @@ class ListSourcesResponse(proto.Message):
r"""Response message for listing sources.
Attributes:
- sources (Sequence[~.gcs_source.Source]):
+ sources (Sequence[google.cloud.securitycenter_v1p1beta1.types.Source]):
Sources belonging to the requested parent.
next_page_token (str):
Token to retrieve the next page of results,
@@ -820,13 +820,13 @@ class ListAssetsRequest(proto.Message):
security_center_properties.resource_project
security_center_properties.resource_project_display_name
security_center_properties.resource_type
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
assets. The filter is limited to assets existing
at the supplied time and their values are those
at that specific time. Absence of this field
will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the ListAssetsResult's
"state_change" attribute is updated to indicate whether the
asset was added, removed, or remained present during the
@@ -854,7 +854,7 @@ class ListAssetsRequest(proto.Message):
If compare_duration is not specified, then the only possible
state_change is "UNUSED", which will be the state_change set
for all assets present at read_time.
- field_mask (~.gp_field_mask.FieldMask):
+ field_mask (google.protobuf.field_mask_pb2.FieldMask):
A field mask to specify the ListAssetsResult
fields to be listed in the response.
An empty field mask will list all fields.
@@ -890,9 +890,9 @@ class ListAssetsResponse(proto.Message):
r"""Response message for listing assets.
Attributes:
- list_assets_results (Sequence[~.securitycenter_service.ListAssetsResponse.ListAssetsResult]):
+ list_assets_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse.ListAssetsResult]):
Assets matching the list request.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the list request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -906,9 +906,9 @@ class ListAssetsResult(proto.Message):
r"""Result containing the Asset and its State.
Attributes:
- asset (~.gcs_asset.Asset):
+ asset (google.cloud.securitycenter_v1p1beta1.types.Asset):
Asset matching the search request.
- state_change (~.securitycenter_service.ListAssetsResponse.ListAssetsResult.StateChange):
+ state_change (google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse.ListAssetsResult.StateChange):
State change of the asset between the points
in time.
"""
@@ -1036,13 +1036,13 @@ class ListFindingsRequest(proto.Message):
The following fields are supported: name parent state
category resource_name event_time source_properties
security_marks.marks
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used as a reference point when filtering
findings. The filter is limited to findings
existing at the supplied time and their values
are those at that specific time. Absence of this
field will default to the API's version of NOW.
- compare_duration (~.duration.Duration):
+ compare_duration (google.protobuf.duration_pb2.Duration):
When compare_duration is set, the ListFindingsResult's
"state_change" attribute is updated to indicate whether the
finding had its state changed, the finding's state remained
@@ -1076,7 +1076,7 @@ class ListFindingsRequest(proto.Message):
If compare_duration is not specified, then the only possible
state_change is "UNUSED", which will be the state_change set
for all findings present at read_time.
- field_mask (~.gp_field_mask.FieldMask):
+ field_mask (google.protobuf.field_mask_pb2.FieldMask):
A field mask to specify the Finding fields to
be listed in the response. An empty field mask
will list all fields.
@@ -1112,9 +1112,9 @@ class ListFindingsResponse(proto.Message):
r"""Response message for listing findings.
Attributes:
- list_findings_results (Sequence[~.securitycenter_service.ListFindingsResponse.ListFindingsResult]):
+ list_findings_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult]):
Findings matching the list request.
- read_time (~.timestamp.Timestamp):
+ read_time (google.protobuf.timestamp_pb2.Timestamp):
Time used for executing the list request.
next_page_token (str):
Token to retrieve the next page of results,
@@ -1128,12 +1128,12 @@ class ListFindingsResult(proto.Message):
r"""Result containing the Finding and its StateChange.
Attributes:
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1p1beta1.types.Finding):
Finding matching the search request.
- state_change (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.StateChange):
+ state_change (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult.StateChange):
State change of the finding between the
points in time.
- resource (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.Resource):
+ resource (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult.Resource):
Output only. Resource that is associated with
this finding.
"""
@@ -1222,9 +1222,9 @@ class SetFindingStateRequest(proto.Message):
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
- state (~.gcs_finding.Finding.State):
+ state (google.cloud.securitycenter_v1p1beta1.types.Finding.State):
Required. The desired State of the finding.
- start_time (~.timestamp.Timestamp):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
Required. The time at which the updated state
takes effect.
"""
@@ -1253,7 +1253,7 @@ class UpdateFindingRequest(proto.Message):
r"""Request message for updating or creating a finding.
Attributes:
- finding (~.gcs_finding.Finding):
+ finding (google.cloud.securitycenter_v1p1beta1.types.Finding):
Required. The finding resource to update or create if it
does not already exist. parent, security_marks, and
update_time will be ignored.
@@ -1261,7 +1261,7 @@ class UpdateFindingRequest(proto.Message):
In the case of creation, the finding id portion of the name
must be alphanumeric and less than or equal to 32 characters
and greater than 0 characters in length.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the finding resource.
This field should not be specified when creating a finding.
@@ -1280,9 +1280,9 @@ class UpdateNotificationConfigRequest(proto.Message):
r"""Request message for updating a notification config.
Attributes:
- notification_config (~.gcs_notification_config.NotificationConfig):
+ notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig):
Required. The notification config to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
notification config.
If empty all mutable fields will be updated.
@@ -1299,10 +1299,10 @@ class UpdateOrganizationSettingsRequest(proto.Message):
r"""Request message for updating an organization's settings.
Attributes:
- organization_settings (~.gcs_organization_settings.OrganizationSettings):
+ organization_settings (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings):
Required. The organization settings resource
to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the
settings resource.
@@ -1320,9 +1320,9 @@ class UpdateSourceRequest(proto.Message):
r"""Request message for updating a source.
Attributes:
- source (~.gcs_source.Source):
+ source (google.cloud.securitycenter_v1p1beta1.types.Source):
Required. The source resource to update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the source
resource.
If empty all mutable fields will be updated.
@@ -1337,17 +1337,17 @@ class UpdateSecurityMarksRequest(proto.Message):
r"""Request message for updating a SecurityMarks resource.
Attributes:
- security_marks (~.gcs_security_marks.SecurityMarks):
+ security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks):
Required. The security marks resource to
update.
- update_mask (~.gp_field_mask.FieldMask):
+ update_mask (google.protobuf.field_mask_pb2.FieldMask):
The FieldMask to use when updating the security marks
resource.
The field mask must not contain duplicate fields. If empty
or set to "marks", all marks will be replaced. Individual
marks can be updated using "marks.".
- start_time (~.timestamp.Timestamp):
+ start_time (google.protobuf.timestamp_pb2.Timestamp):
The time at which the updated SecurityMarks
take effect. If not set uses current server
time. Updates will be applied to the
diff --git a/noxfile.py b/noxfile.py
index a57e24be..43dd3024 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -18,6 +18,7 @@
from __future__ import absolute_import
import os
+import pathlib
import shutil
import nox
@@ -30,6 +31,22 @@
SYSTEM_TEST_PYTHON_VERSIONS = ["3.8"]
UNIT_TEST_PYTHON_VERSIONS = ["3.6", "3.7", "3.8", "3.9"]
+CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute()
+
+# 'docfx' is excluded since it only needs to run in 'docs-presubmit'
+nox.options.sessions = [
+ "unit",
+ "system",
+ "cover",
+ "lint",
+ "lint_setup_py",
+ "blacken",
+ "docs",
+]
+
+# Error if a python version is missing
+nox.options.error_on_missing_interpreters = True
+
@nox.session(python=DEFAULT_PYTHON_VERSION)
def lint(session):
@@ -70,17 +87,21 @@ def lint_setup_py(session):
def default(session):
# Install all test dependencies, then install this package in-place.
- session.install("asyncmock", "pytest-asyncio")
- session.install(
- "mock", "pytest", "pytest-cov",
+ constraints_path = str(
+ CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt"
)
- session.install("-e", ".")
+ session.install("asyncmock", "pytest-asyncio", "-c", constraints_path)
+
+ session.install("mock", "pytest", "pytest-cov", "-c", constraints_path)
+
+ session.install("-e", ".", "-c", constraints_path)
# Run py.test against the unit tests.
session.run(
"py.test",
"--quiet",
+ f"--junitxml=unit_{session.python}_sponge_log.xml",
"--cov=google/cloud",
"--cov=tests/unit",
"--cov-append",
@@ -101,6 +122,9 @@ def unit(session):
@nox.session(python=SYSTEM_TEST_PYTHON_VERSIONS)
def system(session):
"""Run the system test suite."""
+ constraints_path = str(
+ CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt"
+ )
system_test_path = os.path.join("tests", "system.py")
system_test_folder_path = os.path.join("tests", "system")
@@ -110,6 +134,9 @@ def system(session):
# Sanity check: Only run tests if the environment variable is set.
if not os.environ.get("GOOGLE_APPLICATION_CREDENTIALS", ""):
session.skip("Credentials must be set via environment variable")
+ # Install pyopenssl for mTLS testing.
+ if os.environ.get("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true":
+ session.install("pyopenssl")
system_test_exists = os.path.exists(system_test_path)
system_test_folder_exists = os.path.exists(system_test_folder_path)
@@ -122,16 +149,26 @@ def system(session):
# Install all test dependencies, then install this package into the
# virtualenv's dist-packages.
- session.install(
- "mock", "pytest", "google-cloud-testutils",
- )
- session.install("-e", ".")
+ session.install("mock", "pytest", "google-cloud-testutils", "-c", constraints_path)
+ session.install("-e", ".", "-c", constraints_path)
# Run py.test against the system tests.
if system_test_exists:
- session.run("py.test", "--quiet", system_test_path, *session.posargs)
+ session.run(
+ "py.test",
+ "--quiet",
+ f"--junitxml=system_{session.python}_sponge_log.xml",
+ system_test_path,
+ *session.posargs,
+ )
if system_test_folder_exists:
- session.run("py.test", "--quiet", system_test_folder_path, *session.posargs)
+ session.run(
+ "py.test",
+ "--quiet",
+ f"--junitxml=system_{session.python}_sponge_log.xml",
+ system_test_folder_path,
+ *session.posargs,
+ )
@nox.session(python=DEFAULT_PYTHON_VERSION)
@@ -142,7 +179,7 @@ def cover(session):
test runs (not system test runs), and then erases coverage data.
"""
session.install("coverage", "pytest-cov")
- session.run("coverage", "report", "--show-missing", "--fail-under=99")
+ session.run("coverage", "report", "--show-missing", "--fail-under=98")
session.run("coverage", "erase")
diff --git a/renovate.json b/renovate.json
index 4fa94931..f08bc22c 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,5 +1,6 @@
{
"extends": [
"config:base", ":preserveSemverRanges"
- ]
+ ],
+ "ignorePaths": [".pre-commit-config.yaml"]
}
diff --git a/samples/snippets/noxfile.py b/samples/snippets/noxfile.py
index bca0522e..97bf7da8 100644
--- a/samples/snippets/noxfile.py
+++ b/samples/snippets/noxfile.py
@@ -85,7 +85,7 @@ def get_pytest_env_vars() -> Dict[str, str]:
# DO NOT EDIT - automatically generated.
# All versions used to tested samples.
-ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8"]
+ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8", "3.9"]
# Any default versions that should be ignored.
IGNORED_VERSIONS = TEST_CONFIG['ignored_versions']
diff --git a/setup.py b/setup.py
index 2e201757..c639c9da 100644
--- a/setup.py
+++ b/setup.py
@@ -24,11 +24,11 @@
version = "1.1.0"
release_status = "Development Status :: 3 - Alpha"
dependencies = [
- "google-api-core[grpc] >= 1.22.0, < 2.0.0dev",
+ "google-api-core[grpc] >= 1.22.2, < 2.0.0dev",
"grpc-google-iam-v1 >= 0.12.3, < 0.13dev",
"proto-plus >= 1.10.0",
- "libcst >= 0.2.5",
]
+extras = {"libcst": "libcst >= 0.2.5"}
package_root = os.path.abspath(os.path.dirname(__file__))
@@ -71,6 +71,7 @@
packages=packages,
namespace_packages=namespaces,
install_requires=dependencies,
+ extras_requires=extras,
python_requires=">=3.6",
scripts=[
"scripts/fixup_securitycenter_v1_keywords.py",
diff --git a/synth.metadata b/synth.metadata
index cb1fa7e9..5e9ab512 100644
--- a/synth.metadata
+++ b/synth.metadata
@@ -3,30 +3,30 @@
{
"git": {
"name": ".",
- "remote": "https://github.com/googleapis/python-securitycenter.git",
- "sha": "8d37bea1658bda9a646277aca90b812ddeee5494"
+ "remote": "git@github.com:googleapis/python-securitycenter.git",
+ "sha": "7e7e448e1b4b05aa51b948f7f3463982aa2d302b"
}
},
{
"git": {
"name": "googleapis",
"remote": "https://github.com/googleapis/googleapis.git",
- "sha": "e9135d3cb8a99f77ee2ba3318ebc2c9b807581d0",
- "internalRef": "347410691"
+ "sha": "7c8d16188e68347aac0053a40ab1dc2056a44899",
+ "internalRef": "365829960"
}
},
{
"git": {
"name": "synthtool",
"remote": "https://github.com/googleapis/synthtool.git",
- "sha": "41a4e56982620d3edcf110d76f4fcdfdec471ac8"
+ "sha": "572ef8f70edd9041f5bcfa71511aed6aecfc2098"
}
},
{
"git": {
"name": "synthtool",
"remote": "https://github.com/googleapis/synthtool.git",
- "sha": "41a4e56982620d3edcf110d76f4fcdfdec471ac8"
+ "sha": "572ef8f70edd9041f5bcfa71511aed6aecfc2098"
}
}
],
@@ -58,182 +58,5 @@
"generator": "bazel"
}
}
- ],
- "generatedFiles": [
- ".flake8",
- ".github/CONTRIBUTING.md",
- ".github/ISSUE_TEMPLATE/bug_report.md",
- ".github/ISSUE_TEMPLATE/feature_request.md",
- ".github/ISSUE_TEMPLATE/support_request.md",
- ".github/PULL_REQUEST_TEMPLATE.md",
- ".github/release-please.yml",
- ".github/snippet-bot.yml",
- ".gitignore",
- ".kokoro/build.sh",
- ".kokoro/continuous/common.cfg",
- ".kokoro/continuous/continuous.cfg",
- ".kokoro/docker/docs/Dockerfile",
- ".kokoro/docker/docs/fetch_gpg_keys.sh",
- ".kokoro/docs/common.cfg",
- ".kokoro/docs/docs-presubmit.cfg",
- ".kokoro/docs/docs.cfg",
- ".kokoro/populate-secrets.sh",
- ".kokoro/presubmit/common.cfg",
- ".kokoro/presubmit/presubmit.cfg",
- ".kokoro/publish-docs.sh",
- ".kokoro/release.sh",
- ".kokoro/release/common.cfg",
- ".kokoro/release/release.cfg",
- ".kokoro/samples/lint/common.cfg",
- ".kokoro/samples/lint/continuous.cfg",
- ".kokoro/samples/lint/periodic.cfg",
- ".kokoro/samples/lint/presubmit.cfg",
- ".kokoro/samples/python3.6/common.cfg",
- ".kokoro/samples/python3.6/continuous.cfg",
- ".kokoro/samples/python3.6/periodic.cfg",
- ".kokoro/samples/python3.6/presubmit.cfg",
- ".kokoro/samples/python3.7/common.cfg",
- ".kokoro/samples/python3.7/continuous.cfg",
- ".kokoro/samples/python3.7/periodic.cfg",
- ".kokoro/samples/python3.7/presubmit.cfg",
- ".kokoro/samples/python3.8/common.cfg",
- ".kokoro/samples/python3.8/continuous.cfg",
- ".kokoro/samples/python3.8/periodic.cfg",
- ".kokoro/samples/python3.8/presubmit.cfg",
- ".kokoro/test-samples.sh",
- ".kokoro/trampoline.sh",
- ".kokoro/trampoline_v2.sh",
- ".pre-commit-config.yaml",
- ".trampolinerc",
- "CODE_OF_CONDUCT.md",
- "CONTRIBUTING.rst",
- "LICENSE",
- "MANIFEST.in",
- "docs/_static/custom.css",
- "docs/_templates/layout.html",
- "docs/conf.py",
- "docs/multiprocessing.rst",
- "docs/securitycenter_v1/services.rst",
- "docs/securitycenter_v1/types.rst",
- "docs/securitycenter_v1beta1/services.rst",
- "docs/securitycenter_v1beta1/types.rst",
- "docs/securitycenter_v1p1beta1/services.rst",
- "docs/securitycenter_v1p1beta1/types.rst",
- "google/cloud/securitycenter/__init__.py",
- "google/cloud/securitycenter/py.typed",
- "google/cloud/securitycenter_v1/__init__.py",
- "google/cloud/securitycenter_v1/proto/asset.proto",
- "google/cloud/securitycenter_v1/proto/finding.proto",
- "google/cloud/securitycenter_v1/proto/notification_config.proto",
- "google/cloud/securitycenter_v1/proto/notification_message.proto",
- "google/cloud/securitycenter_v1/proto/organization_settings.proto",
- "google/cloud/securitycenter_v1/proto/resource.proto",
- "google/cloud/securitycenter_v1/proto/run_asset_discovery_response.proto",
- "google/cloud/securitycenter_v1/proto/security_marks.proto",
- "google/cloud/securitycenter_v1/proto/securitycenter_service.proto",
- "google/cloud/securitycenter_v1/proto/source.proto",
- "google/cloud/securitycenter_v1/py.typed",
- "google/cloud/securitycenter_v1/services/__init__.py",
- "google/cloud/securitycenter_v1/services/security_center/__init__.py",
- "google/cloud/securitycenter_v1/services/security_center/async_client.py",
- "google/cloud/securitycenter_v1/services/security_center/client.py",
- "google/cloud/securitycenter_v1/services/security_center/pagers.py",
- "google/cloud/securitycenter_v1/services/security_center/transports/__init__.py",
- "google/cloud/securitycenter_v1/services/security_center/transports/base.py",
- "google/cloud/securitycenter_v1/services/security_center/transports/grpc.py",
- "google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py",
- "google/cloud/securitycenter_v1/types/__init__.py",
- "google/cloud/securitycenter_v1/types/asset.py",
- "google/cloud/securitycenter_v1/types/finding.py",
- "google/cloud/securitycenter_v1/types/notification_config.py",
- "google/cloud/securitycenter_v1/types/notification_message.py",
- "google/cloud/securitycenter_v1/types/organization_settings.py",
- "google/cloud/securitycenter_v1/types/resource.py",
- "google/cloud/securitycenter_v1/types/run_asset_discovery_response.py",
- "google/cloud/securitycenter_v1/types/security_marks.py",
- "google/cloud/securitycenter_v1/types/securitycenter_service.py",
- "google/cloud/securitycenter_v1/types/source.py",
- "google/cloud/securitycenter_v1beta1/__init__.py",
- "google/cloud/securitycenter_v1beta1/proto/asset.proto",
- "google/cloud/securitycenter_v1beta1/proto/finding.proto",
- "google/cloud/securitycenter_v1beta1/proto/organization_settings.proto",
- "google/cloud/securitycenter_v1beta1/proto/run_asset_discovery_response.proto",
- "google/cloud/securitycenter_v1beta1/proto/security_marks.proto",
- "google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto",
- "google/cloud/securitycenter_v1beta1/proto/source.proto",
- "google/cloud/securitycenter_v1beta1/py.typed",
- "google/cloud/securitycenter_v1beta1/services/__init__.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/__init__.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/async_client.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/client.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/pagers.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/transports/__init__.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py",
- "google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py",
- "google/cloud/securitycenter_v1beta1/types/__init__.py",
- "google/cloud/securitycenter_v1beta1/types/asset.py",
- "google/cloud/securitycenter_v1beta1/types/finding.py",
- "google/cloud/securitycenter_v1beta1/types/organization_settings.py",
- "google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py",
- "google/cloud/securitycenter_v1beta1/types/security_marks.py",
- "google/cloud/securitycenter_v1beta1/types/securitycenter_service.py",
- "google/cloud/securitycenter_v1beta1/types/source.py",
- "google/cloud/securitycenter_v1p1beta1/__init__.py",
- "google/cloud/securitycenter_v1p1beta1/proto/asset.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/finding.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/notification_config.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/notification_message.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/organization_settings.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/resource.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/run_asset_discovery_response.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/security_marks.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/securitycenter_service.proto",
- "google/cloud/securitycenter_v1p1beta1/proto/source.proto",
- "google/cloud/securitycenter_v1p1beta1/py.typed",
- "google/cloud/securitycenter_v1p1beta1/services/__init__.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/__init__.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/client.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/__init__.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py",
- "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py",
- "google/cloud/securitycenter_v1p1beta1/types/__init__.py",
- "google/cloud/securitycenter_v1p1beta1/types/asset.py",
- "google/cloud/securitycenter_v1p1beta1/types/finding.py",
- "google/cloud/securitycenter_v1p1beta1/types/notification_config.py",
- "google/cloud/securitycenter_v1p1beta1/types/notification_message.py",
- "google/cloud/securitycenter_v1p1beta1/types/organization_settings.py",
- "google/cloud/securitycenter_v1p1beta1/types/resource.py",
- "google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py",
- "google/cloud/securitycenter_v1p1beta1/types/security_marks.py",
- "google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py",
- "google/cloud/securitycenter_v1p1beta1/types/source.py",
- "mypy.ini",
- "noxfile.py",
- "renovate.json",
- "samples/AUTHORING_GUIDE.md",
- "samples/CONTRIBUTING.md",
- "samples/snippets/noxfile.py",
- "scripts/decrypt-secrets.sh",
- "scripts/fixup_securitycenter_v1_keywords.py",
- "scripts/fixup_securitycenter_v1beta1_keywords.py",
- "scripts/fixup_securitycenter_v1p1beta1_keywords.py",
- "scripts/readme-gen/readme_gen.py",
- "scripts/readme-gen/templates/README.tmpl.rst",
- "scripts/readme-gen/templates/auth.tmpl.rst",
- "scripts/readme-gen/templates/auth_api_key.tmpl.rst",
- "scripts/readme-gen/templates/install_deps.tmpl.rst",
- "scripts/readme-gen/templates/install_portaudio.tmpl.rst",
- "setup.cfg",
- "testing/.gitignore",
- "tests/unit/gapic/securitycenter_v1/__init__.py",
- "tests/unit/gapic/securitycenter_v1/test_security_center.py",
- "tests/unit/gapic/securitycenter_v1beta1/__init__.py",
- "tests/unit/gapic/securitycenter_v1beta1/test_security_center.py",
- "tests/unit/gapic/securitycenter_v1p1beta1/__init__.py",
- "tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py"
]
}
\ No newline at end of file
diff --git a/synth.py b/synth.py
index b5771bae..4c9f818d 100644
--- a/synth.py
+++ b/synth.py
@@ -50,7 +50,7 @@
templated_files = common.py_library(
samples=True,
microgenerator=True, # set to True only if there are samples
- cov_level=99,
+ cov_level=98,
)
s.move(
templated_files, excludes=[".coveragerc"]
diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt
index caba91f9..d9594657 100644
--- a/testing/constraints-3.6.txt
+++ b/testing/constraints-3.6.txt
@@ -5,7 +5,7 @@
#
# e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev",
# Then this file should have foo==1.14.0
-google-api-core==1.22.0
+google-api-core==1.22.2
grpc-google-iam-v1==0.12.3
proto-plus==1.10.0
-libcst==0.2.5
\ No newline at end of file
+libcst==0.2.5
diff --git a/tests/unit/gapic/securitycenter_v1/__init__.py b/tests/unit/gapic/securitycenter_v1/__init__.py
index 8b137891..42ffdf2b 100644
--- a/tests/unit/gapic/securitycenter_v1/__init__.py
+++ b/tests/unit/gapic/securitycenter_v1/__init__.py
@@ -1 +1,16 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/securitycenter_v1/test_security_center.py b/tests/unit/gapic/securitycenter_v1/test_security_center.py
index 0553ce66..ae141baa 100644
--- a/tests/unit/gapic/securitycenter_v1/test_security_center.py
+++ b/tests/unit/gapic/securitycenter_v1/test_security_center.py
@@ -114,7 +114,24 @@ def test__get_default_mtls_endpoint():
@pytest.mark.parametrize(
- "client_class", [SecurityCenterClient, SecurityCenterAsyncClient]
+ "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,]
+)
+def test_security_center_client_from_service_account_info(client_class):
+ creds = credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_info"
+ ) as factory:
+ factory.return_value = creds
+ info = {"valid": True}
+ client = client_class.from_service_account_info(info)
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "securitycenter.googleapis.com:443"
+
+
+@pytest.mark.parametrize(
+ "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,]
)
def test_security_center_client_from_service_account_file(client_class):
creds = credentials.AnonymousCredentials()
@@ -124,16 +141,21 @@ def test_security_center_client_from_service_account_file(client_class):
factory.return_value = creds
client = client_class.from_service_account_file("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
client = client_class.from_service_account_json("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
assert client.transport._host == "securitycenter.googleapis.com:443"
def test_security_center_client_get_transport_class():
transport = SecurityCenterClient.get_transport_class()
- assert transport == transports.SecurityCenterGrpcTransport
+ available_transports = [
+ transports.SecurityCenterGrpcTransport,
+ ]
+ assert transport in available_transports
transport = SecurityCenterClient.get_transport_class("grpc")
assert transport == transports.SecurityCenterGrpcTransport
@@ -184,7 +206,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -200,7 +222,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -216,7 +238,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_MTLS_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -244,7 +266,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -295,29 +317,25 @@ def test_security_center_client_mtls_env_auto(
client_cert_source=client_cert_source_callback
)
with mock.patch.object(transport_class, "__init__") as patched:
- ssl_channel_creds = mock.Mock()
- with mock.patch(
- "grpc.ssl_channel_credentials", return_value=ssl_channel_creds
- ):
- patched.return_value = None
- client = client_class(client_options=options)
+ patched.return_value = None
+ client = client_class(client_options=options)
- if use_client_cert_env == "false":
- expected_ssl_channel_creds = None
- expected_host = client.DEFAULT_ENDPOINT
- else:
- expected_ssl_channel_creds = ssl_channel_creds
- expected_host = client.DEFAULT_MTLS_ENDPOINT
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
# Check the case ADC client cert is provided. Whether client cert is used depends on
# GOOGLE_API_USE_CLIENT_CERTIFICATE value.
@@ -326,66 +344,53 @@ def test_security_center_client_mtls_env_auto(
):
with mock.patch.object(transport_class, "__init__") as patched:
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
):
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.ssl_credentials",
- new_callable=mock.PropertyMock,
- ) as ssl_credentials_mock:
- if use_client_cert_env == "false":
- is_mtls_mock.return_value = False
- ssl_credentials_mock.return_value = None
- expected_host = client.DEFAULT_ENDPOINT
- expected_ssl_channel_creds = None
- else:
- is_mtls_mock.return_value = True
- ssl_credentials_mock.return_value = mock.Mock()
- expected_host = client.DEFAULT_MTLS_ENDPOINT
- expected_ssl_channel_creds = (
- ssl_credentials_mock.return_value
- )
-
- patched.return_value = None
- client = client_class()
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
- # Check the case client_cert_source and ADC client cert are not provided.
- with mock.patch.dict(
- os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
- ):
- with mock.patch.object(transport_class, "__init__") as patched:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
- ):
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- is_mtls_mock.return_value = False
patched.return_value = None
client = client_class()
patched.assert_called_once_with(
credentials=None,
credentials_file=None,
- host=client.DEFAULT_ENDPOINT,
+ host=expected_host,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
+
@pytest.mark.parametrize(
"client_class,transport_class,transport_name",
@@ -411,7 +416,7 @@ def test_security_center_client_client_options_scopes(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=["1", "2"],
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -441,7 +446,7 @@ def test_security_center_client_client_options_credentials_file(
credentials_file="credentials.json",
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -460,7 +465,7 @@ def test_security_center_client_client_options_from_dict():
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -509,6 +514,22 @@ def test_create_source_from_dict():
test_create_source(request_type=dict)
+def test_create_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_source), "__call__") as call:
+ client.create_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateSourceRequest()
+
+
@pytest.mark.asyncio
async def test_create_source_async(
transport: str = "grpc_asyncio",
@@ -737,6 +758,22 @@ def test_create_finding_from_dict():
test_create_finding(request_type=dict)
+def test_create_finding_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_finding), "__call__") as call:
+ client.create_finding()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateFindingRequest()
+
+
@pytest.mark.asyncio
async def test_create_finding_async(
transport: str = "grpc_asyncio",
@@ -984,6 +1021,24 @@ def test_create_notification_config_from_dict():
test_create_notification_config(request_type=dict)
+def test_create_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.create_notification_config), "__call__"
+ ) as call:
+ client.create_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_create_notification_config_async(
transport: str = "grpc_asyncio",
@@ -1235,6 +1290,24 @@ def test_delete_notification_config_from_dict():
test_delete_notification_config(request_type=dict)
+def test_delete_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.delete_notification_config), "__call__"
+ ) as call:
+ client.delete_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.DeleteNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_delete_notification_config_async(
transport: str = "grpc_asyncio",
@@ -1431,6 +1504,22 @@ def test_get_iam_policy_from_dict():
test_get_iam_policy(request_type=dict)
+def test_get_iam_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_iam_policy), "__call__") as call:
+ client.get_iam_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.GetIamPolicyRequest()
+
+
@pytest.mark.asyncio
async def test_get_iam_policy_async(
transport: str = "grpc_asyncio", request_type=iam_policy.GetIamPolicyRequest
@@ -1653,6 +1742,24 @@ def test_get_notification_config_from_dict():
test_get_notification_config(request_type=dict)
+def test_get_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_notification_config), "__call__"
+ ) as call:
+ client.get_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_get_notification_config_async(
transport: str = "grpc_asyncio",
@@ -1873,6 +1980,24 @@ def test_get_organization_settings_from_dict():
test_get_organization_settings(request_type=dict)
+def test_get_organization_settings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_organization_settings), "__call__"
+ ) as call:
+ client.get_organization_settings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetOrganizationSettingsRequest()
+
+
@pytest.mark.asyncio
async def test_get_organization_settings_async(
transport: str = "grpc_asyncio",
@@ -2087,6 +2212,22 @@ def test_get_source_from_dict():
test_get_source(request_type=dict)
+def test_get_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_source), "__call__") as call:
+ client.get_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetSourceRequest()
+
+
@pytest.mark.asyncio
async def test_get_source_async(
transport: str = "grpc_asyncio",
@@ -2287,6 +2428,22 @@ def test_group_assets_from_dict():
test_group_assets(request_type=dict)
+def test_group_assets_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.group_assets), "__call__") as call:
+ client.group_assets()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GroupAssetsRequest()
+
+
@pytest.mark.asyncio
async def test_group_assets_async(
transport: str = "grpc_asyncio",
@@ -2582,6 +2739,22 @@ def test_group_findings_from_dict():
test_group_findings(request_type=dict)
+def test_group_findings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.group_findings), "__call__") as call:
+ client.group_findings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GroupFindingsRequest()
+
+
@pytest.mark.asyncio
async def test_group_findings_async(
transport: str = "grpc_asyncio",
@@ -2956,6 +3129,22 @@ def test_list_assets_from_dict():
test_list_assets(request_type=dict)
+def test_list_assets_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_assets), "__call__") as call:
+ client.list_assets()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListAssetsRequest()
+
+
@pytest.mark.asyncio
async def test_list_assets_async(
transport: str = "grpc_asyncio",
@@ -3265,6 +3454,22 @@ def test_list_findings_from_dict():
test_list_findings(request_type=dict)
+def test_list_findings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_findings), "__call__") as call:
+ client.list_findings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListFindingsRequest()
+
+
@pytest.mark.asyncio
async def test_list_findings_async(
transport: str = "grpc_asyncio",
@@ -3579,6 +3784,24 @@ def test_list_notification_configs_from_dict():
test_list_notification_configs(request_type=dict)
+def test_list_notification_configs_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.list_notification_configs), "__call__"
+ ) as call:
+ client.list_notification_configs()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListNotificationConfigsRequest()
+
+
@pytest.mark.asyncio
async def test_list_notification_configs_async(
transport: str = "grpc_asyncio",
@@ -3961,6 +4184,22 @@ def test_list_sources_from_dict():
test_list_sources(request_type=dict)
+def test_list_sources_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_sources), "__call__") as call:
+ client.list_sources()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListSourcesRequest()
+
+
@pytest.mark.asyncio
async def test_list_sources_async(
transport: str = "grpc_asyncio",
@@ -4285,6 +4524,24 @@ def test_run_asset_discovery_from_dict():
test_run_asset_discovery(request_type=dict)
+def test_run_asset_discovery_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.run_asset_discovery), "__call__"
+ ) as call:
+ client.run_asset_discovery()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.RunAssetDiscoveryRequest()
+
+
@pytest.mark.asyncio
async def test_run_asset_discovery_async(
transport: str = "grpc_asyncio",
@@ -4507,6 +4764,24 @@ def test_set_finding_state_from_dict():
test_set_finding_state(request_type=dict)
+def test_set_finding_state_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.set_finding_state), "__call__"
+ ) as call:
+ client.set_finding_state()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.SetFindingStateRequest()
+
+
@pytest.mark.asyncio
async def test_set_finding_state_async(
transport: str = "grpc_asyncio",
@@ -4753,6 +5028,22 @@ def test_set_iam_policy_from_dict():
test_set_iam_policy(request_type=dict)
+def test_set_iam_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.set_iam_policy), "__call__") as call:
+ client.set_iam_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.SetIamPolicyRequest()
+
+
@pytest.mark.asyncio
async def test_set_iam_policy_async(
transport: str = "grpc_asyncio", request_type=iam_policy.SetIamPolicyRequest
@@ -4962,6 +5253,24 @@ def test_test_iam_permissions_from_dict():
test_test_iam_permissions(request_type=dict)
+def test_test_iam_permissions_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.test_iam_permissions), "__call__"
+ ) as call:
+ client.test_iam_permissions()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.TestIamPermissionsRequest()
+
+
@pytest.mark.asyncio
async def test_test_iam_permissions_async(
transport: str = "grpc_asyncio", request_type=iam_policy.TestIamPermissionsRequest
@@ -5213,6 +5522,22 @@ def test_update_finding_from_dict():
test_update_finding(request_type=dict)
+def test_update_finding_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_finding), "__call__") as call:
+ client.update_finding()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateFindingRequest()
+
+
@pytest.mark.asyncio
async def test_update_finding_async(
transport: str = "grpc_asyncio",
@@ -5446,6 +5771,24 @@ def test_update_notification_config_from_dict():
test_update_notification_config(request_type=dict)
+def test_update_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_notification_config), "__call__"
+ ) as call:
+ client.update_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_update_notification_config_async(
transport: str = "grpc_asyncio",
@@ -5702,6 +6045,24 @@ def test_update_organization_settings_from_dict():
test_update_organization_settings(request_type=dict)
+def test_update_organization_settings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_organization_settings), "__call__"
+ ) as call:
+ client.update_organization_settings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateOrganizationSettingsRequest()
+
+
@pytest.mark.asyncio
async def test_update_organization_settings_async(
transport: str = "grpc_asyncio",
@@ -5944,6 +6305,22 @@ def test_update_source_from_dict():
test_update_source(request_type=dict)
+def test_update_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_source), "__call__") as call:
+ client.update_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateSourceRequest()
+
+
@pytest.mark.asyncio
async def test_update_source_async(
transport: str = "grpc_asyncio",
@@ -6147,6 +6524,24 @@ def test_update_security_marks_from_dict():
test_update_security_marks(request_type=dict)
+def test_update_security_marks_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_security_marks), "__call__"
+ ) as call:
+ client.update_security_marks()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateSecurityMarksRequest()
+
+
@pytest.mark.asyncio
async def test_update_security_marks_async(
transport: str = "grpc_asyncio",
@@ -6516,6 +6911,51 @@ def test_security_center_transport_auth_adc():
)
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SecurityCenterGrpcTransport,
+ transports.SecurityCenterGrpcAsyncIOTransport,
+ ],
+)
+def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class):
+ cred = credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
def test_security_center_host_no_port():
client = SecurityCenterClient(
credentials=credentials.AnonymousCredentials(),
@@ -6537,7 +6977,7 @@ def test_security_center_host_with_port():
def test_security_center_grpc_transport_channel():
- channel = grpc.insecure_channel("http://localhost/")
+ channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.SecurityCenterGrpcTransport(
@@ -6549,7 +6989,7 @@ def test_security_center_grpc_transport_channel():
def test_security_center_grpc_asyncio_transport_channel():
- channel = aio.insecure_channel("http://localhost/")
+ channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.SecurityCenterGrpcAsyncIOTransport(
@@ -6560,6 +7000,8 @@ def test_security_center_grpc_asyncio_transport_channel():
assert transport._ssl_channel_credentials == None
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -6574,7 +7016,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source(
"grpc.ssl_channel_credentials", autospec=True
) as grpc_ssl_channel_cred:
with mock.patch.object(
- transport_class, "create_channel", autospec=True
+ transport_class, "create_channel"
) as grpc_create_channel:
mock_ssl_cred = mock.Mock()
grpc_ssl_channel_cred.return_value = mock_ssl_cred
@@ -6612,6 +7054,8 @@ def test_security_center_transport_channel_mtls_with_client_cert_source(
assert transport._ssl_channel_credentials == mock_ssl_cred
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -6627,7 +7071,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class):
ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
):
with mock.patch.object(
- transport_class, "create_channel", autospec=True
+ transport_class, "create_channel"
) as grpc_create_channel:
mock_grpc_channel = mock.Mock()
grpc_create_channel.return_value = mock_grpc_channel
diff --git a/tests/unit/gapic/securitycenter_v1beta1/__init__.py b/tests/unit/gapic/securitycenter_v1beta1/__init__.py
index 8b137891..42ffdf2b 100644
--- a/tests/unit/gapic/securitycenter_v1beta1/__init__.py
+++ b/tests/unit/gapic/securitycenter_v1beta1/__init__.py
@@ -1 +1,16 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py
index fc005bf6..bc4bb9a2 100644
--- a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py
+++ b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py
@@ -113,7 +113,24 @@ def test__get_default_mtls_endpoint():
@pytest.mark.parametrize(
- "client_class", [SecurityCenterClient, SecurityCenterAsyncClient]
+ "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,]
+)
+def test_security_center_client_from_service_account_info(client_class):
+ creds = credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_info"
+ ) as factory:
+ factory.return_value = creds
+ info = {"valid": True}
+ client = client_class.from_service_account_info(info)
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "securitycenter.googleapis.com:443"
+
+
+@pytest.mark.parametrize(
+ "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,]
)
def test_security_center_client_from_service_account_file(client_class):
creds = credentials.AnonymousCredentials()
@@ -123,16 +140,21 @@ def test_security_center_client_from_service_account_file(client_class):
factory.return_value = creds
client = client_class.from_service_account_file("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
client = client_class.from_service_account_json("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
assert client.transport._host == "securitycenter.googleapis.com:443"
def test_security_center_client_get_transport_class():
transport = SecurityCenterClient.get_transport_class()
- assert transport == transports.SecurityCenterGrpcTransport
+ available_transports = [
+ transports.SecurityCenterGrpcTransport,
+ ]
+ assert transport in available_transports
transport = SecurityCenterClient.get_transport_class("grpc")
assert transport == transports.SecurityCenterGrpcTransport
@@ -183,7 +205,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -199,7 +221,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -215,7 +237,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_MTLS_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -243,7 +265,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -294,29 +316,25 @@ def test_security_center_client_mtls_env_auto(
client_cert_source=client_cert_source_callback
)
with mock.patch.object(transport_class, "__init__") as patched:
- ssl_channel_creds = mock.Mock()
- with mock.patch(
- "grpc.ssl_channel_credentials", return_value=ssl_channel_creds
- ):
- patched.return_value = None
- client = client_class(client_options=options)
+ patched.return_value = None
+ client = client_class(client_options=options)
- if use_client_cert_env == "false":
- expected_ssl_channel_creds = None
- expected_host = client.DEFAULT_ENDPOINT
- else:
- expected_ssl_channel_creds = ssl_channel_creds
- expected_host = client.DEFAULT_MTLS_ENDPOINT
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
# Check the case ADC client cert is provided. Whether client cert is used depends on
# GOOGLE_API_USE_CLIENT_CERTIFICATE value.
@@ -325,66 +343,53 @@ def test_security_center_client_mtls_env_auto(
):
with mock.patch.object(transport_class, "__init__") as patched:
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
):
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.ssl_credentials",
- new_callable=mock.PropertyMock,
- ) as ssl_credentials_mock:
- if use_client_cert_env == "false":
- is_mtls_mock.return_value = False
- ssl_credentials_mock.return_value = None
- expected_host = client.DEFAULT_ENDPOINT
- expected_ssl_channel_creds = None
- else:
- is_mtls_mock.return_value = True
- ssl_credentials_mock.return_value = mock.Mock()
- expected_host = client.DEFAULT_MTLS_ENDPOINT
- expected_ssl_channel_creds = (
- ssl_credentials_mock.return_value
- )
-
- patched.return_value = None
- client = client_class()
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
- # Check the case client_cert_source and ADC client cert are not provided.
- with mock.patch.dict(
- os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
- ):
- with mock.patch.object(transport_class, "__init__") as patched:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
- ):
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- is_mtls_mock.return_value = False
patched.return_value = None
client = client_class()
patched.assert_called_once_with(
credentials=None,
credentials_file=None,
- host=client.DEFAULT_ENDPOINT,
+ host=expected_host,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
+
@pytest.mark.parametrize(
"client_class,transport_class,transport_name",
@@ -410,7 +415,7 @@ def test_security_center_client_client_options_scopes(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=["1", "2"],
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -440,7 +445,7 @@ def test_security_center_client_client_options_credentials_file(
credentials_file="credentials.json",
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -459,7 +464,7 @@ def test_security_center_client_client_options_from_dict():
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -508,6 +513,22 @@ def test_create_source_from_dict():
test_create_source(request_type=dict)
+def test_create_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_source), "__call__") as call:
+ client.create_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateSourceRequest()
+
+
@pytest.mark.asyncio
async def test_create_source_async(
transport: str = "grpc_asyncio",
@@ -733,6 +754,22 @@ def test_create_finding_from_dict():
test_create_finding(request_type=dict)
+def test_create_finding_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_finding), "__call__") as call:
+ client.create_finding()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateFindingRequest()
+
+
@pytest.mark.asyncio
async def test_create_finding_async(
transport: str = "grpc_asyncio",
@@ -962,6 +999,22 @@ def test_get_iam_policy_from_dict():
test_get_iam_policy(request_type=dict)
+def test_get_iam_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_iam_policy), "__call__") as call:
+ client.get_iam_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.GetIamPolicyRequest()
+
+
@pytest.mark.asyncio
async def test_get_iam_policy_async(
transport: str = "grpc_asyncio", request_type=iam_policy.GetIamPolicyRequest
@@ -1174,6 +1227,24 @@ def test_get_organization_settings_from_dict():
test_get_organization_settings(request_type=dict)
+def test_get_organization_settings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_organization_settings), "__call__"
+ ) as call:
+ client.get_organization_settings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetOrganizationSettingsRequest()
+
+
@pytest.mark.asyncio
async def test_get_organization_settings_async(
transport: str = "grpc_asyncio",
@@ -1388,6 +1459,22 @@ def test_get_source_from_dict():
test_get_source(request_type=dict)
+def test_get_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_source), "__call__") as call:
+ client.get_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetSourceRequest()
+
+
@pytest.mark.asyncio
async def test_get_source_async(
transport: str = "grpc_asyncio",
@@ -1586,6 +1673,22 @@ def test_group_assets_from_dict():
test_group_assets(request_type=dict)
+def test_group_assets_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.group_assets), "__call__") as call:
+ client.group_assets()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GroupAssetsRequest()
+
+
@pytest.mark.asyncio
async def test_group_assets_async(
transport: str = "grpc_asyncio",
@@ -1877,6 +1980,22 @@ def test_group_findings_from_dict():
test_group_findings(request_type=dict)
+def test_group_findings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.group_findings), "__call__") as call:
+ client.group_findings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GroupFindingsRequest()
+
+
@pytest.mark.asyncio
async def test_group_findings_async(
transport: str = "grpc_asyncio",
@@ -2249,6 +2368,22 @@ def test_list_assets_from_dict():
test_list_assets(request_type=dict)
+def test_list_assets_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_assets), "__call__") as call:
+ client.list_assets()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListAssetsRequest()
+
+
@pytest.mark.asyncio
async def test_list_assets_async(
transport: str = "grpc_asyncio",
@@ -2558,6 +2693,22 @@ def test_list_findings_from_dict():
test_list_findings(request_type=dict)
+def test_list_findings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_findings), "__call__") as call:
+ client.list_findings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListFindingsRequest()
+
+
@pytest.mark.asyncio
async def test_list_findings_async(
transport: str = "grpc_asyncio",
@@ -2819,6 +2970,22 @@ def test_list_sources_from_dict():
test_list_sources(request_type=dict)
+def test_list_sources_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_sources), "__call__") as call:
+ client.list_sources()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListSourcesRequest()
+
+
@pytest.mark.asyncio
async def test_list_sources_async(
transport: str = "grpc_asyncio",
@@ -3143,6 +3310,24 @@ def test_run_asset_discovery_from_dict():
test_run_asset_discovery(request_type=dict)
+def test_run_asset_discovery_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.run_asset_discovery), "__call__"
+ ) as call:
+ client.run_asset_discovery()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.RunAssetDiscoveryRequest()
+
+
@pytest.mark.asyncio
async def test_run_asset_discovery_async(
transport: str = "grpc_asyncio",
@@ -3362,6 +3547,24 @@ def test_set_finding_state_from_dict():
test_set_finding_state(request_type=dict)
+def test_set_finding_state_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.set_finding_state), "__call__"
+ ) as call:
+ client.set_finding_state()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.SetFindingStateRequest()
+
+
@pytest.mark.asyncio
async def test_set_finding_state_async(
transport: str = "grpc_asyncio",
@@ -3605,6 +3808,22 @@ def test_set_iam_policy_from_dict():
test_set_iam_policy(request_type=dict)
+def test_set_iam_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.set_iam_policy), "__call__") as call:
+ client.set_iam_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.SetIamPolicyRequest()
+
+
@pytest.mark.asyncio
async def test_set_iam_policy_async(
transport: str = "grpc_asyncio", request_type=iam_policy.SetIamPolicyRequest
@@ -3814,6 +4033,24 @@ def test_test_iam_permissions_from_dict():
test_test_iam_permissions(request_type=dict)
+def test_test_iam_permissions_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.test_iam_permissions), "__call__"
+ ) as call:
+ client.test_iam_permissions()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.TestIamPermissionsRequest()
+
+
@pytest.mark.asyncio
async def test_test_iam_permissions_async(
transport: str = "grpc_asyncio", request_type=iam_policy.TestIamPermissionsRequest
@@ -4062,6 +4299,22 @@ def test_update_finding_from_dict():
test_update_finding(request_type=dict)
+def test_update_finding_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_finding), "__call__") as call:
+ client.update_finding()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateFindingRequest()
+
+
@pytest.mark.asyncio
async def test_update_finding_async(
transport: str = "grpc_asyncio",
@@ -4282,6 +4535,24 @@ def test_update_organization_settings_from_dict():
test_update_organization_settings(request_type=dict)
+def test_update_organization_settings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_organization_settings), "__call__"
+ ) as call:
+ client.update_organization_settings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateOrganizationSettingsRequest()
+
+
@pytest.mark.asyncio
async def test_update_organization_settings_async(
transport: str = "grpc_asyncio",
@@ -4524,6 +4795,22 @@ def test_update_source_from_dict():
test_update_source(request_type=dict)
+def test_update_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_source), "__call__") as call:
+ client.update_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateSourceRequest()
+
+
@pytest.mark.asyncio
async def test_update_source_async(
transport: str = "grpc_asyncio",
@@ -4727,6 +5014,24 @@ def test_update_security_marks_from_dict():
test_update_security_marks(request_type=dict)
+def test_update_security_marks_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_security_marks), "__call__"
+ ) as call:
+ client.update_security_marks()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateSecurityMarksRequest()
+
+
@pytest.mark.asyncio
async def test_update_security_marks_async(
transport: str = "grpc_asyncio",
@@ -5091,6 +5396,51 @@ def test_security_center_transport_auth_adc():
)
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SecurityCenterGrpcTransport,
+ transports.SecurityCenterGrpcAsyncIOTransport,
+ ],
+)
+def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class):
+ cred = credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
def test_security_center_host_no_port():
client = SecurityCenterClient(
credentials=credentials.AnonymousCredentials(),
@@ -5112,7 +5462,7 @@ def test_security_center_host_with_port():
def test_security_center_grpc_transport_channel():
- channel = grpc.insecure_channel("http://localhost/")
+ channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.SecurityCenterGrpcTransport(
@@ -5124,7 +5474,7 @@ def test_security_center_grpc_transport_channel():
def test_security_center_grpc_asyncio_transport_channel():
- channel = aio.insecure_channel("http://localhost/")
+ channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.SecurityCenterGrpcAsyncIOTransport(
@@ -5135,6 +5485,8 @@ def test_security_center_grpc_asyncio_transport_channel():
assert transport._ssl_channel_credentials == None
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -5149,7 +5501,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source(
"grpc.ssl_channel_credentials", autospec=True
) as grpc_ssl_channel_cred:
with mock.patch.object(
- transport_class, "create_channel", autospec=True
+ transport_class, "create_channel"
) as grpc_create_channel:
mock_ssl_cred = mock.Mock()
grpc_ssl_channel_cred.return_value = mock_ssl_cred
@@ -5187,6 +5539,8 @@ def test_security_center_transport_channel_mtls_with_client_cert_source(
assert transport._ssl_channel_credentials == mock_ssl_cred
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -5202,7 +5556,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class):
ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
):
with mock.patch.object(
- transport_class, "create_channel", autospec=True
+ transport_class, "create_channel"
) as grpc_create_channel:
mock_grpc_channel = mock.Mock()
grpc_create_channel.return_value = mock_grpc_channel
diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py b/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py
index 8b137891..42ffdf2b 100644
--- a/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py
+++ b/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py
@@ -1 +1,16 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py
index ecc8ecb0..4e7ebe8b 100644
--- a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py
+++ b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py
@@ -118,7 +118,24 @@ def test__get_default_mtls_endpoint():
@pytest.mark.parametrize(
- "client_class", [SecurityCenterClient, SecurityCenterAsyncClient]
+ "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,]
+)
+def test_security_center_client_from_service_account_info(client_class):
+ creds = credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_info"
+ ) as factory:
+ factory.return_value = creds
+ info = {"valid": True}
+ client = client_class.from_service_account_info(info)
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "securitycenter.googleapis.com:443"
+
+
+@pytest.mark.parametrize(
+ "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,]
)
def test_security_center_client_from_service_account_file(client_class):
creds = credentials.AnonymousCredentials()
@@ -128,16 +145,21 @@ def test_security_center_client_from_service_account_file(client_class):
factory.return_value = creds
client = client_class.from_service_account_file("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
client = client_class.from_service_account_json("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
assert client.transport._host == "securitycenter.googleapis.com:443"
def test_security_center_client_get_transport_class():
transport = SecurityCenterClient.get_transport_class()
- assert transport == transports.SecurityCenterGrpcTransport
+ available_transports = [
+ transports.SecurityCenterGrpcTransport,
+ ]
+ assert transport in available_transports
transport = SecurityCenterClient.get_transport_class("grpc")
assert transport == transports.SecurityCenterGrpcTransport
@@ -188,7 +210,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -204,7 +226,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -220,7 +242,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_MTLS_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -248,7 +270,7 @@ def test_security_center_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -299,29 +321,25 @@ def test_security_center_client_mtls_env_auto(
client_cert_source=client_cert_source_callback
)
with mock.patch.object(transport_class, "__init__") as patched:
- ssl_channel_creds = mock.Mock()
- with mock.patch(
- "grpc.ssl_channel_credentials", return_value=ssl_channel_creds
- ):
- patched.return_value = None
- client = client_class(client_options=options)
+ patched.return_value = None
+ client = client_class(client_options=options)
- if use_client_cert_env == "false":
- expected_ssl_channel_creds = None
- expected_host = client.DEFAULT_ENDPOINT
- else:
- expected_ssl_channel_creds = ssl_channel_creds
- expected_host = client.DEFAULT_MTLS_ENDPOINT
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
# Check the case ADC client cert is provided. Whether client cert is used depends on
# GOOGLE_API_USE_CLIENT_CERTIFICATE value.
@@ -330,66 +348,53 @@ def test_security_center_client_mtls_env_auto(
):
with mock.patch.object(transport_class, "__init__") as patched:
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
):
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.ssl_credentials",
- new_callable=mock.PropertyMock,
- ) as ssl_credentials_mock:
- if use_client_cert_env == "false":
- is_mtls_mock.return_value = False
- ssl_credentials_mock.return_value = None
- expected_host = client.DEFAULT_ENDPOINT
- expected_ssl_channel_creds = None
- else:
- is_mtls_mock.return_value = True
- ssl_credentials_mock.return_value = mock.Mock()
- expected_host = client.DEFAULT_MTLS_ENDPOINT
- expected_ssl_channel_creds = (
- ssl_credentials_mock.return_value
- )
-
- patched.return_value = None
- client = client_class()
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
- # Check the case client_cert_source and ADC client cert are not provided.
- with mock.patch.dict(
- os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
- ):
- with mock.patch.object(transport_class, "__init__") as patched:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
- ):
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- is_mtls_mock.return_value = False
patched.return_value = None
client = client_class()
patched.assert_called_once_with(
credentials=None,
credentials_file=None,
- host=client.DEFAULT_ENDPOINT,
+ host=expected_host,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
+
@pytest.mark.parametrize(
"client_class,transport_class,transport_name",
@@ -415,7 +420,7 @@ def test_security_center_client_client_options_scopes(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=["1", "2"],
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -445,7 +450,7 @@ def test_security_center_client_client_options_credentials_file(
credentials_file="credentials.json",
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -464,7 +469,7 @@ def test_security_center_client_client_options_from_dict():
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -513,6 +518,22 @@ def test_create_source_from_dict():
test_create_source(request_type=dict)
+def test_create_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_source), "__call__") as call:
+ client.create_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateSourceRequest()
+
+
@pytest.mark.asyncio
async def test_create_source_async(
transport: str = "grpc_asyncio",
@@ -741,6 +762,22 @@ def test_create_finding_from_dict():
test_create_finding(request_type=dict)
+def test_create_finding_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_finding), "__call__") as call:
+ client.create_finding()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateFindingRequest()
+
+
@pytest.mark.asyncio
async def test_create_finding_async(
transport: str = "grpc_asyncio",
@@ -994,6 +1031,24 @@ def test_create_notification_config_from_dict():
test_create_notification_config(request_type=dict)
+def test_create_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.create_notification_config), "__call__"
+ ) as call:
+ client.create_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.CreateNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_create_notification_config_async(
transport: str = "grpc_asyncio",
@@ -1251,6 +1306,24 @@ def test_delete_notification_config_from_dict():
test_delete_notification_config(request_type=dict)
+def test_delete_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.delete_notification_config), "__call__"
+ ) as call:
+ client.delete_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.DeleteNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_delete_notification_config_async(
transport: str = "grpc_asyncio",
@@ -1447,6 +1520,22 @@ def test_get_iam_policy_from_dict():
test_get_iam_policy(request_type=dict)
+def test_get_iam_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_iam_policy), "__call__") as call:
+ client.get_iam_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.GetIamPolicyRequest()
+
+
@pytest.mark.asyncio
async def test_get_iam_policy_async(
transport: str = "grpc_asyncio", request_type=iam_policy.GetIamPolicyRequest
@@ -1674,6 +1763,24 @@ def test_get_notification_config_from_dict():
test_get_notification_config(request_type=dict)
+def test_get_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_notification_config), "__call__"
+ ) as call:
+ client.get_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_get_notification_config_async(
transport: str = "grpc_asyncio",
@@ -1899,6 +2006,24 @@ def test_get_organization_settings_from_dict():
test_get_organization_settings(request_type=dict)
+def test_get_organization_settings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_organization_settings), "__call__"
+ ) as call:
+ client.get_organization_settings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetOrganizationSettingsRequest()
+
+
@pytest.mark.asyncio
async def test_get_organization_settings_async(
transport: str = "grpc_asyncio",
@@ -2113,6 +2238,22 @@ def test_get_source_from_dict():
test_get_source(request_type=dict)
+def test_get_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_source), "__call__") as call:
+ client.get_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GetSourceRequest()
+
+
@pytest.mark.asyncio
async def test_get_source_async(
transport: str = "grpc_asyncio",
@@ -2313,6 +2454,22 @@ def test_group_assets_from_dict():
test_group_assets(request_type=dict)
+def test_group_assets_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.group_assets), "__call__") as call:
+ client.group_assets()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GroupAssetsRequest()
+
+
@pytest.mark.asyncio
async def test_group_assets_async(
transport: str = "grpc_asyncio",
@@ -2608,6 +2765,22 @@ def test_group_findings_from_dict():
test_group_findings(request_type=dict)
+def test_group_findings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.group_findings), "__call__") as call:
+ client.group_findings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.GroupFindingsRequest()
+
+
@pytest.mark.asyncio
async def test_group_findings_async(
transport: str = "grpc_asyncio",
@@ -2982,6 +3155,22 @@ def test_list_assets_from_dict():
test_list_assets(request_type=dict)
+def test_list_assets_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_assets), "__call__") as call:
+ client.list_assets()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListAssetsRequest()
+
+
@pytest.mark.asyncio
async def test_list_assets_async(
transport: str = "grpc_asyncio",
@@ -3358,6 +3547,22 @@ def test_list_findings_from_dict():
test_list_findings(request_type=dict)
+def test_list_findings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_findings), "__call__") as call:
+ client.list_findings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListFindingsRequest()
+
+
@pytest.mark.asyncio
async def test_list_findings_async(
transport: str = "grpc_asyncio",
@@ -3739,6 +3944,24 @@ def test_list_notification_configs_from_dict():
test_list_notification_configs(request_type=dict)
+def test_list_notification_configs_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.list_notification_configs), "__call__"
+ ) as call:
+ client.list_notification_configs()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListNotificationConfigsRequest()
+
+
@pytest.mark.asyncio
async def test_list_notification_configs_async(
transport: str = "grpc_asyncio",
@@ -4121,6 +4344,22 @@ def test_list_sources_from_dict():
test_list_sources(request_type=dict)
+def test_list_sources_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_sources), "__call__") as call:
+ client.list_sources()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.ListSourcesRequest()
+
+
@pytest.mark.asyncio
async def test_list_sources_async(
transport: str = "grpc_asyncio",
@@ -4445,6 +4684,24 @@ def test_run_asset_discovery_from_dict():
test_run_asset_discovery(request_type=dict)
+def test_run_asset_discovery_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.run_asset_discovery), "__call__"
+ ) as call:
+ client.run_asset_discovery()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.RunAssetDiscoveryRequest()
+
+
@pytest.mark.asyncio
async def test_run_asset_discovery_async(
transport: str = "grpc_asyncio",
@@ -4667,6 +4924,24 @@ def test_set_finding_state_from_dict():
test_set_finding_state(request_type=dict)
+def test_set_finding_state_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.set_finding_state), "__call__"
+ ) as call:
+ client.set_finding_state()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.SetFindingStateRequest()
+
+
@pytest.mark.asyncio
async def test_set_finding_state_async(
transport: str = "grpc_asyncio",
@@ -4913,6 +5188,22 @@ def test_set_iam_policy_from_dict():
test_set_iam_policy(request_type=dict)
+def test_set_iam_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.set_iam_policy), "__call__") as call:
+ client.set_iam_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.SetIamPolicyRequest()
+
+
@pytest.mark.asyncio
async def test_set_iam_policy_async(
transport: str = "grpc_asyncio", request_type=iam_policy.SetIamPolicyRequest
@@ -5122,6 +5413,24 @@ def test_test_iam_permissions_from_dict():
test_test_iam_permissions(request_type=dict)
+def test_test_iam_permissions_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.test_iam_permissions), "__call__"
+ ) as call:
+ client.test_iam_permissions()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == iam_policy.TestIamPermissionsRequest()
+
+
@pytest.mark.asyncio
async def test_test_iam_permissions_async(
transport: str = "grpc_asyncio", request_type=iam_policy.TestIamPermissionsRequest
@@ -5373,6 +5682,22 @@ def test_update_finding_from_dict():
test_update_finding(request_type=dict)
+def test_update_finding_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_finding), "__call__") as call:
+ client.update_finding()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateFindingRequest()
+
+
@pytest.mark.asyncio
async def test_update_finding_async(
transport: str = "grpc_asyncio",
@@ -5622,6 +5947,24 @@ def test_update_notification_config_from_dict():
test_update_notification_config(request_type=dict)
+def test_update_notification_config_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_notification_config), "__call__"
+ ) as call:
+ client.update_notification_config()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateNotificationConfigRequest()
+
+
@pytest.mark.asyncio
async def test_update_notification_config_async(
transport: str = "grpc_asyncio",
@@ -5884,6 +6227,24 @@ def test_update_organization_settings_from_dict():
test_update_organization_settings(request_type=dict)
+def test_update_organization_settings_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_organization_settings), "__call__"
+ ) as call:
+ client.update_organization_settings()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateOrganizationSettingsRequest()
+
+
@pytest.mark.asyncio
async def test_update_organization_settings_async(
transport: str = "grpc_asyncio",
@@ -6126,6 +6487,22 @@ def test_update_source_from_dict():
test_update_source(request_type=dict)
+def test_update_source_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_source), "__call__") as call:
+ client.update_source()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateSourceRequest()
+
+
@pytest.mark.asyncio
async def test_update_source_async(
transport: str = "grpc_asyncio",
@@ -6339,6 +6716,24 @@ def test_update_security_marks_from_dict():
test_update_security_marks(request_type=dict)
+def test_update_security_marks_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SecurityCenterClient(
+ credentials=credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.update_security_marks), "__call__"
+ ) as call:
+ client.update_security_marks()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+
+ assert args[0] == securitycenter_service.UpdateSecurityMarksRequest()
+
+
@pytest.mark.asyncio
async def test_update_security_marks_async(
transport: str = "grpc_asyncio",
@@ -6716,6 +7111,51 @@ def test_security_center_transport_auth_adc():
)
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SecurityCenterGrpcTransport,
+ transports.SecurityCenterGrpcAsyncIOTransport,
+ ],
+)
+def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class):
+ cred = credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
def test_security_center_host_no_port():
client = SecurityCenterClient(
credentials=credentials.AnonymousCredentials(),
@@ -6737,7 +7177,7 @@ def test_security_center_host_with_port():
def test_security_center_grpc_transport_channel():
- channel = grpc.insecure_channel("http://localhost/")
+ channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.SecurityCenterGrpcTransport(
@@ -6749,7 +7189,7 @@ def test_security_center_grpc_transport_channel():
def test_security_center_grpc_asyncio_transport_channel():
- channel = aio.insecure_channel("http://localhost/")
+ channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.SecurityCenterGrpcAsyncIOTransport(
@@ -6760,6 +7200,8 @@ def test_security_center_grpc_asyncio_transport_channel():
assert transport._ssl_channel_credentials == None
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -6774,7 +7216,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source(
"grpc.ssl_channel_credentials", autospec=True
) as grpc_ssl_channel_cred:
with mock.patch.object(
- transport_class, "create_channel", autospec=True
+ transport_class, "create_channel"
) as grpc_create_channel:
mock_ssl_cred = mock.Mock()
grpc_ssl_channel_cred.return_value = mock_ssl_cred
@@ -6812,6 +7254,8 @@ def test_security_center_transport_channel_mtls_with_client_cert_source(
assert transport._ssl_channel_credentials == mock_ssl_cred
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -6827,7 +7271,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class):
ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
):
with mock.patch.object(
- transport_class, "create_channel", autospec=True
+ transport_class, "create_channel"
) as grpc_create_channel:
mock_grpc_channel = mock.Mock()
grpc_create_channel.return_value = mock_grpc_channel