From 15c28e88f5b52a6e4f608198446b0753bf48734e Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Tue, 30 Mar 2021 12:19:49 -0700 Subject: [PATCH] fix: fix retry deadlines (#116) * changes without context autosynth cannot find the source of changes triggered by earlier changes in this repository, or by version upgrades to tools such as linters. * chore: upgrade gapic-generator-python to 0.39.1 feat: add 'from_service_account_info' factory to clients fix: fix sphinx identifiers PiperOrigin-RevId: 350246057 Source-Author: Google APIs Source-Date: Tue Jan 5 16:44:11 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 520682435235d9c503983a360a2090025aa47cd1 Source-Link: https://github.com/googleapis/googleapis/commit/520682435235d9c503983a360a2090025aa47cd1 * chore: update Go generator, rules_go, and protobuf PiperOrigin-RevId: 352816749 Source-Author: Google APIs Source-Date: Wed Jan 20 10:06:23 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: ceaaf31b3d13badab7cf9d3b570f5639db5593d9 Source-Link: https://github.com/googleapis/googleapis/commit/ceaaf31b3d13badab7cf9d3b570f5639db5593d9 * chore: upgrade gapic-generator-python to 0.40.5 PiperOrigin-RevId: 354996675 Source-Author: Google APIs Source-Date: Mon Feb 1 12:11:49 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 20712b8fe95001b312f62c6c5f33e3e3ec92cfaf Source-Link: https://github.com/googleapis/googleapis/commit/20712b8fe95001b312f62c6c5f33e3e3ec92cfaf * chore: update gapic-generator-python PiperOrigin-RevId: 355923884 Source-Author: Google APIs Source-Date: Fri Feb 5 14:04:52 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 5e3dacee19405529b841b53797df799c2383536c Source-Link: https://github.com/googleapis/googleapis/commit/5e3dacee19405529b841b53797df799c2383536c * chore: update gapic-generator-python to 0.40.11 PiperOrigin-RevId: 359562873 Source-Author: Google APIs Source-Date: Thu Feb 25 10:52:32 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 07932bb995e7dc91b43620ea8402c6668c7d102c Source-Link: https://github.com/googleapis/googleapis/commit/07932bb995e7dc91b43620ea8402c6668c7d102c * chore: upgrade gapic-generator-python to 0.42.2 PiperOrigin-RevId: 361662015 Source-Author: Google APIs Source-Date: Mon Mar 8 14:47:18 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 28a591963253d52ce3a25a918cafbdd9928de8cf Source-Link: https://github.com/googleapis/googleapis/commit/28a591963253d52ce3a25a918cafbdd9928de8cf * chore: upgrade gapic-generator-python to 0.43.1 PiperOrigin-RevId: 364411656 Source-Author: Google APIs Source-Date: Mon Mar 22 14:40:22 2021 -0700 Source-Repo: googleapis/googleapis Source-Sha: 149a3a84c29c9b8189576c7442ccb6dcf6a8f95b Source-Link: https://github.com/googleapis/googleapis/commit/149a3a84c29c9b8189576c7442ccb6dcf6a8f95b * fix: fix dependencies Co-authored-by: Bu Sun Kim --- .coveragerc | 5 +- .github/header-checker-lint.yml | 15 + .gitignore | 4 +- .kokoro/build.sh | 26 +- .kokoro/docs/docs-presubmit.cfg | 11 + .kokoro/samples/python3.6/periodic-head.cfg | 11 + .kokoro/samples/python3.7/periodic-head.cfg | 11 + .kokoro/samples/python3.8/periodic-head.cfg | 11 + .kokoro/test-samples-against-head.sh | 28 + .kokoro/test-samples-impl.sh | 102 +++ .kokoro/test-samples.sh | 96 +-- .trampolinerc | 1 + CONTRIBUTING.rst | 22 +- MANIFEST.in | 4 +- UPGRADING.md | 6 +- docs/securitycenter_v1/security_center.rst | 11 + docs/securitycenter_v1/services.rst | 6 +- docs/securitycenter_v1/types.rst | 1 + .../security_center.rst | 11 + docs/securitycenter_v1beta1/services.rst | 6 +- docs/securitycenter_v1beta1/types.rst | 1 + .../security_center.rst | 11 + docs/securitycenter_v1p1beta1/services.rst | 6 +- docs/securitycenter_v1p1beta1/types.rst | 1 + .../services/security_center/async_client.py | 430 +++++++------ .../services/security_center/client.py | 504 ++++++++------- .../services/security_center/pagers.py | 107 ++-- .../security_center/transports/base.py | 30 +- .../security_center/transports/grpc.py | 114 ++-- .../transports/grpc_asyncio.py | 122 ++-- .../cloud/securitycenter_v1/types/__init__.py | 36 +- google/cloud/securitycenter_v1/types/asset.py | 12 +- .../cloud/securitycenter_v1/types/finding.py | 12 +- .../types/notification_config.py | 2 +- .../types/notification_message.py | 4 +- .../types/organization_settings.py | 4 +- .../types/run_asset_discovery_response.py | 4 +- .../securitycenter_v1/types/security_marks.py | 2 +- .../types/securitycenter_service.py | 84 +-- .../services/security_center/async_client.py | 415 ++++++------ .../services/security_center/client.py | 481 +++++++------- .../services/security_center/pagers.py | 91 +-- .../security_center/transports/base.py | 28 +- .../security_center/transports/grpc.py | 114 ++-- .../transports/grpc_asyncio.py | 122 ++-- .../securitycenter_v1beta1/types/__init__.py | 24 +- .../securitycenter_v1beta1/types/asset.py | 10 +- .../securitycenter_v1beta1/types/finding.py | 10 +- .../types/organization_settings.py | 4 +- .../types/run_asset_discovery_response.py | 4 +- .../types/security_marks.py | 2 +- .../types/securitycenter_service.py | 66 +- .../services/security_center/async_client.py | 441 +++++++------ .../services/security_center/client.py | 519 ++++++++------- .../services/security_center/pagers.py | 107 ++-- .../security_center/transports/base.py | 30 +- .../security_center/transports/grpc.py | 114 ++-- .../transports/grpc_asyncio.py | 122 ++-- .../types/__init__.py | 36 +- .../securitycenter_v1p1beta1/types/asset.py | 12 +- .../securitycenter_v1p1beta1/types/finding.py | 12 +- .../types/notification_config.py | 4 +- .../types/notification_message.py | 4 +- .../types/organization_settings.py | 4 +- .../types/run_asset_discovery_response.py | 4 +- .../types/security_marks.py | 2 +- .../types/securitycenter_service.py | 84 +-- noxfile.py | 59 +- renovate.json | 3 +- samples/snippets/noxfile.py | 2 +- setup.py | 5 +- synth.metadata | 189 +----- synth.py | 2 +- testing/constraints-3.6.txt | 4 +- .../unit/gapic/securitycenter_v1/__init__.py | 15 + .../securitycenter_v1/test_security_center.py | 606 +++++++++++++++--- .../gapic/securitycenter_v1beta1/__init__.py | 15 + .../test_security_center.py | 516 ++++++++++++--- .../securitycenter_v1p1beta1/__init__.py | 15 + .../test_security_center.py | 606 +++++++++++++++--- 80 files changed, 4151 insertions(+), 2626 deletions(-) create mode 100644 .github/header-checker-lint.yml create mode 100644 .kokoro/samples/python3.6/periodic-head.cfg create mode 100644 .kokoro/samples/python3.7/periodic-head.cfg create mode 100644 .kokoro/samples/python3.8/periodic-head.cfg create mode 100755 .kokoro/test-samples-against-head.sh create mode 100755 .kokoro/test-samples-impl.sh create mode 100644 docs/securitycenter_v1/security_center.rst create mode 100644 docs/securitycenter_v1beta1/security_center.rst create mode 100644 docs/securitycenter_v1p1beta1/security_center.rst diff --git a/.coveragerc b/.coveragerc index 2f4aeed0..f9eb6a20 100644 --- a/.coveragerc +++ b/.coveragerc @@ -4,7 +4,8 @@ branch = True [report] fail_under = 100 show_missing = True -omit = google/cloud/securitycenter/__init__.py +omit = + google/cloud/securitycenter/__init__.py exclude_lines = # Re-enable the standard pragma pragma: NO COVER @@ -14,4 +15,4 @@ exclude_lines = # This is added at the module level as a safeguard for if someone # generates the code and tries to run it without pip installing. This # makes it virtually impossible to test properly. - except pkg_resources.DistributionNotFound \ No newline at end of file + except pkg_resources.DistributionNotFound diff --git a/.github/header-checker-lint.yml b/.github/header-checker-lint.yml new file mode 100644 index 00000000..fc281c05 --- /dev/null +++ b/.github/header-checker-lint.yml @@ -0,0 +1,15 @@ +{"allowedCopyrightHolders": ["Google LLC"], + "allowedLicenses": ["Apache-2.0", "MIT", "BSD-3"], + "ignoreFiles": ["**/requirements.txt", "**/requirements-test.txt"], + "sourceFileExtensions": [ + "ts", + "js", + "java", + "sh", + "Dockerfile", + "yaml", + "py", + "html", + "txt" + ] +} \ No newline at end of file diff --git a/.gitignore b/.gitignore index b9daa52f..b4243ced 100644 --- a/.gitignore +++ b/.gitignore @@ -50,8 +50,10 @@ docs.metadata # Virtual environment env/ + +# Test logs coverage.xml -sponge_log.xml +*sponge_log.xml # System test environment variables. system_tests/local_test_setup diff --git a/.kokoro/build.sh b/.kokoro/build.sh index 662b06bc..3b55f5c8 100755 --- a/.kokoro/build.sh +++ b/.kokoro/build.sh @@ -15,7 +15,11 @@ set -eo pipefail -cd github/python-securitycenter +if [[ -z "${PROJECT_ROOT:-}" ]]; then + PROJECT_ROOT="github/python-securitycenter" +fi + +cd "${PROJECT_ROOT}" # Disable buffering, so that the logs stream through. export PYTHONUNBUFFERED=1 @@ -30,16 +34,26 @@ export GOOGLE_APPLICATION_CREDENTIALS=${KOKORO_GFILE_DIR}/service-account.json export PROJECT_ID=$(cat "${KOKORO_GFILE_DIR}/project-id.json") # Remove old nox -python3.6 -m pip uninstall --yes --quiet nox-automation +python3 -m pip uninstall --yes --quiet nox-automation # Install nox -python3.6 -m pip install --upgrade --quiet nox -python3.6 -m nox --version +python3 -m pip install --upgrade --quiet nox +python3 -m nox --version + +# If this is a continuous build, send the test log to the FlakyBot. +# See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot. +if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"continuous"* ]]; then + cleanup() { + chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot + $KOKORO_GFILE_DIR/linux_amd64/flakybot + } + trap cleanup EXIT HUP +fi # If NOX_SESSION is set, it only runs the specified session, # otherwise run all the sessions. if [[ -n "${NOX_SESSION:-}" ]]; then - python3.6 -m nox -s "${NOX_SESSION:-}" + python3 -m nox -s ${NOX_SESSION:-} else - python3.6 -m nox + python3 -m nox fi diff --git a/.kokoro/docs/docs-presubmit.cfg b/.kokoro/docs/docs-presubmit.cfg index 11181078..5713bf2f 100644 --- a/.kokoro/docs/docs-presubmit.cfg +++ b/.kokoro/docs/docs-presubmit.cfg @@ -15,3 +15,14 @@ env_vars: { key: "TRAMPOLINE_IMAGE_UPLOAD" value: "false" } + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/python-securitycenter/.kokoro/build.sh" +} + +# Only run this nox session. +env_vars: { + key: "NOX_SESSION" + value: "docs docfx" +} diff --git a/.kokoro/samples/python3.6/periodic-head.cfg b/.kokoro/samples/python3.6/periodic-head.cfg new file mode 100644 index 00000000..f9cfcd33 --- /dev/null +++ b/.kokoro/samples/python3.6/periodic-head.cfg @@ -0,0 +1,11 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/python-pubsub/.kokoro/test-samples-against-head.sh" +} diff --git a/.kokoro/samples/python3.7/periodic-head.cfg b/.kokoro/samples/python3.7/periodic-head.cfg new file mode 100644 index 00000000..f9cfcd33 --- /dev/null +++ b/.kokoro/samples/python3.7/periodic-head.cfg @@ -0,0 +1,11 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/python-pubsub/.kokoro/test-samples-against-head.sh" +} diff --git a/.kokoro/samples/python3.8/periodic-head.cfg b/.kokoro/samples/python3.8/periodic-head.cfg new file mode 100644 index 00000000..f9cfcd33 --- /dev/null +++ b/.kokoro/samples/python3.8/periodic-head.cfg @@ -0,0 +1,11 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/python-pubsub/.kokoro/test-samples-against-head.sh" +} diff --git a/.kokoro/test-samples-against-head.sh b/.kokoro/test-samples-against-head.sh new file mode 100755 index 00000000..8df9b139 --- /dev/null +++ b/.kokoro/test-samples-against-head.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# A customized test runner for samples. +# +# For periodic builds, you can specify this file for testing against head. + +# `-e` enables the script to automatically fail when a command fails +# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero +set -eo pipefail +# Enables `**` to include files nested inside sub-folders +shopt -s globstar + +cd github/python-securitycenter + +exec .kokoro/test-samples-impl.sh diff --git a/.kokoro/test-samples-impl.sh b/.kokoro/test-samples-impl.sh new file mode 100755 index 00000000..cf5de74c --- /dev/null +++ b/.kokoro/test-samples-impl.sh @@ -0,0 +1,102 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# `-e` enables the script to automatically fail when a command fails +# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero +set -eo pipefail +# Enables `**` to include files nested inside sub-folders +shopt -s globstar + +# Exit early if samples directory doesn't exist +if [ ! -d "./samples" ]; then + echo "No tests run. `./samples` not found" + exit 0 +fi + +# Disable buffering, so that the logs stream through. +export PYTHONUNBUFFERED=1 + +# Debug: show build environment +env | grep KOKORO + +# Install nox +python3.6 -m pip install --upgrade --quiet nox + +# Use secrets acessor service account to get secrets +if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then + gcloud auth activate-service-account \ + --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \ + --project="cloud-devrel-kokoro-resources" +fi + +# This script will create 3 files: +# - testing/test-env.sh +# - testing/service-account.json +# - testing/client-secrets.json +./scripts/decrypt-secrets.sh + +source ./testing/test-env.sh +export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json + +# For cloud-run session, we activate the service account for gcloud sdk. +gcloud auth activate-service-account \ + --key-file "${GOOGLE_APPLICATION_CREDENTIALS}" + +export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json + +echo -e "\n******************** TESTING PROJECTS ********************" + +# Switch to 'fail at end' to allow all tests to complete before exiting. +set +e +# Use RTN to return a non-zero value if the test fails. +RTN=0 +ROOT=$(pwd) +# Find all requirements.txt in the samples directory (may break on whitespace). +for file in samples/**/requirements.txt; do + cd "$ROOT" + # Navigate to the project folder. + file=$(dirname "$file") + cd "$file" + + echo "------------------------------------------------------------" + echo "- testing $file" + echo "------------------------------------------------------------" + + # Use nox to execute the tests for the project. + python3.6 -m nox -s "$RUN_TESTS_SESSION" + EXIT=$? + + # If this is a periodic build, send the test log to the FlakyBot. + # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot. + if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then + chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot + $KOKORO_GFILE_DIR/linux_amd64/flakybot + fi + + if [[ $EXIT -ne 0 ]]; then + RTN=1 + echo -e "\n Testing failed: Nox returned a non-zero exit code. \n" + else + echo -e "\n Testing completed.\n" + fi + +done +cd "$ROOT" + +# Workaround for Kokoro permissions issue: delete secrets +rm testing/{test-env.sh,client-secrets.json,service-account.json} + +exit "$RTN" diff --git a/.kokoro/test-samples.sh b/.kokoro/test-samples.sh index 92115ca2..348ce519 100755 --- a/.kokoro/test-samples.sh +++ b/.kokoro/test-samples.sh @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +# The default test runner for samples. +# +# For periodic builds, we rewinds the repo to the latest release, and +# run test-samples-impl.sh. # `-e` enables the script to automatically fail when a command fails # `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero @@ -24,87 +28,19 @@ cd github/python-securitycenter # Run periodic samples tests at latest release if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then + # preserving the test runner implementation. + cp .kokoro/test-samples-impl.sh "${TMPDIR}/test-samples-impl.sh" + echo "--- IMPORTANT IMPORTANT IMPORTANT ---" + echo "Now we rewind the repo back to the latest release..." LATEST_RELEASE=$(git describe --abbrev=0 --tags) git checkout $LATEST_RELEASE -fi - -# Exit early if samples directory doesn't exist -if [ ! -d "./samples" ]; then - echo "No tests run. `./samples` not found" - exit 0 -fi - -# Disable buffering, so that the logs stream through. -export PYTHONUNBUFFERED=1 - -# Debug: show build environment -env | grep KOKORO - -# Install nox -python3.6 -m pip install --upgrade --quiet nox - -# Use secrets acessor service account to get secrets -if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then - gcloud auth activate-service-account \ - --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \ - --project="cloud-devrel-kokoro-resources" -fi - -# This script will create 3 files: -# - testing/test-env.sh -# - testing/service-account.json -# - testing/client-secrets.json -./scripts/decrypt-secrets.sh - -source ./testing/test-env.sh -export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json - -# For cloud-run session, we activate the service account for gcloud sdk. -gcloud auth activate-service-account \ - --key-file "${GOOGLE_APPLICATION_CREDENTIALS}" - -export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json - -echo -e "\n******************** TESTING PROJECTS ********************" - -# Switch to 'fail at end' to allow all tests to complete before exiting. -set +e -# Use RTN to return a non-zero value if the test fails. -RTN=0 -ROOT=$(pwd) -# Find all requirements.txt in the samples directory (may break on whitespace). -for file in samples/**/requirements.txt; do - cd "$ROOT" - # Navigate to the project folder. - file=$(dirname "$file") - cd "$file" - - echo "------------------------------------------------------------" - echo "- testing $file" - echo "------------------------------------------------------------" - - # Use nox to execute the tests for the project. - python3.6 -m nox -s "$RUN_TESTS_SESSION" - EXIT=$? - - # If this is a periodic build, send the test log to the FlakyBot. - # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot. - if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then - chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot - $KOKORO_GFILE_DIR/linux_amd64/flakybot + echo "The current head is: " + echo $(git rev-parse --verify HEAD) + echo "--- IMPORTANT IMPORTANT IMPORTANT ---" + # move back the test runner implementation if there's no file. + if [ ! -f .kokoro/test-samples-impl.sh ]; then + cp "${TMPDIR}/test-samples-impl.sh" .kokoro/test-samples-impl.sh fi +fi - if [[ $EXIT -ne 0 ]]; then - RTN=1 - echo -e "\n Testing failed: Nox returned a non-zero exit code. \n" - else - echo -e "\n Testing completed.\n" - fi - -done -cd "$ROOT" - -# Workaround for Kokoro permissions issue: delete secrets -rm testing/{test-env.sh,client-secrets.json,service-account.json} - -exit "$RTN" +exec .kokoro/test-samples-impl.sh diff --git a/.trampolinerc b/.trampolinerc index 995ee291..383b6ec8 100644 --- a/.trampolinerc +++ b/.trampolinerc @@ -24,6 +24,7 @@ required_envvars+=( pass_down_envvars+=( "STAGING_BUCKET" "V2_STAGING_BUCKET" + "NOX_SESSION" ) # Prevent unintentional override on the default image. diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 373badc1..d5b4b7f3 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -70,9 +70,14 @@ We use `nox `__ to instrument our tests. - To test your changes, run unit tests with ``nox``:: $ nox -s unit-2.7 - $ nox -s unit-3.7 + $ nox -s unit-3.8 $ ... +- Args to pytest can be passed through the nox command separated by a `--`. For + example, to run a single test:: + + $ nox -s unit-3.8 -- -k + .. note:: The unit tests and system tests are described in the @@ -93,8 +98,12 @@ On Debian/Ubuntu:: ************ Coding Style ************ +- We use the automatic code formatter ``black``. You can run it using + the nox session ``blacken``. This will eliminate many lint errors. Run via:: + + $ nox -s blacken -- PEP8 compliance, with exceptions defined in the linter configuration. +- PEP8 compliance is required, with exceptions defined in the linter configuration. If you have ``nox`` installed, you can test that you have not introduced any non-compliant code via:: @@ -133,13 +142,18 @@ Running System Tests - To run system tests, you can execute:: - $ nox -s system-3.7 + # Run all system tests + $ nox -s system-3.8 $ nox -s system-2.7 + # Run a single system test + $ nox -s system-3.8 -- -k + + .. note:: System tests are only configured to run under Python 2.7 and - Python 3.7. For expediency, we do not run them in older versions + Python 3.8. For expediency, we do not run them in older versions of Python 3. This alone will not run the tests. You'll need to change some local diff --git a/MANIFEST.in b/MANIFEST.in index e9e29d12..e783f4c6 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -16,10 +16,10 @@ # Generated by synthtool. DO NOT EDIT! include README.rst LICENSE -recursive-include google *.json *.proto +recursive-include google *.json *.proto py.typed recursive-include tests * global-exclude *.py[co] global-exclude __pycache__ # Exclude scripts for samples readmegen -prune scripts/readme-gen \ No newline at end of file +prune scripts/readme-gen diff --git a/UPGRADING.md b/UPGRADING.md index 15a2ee0c..dec82d7d 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -17,10 +17,10 @@ The 1.0.0 release requires Python 3.6+. Methods expect request objects. We provide a script that will convert most common use cases. -* Install the library +* Install the library with `libcst`. ```py -python3 -m pip install google-cloud-securitycenter +python3 -m pip install google-cloud-securitycenter[libcst] ``` * The script `fixup_securitycenter_v1_keywords.py` is shipped with the library. It expects @@ -50,7 +50,7 @@ client = securitycenter.securitycenterClient() assets = client.list_assets( request={ - "org_name": org_name, + "org_name": org_name, "filter_:": project_filter, "read_time": timestamp_proto } diff --git a/docs/securitycenter_v1/security_center.rst b/docs/securitycenter_v1/security_center.rst new file mode 100644 index 00000000..0d7d0e97 --- /dev/null +++ b/docs/securitycenter_v1/security_center.rst @@ -0,0 +1,11 @@ +SecurityCenter +-------------------------------- + +.. automodule:: google.cloud.securitycenter_v1.services.security_center + :members: + :inherited-members: + + +.. automodule:: google.cloud.securitycenter_v1.services.security_center.pagers + :members: + :inherited-members: diff --git a/docs/securitycenter_v1/services.rst b/docs/securitycenter_v1/services.rst index d1a1378e..295acede 100644 --- a/docs/securitycenter_v1/services.rst +++ b/docs/securitycenter_v1/services.rst @@ -1,6 +1,6 @@ Services for Google Cloud Securitycenter v1 API =============================================== +.. toctree:: + :maxdepth: 2 -.. automodule:: google.cloud.securitycenter_v1.services.security_center - :members: - :inherited-members: + security_center diff --git a/docs/securitycenter_v1/types.rst b/docs/securitycenter_v1/types.rst index f7497757..460aec08 100644 --- a/docs/securitycenter_v1/types.rst +++ b/docs/securitycenter_v1/types.rst @@ -3,4 +3,5 @@ Types for Google Cloud Securitycenter v1 API .. automodule:: google.cloud.securitycenter_v1.types :members: + :undoc-members: :show-inheritance: diff --git a/docs/securitycenter_v1beta1/security_center.rst b/docs/securitycenter_v1beta1/security_center.rst new file mode 100644 index 00000000..f7b00994 --- /dev/null +++ b/docs/securitycenter_v1beta1/security_center.rst @@ -0,0 +1,11 @@ +SecurityCenter +-------------------------------- + +.. automodule:: google.cloud.securitycenter_v1beta1.services.security_center + :members: + :inherited-members: + + +.. automodule:: google.cloud.securitycenter_v1beta1.services.security_center.pagers + :members: + :inherited-members: diff --git a/docs/securitycenter_v1beta1/services.rst b/docs/securitycenter_v1beta1/services.rst index 212796c8..a09a4b86 100644 --- a/docs/securitycenter_v1beta1/services.rst +++ b/docs/securitycenter_v1beta1/services.rst @@ -1,6 +1,6 @@ Services for Google Cloud Securitycenter v1beta1 API ==================================================== +.. toctree:: + :maxdepth: 2 -.. automodule:: google.cloud.securitycenter_v1beta1.services.security_center - :members: - :inherited-members: + security_center diff --git a/docs/securitycenter_v1beta1/types.rst b/docs/securitycenter_v1beta1/types.rst index 0bbeba06..44bb4fec 100644 --- a/docs/securitycenter_v1beta1/types.rst +++ b/docs/securitycenter_v1beta1/types.rst @@ -3,4 +3,5 @@ Types for Google Cloud Securitycenter v1beta1 API .. automodule:: google.cloud.securitycenter_v1beta1.types :members: + :undoc-members: :show-inheritance: diff --git a/docs/securitycenter_v1p1beta1/security_center.rst b/docs/securitycenter_v1p1beta1/security_center.rst new file mode 100644 index 00000000..afda133c --- /dev/null +++ b/docs/securitycenter_v1p1beta1/security_center.rst @@ -0,0 +1,11 @@ +SecurityCenter +-------------------------------- + +.. automodule:: google.cloud.securitycenter_v1p1beta1.services.security_center + :members: + :inherited-members: + + +.. automodule:: google.cloud.securitycenter_v1p1beta1.services.security_center.pagers + :members: + :inherited-members: diff --git a/docs/securitycenter_v1p1beta1/services.rst b/docs/securitycenter_v1p1beta1/services.rst index 5034b831..7f537e85 100644 --- a/docs/securitycenter_v1p1beta1/services.rst +++ b/docs/securitycenter_v1p1beta1/services.rst @@ -1,6 +1,6 @@ Services for Google Cloud Securitycenter v1p1beta1 API ====================================================== +.. toctree:: + :maxdepth: 2 -.. automodule:: google.cloud.securitycenter_v1p1beta1.services.security_center - :members: - :inherited-members: + security_center diff --git a/docs/securitycenter_v1p1beta1/types.rst b/docs/securitycenter_v1p1beta1/types.rst index a68ac5c6..1facc905 100644 --- a/docs/securitycenter_v1p1beta1/types.rst +++ b/docs/securitycenter_v1p1beta1/types.rst @@ -3,4 +3,5 @@ Types for Google Cloud Securitycenter v1p1beta1 API .. automodule:: google.cloud.securitycenter_v1p1beta1.types :members: + :undoc-members: :show-inheritance: diff --git a/google/cloud/securitycenter_v1/services/security_center/async_client.py b/google/cloud/securitycenter_v1/services/security_center/async_client.py index b0b01027..644bdf4c 100644 --- a/google/cloud/securitycenter_v1/services/security_center/async_client.py +++ b/google/cloud/securitycenter_v1/services/security_center/async_client.py @@ -120,7 +120,36 @@ class SecurityCenterAsyncClient: SecurityCenterClient.parse_common_location_path ) - from_service_account_file = SecurityCenterClient.from_service_account_file + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterAsyncClient: The constructed client. + """ + return SecurityCenterClient.from_service_account_info.__func__(SecurityCenterAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterAsyncClient: The constructed client. + """ + return SecurityCenterClient.from_service_account_file.__func__(SecurityCenterAsyncClient, filename, *args, **kwargs) # type: ignore + from_service_account_json = from_service_account_file @property @@ -197,19 +226,21 @@ async def create_source( r"""Creates a source. Args: - request (:class:`~.securitycenter_service.CreateSourceRequest`): + request (:class:`google.cloud.securitycenter_v1.types.CreateSourceRequest`): The request object. Request message for creating a source. parent (:class:`str`): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - source (:class:`~.gcs_source.Source`): + source (:class:`google.cloud.securitycenter_v1.types.Source`): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -221,7 +252,7 @@ async def create_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -285,13 +316,14 @@ async def create_finding( exist for finding creation to succeed. Args: - request (:class:`~.securitycenter_service.CreateFindingRequest`): + request (:class:`google.cloud.securitycenter_v1.types.CreateFindingRequest`): The request object. Request message for creating a finding. parent (:class:`str`): Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -301,13 +333,15 @@ async def create_finding( It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding (:class:`~.gcs_finding.Finding`): + finding (:class:`google.cloud.securitycenter_v1.types.Finding`): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -319,7 +353,7 @@ async def create_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1.types.Finding: Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, @@ -387,12 +421,13 @@ async def create_notification_config( r"""Creates a notification config. Args: - request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1.types.CreateNotificationConfigRequest`): The request object. Request message for creating a notification config. parent (:class:`str`): Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -403,14 +438,16 @@ async def create_notification_config( between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. + This corresponds to the ``config_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (:class:`google.cloud.securitycenter_v1.types.NotificationConfig`): Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -422,7 +459,7 @@ async def create_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1.types.NotificationConfig: Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC @@ -485,13 +522,14 @@ async def delete_notification_config( r"""Deletes a notification config. Args: - request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1.types.DeleteNotificationConfigRequest`): The request object. Request message for deleting a notification config. name (:class:`str`): Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -552,7 +590,7 @@ async def get_iam_policy( Source. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): The request object. Request message for `GetIamPolicy` method. resource (:class:`str`): @@ -560,6 +598,7 @@ async def get_iam_policy( policy is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -571,72 +610,62 @@ async def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -668,6 +697,7 @@ async def get_iam_policy( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -697,13 +727,14 @@ async def get_notification_config( r"""Gets a notification config. Args: - request (:class:`~.securitycenter_service.GetNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1.types.GetNotificationConfigRequest`): The request object. Request message for getting a notification config. name (:class:`str`): Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -715,7 +746,7 @@ async def get_notification_config( sent along with the request as metadata. Returns: - ~.notification_config.NotificationConfig: + google.cloud.securitycenter_v1.types.NotificationConfig: Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC @@ -753,6 +784,7 @@ async def get_notification_config( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -782,13 +814,14 @@ async def get_organization_settings( r"""Gets the settings for an organization. Args: - request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.GetOrganizationSettingsRequest`): The request object. Request message for getting organization settings. name (:class:`str`): Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -800,7 +833,7 @@ async def get_organization_settings( sent along with the request as metadata. Returns: - ~.organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -835,6 +868,7 @@ async def get_organization_settings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -864,13 +898,14 @@ async def get_source( r"""Gets a source. Args: - request (:class:`~.securitycenter_service.GetSourceRequest`): + request (:class:`google.cloud.securitycenter_v1.types.GetSourceRequest`): The request object. Request message for getting a source. name (:class:`str`): Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -882,7 +917,7 @@ async def get_source( sent along with the request as metadata. Returns: - ~.source.Source: + google.cloud.securitycenter_v1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -920,6 +955,7 @@ async def get_source( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -949,7 +985,7 @@ async def group_assets( their specified properties. Args: - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.GroupAssetsRequest`): The request object. Request message for grouping by assets. @@ -960,7 +996,7 @@ async def group_assets( sent along with the request as metadata. Returns: - ~.pagers.GroupAssetsAsyncPager: + google.cloud.securitycenter_v1.services.security_center.pagers.GroupAssetsAsyncPager: Response message for grouping by assets. Iterating over this object will yield @@ -983,6 +1019,7 @@ async def group_assets( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1023,7 +1060,7 @@ async def group_findings( Example: /v1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.GroupFindingsRequest`): The request object. Request message for grouping by findings. parent (:class:`str`): @@ -1032,6 +1069,7 @@ async def group_findings( To groupBy across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1046,8 +1084,7 @@ async def group_findings( - resource_name - category - state - - parent - + - parent - severity The following fields are supported when compare_duration @@ -1066,7 +1103,7 @@ async def group_findings( sent along with the request as metadata. Returns: - ~.pagers.GroupFindingsAsyncPager: + google.cloud.securitycenter_v1.services.security_center.pagers.GroupFindingsAsyncPager: Response message for group by findings. Iterating over this object will yield @@ -1105,6 +1142,7 @@ async def group_findings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1139,7 +1177,7 @@ async def list_assets( r"""Lists an organization's assets. Args: - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.ListAssetsRequest`): The request object. Request message for listing assets. retry (google.api_core.retry.Retry): Designation of what errors, if any, @@ -1149,7 +1187,7 @@ async def list_assets( sent along with the request as metadata. Returns: - ~.pagers.ListAssetsAsyncPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListAssetsAsyncPager: Response message for listing assets. Iterating over this object will yield results and resolve additional pages @@ -1171,6 +1209,7 @@ async def list_assets( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1208,7 +1247,7 @@ async def list_findings( Example: /v1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.ListFindingsRequest`): The request object. Request message for listing findings. @@ -1219,7 +1258,7 @@ async def list_findings( sent along with the request as metadata. Returns: - ~.pagers.ListFindingsAsyncPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListFindingsAsyncPager: Response message for listing findings. Iterating over this object will yield @@ -1242,6 +1281,7 @@ async def list_findings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1277,13 +1317,14 @@ async def list_notification_configs( r"""Lists notification configs. Args: - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest`): The request object. Request message for listing notification configs. parent (:class:`str`): Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1295,7 +1336,7 @@ async def list_notification_configs( sent along with the request as metadata. Returns: - ~.pagers.ListNotificationConfigsAsyncPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListNotificationConfigsAsyncPager: Response message for listing notification configs. Iterating over this object will yield @@ -1332,6 +1373,7 @@ async def list_notification_configs( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1367,12 +1409,13 @@ async def list_sources( r"""Lists all sources belonging to an organization. Args: - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (:class:`google.cloud.securitycenter_v1.types.ListSourcesRequest`): The request object. Request message for listing sources. parent (:class:`str`): Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1384,7 +1427,7 @@ async def list_sources( sent along with the request as metadata. Returns: - ~.pagers.ListSourcesAsyncPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListSourcesAsyncPager: Response message for listing sources. Iterating over this object will yield results and resolve additional pages @@ -1420,6 +1463,7 @@ async def list_sources( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1460,13 +1504,14 @@ async def run_asset_discovery( receive a TOO_MANY_REQUESTS error. Args: - request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`): + request (:class:`google.cloud.securitycenter_v1.types.RunAssetDiscoveryRequest`): The request object. Request message for running asset discovery for an organization. parent (:class:`str`): Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1478,11 +1523,11 @@ async def run_asset_discovery( sent along with the request as metadata. Returns: - ~.operation_async.AsyncOperation: + google.api_core.operation_async.AsyncOperation: An object representing a long-running operation. The result type for the operation will be - :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``: + :class:`google.cloud.securitycenter_v1.types.RunAssetDiscoveryResponse` Response of asset discovery run """ @@ -1546,7 +1591,7 @@ async def set_finding_state( r"""Updates the state of a finding. Args: - request (:class:`~.securitycenter_service.SetFindingStateRequest`): + request (:class:`google.cloud.securitycenter_v1.types.SetFindingStateRequest`): The request object. Request message for updating a finding's state. name (:class:`str`): @@ -1555,18 +1600,21 @@ async def set_finding_state( https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - state (:class:`~.finding.Finding.State`): + state (:class:`google.cloud.securitycenter_v1.types.Finding.State`): Required. The desired State of the finding. + This corresponds to the ``state`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - start_time (:class:`~.timestamp.Timestamp`): + start_time (:class:`google.protobuf.timestamp_pb2.Timestamp`): Required. The time at which the updated state takes effect. + This corresponds to the ``start_time`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1578,7 +1626,7 @@ async def set_finding_state( sent along with the request as metadata. Returns: - ~.finding.Finding: + google.cloud.securitycenter_v1.types.Finding: Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, @@ -1645,7 +1693,7 @@ async def set_iam_policy( Source. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. resource (:class:`str`): @@ -1653,6 +1701,7 @@ async def set_iam_policy( policy is being specified. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1664,72 +1713,62 @@ async def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1784,7 +1823,7 @@ async def test_iam_permissions( specified source. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. resource (:class:`str`): @@ -1792,6 +1831,7 @@ async def test_iam_permissions( policy detail is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1800,6 +1840,7 @@ async def test_iam_permissions( Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview `__. + This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1811,8 +1852,8 @@ async def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have @@ -1845,6 +1886,7 @@ async def test_iam_permissions( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1875,10 +1917,10 @@ async def update_finding( source must exist for a finding creation to succeed. Args: - request (:class:`~.securitycenter_service.UpdateFindingRequest`): + request (:class:`google.cloud.securitycenter_v1.types.UpdateFindingRequest`): The request object. Request message for updating or creating a finding. - finding (:class:`~.gcs_finding.Finding`): + finding (:class:`google.cloud.securitycenter_v1.types.Finding`): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -1886,6 +1928,7 @@ async def update_finding( In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1897,7 +1940,7 @@ async def update_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1.types.Finding: Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, @@ -1963,20 +2006,22 @@ async def update_notification_config( allowed: description, pubsub_topic, streaming_config.filter Args: - request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1.types.UpdateNotificationConfigRequest`): The request object. Request message for updating a notification config. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (:class:`google.cloud.securitycenter_v1.types.NotificationConfig`): Required. The notification config to update. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1988,7 +2033,7 @@ async def update_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1.types.NotificationConfig: Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC @@ -2051,12 +2096,13 @@ async def update_organization_settings( r"""Updates an organization's settings. Args: - request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`): + request (:class:`google.cloud.securitycenter_v1.types.UpdateOrganizationSettingsRequest`): The request object. Request message for updating an organization's settings. - organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`): + organization_settings (:class:`google.cloud.securitycenter_v1.types.OrganizationSettings`): Required. The organization settings resource to update. + This corresponds to the ``organization_settings`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2068,7 +2114,7 @@ async def update_organization_settings( sent along with the request as metadata. Returns: - ~.gcs_organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -2126,12 +2172,13 @@ async def update_source( r"""Updates a source. Args: - request (:class:`~.securitycenter_service.UpdateSourceRequest`): + request (:class:`google.cloud.securitycenter_v1.types.UpdateSourceRequest`): The request object. Request message for updating a source. - source (:class:`~.gcs_source.Source`): + source (:class:`google.cloud.securitycenter_v1.types.Source`): Required. The source resource to update. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2143,7 +2190,7 @@ async def update_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -2204,12 +2251,13 @@ async def update_security_marks( r"""Updates security marks. Args: - request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`): + request (:class:`google.cloud.securitycenter_v1.types.UpdateSecurityMarksRequest`): The request object. Request message for updating a SecurityMarks resource. - security_marks (:class:`~.gcs_security_marks.SecurityMarks`): + security_marks (:class:`google.cloud.securitycenter_v1.types.SecurityMarks`): Required. The security marks resource to update. + This corresponds to the ``security_marks`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2221,7 +2269,7 @@ async def update_security_marks( sent along with the request as metadata. Returns: - ~.gcs_security_marks.SecurityMarks: + google.cloud.securitycenter_v1.types.SecurityMarks: User specified security marks that are attached to the parent Security Command Center resource. Security marks diff --git a/google/cloud/securitycenter_v1/services/security_center/client.py b/google/cloud/securitycenter_v1/services/security_center/client.py index 319ca077..5e85db59 100644 --- a/google/cloud/securitycenter_v1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1/services/security_center/client.py @@ -132,6 +132,22 @@ def _get_default_mtls_endpoint(api_endpoint): DEFAULT_ENDPOINT ) + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials @@ -144,7 +160,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): kwargs: Additional arguments to pass to the constructor. Returns: - {@api.name}: The constructed client. + SecurityCenterClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_file(filename) kwargs["credentials"] = credentials @@ -340,10 +356,10 @@ def __init__( credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. - transport (Union[str, ~.SecurityCenterTransport]): The + transport (Union[str, SecurityCenterTransport]): The transport to use. If set to None, a transport is chosen automatically. - client_options (client_options_lib.ClientOptions): Custom options for the + client_options (google.api_core.client_options.ClientOptions): Custom options for the client. It won't take effect if a ``transport`` instance is provided. (1) The ``api_endpoint`` property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT @@ -379,21 +395,17 @@ def __init__( util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) ) - ssl_credentials = None + client_cert_source_func = None is_mtls = False if use_client_cert: if client_options.client_cert_source: - import grpc # type: ignore - - cert, key = client_options.client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) is_mtls = True + client_cert_source_func = client_options.client_cert_source else: - creds = SslCredentials() - is_mtls = creds.is_mtls - ssl_credentials = creds.ssl_credentials if is_mtls else None + is_mtls = mtls.has_default_client_cert_source() + client_cert_source_func = ( + mtls.default_client_cert_source() if is_mtls else None + ) # Figure out which api endpoint to use. if client_options.api_endpoint is not None: @@ -436,7 +448,7 @@ def __init__( credentials_file=client_options.credentials_file, host=api_endpoint, scopes=client_options.scopes, - ssl_channel_credentials=ssl_credentials, + client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, ) @@ -454,19 +466,21 @@ def create_source( r"""Creates a source. Args: - request (:class:`~.securitycenter_service.CreateSourceRequest`): + request (google.cloud.securitycenter_v1.types.CreateSourceRequest): The request object. Request message for creating a source. - parent (:class:`str`): + parent (str): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - source (:class:`~.gcs_source.Source`): + source (google.cloud.securitycenter_v1.types.Source): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -478,7 +492,7 @@ def create_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -543,29 +557,32 @@ def create_finding( exist for finding creation to succeed. Args: - request (:class:`~.securitycenter_service.CreateFindingRequest`): + request (google.cloud.securitycenter_v1.types.CreateFindingRequest): The request object. Request message for creating a finding. - parent (:class:`str`): + parent (str): Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding_id (:class:`str`): + finding_id (str): Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding (:class:`~.gcs_finding.Finding`): + finding (google.cloud.securitycenter_v1.types.Finding): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -577,7 +594,7 @@ def create_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1.types.Finding: Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, @@ -646,30 +663,33 @@ def create_notification_config( r"""Creates a notification config. Args: - request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`): + request (google.cloud.securitycenter_v1.types.CreateNotificationConfigRequest): The request object. Request message for creating a notification config. - parent (:class:`str`): + parent (str): Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - config_id (:class:`str`): + config_id (str): Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. + This corresponds to the ``config_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (google.cloud.securitycenter_v1.types.NotificationConfig): Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -681,7 +701,7 @@ def create_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1.types.NotificationConfig: Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC @@ -749,13 +769,14 @@ def delete_notification_config( r"""Deletes a notification config. Args: - request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`): + request (google.cloud.securitycenter_v1.types.DeleteNotificationConfigRequest): The request object. Request message for deleting a notification config. - name (:class:`str`): + name (str): Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -821,14 +842,15 @@ def get_iam_policy( Source. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest): The request object. Request message for `GetIamPolicy` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -840,72 +862,62 @@ def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -918,13 +930,16 @@ def get_iam_policy( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.GetIamPolicyRequest(**request) - elif not request: - request = iam_policy.GetIamPolicyRequest(resource=resource,) + # Null request, just make one. + request = iam_policy.GetIamPolicyRequest() + + if resource is not None: + request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -954,13 +969,14 @@ def get_notification_config( r"""Gets a notification config. Args: - request (:class:`~.securitycenter_service.GetNotificationConfigRequest`): + request (google.cloud.securitycenter_v1.types.GetNotificationConfigRequest): The request object. Request message for getting a notification config. - name (:class:`str`): + name (str): Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -972,7 +988,7 @@ def get_notification_config( sent along with the request as metadata. Returns: - ~.notification_config.NotificationConfig: + google.cloud.securitycenter_v1.types.NotificationConfig: Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC @@ -1032,13 +1048,14 @@ def get_organization_settings( r"""Gets the settings for an organization. Args: - request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`): + request (google.cloud.securitycenter_v1.types.GetOrganizationSettingsRequest): The request object. Request message for getting organization settings. - name (:class:`str`): + name (str): Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1050,7 +1067,7 @@ def get_organization_settings( sent along with the request as metadata. Returns: - ~.organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -1111,13 +1128,14 @@ def get_source( r"""Gets a source. Args: - request (:class:`~.securitycenter_service.GetSourceRequest`): + request (google.cloud.securitycenter_v1.types.GetSourceRequest): The request object. Request message for getting a source. - name (:class:`str`): + name (str): Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1129,7 +1147,7 @@ def get_source( sent along with the request as metadata. Returns: - ~.source.Source: + google.cloud.securitycenter_v1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -1189,7 +1207,7 @@ def group_assets( their specified properties. Args: - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1.types.GroupAssetsRequest): The request object. Request message for grouping by assets. @@ -1200,7 +1218,7 @@ def group_assets( sent along with the request as metadata. Returns: - ~.pagers.GroupAssetsPager: + google.cloud.securitycenter_v1.services.security_center.pagers.GroupAssetsPager: Response message for grouping by assets. Iterating over this object will yield @@ -1256,19 +1274,20 @@ def group_findings( Example: /v1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1.types.GroupFindingsRequest): The request object. Request message for grouping by findings. - parent (:class:`str`): + parent (str): Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - group_by (:class:`str`): + group_by (str): Required. Expression that defines what assets fields to use for grouping (including ``state_change``). The string value should follow SQL syntax: comma separated @@ -1279,8 +1298,7 @@ def group_findings( - resource_name - category - state - - parent - + - parent - severity The following fields are supported when compare_duration @@ -1299,7 +1317,7 @@ def group_findings( sent along with the request as metadata. Returns: - ~.pagers.GroupFindingsPager: + google.cloud.securitycenter_v1.services.security_center.pagers.GroupFindingsPager: Response message for group by findings. Iterating over this object will yield @@ -1365,7 +1383,7 @@ def list_assets( r"""Lists an organization's assets. Args: - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1.types.ListAssetsRequest): The request object. Request message for listing assets. retry (google.api_core.retry.Retry): Designation of what errors, if any, @@ -1375,7 +1393,7 @@ def list_assets( sent along with the request as metadata. Returns: - ~.pagers.ListAssetsPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListAssetsPager: Response message for listing assets. Iterating over this object will yield results and resolve additional pages @@ -1427,7 +1445,7 @@ def list_findings( Example: /v1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1.types.ListFindingsRequest): The request object. Request message for listing findings. @@ -1438,7 +1456,7 @@ def list_findings( sent along with the request as metadata. Returns: - ~.pagers.ListFindingsPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListFindingsPager: Response message for listing findings. Iterating over this object will yield @@ -1489,13 +1507,14 @@ def list_notification_configs( r"""Lists notification configs. Args: - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest): The request object. Request message for listing notification configs. - parent (:class:`str`): + parent (str): Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1507,7 +1526,7 @@ def list_notification_configs( sent along with the request as metadata. Returns: - ~.pagers.ListNotificationConfigsPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListNotificationConfigsPager: Response message for listing notification configs. Iterating over this object will yield @@ -1576,12 +1595,13 @@ def list_sources( r"""Lists all sources belonging to an organization. Args: - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1.types.ListSourcesRequest): The request object. Request message for listing sources. - parent (:class:`str`): + parent (str): Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1593,7 +1613,7 @@ def list_sources( sent along with the request as metadata. Returns: - ~.pagers.ListSourcesPager: + google.cloud.securitycenter_v1.services.security_center.pagers.ListSourcesPager: Response message for listing sources. Iterating over this object will yield results and resolve additional pages @@ -1662,13 +1682,14 @@ def run_asset_discovery( receive a TOO_MANY_REQUESTS error. Args: - request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`): + request (google.cloud.securitycenter_v1.types.RunAssetDiscoveryRequest): The request object. Request message for running asset discovery for an organization. - parent (:class:`str`): + parent (str): Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1680,11 +1701,11 @@ def run_asset_discovery( sent along with the request as metadata. Returns: - ~.operation.Operation: + google.api_core.operation.Operation: An object representing a long-running operation. The result type for the operation will be - :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``: + :class:`google.cloud.securitycenter_v1.types.RunAssetDiscoveryResponse` Response of asset discovery run """ @@ -1749,27 +1770,30 @@ def set_finding_state( r"""Updates the state of a finding. Args: - request (:class:`~.securitycenter_service.SetFindingStateRequest`): + request (google.cloud.securitycenter_v1.types.SetFindingStateRequest): The request object. Request message for updating a finding's state. - name (:class:`str`): + name (str): Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - state (:class:`~.finding.Finding.State`): + state (google.cloud.securitycenter_v1.types.Finding.State): Required. The desired State of the finding. + This corresponds to the ``state`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - start_time (:class:`~.timestamp.Timestamp`): + start_time (google.protobuf.timestamp_pb2.Timestamp): Required. The time at which the updated state takes effect. + This corresponds to the ``start_time`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1781,7 +1805,7 @@ def set_finding_state( sent along with the request as metadata. Returns: - ~.finding.Finding: + google.cloud.securitycenter_v1.types.Finding: Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, @@ -1849,14 +1873,15 @@ def set_iam_policy( Source. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest): The request object. Request message for `SetIamPolicy` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1868,72 +1893,62 @@ def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1946,13 +1961,16 @@ def set_iam_policy( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.SetIamPolicyRequest(**request) - elif not request: - request = iam_policy.SetIamPolicyRequest(resource=resource,) + # Null request, just make one. + request = iam_policy.SetIamPolicyRequest() + + if resource is not None: + request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1984,22 +2002,24 @@ def test_iam_permissions( specified source. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest): The request object. Request message for `TestIamPermissions` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - permissions (:class:`Sequence[str]`): + permissions (Sequence[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview `__. + This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2011,8 +2031,8 @@ def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have @@ -2024,15 +2044,19 @@ def test_iam_permissions( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.TestIamPermissionsRequest(**request) - elif not request: - request = iam_policy.TestIamPermissionsRequest( - resource=resource, permissions=permissions, - ) + # Null request, just make one. + request = iam_policy.TestIamPermissionsRequest() + + if resource is not None: + request.resource = resource + + if permissions: + request.permissions.extend(permissions) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2063,10 +2087,10 @@ def update_finding( source must exist for a finding creation to succeed. Args: - request (:class:`~.securitycenter_service.UpdateFindingRequest`): + request (google.cloud.securitycenter_v1.types.UpdateFindingRequest): The request object. Request message for updating or creating a finding. - finding (:class:`~.gcs_finding.Finding`): + finding (google.cloud.securitycenter_v1.types.Finding): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -2074,6 +2098,7 @@ def update_finding( In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2085,7 +2110,7 @@ def update_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1.types.Finding: Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, @@ -2152,20 +2177,22 @@ def update_notification_config( allowed: description, pubsub_topic, streaming_config.filter Args: - request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`): + request (google.cloud.securitycenter_v1.types.UpdateNotificationConfigRequest): The request object. Request message for updating a notification config. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (google.cloud.securitycenter_v1.types.NotificationConfig): Required. The notification config to update. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2177,7 +2204,7 @@ def update_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1.types.NotificationConfig: Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC @@ -2245,12 +2272,13 @@ def update_organization_settings( r"""Updates an organization's settings. Args: - request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`): + request (google.cloud.securitycenter_v1.types.UpdateOrganizationSettingsRequest): The request object. Request message for updating an organization's settings. - organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`): + organization_settings (google.cloud.securitycenter_v1.types.OrganizationSettings): Required. The organization settings resource to update. + This corresponds to the ``organization_settings`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2262,7 +2290,7 @@ def update_organization_settings( sent along with the request as metadata. Returns: - ~.gcs_organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -2325,12 +2353,13 @@ def update_source( r"""Updates a source. Args: - request (:class:`~.securitycenter_service.UpdateSourceRequest`): + request (google.cloud.securitycenter_v1.types.UpdateSourceRequest): The request object. Request message for updating a source. - source (:class:`~.gcs_source.Source`): + source (google.cloud.securitycenter_v1.types.Source): Required. The source resource to update. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2342,7 +2371,7 @@ def update_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -2404,12 +2433,13 @@ def update_security_marks( r"""Updates security marks. Args: - request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`): + request (google.cloud.securitycenter_v1.types.UpdateSecurityMarksRequest): The request object. Request message for updating a SecurityMarks resource. - security_marks (:class:`~.gcs_security_marks.SecurityMarks`): + security_marks (google.cloud.securitycenter_v1.types.SecurityMarks): Required. The security marks resource to update. + This corresponds to the ``security_marks`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2421,7 +2451,7 @@ def update_security_marks( sent along with the request as metadata. Returns: - ~.gcs_security_marks.SecurityMarks: + google.cloud.securitycenter_v1.types.SecurityMarks: User specified security marks that are attached to the parent Security Command Center resource. Security marks diff --git a/google/cloud/securitycenter_v1/services/security_center/pagers.py b/google/cloud/securitycenter_v1/services/security_center/pagers.py index 98a0cc03..e887de53 100644 --- a/google/cloud/securitycenter_v1/services/security_center/pagers.py +++ b/google/cloud/securitycenter_v1/services/security_center/pagers.py @@ -15,7 +15,16 @@ # limitations under the License. # -from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple +from typing import ( + Any, + AsyncIterable, + Awaitable, + Callable, + Iterable, + Sequence, + Tuple, + Optional, +) from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import securitycenter_service @@ -26,7 +35,7 @@ class GroupAssetsPager: """A pager for iterating through ``group_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse` object, and provides an ``__iter__`` method to iterate through its ``group_by_results`` field. @@ -35,7 +44,7 @@ class GroupAssetsPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -53,9 +62,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1.types.GroupAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupAssetsResponse`): + response (google.cloud.securitycenter_v1.types.GroupAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -88,7 +97,7 @@ class GroupAssetsAsyncPager: """A pager for iterating through ``group_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse` object, and provides an ``__aiter__`` method to iterate through its ``group_by_results`` field. @@ -97,7 +106,7 @@ class GroupAssetsAsyncPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.GroupAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -115,9 +124,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1.types.GroupAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupAssetsResponse`): + response (google.cloud.securitycenter_v1.types.GroupAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -154,7 +163,7 @@ class GroupFindingsPager: """A pager for iterating through ``group_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse` object, and provides an ``__iter__`` method to iterate through its ``group_by_results`` field. @@ -163,7 +172,7 @@ class GroupFindingsPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -181,9 +190,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1.types.GroupFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupFindingsResponse`): + response (google.cloud.securitycenter_v1.types.GroupFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -216,7 +225,7 @@ class GroupFindingsAsyncPager: """A pager for iterating through ``group_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse` object, and provides an ``__aiter__`` method to iterate through its ``group_by_results`` field. @@ -225,7 +234,7 @@ class GroupFindingsAsyncPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.GroupFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -243,9 +252,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1.types.GroupFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupFindingsResponse`): + response (google.cloud.securitycenter_v1.types.GroupFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -284,7 +293,7 @@ class ListAssetsPager: """A pager for iterating through ``list_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse` object, and provides an ``__iter__`` method to iterate through its ``list_assets_results`` field. @@ -293,7 +302,7 @@ class ListAssetsPager: through the ``list_assets_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -311,9 +320,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1.types.ListAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListAssetsResponse`): + response (google.cloud.securitycenter_v1.types.ListAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -348,7 +357,7 @@ class ListAssetsAsyncPager: """A pager for iterating through ``list_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse` object, and provides an ``__aiter__`` method to iterate through its ``list_assets_results`` field. @@ -357,7 +366,7 @@ class ListAssetsAsyncPager: through the ``list_assets_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -375,9 +384,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1.types.ListAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListAssetsResponse`): + response (google.cloud.securitycenter_v1.types.ListAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -416,7 +425,7 @@ class ListFindingsPager: """A pager for iterating through ``list_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse` object, and provides an ``__iter__`` method to iterate through its ``list_findings_results`` field. @@ -425,7 +434,7 @@ class ListFindingsPager: through the ``list_findings_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -443,9 +452,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1.types.ListFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListFindingsResponse`): + response (google.cloud.securitycenter_v1.types.ListFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -480,7 +489,7 @@ class ListFindingsAsyncPager: """A pager for iterating through ``list_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse` object, and provides an ``__aiter__`` method to iterate through its ``list_findings_results`` field. @@ -489,7 +498,7 @@ class ListFindingsAsyncPager: through the ``list_findings_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -507,9 +516,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1.types.ListFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListFindingsResponse`): + response (google.cloud.securitycenter_v1.types.ListFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -548,7 +557,7 @@ class ListNotificationConfigsPager: """A pager for iterating through ``list_notification_configs`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse` object, and provides an ``__iter__`` method to iterate through its ``notification_configs`` field. @@ -557,7 +566,7 @@ class ListNotificationConfigsPager: through the ``notification_configs`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -575,9 +584,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`): + response (google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -610,7 +619,7 @@ class ListNotificationConfigsAsyncPager: """A pager for iterating through ``list_notification_configs`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse` object, and provides an ``__aiter__`` method to iterate through its ``notification_configs`` field. @@ -619,7 +628,7 @@ class ListNotificationConfigsAsyncPager: through the ``notification_configs`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -639,9 +648,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`): + response (google.cloud.securitycenter_v1.types.ListNotificationConfigsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -680,7 +689,7 @@ class ListSourcesPager: """A pager for iterating through ``list_sources`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListSourcesResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse` object, and provides an ``__iter__`` method to iterate through its ``sources`` field. @@ -689,7 +698,7 @@ class ListSourcesPager: through the ``sources`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListSourcesResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -707,9 +716,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1.types.ListSourcesRequest): The initial request object. - response (:class:`~.securitycenter_service.ListSourcesResponse`): + response (google.cloud.securitycenter_v1.types.ListSourcesResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -742,7 +751,7 @@ class ListSourcesAsyncPager: """A pager for iterating through ``list_sources`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListSourcesResponse` object, and + :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse` object, and provides an ``__aiter__`` method to iterate through its ``sources`` field. @@ -751,7 +760,7 @@ class ListSourcesAsyncPager: through the ``sources`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListSourcesResponse` + All the usual :class:`google.cloud.securitycenter_v1.types.ListSourcesResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -769,9 +778,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1.types.ListSourcesRequest): The initial request object. - response (:class:`~.securitycenter_service.ListSourcesResponse`): + response (google.cloud.securitycenter_v1.types.ListSourcesResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1/services/security_center/transports/base.py index 896b834a..82541447 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/base.py @@ -23,7 +23,6 @@ from google.api_core import exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore -from google.api_core import retry as retries # type: ignore from google.api_core import operations_v1 # type: ignore from google.auth import credentials # type: ignore @@ -88,10 +87,10 @@ def __init__( scope (Optional[Sequence[str]]): A list of scopes. quota_project_id (Optional[str]): An optional project to use for billing and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing your own client library. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. @@ -99,6 +98,9 @@ def __init__( host += ":443" self._host = host + # Save the scopes. + self._scopes = scopes or self.AUTH_SCOPES + # If no credentials are provided, then determine the appropriate # defaults. if credentials and credentials_file: @@ -108,20 +110,17 @@ def __init__( if credentials_file is not None: credentials, _ = auth.load_credentials_from_file( - credentials_file, scopes=scopes, quota_project_id=quota_project_id + credentials_file, scopes=self._scopes, quota_project_id=quota_project_id ) elif credentials is None: credentials, _ = auth.default( - scopes=scopes, quota_project_id=quota_project_id + scopes=self._scopes, quota_project_id=quota_project_id ) # Save the credentials. self._credentials = credentials - # Lifted into its own function so it can be stubbed out during tests. - self._prep_wrapped_messages(client_info) - def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { @@ -150,6 +149,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -163,6 +163,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -176,6 +177,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -189,6 +191,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -202,6 +205,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -215,6 +219,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -228,6 +233,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -241,6 +247,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -254,6 +261,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -267,6 +275,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -289,6 +298,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py index 8d8c03c3..59612c98 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py @@ -75,6 +75,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: @@ -105,6 +106,10 @@ def __init__( ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. client_info (google.api_core.gapic_v1.client_info.ClientInfo): @@ -119,72 +124,61 @@ def __init__( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ + self._grpc_channel = None self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) if channel: - # Sanity check: Ensure that channel and credentials are not both - # provided. + # Ignore credentials if a channel was passed. credentials = False - # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - elif api_mtls_endpoint: - warnings.warn( - "api_mtls_endpoint and client_cert_source are deprecated", - DeprecationWarning, - ) - host = ( - api_mtls_endpoint - if ":" in api_mtls_endpoint - else api_mtls_endpoint + ":443" - ) + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) else: - ssl_credentials = SslCredentials().ssl_credentials + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) - # create a new channel. The provided one is ignored. - self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - ssl_credentials=ssl_credentials, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - self._ssl_channel_credentials = ssl_credentials - else: - host = host if ":" in host else host + ":443" - - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + ) - # create a new channel. The provided one is ignored. + if not self._grpc_channel: self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, + self._host, + credentials=self._credentials, credentials_file=credentials_file, - ssl_credentials=ssl_channel_credentials, - scopes=scopes or self.AUTH_SCOPES, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, quota_project_id=quota_project_id, options=[ ("grpc.max_send_message_length", -1), @@ -192,18 +186,8 @@ def __init__( ], ) - self._stubs = {} # type: Dict[str, Callable] - self._operations_client = None - - # Run the base constructor. - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - client_info=client_info, - ) + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) @classmethod def create_channel( @@ -217,7 +201,7 @@ def create_channel( ) -> grpc.Channel: """Create and return a gRPC channel object. Args: - address (Optional[str]): The host for the channel to use. + host (Optional[str]): The host for the channel to use. credentials (Optional[~.Credentials]): The authorization credentials to attach to requests. These credentials identify this application to the service. If diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py index b44d5ce1..8c4e9bef 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py @@ -79,7 +79,7 @@ def create_channel( ) -> aio.Channel: """Create and return a gRPC AsyncIO channel object. Args: - address (Optional[str]): The host for the channel to use. + host (Optional[str]): The host for the channel to use. credentials (Optional[~.Credentials]): The authorization credentials to attach to requests. These credentials identify this application to the service. If @@ -119,6 +119,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: @@ -150,12 +151,16 @@ def __init__( ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing your own client library. Raises: @@ -164,72 +169,61 @@ def __init__( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ + self._grpc_channel = None self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) if channel: - # Sanity check: Ensure that channel and credentials are not both - # provided. + # Ignore credentials if a channel was passed. credentials = False - # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - elif api_mtls_endpoint: - warnings.warn( - "api_mtls_endpoint and client_cert_source are deprecated", - DeprecationWarning, - ) - host = ( - api_mtls_endpoint - if ":" in api_mtls_endpoint - else api_mtls_endpoint + ":443" - ) + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) else: - ssl_credentials = SslCredentials().ssl_credentials + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) - # create a new channel. The provided one is ignored. - self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - ssl_credentials=ssl_credentials, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - self._ssl_channel_credentials = ssl_credentials - else: - host = host if ":" in host else host + ":443" - - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + ) - # create a new channel. The provided one is ignored. + if not self._grpc_channel: self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, + self._host, + credentials=self._credentials, credentials_file=credentials_file, - ssl_credentials=ssl_channel_credentials, - scopes=scopes or self.AUTH_SCOPES, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, quota_project_id=quota_project_id, options=[ ("grpc.max_send_message_length", -1), @@ -237,18 +231,8 @@ def __init__( ], ) - # Run the base constructor. - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - client_info=client_info, - ) - - self._stubs = {} - self._operations_client = None + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) @property def grpc_channel(self) -> aio.Channel: diff --git a/google/cloud/securitycenter_v1/types/__init__.py b/google/cloud/securitycenter_v1/types/__init__.py index 1a1ebb24..0d3cb34a 100644 --- a/google/cloud/securitycenter_v1/types/__init__.py +++ b/google/cloud/securitycenter_v1/types/__init__.py @@ -15,15 +15,14 @@ # limitations under the License. # -from .security_marks import SecurityMarks from .asset import Asset from .finding import Finding from .notification_config import NotificationConfig -from .resource import Resource from .notification_message import NotificationMessage from .organization_settings import OrganizationSettings +from .resource import Resource from .run_asset_discovery_response import RunAssetDiscoveryResponse -from .source import Source +from .security_marks import SecurityMarks from .securitycenter_service import ( CreateFindingRequest, CreateNotificationConfigRequest, @@ -37,33 +36,33 @@ GroupFindingsRequest, GroupFindingsResponse, GroupResult, - ListNotificationConfigsRequest, - ListNotificationConfigsResponse, - ListSourcesRequest, - ListSourcesResponse, ListAssetsRequest, ListAssetsResponse, ListFindingsRequest, ListFindingsResponse, - SetFindingStateRequest, + ListNotificationConfigsRequest, + ListNotificationConfigsResponse, + ListSourcesRequest, + ListSourcesResponse, RunAssetDiscoveryRequest, + SetFindingStateRequest, UpdateFindingRequest, UpdateNotificationConfigRequest, UpdateOrganizationSettingsRequest, - UpdateSourceRequest, UpdateSecurityMarksRequest, + UpdateSourceRequest, ) +from .source import Source __all__ = ( - "SecurityMarks", "Asset", "Finding", "NotificationConfig", - "Resource", "NotificationMessage", "OrganizationSettings", + "Resource", "RunAssetDiscoveryResponse", - "Source", + "SecurityMarks", "CreateFindingRequest", "CreateNotificationConfigRequest", "CreateSourceRequest", @@ -76,19 +75,20 @@ "GroupFindingsRequest", "GroupFindingsResponse", "GroupResult", - "ListNotificationConfigsRequest", - "ListNotificationConfigsResponse", - "ListSourcesRequest", - "ListSourcesResponse", "ListAssetsRequest", "ListAssetsResponse", "ListFindingsRequest", "ListFindingsResponse", - "SetFindingStateRequest", + "ListNotificationConfigsRequest", + "ListNotificationConfigsResponse", + "ListSourcesRequest", + "ListSourcesResponse", "RunAssetDiscoveryRequest", + "SetFindingStateRequest", "UpdateFindingRequest", "UpdateNotificationConfigRequest", "UpdateOrganizationSettingsRequest", - "UpdateSourceRequest", "UpdateSecurityMarksRequest", + "UpdateSourceRequest", + "Source", ) diff --git a/google/cloud/securitycenter_v1/types/asset.py b/google/cloud/securitycenter_v1/types/asset.py index d1992e53..7ec5e67c 100644 --- a/google/cloud/securitycenter_v1/types/asset.py +++ b/google/cloud/securitycenter_v1/types/asset.py @@ -44,26 +44,26 @@ class Asset(proto.Message): https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/assets/{asset_id}". - security_center_properties (~.asset.Asset.SecurityCenterProperties): + security_center_properties (google.cloud.securitycenter_v1.types.Asset.SecurityCenterProperties): Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user. - resource_properties (Sequence[~.asset.Asset.ResourcePropertiesEntry]): + resource_properties (Sequence[google.cloud.securitycenter_v1.types.Asset.ResourcePropertiesEntry]): Resource managed properties. These properties are managed and defined by the Google Cloud resource and cannot be modified by the user. - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1.types.SecurityMarks): User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the asset was created in Security Command Center. - update_time (~.timestamp.Timestamp): + update_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the asset was last updated, added, or deleted in Security Command Center. - iam_policy (~.asset.Asset.IamPolicy): + iam_policy (google.cloud.securitycenter_v1.types.Asset.IamPolicy): Cloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information diff --git a/google/cloud/securitycenter_v1/types/finding.py b/google/cloud/securitycenter_v1/types/finding.py index 5c5e3146..7fb6a109 100644 --- a/google/cloud/securitycenter_v1/types/finding.py +++ b/google/cloud/securitycenter_v1/types/finding.py @@ -55,7 +55,7 @@ class Finding(proto.Message): When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time. - state (~.finding.Finding.State): + state (google.cloud.securitycenter_v1.types.Finding.State): The state of the finding. category (str): The additional taxonomy group within findings from a given @@ -67,18 +67,18 @@ class Finding(proto.Message): additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. - source_properties (Sequence[~.finding.Finding.SourcePropertiesEntry]): + source_properties (Sequence[google.cloud.securitycenter_v1.types.Finding.SourcePropertiesEntry]): Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1.types.SecurityMarks): Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. - event_time (~.timestamp.Timestamp): + event_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open @@ -87,10 +87,10 @@ class Finding(proto.Message): is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the finding was created in Security Command Center. - severity (~.finding.Finding.Severity): + severity (google.cloud.securitycenter_v1.types.Finding.Severity): The severity of the finding. This field is managed by the source that writes the finding. """ diff --git a/google/cloud/securitycenter_v1/types/notification_config.py b/google/cloud/securitycenter_v1/types/notification_config.py index 13cd5c90..d6876046 100644 --- a/google/cloud/securitycenter_v1/types/notification_config.py +++ b/google/cloud/securitycenter_v1/types/notification_config.py @@ -46,7 +46,7 @@ class NotificationConfig(proto.Message): Output only. The service account that needs "pubsub.topics.publish" permission to publish to the Pub/Sub topic. - streaming_config (~.notification_config.NotificationConfig.StreamingConfig): + streaming_config (google.cloud.securitycenter_v1.types.NotificationConfig.StreamingConfig): The config for triggering streaming-based notifications. """ diff --git a/google/cloud/securitycenter_v1/types/notification_message.py b/google/cloud/securitycenter_v1/types/notification_message.py index c836cad9..c3a6436f 100644 --- a/google/cloud/securitycenter_v1/types/notification_message.py +++ b/google/cloud/securitycenter_v1/types/notification_message.py @@ -34,10 +34,10 @@ class NotificationMessage(proto.Message): notification_config_name (str): Name of the notification config that generated current notification. - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1.types.Finding): If it's a Finding based notification config, this field will be populated. - resource (~.gcs_resource.Resource): + resource (google.cloud.securitycenter_v1.types.Resource): The Cloud resource tied to this notification's Finding. """ diff --git a/google/cloud/securitycenter_v1/types/organization_settings.py b/google/cloud/securitycenter_v1/types/organization_settings.py index ad4bc9f8..a1135a8d 100644 --- a/google/cloud/securitycenter_v1/types/organization_settings.py +++ b/google/cloud/securitycenter_v1/types/organization_settings.py @@ -38,7 +38,7 @@ class OrganizationSettings(proto.Message): If the flag is set to ``true``, then discovery of assets will occur. If it is set to \`false, all historical assets will remain, but discovery of future assets will not occur. - asset_discovery_config (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig): + asset_discovery_config (google.cloud.securitycenter_v1.types.OrganizationSettings.AssetDiscoveryConfig): The configuration used for Asset Discovery runs. """ @@ -50,7 +50,7 @@ class AssetDiscoveryConfig(proto.Message): project_ids (Sequence[str]): The project ids to use for filtering asset discovery. - inclusion_mode (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig.InclusionMode): + inclusion_mode (google.cloud.securitycenter_v1.types.OrganizationSettings.AssetDiscoveryConfig.InclusionMode): The mode to use for filtering asset discovery. """ diff --git a/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py index eeed56ef..845adafd 100644 --- a/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py +++ b/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py @@ -30,9 +30,9 @@ class RunAssetDiscoveryResponse(proto.Message): r"""Response of asset discovery run Attributes: - state (~.run_asset_discovery_response.RunAssetDiscoveryResponse.State): + state (google.cloud.securitycenter_v1.types.RunAssetDiscoveryResponse.State): The state of an asset discovery run. - duration (~.gp_duration.Duration): + duration (google.protobuf.duration_pb2.Duration): The duration between asset discovery run start and end """ diff --git a/google/cloud/securitycenter_v1/types/security_marks.py b/google/cloud/securitycenter_v1/types/security_marks.py index 21bf0b0a..181d1d74 100644 --- a/google/cloud/securitycenter_v1/types/security_marks.py +++ b/google/cloud/securitycenter_v1/types/security_marks.py @@ -37,7 +37,7 @@ class SecurityMarks(proto.Message): Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks". - marks (Sequence[~.security_marks.SecurityMarks.MarksEntry]): + marks (Sequence[google.cloud.securitycenter_v1.types.SecurityMarks.MarksEntry]): Mutable user specified security marks belonging to the parent resource. Constraints are as follows: diff --git a/google/cloud/securitycenter_v1/types/securitycenter_service.py b/google/cloud/securitycenter_v1/types/securitycenter_service.py index 486003a5..9b80e842 100644 --- a/google/cloud/securitycenter_v1/types/securitycenter_service.py +++ b/google/cloud/securitycenter_v1/types/securitycenter_service.py @@ -82,7 +82,7 @@ class CreateFindingRequest(proto.Message): alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1.types.Finding): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. @@ -108,7 +108,7 @@ class CreateNotificationConfigRequest(proto.Message): the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. - notification_config (~.gcs_notification_config.NotificationConfig): + notification_config (google.cloud.securitycenter_v1.types.NotificationConfig): Required. The notification config being created. The name and the service account will be ignored as they are both output only fields @@ -131,7 +131,7 @@ class CreateSourceRequest(proto.Message): parent (str): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". - source (~.gcs_source.Source): + source (google.cloud.securitycenter_v1.types.Source): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. @@ -303,7 +303,7 @@ class GroupAssetsRequest(proto.Message): - security_center_properties.resource_type - security_center_properties.resource_project_display_name - security_center_properties.resource_parent_display_name - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the @@ -335,7 +335,7 @@ class GroupAssetsRequest(proto.Message): If this field is set then ``state_change`` must be a specified field in ``group_by``. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those @@ -371,13 +371,13 @@ class GroupAssetsResponse(proto.Message): r"""Response message for grouping by assets. Attributes: - group_by_results (Sequence[~.securitycenter_service.GroupResult]): + group_by_results (Sequence[google.cloud.securitycenter_v1.types.GroupResult]): Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the groupBy request. next_page_token (str): Token to retrieve the next page of results, @@ -493,13 +493,13 @@ class GroupFindingsRequest(proto.Message): set: - state_change - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained @@ -566,13 +566,13 @@ class GroupFindingsResponse(proto.Message): r"""Response message for group by findings. Attributes: - group_by_results (Sequence[~.securitycenter_service.GroupResult]): + group_by_results (Sequence[google.cloud.securitycenter_v1.types.GroupResult]): Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the groupBy request. next_page_token (str): Token to retrieve the next page of results, @@ -602,7 +602,7 @@ class GroupResult(proto.Message): request. Attributes: - properties (Sequence[~.securitycenter_service.GroupResult.PropertiesEntry]): + properties (Sequence[google.cloud.securitycenter_v1.types.GroupResult.PropertiesEntry]): Properties matching the groupBy fields in the request. count (int): @@ -646,7 +646,7 @@ class ListNotificationConfigsResponse(proto.Message): r"""Response message for listing notification configs. Attributes: - notification_configs (Sequence[~.gcs_notification_config.NotificationConfig]): + notification_configs (Sequence[google.cloud.securitycenter_v1.types.NotificationConfig]): Notification configs belonging to the requested parent. next_page_token (str): @@ -694,7 +694,7 @@ class ListSourcesResponse(proto.Message): r"""Response message for listing sources. Attributes: - sources (Sequence[~.gcs_source.Source]): + sources (Sequence[google.cloud.securitycenter_v1.types.Source]): Sources belonging to the requested parent. next_page_token (str): Token to retrieve the next page of results, @@ -821,13 +821,13 @@ class ListAssetsRequest(proto.Message): security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the @@ -855,7 +855,7 @@ class ListAssetsRequest(proto.Message): If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. - field_mask (~.gp_field_mask.FieldMask): + field_mask (google.protobuf.field_mask_pb2.FieldMask): A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields. @@ -891,9 +891,9 @@ class ListAssetsResponse(proto.Message): r"""Response message for listing assets. Attributes: - list_assets_results (Sequence[~.securitycenter_service.ListAssetsResponse.ListAssetsResult]): + list_assets_results (Sequence[google.cloud.securitycenter_v1.types.ListAssetsResponse.ListAssetsResult]): Assets matching the list request. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the list request. next_page_token (str): Token to retrieve the next page of results, @@ -907,9 +907,9 @@ class ListAssetsResult(proto.Message): r"""Result containing the Asset and its State. Attributes: - asset (~.gcs_asset.Asset): + asset (google.cloud.securitycenter_v1.types.Asset): Asset matching the search request. - state_change (~.securitycenter_service.ListAssetsResponse.ListAssetsResult.StateChange): + state_change (google.cloud.securitycenter_v1.types.ListAssetsResponse.ListAssetsResult.StateChange): State change of the asset between the points in time. """ @@ -1037,13 +1037,13 @@ class ListFindingsRequest(proto.Message): The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained @@ -1077,7 +1077,7 @@ class ListFindingsRequest(proto.Message): If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. - field_mask (~.gp_field_mask.FieldMask): + field_mask (google.protobuf.field_mask_pb2.FieldMask): A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. @@ -1113,9 +1113,9 @@ class ListFindingsResponse(proto.Message): r"""Response message for listing findings. Attributes: - list_findings_results (Sequence[~.securitycenter_service.ListFindingsResponse.ListFindingsResult]): + list_findings_results (Sequence[google.cloud.securitycenter_v1.types.ListFindingsResponse.ListFindingsResult]): Findings matching the list request. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the list request. next_page_token (str): Token to retrieve the next page of results, @@ -1129,12 +1129,12 @@ class ListFindingsResult(proto.Message): r"""Result containing the Finding and its StateChange. Attributes: - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1.types.Finding): Finding matching the search request. - state_change (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.StateChange): + state_change (google.cloud.securitycenter_v1.types.ListFindingsResponse.ListFindingsResult.StateChange): State change of the finding between the points in time. - resource (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.Resource): + resource (google.cloud.securitycenter_v1.types.ListFindingsResponse.ListFindingsResult.Resource): Output only. Resource that is associated with this finding. """ @@ -1223,9 +1223,9 @@ class SetFindingStateRequest(proto.Message): https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". - state (~.gcs_finding.Finding.State): + state (google.cloud.securitycenter_v1.types.Finding.State): Required. The desired State of the finding. - start_time (~.timestamp.Timestamp): + start_time (google.protobuf.timestamp_pb2.Timestamp): Required. The time at which the updated state takes effect. """ @@ -1254,7 +1254,7 @@ class UpdateFindingRequest(proto.Message): r"""Request message for updating or creating a finding. Attributes: - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1.types.Finding): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -1262,7 +1262,7 @@ class UpdateFindingRequest(proto.Message): In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. @@ -1281,9 +1281,9 @@ class UpdateNotificationConfigRequest(proto.Message): r"""Request message for updating a notification config. Attributes: - notification_config (~.gcs_notification_config.NotificationConfig): + notification_config (google.cloud.securitycenter_v1.types.NotificationConfig): Required. The notification config to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. @@ -1300,10 +1300,10 @@ class UpdateOrganizationSettingsRequest(proto.Message): r"""Request message for updating an organization's settings. Attributes: - organization_settings (~.gcs_organization_settings.OrganizationSettings): + organization_settings (google.cloud.securitycenter_v1.types.OrganizationSettings): Required. The organization settings resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the settings resource. @@ -1321,9 +1321,9 @@ class UpdateSourceRequest(proto.Message): r"""Request message for updating a source. Attributes: - source (~.gcs_source.Source): + source (google.cloud.securitycenter_v1.types.Source): Required. The source resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. @@ -1338,17 +1338,17 @@ class UpdateSecurityMarksRequest(proto.Message): r"""Request message for updating a SecurityMarks resource. Attributes: - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1.types.SecurityMarks): Required. The security marks resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". - start_time (~.timestamp.Timestamp): + start_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py b/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py index c9dccb0d..14c5d94f 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/async_client.py @@ -108,7 +108,36 @@ class SecurityCenterAsyncClient: SecurityCenterClient.parse_common_location_path ) - from_service_account_file = SecurityCenterClient.from_service_account_file + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterAsyncClient: The constructed client. + """ + return SecurityCenterClient.from_service_account_info.__func__(SecurityCenterAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterAsyncClient: The constructed client. + """ + return SecurityCenterClient.from_service_account_file.__func__(SecurityCenterAsyncClient, filename, *args, **kwargs) # type: ignore + from_service_account_json = from_service_account_file @property @@ -185,19 +214,21 @@ async def create_source( r"""Creates a source. Args: - request (:class:`~.securitycenter_service.CreateSourceRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.CreateSourceRequest`): The request object. Request message for creating a source. parent (:class:`str`): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - source (:class:`~.gcs_source.Source`): + source (:class:`google.cloud.securitycenter_v1beta1.types.Source`): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -209,7 +240,7 @@ async def create_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -273,13 +304,14 @@ async def create_finding( exist for finding creation to succeed. Args: - request (:class:`~.securitycenter_service.CreateFindingRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.CreateFindingRequest`): The request object. Request message for creating a finding. parent (:class:`str`): Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -289,13 +321,15 @@ async def create_finding( It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding (:class:`~.gcs_finding.Finding`): + finding (:class:`google.cloud.securitycenter_v1beta1.types.Finding`): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -307,7 +341,7 @@ async def create_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -374,7 +408,7 @@ async def get_iam_policy( Source. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): The request object. Request message for `GetIamPolicy` method. resource (:class:`str`): @@ -382,6 +416,7 @@ async def get_iam_policy( policy is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -393,72 +428,62 @@ async def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -490,6 +515,7 @@ async def get_iam_policy( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -519,13 +545,14 @@ async def get_organization_settings( r"""Gets the settings for an organization. Args: - request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.GetOrganizationSettingsRequest`): The request object. Request message for getting organization settings. name (:class:`str`): Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -537,7 +564,7 @@ async def get_organization_settings( sent along with the request as metadata. Returns: - ~.organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -572,6 +599,7 @@ async def get_organization_settings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -601,13 +629,14 @@ async def get_source( r"""Gets a source. Args: - request (:class:`~.securitycenter_service.GetSourceRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.GetSourceRequest`): The request object. Request message for getting a source. name (:class:`str`): Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -619,7 +648,7 @@ async def get_source( sent along with the request as metadata. Returns: - ~.source.Source: + google.cloud.securitycenter_v1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -657,6 +686,7 @@ async def get_source( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -686,7 +716,7 @@ async def group_assets( their specified properties. Args: - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest`): The request object. Request message for grouping by assets. @@ -697,7 +727,7 @@ async def group_assets( sent along with the request as metadata. Returns: - ~.pagers.GroupAssetsAsyncPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupAssetsAsyncPager: Response message for grouping by assets. Iterating over this object will yield @@ -720,6 +750,7 @@ async def group_assets( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -761,7 +792,7 @@ async def group_findings( /v1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest`): The request object. Request message for grouping by findings. parent (:class:`str`): @@ -770,6 +801,7 @@ async def group_findings( To groupBy across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -784,7 +816,7 @@ async def group_findings( - resource_name - category - state - - parent + - parent This corresponds to the ``group_by`` field on the ``request`` instance; if ``request`` is provided, this @@ -797,7 +829,7 @@ async def group_findings( sent along with the request as metadata. Returns: - ~.pagers.GroupFindingsAsyncPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupFindingsAsyncPager: Response message for group by findings. Iterating over this object will yield @@ -836,6 +868,7 @@ async def group_findings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -870,7 +903,7 @@ async def list_assets( r"""Lists an organization's assets. Args: - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.ListAssetsRequest`): The request object. Request message for listing assets. retry (google.api_core.retry.Retry): Designation of what errors, if any, @@ -880,7 +913,7 @@ async def list_assets( sent along with the request as metadata. Returns: - ~.pagers.ListAssetsAsyncPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListAssetsAsyncPager: Response message for listing assets. Iterating over this object will yield results and resolve additional pages @@ -902,6 +935,7 @@ async def list_assets( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -940,7 +974,7 @@ async def list_findings( /v1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.ListFindingsRequest`): The request object. Request message for listing findings. @@ -951,7 +985,7 @@ async def list_findings( sent along with the request as metadata. Returns: - ~.pagers.ListFindingsAsyncPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListFindingsAsyncPager: Response message for listing findings. Iterating over this object will yield @@ -974,6 +1008,7 @@ async def list_findings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1009,12 +1044,13 @@ async def list_sources( r"""Lists all sources belonging to an organization. Args: - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.ListSourcesRequest`): The request object. Request message for listing sources. parent (:class:`str`): Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1026,7 +1062,7 @@ async def list_sources( sent along with the request as metadata. Returns: - ~.pagers.ListSourcesAsyncPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListSourcesAsyncPager: Response message for listing sources. Iterating over this object will yield results and resolve additional pages @@ -1062,6 +1098,7 @@ async def list_sources( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1102,13 +1139,14 @@ async def run_asset_discovery( receive a TOO_MANY_REQUESTS error. Args: - request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.RunAssetDiscoveryRequest`): The request object. Request message for running asset discovery for an organization. parent (:class:`str`): Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1120,24 +1158,22 @@ async def run_asset_discovery( sent along with the request as metadata. Returns: - ~.operation_async.AsyncOperation: + google.api_core.operation_async.AsyncOperation: An object representing a long-running operation. - The result type for the operation will be - :class:``~.empty.Empty``: A generic empty message that - you can re-use to avoid defining duplicated empty - messages in your APIs. A typical example is to use it as - the request or the response type of an API method. For - instance: + The result type for the operation will be :class:`google.protobuf.empty_pb2.Empty` A generic empty message that you can re-use to avoid defining duplicated + empty messages in your APIs. A typical example is to + use it as the request or the response type of an API + method. For instance: - :: + service Foo { + rpc Bar(google.protobuf.Empty) returns + (google.protobuf.Empty); - service Foo { - rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); - } + } - The JSON representation for ``Empty`` is empty JSON - object ``{}``. + The JSON representation for Empty is empty JSON + object {}. """ # Create or coerce a protobuf request object. @@ -1200,7 +1236,7 @@ async def set_finding_state( r"""Updates the state of a finding. Args: - request (:class:`~.securitycenter_service.SetFindingStateRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.SetFindingStateRequest`): The request object. Request message for updating a finding's state. name (:class:`str`): @@ -1209,18 +1245,21 @@ async def set_finding_state( https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - state (:class:`~.finding.Finding.State`): + state (:class:`google.cloud.securitycenter_v1beta1.types.Finding.State`): Required. The desired State of the finding. + This corresponds to the ``state`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - start_time (:class:`~.timestamp.Timestamp`): + start_time (:class:`google.protobuf.timestamp_pb2.Timestamp`): Required. The time at which the updated state takes effect. + This corresponds to the ``start_time`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1232,7 +1271,7 @@ async def set_finding_state( sent along with the request as metadata. Returns: - ~.finding.Finding: + google.cloud.securitycenter_v1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -1299,7 +1338,7 @@ async def set_iam_policy( Source. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. resource (:class:`str`): @@ -1307,6 +1346,7 @@ async def set_iam_policy( policy is being specified. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1318,72 +1358,62 @@ async def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1438,7 +1468,7 @@ async def test_iam_permissions( specified source. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. resource (:class:`str`): @@ -1446,6 +1476,7 @@ async def test_iam_permissions( policy detail is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1454,6 +1485,7 @@ async def test_iam_permissions( Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview `__. + This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1465,8 +1497,8 @@ async def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have @@ -1499,6 +1531,7 @@ async def test_iam_permissions( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1529,10 +1562,10 @@ async def update_finding( source must exist for a finding creation to succeed. Args: - request (:class:`~.securitycenter_service.UpdateFindingRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateFindingRequest`): The request object. Request message for updating or creating a finding. - finding (:class:`~.gcs_finding.Finding`): + finding (:class:`google.cloud.securitycenter_v1beta1.types.Finding`): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -1540,6 +1573,7 @@ async def update_finding( In the case of creation, the finding id portion of the name must alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1551,7 +1585,7 @@ async def update_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -1615,12 +1649,13 @@ async def update_organization_settings( r"""Updates an organization's settings. Args: - request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateOrganizationSettingsRequest`): The request object. Request message for updating an organization's settings. - organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`): + organization_settings (:class:`google.cloud.securitycenter_v1beta1.types.OrganizationSettings`): Required. The organization settings resource to update. + This corresponds to the ``organization_settings`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1632,7 +1667,7 @@ async def update_organization_settings( sent along with the request as metadata. Returns: - ~.gcs_organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -1690,12 +1725,13 @@ async def update_source( r"""Updates a source. Args: - request (:class:`~.securitycenter_service.UpdateSourceRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateSourceRequest`): The request object. Request message for updating a source. - source (:class:`~.gcs_source.Source`): + source (:class:`google.cloud.securitycenter_v1beta1.types.Source`): Required. The source resource to update. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1707,7 +1743,7 @@ async def update_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -1768,12 +1804,13 @@ async def update_security_marks( r"""Updates security marks. Args: - request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`): + request (:class:`google.cloud.securitycenter_v1beta1.types.UpdateSecurityMarksRequest`): The request object. Request message for updating a SecurityMarks resource. - security_marks (:class:`~.gcs_security_marks.SecurityMarks`): + security_marks (:class:`google.cloud.securitycenter_v1beta1.types.SecurityMarks`): Required. The security marks resource to update. + This corresponds to the ``security_marks`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1785,7 +1822,7 @@ async def update_security_marks( sent along with the request as metadata. Returns: - ~.gcs_security_marks.SecurityMarks: + google.cloud.securitycenter_v1beta1.types.SecurityMarks: User specified security marks that are attached to the parent Security Command Center resource. Security marks diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/client.py b/google/cloud/securitycenter_v1beta1/services/security_center/client.py index a27f307b..73dd2f2a 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/client.py @@ -128,6 +128,22 @@ def _get_default_mtls_endpoint(api_endpoint): DEFAULT_ENDPOINT ) + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials @@ -140,7 +156,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): kwargs: Additional arguments to pass to the constructor. Returns: - {@api.name}: The constructed client. + SecurityCenterClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_file(filename) kwargs["credentials"] = credentials @@ -309,10 +325,10 @@ def __init__( credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. - transport (Union[str, ~.SecurityCenterTransport]): The + transport (Union[str, SecurityCenterTransport]): The transport to use. If set to None, a transport is chosen automatically. - client_options (client_options_lib.ClientOptions): Custom options for the + client_options (google.api_core.client_options.ClientOptions): Custom options for the client. It won't take effect if a ``transport`` instance is provided. (1) The ``api_endpoint`` property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT @@ -348,21 +364,17 @@ def __init__( util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) ) - ssl_credentials = None + client_cert_source_func = None is_mtls = False if use_client_cert: if client_options.client_cert_source: - import grpc # type: ignore - - cert, key = client_options.client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) is_mtls = True + client_cert_source_func = client_options.client_cert_source else: - creds = SslCredentials() - is_mtls = creds.is_mtls - ssl_credentials = creds.ssl_credentials if is_mtls else None + is_mtls = mtls.has_default_client_cert_source() + client_cert_source_func = ( + mtls.default_client_cert_source() if is_mtls else None + ) # Figure out which api endpoint to use. if client_options.api_endpoint is not None: @@ -405,7 +417,7 @@ def __init__( credentials_file=client_options.credentials_file, host=api_endpoint, scopes=client_options.scopes, - ssl_channel_credentials=ssl_credentials, + client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, ) @@ -423,19 +435,21 @@ def create_source( r"""Creates a source. Args: - request (:class:`~.securitycenter_service.CreateSourceRequest`): + request (google.cloud.securitycenter_v1beta1.types.CreateSourceRequest): The request object. Request message for creating a source. - parent (:class:`str`): + parent (str): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - source (:class:`~.gcs_source.Source`): + source (google.cloud.securitycenter_v1beta1.types.Source): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -447,7 +461,7 @@ def create_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -512,29 +526,32 @@ def create_finding( exist for finding creation to succeed. Args: - request (:class:`~.securitycenter_service.CreateFindingRequest`): + request (google.cloud.securitycenter_v1beta1.types.CreateFindingRequest): The request object. Request message for creating a finding. - parent (:class:`str`): + parent (str): Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding_id (:class:`str`): + finding_id (str): Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding (:class:`~.gcs_finding.Finding`): + finding (google.cloud.securitycenter_v1beta1.types.Finding): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -546,7 +563,7 @@ def create_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -614,14 +631,15 @@ def get_iam_policy( Source. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest): The request object. Request message for `GetIamPolicy` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -633,72 +651,62 @@ def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -711,13 +719,16 @@ def get_iam_policy( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.GetIamPolicyRequest(**request) - elif not request: - request = iam_policy.GetIamPolicyRequest(resource=resource,) + # Null request, just make one. + request = iam_policy.GetIamPolicyRequest() + + if resource is not None: + request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -747,13 +758,14 @@ def get_organization_settings( r"""Gets the settings for an organization. Args: - request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GetOrganizationSettingsRequest): The request object. Request message for getting organization settings. - name (:class:`str`): + name (str): Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -765,7 +777,7 @@ def get_organization_settings( sent along with the request as metadata. Returns: - ~.organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -826,13 +838,14 @@ def get_source( r"""Gets a source. Args: - request (:class:`~.securitycenter_service.GetSourceRequest`): + request (google.cloud.securitycenter_v1beta1.types.GetSourceRequest): The request object. Request message for getting a source. - name (:class:`str`): + name (str): Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -844,7 +857,7 @@ def get_source( sent along with the request as metadata. Returns: - ~.source.Source: + google.cloud.securitycenter_v1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -904,7 +917,7 @@ def group_assets( their specified properties. Args: - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest): The request object. Request message for grouping by assets. @@ -915,7 +928,7 @@ def group_assets( sent along with the request as metadata. Returns: - ~.pagers.GroupAssetsPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupAssetsPager: Response message for grouping by assets. Iterating over this object will yield @@ -972,19 +985,20 @@ def group_findings( /v1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest): The request object. Request message for grouping by findings. - parent (:class:`str`): + parent (str): Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - group_by (:class:`str`): + group_by (str): Required. Expression that defines what assets fields to use for grouping (including ``state``). The string value should follow SQL syntax: comma separated list of @@ -995,7 +1009,7 @@ def group_findings( - resource_name - category - state - - parent + - parent This corresponds to the ``group_by`` field on the ``request`` instance; if ``request`` is provided, this @@ -1008,7 +1022,7 @@ def group_findings( sent along with the request as metadata. Returns: - ~.pagers.GroupFindingsPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.GroupFindingsPager: Response message for group by findings. Iterating over this object will yield @@ -1074,7 +1088,7 @@ def list_assets( r"""Lists an organization's assets. Args: - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListAssetsRequest): The request object. Request message for listing assets. retry (google.api_core.retry.Retry): Designation of what errors, if any, @@ -1084,7 +1098,7 @@ def list_assets( sent along with the request as metadata. Returns: - ~.pagers.ListAssetsPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListAssetsPager: Response message for listing assets. Iterating over this object will yield results and resolve additional pages @@ -1137,7 +1151,7 @@ def list_findings( /v1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListFindingsRequest): The request object. Request message for listing findings. @@ -1148,7 +1162,7 @@ def list_findings( sent along with the request as metadata. Returns: - ~.pagers.ListFindingsPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListFindingsPager: Response message for listing findings. Iterating over this object will yield @@ -1199,12 +1213,13 @@ def list_sources( r"""Lists all sources belonging to an organization. Args: - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListSourcesRequest): The request object. Request message for listing sources. - parent (:class:`str`): + parent (str): Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1216,7 +1231,7 @@ def list_sources( sent along with the request as metadata. Returns: - ~.pagers.ListSourcesPager: + google.cloud.securitycenter_v1beta1.services.security_center.pagers.ListSourcesPager: Response message for listing sources. Iterating over this object will yield results and resolve additional pages @@ -1285,13 +1300,14 @@ def run_asset_discovery( receive a TOO_MANY_REQUESTS error. Args: - request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`): + request (google.cloud.securitycenter_v1beta1.types.RunAssetDiscoveryRequest): The request object. Request message for running asset discovery for an organization. - parent (:class:`str`): + parent (str): Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1303,24 +1319,22 @@ def run_asset_discovery( sent along with the request as metadata. Returns: - ~.operation.Operation: + google.api_core.operation.Operation: An object representing a long-running operation. - The result type for the operation will be - :class:``~.empty.Empty``: A generic empty message that - you can re-use to avoid defining duplicated empty - messages in your APIs. A typical example is to use it as - the request or the response type of an API method. For - instance: + The result type for the operation will be :class:`google.protobuf.empty_pb2.Empty` A generic empty message that you can re-use to avoid defining duplicated + empty messages in your APIs. A typical example is to + use it as the request or the response type of an API + method. For instance: - :: + service Foo { + rpc Bar(google.protobuf.Empty) returns + (google.protobuf.Empty); - service Foo { - rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); - } + } - The JSON representation for ``Empty`` is empty JSON - object ``{}``. + The JSON representation for Empty is empty JSON + object {}. """ # Create or coerce a protobuf request object. @@ -1384,27 +1398,30 @@ def set_finding_state( r"""Updates the state of a finding. Args: - request (:class:`~.securitycenter_service.SetFindingStateRequest`): + request (google.cloud.securitycenter_v1beta1.types.SetFindingStateRequest): The request object. Request message for updating a finding's state. - name (:class:`str`): + name (str): Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - state (:class:`~.finding.Finding.State`): + state (google.cloud.securitycenter_v1beta1.types.Finding.State): Required. The desired State of the finding. + This corresponds to the ``state`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - start_time (:class:`~.timestamp.Timestamp`): + start_time (google.protobuf.timestamp_pb2.Timestamp): Required. The time at which the updated state takes effect. + This corresponds to the ``start_time`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1416,7 +1433,7 @@ def set_finding_state( sent along with the request as metadata. Returns: - ~.finding.Finding: + google.cloud.securitycenter_v1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -1484,14 +1501,15 @@ def set_iam_policy( Source. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest): The request object. Request message for `SetIamPolicy` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1503,72 +1521,62 @@ def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1581,13 +1589,16 @@ def set_iam_policy( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.SetIamPolicyRequest(**request) - elif not request: - request = iam_policy.SetIamPolicyRequest(resource=resource,) + # Null request, just make one. + request = iam_policy.SetIamPolicyRequest() + + if resource is not None: + request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1619,22 +1630,24 @@ def test_iam_permissions( specified source. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest): The request object. Request message for `TestIamPermissions` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - permissions (:class:`Sequence[str]`): + permissions (Sequence[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview `__. + This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1646,8 +1659,8 @@ def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have @@ -1659,15 +1672,19 @@ def test_iam_permissions( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.TestIamPermissionsRequest(**request) - elif not request: - request = iam_policy.TestIamPermissionsRequest( - resource=resource, permissions=permissions, - ) + # Null request, just make one. + request = iam_policy.TestIamPermissionsRequest() + + if resource is not None: + request.resource = resource + + if permissions: + request.permissions.extend(permissions) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1698,10 +1715,10 @@ def update_finding( source must exist for a finding creation to succeed. Args: - request (:class:`~.securitycenter_service.UpdateFindingRequest`): + request (google.cloud.securitycenter_v1beta1.types.UpdateFindingRequest): The request object. Request message for updating or creating a finding. - finding (:class:`~.gcs_finding.Finding`): + finding (google.cloud.securitycenter_v1beta1.types.Finding): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -1709,6 +1726,7 @@ def update_finding( In the case of creation, the finding id portion of the name must alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1720,7 +1738,7 @@ def update_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -1785,12 +1803,13 @@ def update_organization_settings( r"""Updates an organization's settings. Args: - request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.UpdateOrganizationSettingsRequest): The request object. Request message for updating an organization's settings. - organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`): + organization_settings (google.cloud.securitycenter_v1beta1.types.OrganizationSettings): Required. The organization settings resource to update. + This corresponds to the ``organization_settings`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1802,7 +1821,7 @@ def update_organization_settings( sent along with the request as metadata. Returns: - ~.gcs_organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -1865,12 +1884,13 @@ def update_source( r"""Updates a source. Args: - request (:class:`~.securitycenter_service.UpdateSourceRequest`): + request (google.cloud.securitycenter_v1beta1.types.UpdateSourceRequest): The request object. Request message for updating a source. - source (:class:`~.gcs_source.Source`): + source (google.cloud.securitycenter_v1beta1.types.Source): Required. The source resource to update. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1882,7 +1902,7 @@ def update_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -1944,12 +1964,13 @@ def update_security_marks( r"""Updates security marks. Args: - request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`): + request (google.cloud.securitycenter_v1beta1.types.UpdateSecurityMarksRequest): The request object. Request message for updating a SecurityMarks resource. - security_marks (:class:`~.gcs_security_marks.SecurityMarks`): + security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks): Required. The security marks resource to update. + This corresponds to the ``security_marks`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1961,7 +1982,7 @@ def update_security_marks( sent along with the request as metadata. Returns: - ~.gcs_security_marks.SecurityMarks: + google.cloud.securitycenter_v1beta1.types.SecurityMarks: User specified security marks that are attached to the parent Security Command Center resource. Security marks diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py b/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py index 64ef79bd..a3a18cc4 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/pagers.py @@ -15,7 +15,16 @@ # limitations under the License. # -from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple +from typing import ( + Any, + AsyncIterable, + Awaitable, + Callable, + Iterable, + Sequence, + Tuple, + Optional, +) from google.cloud.securitycenter_v1beta1.types import finding from google.cloud.securitycenter_v1beta1.types import securitycenter_service @@ -26,7 +35,7 @@ class GroupAssetsPager: """A pager for iterating through ``group_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse` object, and provides an ``__iter__`` method to iterate through its ``group_by_results`` field. @@ -35,7 +44,7 @@ class GroupAssetsPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -53,9 +62,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupAssetsResponse`): + response (google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -88,7 +97,7 @@ class GroupAssetsAsyncPager: """A pager for iterating through ``group_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse` object, and provides an ``__aiter__`` method to iterate through its ``group_by_results`` field. @@ -97,7 +106,7 @@ class GroupAssetsAsyncPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -115,9 +124,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GroupAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupAssetsResponse`): + response (google.cloud.securitycenter_v1beta1.types.GroupAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -154,7 +163,7 @@ class GroupFindingsPager: """A pager for iterating through ``group_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse` object, and provides an ``__iter__`` method to iterate through its ``group_by_results`` field. @@ -163,7 +172,7 @@ class GroupFindingsPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -181,9 +190,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupFindingsResponse`): + response (google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -216,7 +225,7 @@ class GroupFindingsAsyncPager: """A pager for iterating through ``group_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse` object, and provides an ``__aiter__`` method to iterate through its ``group_by_results`` field. @@ -225,7 +234,7 @@ class GroupFindingsAsyncPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -243,9 +252,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.GroupFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupFindingsResponse`): + response (google.cloud.securitycenter_v1beta1.types.GroupFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -284,7 +293,7 @@ class ListAssetsPager: """A pager for iterating through ``list_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse` object, and provides an ``__iter__`` method to iterate through its ``list_assets_results`` field. @@ -293,7 +302,7 @@ class ListAssetsPager: through the ``list_assets_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -311,9 +320,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListAssetsResponse`): + response (google.cloud.securitycenter_v1beta1.types.ListAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -348,7 +357,7 @@ class ListAssetsAsyncPager: """A pager for iterating through ``list_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse` object, and provides an ``__aiter__`` method to iterate through its ``list_assets_results`` field. @@ -357,7 +366,7 @@ class ListAssetsAsyncPager: through the ``list_assets_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -375,9 +384,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListAssetsResponse`): + response (google.cloud.securitycenter_v1beta1.types.ListAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -416,7 +425,7 @@ class ListFindingsPager: """A pager for iterating through ``list_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse` object, and provides an ``__iter__`` method to iterate through its ``findings`` field. @@ -425,7 +434,7 @@ class ListFindingsPager: through the ``findings`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -443,9 +452,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListFindingsResponse`): + response (google.cloud.securitycenter_v1beta1.types.ListFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -478,7 +487,7 @@ class ListFindingsAsyncPager: """A pager for iterating through ``list_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse` object, and provides an ``__aiter__`` method to iterate through its ``findings`` field. @@ -487,7 +496,7 @@ class ListFindingsAsyncPager: through the ``findings`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -505,9 +514,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListFindingsResponse`): + response (google.cloud.securitycenter_v1beta1.types.ListFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -544,7 +553,7 @@ class ListSourcesPager: """A pager for iterating through ``list_sources`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListSourcesResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse` object, and provides an ``__iter__`` method to iterate through its ``sources`` field. @@ -553,7 +562,7 @@ class ListSourcesPager: through the ``sources`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListSourcesResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -571,9 +580,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListSourcesRequest): The initial request object. - response (:class:`~.securitycenter_service.ListSourcesResponse`): + response (google.cloud.securitycenter_v1beta1.types.ListSourcesResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -606,7 +615,7 @@ class ListSourcesAsyncPager: """A pager for iterating through ``list_sources`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListSourcesResponse` object, and + :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse` object, and provides an ``__aiter__`` method to iterate through its ``sources`` field. @@ -615,7 +624,7 @@ class ListSourcesAsyncPager: through the ``sources`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListSourcesResponse` + All the usual :class:`google.cloud.securitycenter_v1beta1.types.ListSourcesResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -633,9 +642,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1beta1.types.ListSourcesRequest): The initial request object. - response (:class:`~.securitycenter_service.ListSourcesResponse`): + response (google.cloud.securitycenter_v1beta1.types.ListSourcesResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py index df35096b..3a22dfc9 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py @@ -23,7 +23,6 @@ from google.api_core import exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore -from google.api_core import retry as retries # type: ignore from google.api_core import operations_v1 # type: ignore from google.auth import credentials # type: ignore @@ -85,10 +84,10 @@ def __init__( scope (Optional[Sequence[str]]): A list of scopes. quota_project_id (Optional[str]): An optional project to use for billing and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing your own client library. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. @@ -96,6 +95,9 @@ def __init__( host += ":443" self._host = host + # Save the scopes. + self._scopes = scopes or self.AUTH_SCOPES + # If no credentials are provided, then determine the appropriate # defaults. if credentials and credentials_file: @@ -105,20 +107,17 @@ def __init__( if credentials_file is not None: credentials, _ = auth.load_credentials_from_file( - credentials_file, scopes=scopes, quota_project_id=quota_project_id + credentials_file, scopes=self._scopes, quota_project_id=quota_project_id ) elif credentials is None: credentials, _ = auth.default( - scopes=scopes, quota_project_id=quota_project_id + scopes=self._scopes, quota_project_id=quota_project_id ) # Save the credentials. self._credentials = credentials - # Lifted into its own function so it can be stubbed out during tests. - self._prep_wrapped_messages(client_info) - def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { @@ -137,6 +136,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -150,6 +150,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -163,6 +164,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -176,6 +178,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -189,6 +192,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -202,6 +206,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -215,6 +220,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -228,6 +234,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -250,6 +257,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py index a7447d0b..2bcfb198 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py @@ -72,6 +72,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: @@ -102,6 +103,10 @@ def __init__( ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. client_info (google.api_core.gapic_v1.client_info.ClientInfo): @@ -116,72 +121,61 @@ def __init__( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ + self._grpc_channel = None self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) if channel: - # Sanity check: Ensure that channel and credentials are not both - # provided. + # Ignore credentials if a channel was passed. credentials = False - # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - elif api_mtls_endpoint: - warnings.warn( - "api_mtls_endpoint and client_cert_source are deprecated", - DeprecationWarning, - ) - host = ( - api_mtls_endpoint - if ":" in api_mtls_endpoint - else api_mtls_endpoint + ":443" - ) + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) else: - ssl_credentials = SslCredentials().ssl_credentials + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) - # create a new channel. The provided one is ignored. - self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - ssl_credentials=ssl_credentials, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - self._ssl_channel_credentials = ssl_credentials - else: - host = host if ":" in host else host + ":443" - - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + ) - # create a new channel. The provided one is ignored. + if not self._grpc_channel: self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, + self._host, + credentials=self._credentials, credentials_file=credentials_file, - ssl_credentials=ssl_channel_credentials, - scopes=scopes or self.AUTH_SCOPES, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, quota_project_id=quota_project_id, options=[ ("grpc.max_send_message_length", -1), @@ -189,18 +183,8 @@ def __init__( ], ) - self._stubs = {} # type: Dict[str, Callable] - self._operations_client = None - - # Run the base constructor. - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - client_info=client_info, - ) + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) @classmethod def create_channel( @@ -214,7 +198,7 @@ def create_channel( ) -> grpc.Channel: """Create and return a gRPC channel object. Args: - address (Optional[str]): The host for the channel to use. + host (Optional[str]): The host for the channel to use. credentials (Optional[~.Credentials]): The authorization credentials to attach to requests. These credentials identify this application to the service. If diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py index 2a2d3551..f401d887 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py @@ -76,7 +76,7 @@ def create_channel( ) -> aio.Channel: """Create and return a gRPC AsyncIO channel object. Args: - address (Optional[str]): The host for the channel to use. + host (Optional[str]): The host for the channel to use. credentials (Optional[~.Credentials]): The authorization credentials to attach to requests. These credentials identify this application to the service. If @@ -116,6 +116,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: @@ -147,12 +148,16 @@ def __init__( ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing your own client library. Raises: @@ -161,72 +166,61 @@ def __init__( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ + self._grpc_channel = None self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) if channel: - # Sanity check: Ensure that channel and credentials are not both - # provided. + # Ignore credentials if a channel was passed. credentials = False - # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - elif api_mtls_endpoint: - warnings.warn( - "api_mtls_endpoint and client_cert_source are deprecated", - DeprecationWarning, - ) - host = ( - api_mtls_endpoint - if ":" in api_mtls_endpoint - else api_mtls_endpoint + ":443" - ) + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) else: - ssl_credentials = SslCredentials().ssl_credentials + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) - # create a new channel. The provided one is ignored. - self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - ssl_credentials=ssl_credentials, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - self._ssl_channel_credentials = ssl_credentials - else: - host = host if ":" in host else host + ":443" - - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + ) - # create a new channel. The provided one is ignored. + if not self._grpc_channel: self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, + self._host, + credentials=self._credentials, credentials_file=credentials_file, - ssl_credentials=ssl_channel_credentials, - scopes=scopes or self.AUTH_SCOPES, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, quota_project_id=quota_project_id, options=[ ("grpc.max_send_message_length", -1), @@ -234,18 +228,8 @@ def __init__( ], ) - # Run the base constructor. - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - client_info=client_info, - ) - - self._stubs = {} - self._operations_client = None + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) @property def grpc_channel(self) -> aio.Channel: diff --git a/google/cloud/securitycenter_v1beta1/types/__init__.py b/google/cloud/securitycenter_v1beta1/types/__init__.py index 11c4424f..1f373080 100644 --- a/google/cloud/securitycenter_v1beta1/types/__init__.py +++ b/google/cloud/securitycenter_v1beta1/types/__init__.py @@ -15,12 +15,11 @@ # limitations under the License. # -from .security_marks import SecurityMarks from .asset import Asset from .finding import Finding from .organization_settings import OrganizationSettings from .run_asset_discovery_response import RunAssetDiscoveryResponse -from .source import Source +from .security_marks import SecurityMarks from .securitycenter_service import ( CreateFindingRequest, CreateSourceRequest, @@ -31,27 +30,27 @@ GroupFindingsRequest, GroupFindingsResponse, GroupResult, - ListSourcesRequest, - ListSourcesResponse, ListAssetsRequest, ListAssetsResponse, ListFindingsRequest, ListFindingsResponse, - SetFindingStateRequest, + ListSourcesRequest, + ListSourcesResponse, RunAssetDiscoveryRequest, + SetFindingStateRequest, UpdateFindingRequest, UpdateOrganizationSettingsRequest, - UpdateSourceRequest, UpdateSecurityMarksRequest, + UpdateSourceRequest, ) +from .source import Source __all__ = ( - "SecurityMarks", "Asset", "Finding", "OrganizationSettings", "RunAssetDiscoveryResponse", - "Source", + "SecurityMarks", "CreateFindingRequest", "CreateSourceRequest", "GetOrganizationSettingsRequest", @@ -61,16 +60,17 @@ "GroupFindingsRequest", "GroupFindingsResponse", "GroupResult", - "ListSourcesRequest", - "ListSourcesResponse", "ListAssetsRequest", "ListAssetsResponse", "ListFindingsRequest", "ListFindingsResponse", - "SetFindingStateRequest", + "ListSourcesRequest", + "ListSourcesResponse", "RunAssetDiscoveryRequest", + "SetFindingStateRequest", "UpdateFindingRequest", "UpdateOrganizationSettingsRequest", - "UpdateSourceRequest", "UpdateSecurityMarksRequest", + "UpdateSourceRequest", + "Source", ) diff --git a/google/cloud/securitycenter_v1beta1/types/asset.py b/google/cloud/securitycenter_v1beta1/types/asset.py index 80b4082d..75d676b8 100644 --- a/google/cloud/securitycenter_v1beta1/types/asset.py +++ b/google/cloud/securitycenter_v1beta1/types/asset.py @@ -46,23 +46,23 @@ class Asset(proto.Message): https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/assets/{asset_id}". - security_center_properties (~.asset.Asset.SecurityCenterProperties): + security_center_properties (google.cloud.securitycenter_v1beta1.types.Asset.SecurityCenterProperties): Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user. - resource_properties (Sequence[~.asset.Asset.ResourcePropertiesEntry]): + resource_properties (Sequence[google.cloud.securitycenter_v1beta1.types.Asset.ResourcePropertiesEntry]): Resource managed properties. These properties are managed and defined by the Google Cloud resource and cannot be modified by the user. - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks): User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the asset was created in Security Command Center. - update_time (~.timestamp.Timestamp): + update_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the asset was last updated, added, or deleted in Security Command Center. """ diff --git a/google/cloud/securitycenter_v1beta1/types/finding.py b/google/cloud/securitycenter_v1beta1/types/finding.py index b2a07a64..6b48d620 100644 --- a/google/cloud/securitycenter_v1beta1/types/finding.py +++ b/google/cloud/securitycenter_v1beta1/types/finding.py @@ -57,7 +57,7 @@ class Finding(proto.Message): When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time. - state (~.finding.Finding.State): + state (google.cloud.securitycenter_v1beta1.types.Finding.State): The state of the finding. category (str): The additional taxonomy group within findings from a given @@ -69,18 +69,18 @@ class Finding(proto.Message): additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. - source_properties (Sequence[~.finding.Finding.SourcePropertiesEntry]): + source_properties (Sequence[google.cloud.securitycenter_v1beta1.types.Finding.SourcePropertiesEntry]): Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks): Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. - event_time (~.timestamp.Timestamp): + event_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open @@ -89,7 +89,7 @@ class Finding(proto.Message): is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the finding was created in Security Command Center. """ diff --git a/google/cloud/securitycenter_v1beta1/types/organization_settings.py b/google/cloud/securitycenter_v1beta1/types/organization_settings.py index 3b3ae0b1..f8a2a563 100644 --- a/google/cloud/securitycenter_v1beta1/types/organization_settings.py +++ b/google/cloud/securitycenter_v1beta1/types/organization_settings.py @@ -38,7 +38,7 @@ class OrganizationSettings(proto.Message): If the flag is set to ``true``, then discovery of assets will occur. If it is set to \`false, all historical assets will remain, but discovery of future assets will not occur. - asset_discovery_config (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig): + asset_discovery_config (google.cloud.securitycenter_v1beta1.types.OrganizationSettings.AssetDiscoveryConfig): The configuration used for Asset Discovery runs. """ @@ -50,7 +50,7 @@ class AssetDiscoveryConfig(proto.Message): project_ids (Sequence[str]): The project ids to use for filtering asset discovery. - inclusion_mode (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig.InclusionMode): + inclusion_mode (google.cloud.securitycenter_v1beta1.types.OrganizationSettings.AssetDiscoveryConfig.InclusionMode): The mode to use for filtering asset discovery. """ diff --git a/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py index 0b9e9d95..5d444d6b 100644 --- a/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py +++ b/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py @@ -31,9 +31,9 @@ class RunAssetDiscoveryResponse(proto.Message): r"""Response of asset discovery run Attributes: - state (~.run_asset_discovery_response.RunAssetDiscoveryResponse.State): + state (google.cloud.securitycenter_v1beta1.types.RunAssetDiscoveryResponse.State): The state of an asset discovery run. - duration (~.gp_duration.Duration): + duration (google.protobuf.duration_pb2.Duration): The duration between asset discovery run start and end """ diff --git a/google/cloud/securitycenter_v1beta1/types/security_marks.py b/google/cloud/securitycenter_v1beta1/types/security_marks.py index 7964b095..fa5b1795 100644 --- a/google/cloud/securitycenter_v1beta1/types/security_marks.py +++ b/google/cloud/securitycenter_v1beta1/types/security_marks.py @@ -37,7 +37,7 @@ class SecurityMarks(proto.Message): Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks". - marks (Sequence[~.security_marks.SecurityMarks.MarksEntry]): + marks (Sequence[google.cloud.securitycenter_v1beta1.types.SecurityMarks.MarksEntry]): Mutable user specified security marks belonging to the parent resource. Constraints are as follows: diff --git a/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py b/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py index 833f60fc..dec898c5 100644 --- a/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py +++ b/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py @@ -75,7 +75,7 @@ class CreateFindingRequest(proto.Message): alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1beta1.types.Finding): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. @@ -95,7 +95,7 @@ class CreateSourceRequest(proto.Message): parent (str): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". - source (~.gcs_source.Source): + source (google.cloud.securitycenter_v1beta1.types.Source): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. @@ -186,7 +186,7 @@ class GroupAssetsRequest(proto.Message): set: - security_center_properties.resource_type - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the Asset's "state" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of @@ -212,7 +212,7 @@ class GroupAssetsRequest(proto.Message): This field is ignored if ``state`` is not a field in ``group_by``. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those @@ -248,13 +248,13 @@ class GroupAssetsResponse(proto.Message): r"""Response message for grouping by assets. Attributes: - group_by_results (Sequence[~.securitycenter_service.GroupResult]): + group_by_results (Sequence[google.cloud.securitycenter_v1beta1.types.GroupResult]): Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the groupBy request. next_page_token (str): Token to retrieve the next page of results, @@ -324,7 +324,7 @@ class GroupFindingsRequest(proto.Message): - category - state - parent - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values @@ -358,13 +358,13 @@ class GroupFindingsResponse(proto.Message): r"""Response message for group by findings. Attributes: - group_by_results (Sequence[~.securitycenter_service.GroupResult]): + group_by_results (Sequence[google.cloud.securitycenter_v1beta1.types.GroupResult]): Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the groupBy request. next_page_token (str): Token to retrieve the next page of results, @@ -389,7 +389,7 @@ class GroupResult(proto.Message): request. Attributes: - properties (Sequence[~.securitycenter_service.GroupResult.PropertiesEntry]): + properties (Sequence[google.cloud.securitycenter_v1beta1.types.GroupResult.PropertiesEntry]): Properties matching the groupBy fields in the request. count (int): @@ -433,7 +433,7 @@ class ListSourcesResponse(proto.Message): r"""Response message for listing sources. Attributes: - sources (Sequence[~.gcs_source.Source]): + sources (Sequence[google.cloud.securitycenter_v1beta1.types.Source]): Sources belonging to the requested parent. next_page_token (str): Token to retrieve the next page of results, @@ -498,13 +498,13 @@ class ListAssetsRequest(proto.Message): Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the ListAssetResult's "state" attribute is updated to indicate whether the asset was added, removed, or remained present during the @@ -531,7 +531,7 @@ class ListAssetsRequest(proto.Message): If compare_duration is not specified, then the only possible state is "UNUSED", which indicates that the asset is present at read_time. - field_mask (~.gp_field_mask.FieldMask): + field_mask (google.protobuf.field_mask_pb2.FieldMask): Optional. A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all @@ -568,9 +568,9 @@ class ListAssetsResponse(proto.Message): r"""Response message for listing assets. Attributes: - list_assets_results (Sequence[~.securitycenter_service.ListAssetsResponse.ListAssetsResult]): + list_assets_results (Sequence[google.cloud.securitycenter_v1beta1.types.ListAssetsResponse.ListAssetsResult]): Assets matching the list request. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the list request. next_page_token (str): Token to retrieve the next page of results, @@ -584,9 +584,9 @@ class ListAssetsResult(proto.Message): r"""Result containing the Asset and its State. Attributes: - asset (~.gcs_asset.Asset): + asset (google.cloud.securitycenter_v1beta1.types.Asset): Asset matching the search request. - state (~.securitycenter_service.ListAssetsResponse.ListAssetsResult.State): + state (google.cloud.securitycenter_v1beta1.types.ListAssetsResponse.ListAssetsResult.State): State of the asset. """ @@ -674,13 +674,13 @@ class ListFindingsRequest(proto.Message): space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - field_mask (~.gp_field_mask.FieldMask): + field_mask (google.protobuf.field_mask_pb2.FieldMask): Optional. A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. @@ -714,9 +714,9 @@ class ListFindingsResponse(proto.Message): r"""Response message for listing findings. Attributes: - findings (Sequence[~.gcs_finding.Finding]): + findings (Sequence[google.cloud.securitycenter_v1beta1.types.Finding]): Findings matching the list request. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the list request. next_page_token (str): Token to retrieve the next page of results, @@ -750,9 +750,9 @@ class SetFindingStateRequest(proto.Message): https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". - state (~.gcs_finding.Finding.State): + state (google.cloud.securitycenter_v1beta1.types.Finding.State): Required. The desired State of the finding. - start_time (~.timestamp.Timestamp): + start_time (google.protobuf.timestamp_pb2.Timestamp): Required. The time at which the updated state takes effect. """ @@ -781,7 +781,7 @@ class UpdateFindingRequest(proto.Message): r"""Request message for updating or creating a finding. Attributes: - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1beta1.types.Finding): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -789,7 +789,7 @@ class UpdateFindingRequest(proto.Message): In the case of creation, the finding id portion of the name must alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. @@ -804,10 +804,10 @@ class UpdateOrganizationSettingsRequest(proto.Message): r"""Request message for updating an organization's settings. Attributes: - organization_settings (~.gcs_organization_settings.OrganizationSettings): + organization_settings (google.cloud.securitycenter_v1beta1.types.OrganizationSettings): Required. The organization settings resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the settings resource. """ @@ -823,9 +823,9 @@ class UpdateSourceRequest(proto.Message): r"""Request message for updating a source. Attributes: - source (~.gcs_source.Source): + source (google.cloud.securitycenter_v1beta1.types.Source): Required. The source resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the source resource. """ @@ -839,13 +839,13 @@ class UpdateSecurityMarksRequest(proto.Message): r"""Request message for updating a SecurityMarks resource. Attributes: - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1beta1.types.SecurityMarks): Required. The security marks resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the security marks resource. - start_time (~.timestamp.Timestamp): + start_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the updated SecurityMarks take effect. """ diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py index a3a51ca4..ac8719ec 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py @@ -122,7 +122,36 @@ class SecurityCenterAsyncClient: SecurityCenterClient.parse_common_location_path ) - from_service_account_file = SecurityCenterClient.from_service_account_file + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterAsyncClient: The constructed client. + """ + return SecurityCenterClient.from_service_account_info.__func__(SecurityCenterAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterAsyncClient: The constructed client. + """ + return SecurityCenterClient.from_service_account_file.__func__(SecurityCenterAsyncClient, filename, *args, **kwargs) # type: ignore + from_service_account_json = from_service_account_file @property @@ -199,19 +228,21 @@ async def create_source( r"""Creates a source. Args: - request (:class:`~.securitycenter_service.CreateSourceRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.CreateSourceRequest`): The request object. Request message for creating a source. parent (:class:`str`): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - source (:class:`~.gcs_source.Source`): + source (:class:`google.cloud.securitycenter_v1p1beta1.types.Source`): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -223,7 +254,7 @@ async def create_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1p1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -287,26 +318,29 @@ async def create_finding( exist for finding creation to succeed. Args: - request (:class:`~.securitycenter_service.CreateFindingRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.CreateFindingRequest`): The request object. Request message for creating a finding. parent (:class:`str`): Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. finding_id (:class:`str`): Required. Unique identifier provided by the client within the parent scope. + This corresponds to the ``finding_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding (:class:`~.gcs_finding.Finding`): + finding (:class:`google.cloud.securitycenter_v1p1beta1.types.Finding`): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -318,7 +352,7 @@ async def create_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1p1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -386,12 +420,13 @@ async def create_notification_config( r"""Creates a notification config. Args: - request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.CreateNotificationConfigRequest`): The request object. Request message for creating a notification config. parent (:class:`str`): Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -401,14 +436,16 @@ async def create_notification_config( It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. + This corresponds to the ``config_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (:class:`google.cloud.securitycenter_v1p1beta1.types.NotificationConfig`): Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -420,7 +457,7 @@ async def create_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1p1beta1.types.NotificationConfig: Security Command Center notification configs. A notification config is a Security @@ -484,13 +521,14 @@ async def delete_notification_config( r"""Deletes a notification config. Args: - request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.DeleteNotificationConfigRequest`): The request object. Request message for deleting a notification config. name (:class:`str`): Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -551,7 +589,7 @@ async def get_iam_policy( Source. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): The request object. Request message for `GetIamPolicy` method. resource (:class:`str`): @@ -559,6 +597,7 @@ async def get_iam_policy( policy is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -570,72 +609,62 @@ async def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -667,6 +696,7 @@ async def get_iam_policy( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -696,13 +726,14 @@ async def get_notification_config( r"""Gets a notification config. Args: - request (:class:`~.securitycenter_service.GetNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.GetNotificationConfigRequest`): The request object. Request message for getting a notification config. name (:class:`str`): Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -714,7 +745,7 @@ async def get_notification_config( sent along with the request as metadata. Returns: - ~.notification_config.NotificationConfig: + google.cloud.securitycenter_v1p1beta1.types.NotificationConfig: Security Command Center notification configs. A notification config is a Security @@ -753,6 +784,7 @@ async def get_notification_config( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -782,13 +814,14 @@ async def get_organization_settings( r"""Gets the settings for an organization. Args: - request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.GetOrganizationSettingsRequest`): The request object. Request message for getting organization settings. name (:class:`str`): Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -800,7 +833,7 @@ async def get_organization_settings( sent along with the request as metadata. Returns: - ~.organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -835,6 +868,7 @@ async def get_organization_settings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -864,13 +898,14 @@ async def get_source( r"""Gets a source. Args: - request (:class:`~.securitycenter_service.GetSourceRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.GetSourceRequest`): The request object. Request message for getting a source. name (:class:`str`): Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -882,7 +917,7 @@ async def get_source( sent along with the request as metadata. Returns: - ~.source.Source: + google.cloud.securitycenter_v1p1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -920,6 +955,7 @@ async def get_source( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -949,7 +985,7 @@ async def group_assets( their specified properties. Args: - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest`): The request object. Request message for grouping by assets. @@ -960,7 +996,7 @@ async def group_assets( sent along with the request as metadata. Returns: - ~.pagers.GroupAssetsAsyncPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupAssetsAsyncPager: Response message for grouping by assets. Iterating over this object will yield @@ -983,6 +1019,7 @@ async def group_assets( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1024,7 +1061,7 @@ async def group_findings( /v1p1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest`): The request object. Request message for grouping by findings. parent (:class:`str`): @@ -1033,6 +1070,7 @@ async def group_findings( To groupBy across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1047,8 +1085,7 @@ async def group_findings( - resource_name - category - state - - parent - + - parent - severity The following fields are supported when compare_duration @@ -1067,7 +1104,7 @@ async def group_findings( sent along with the request as metadata. Returns: - ~.pagers.GroupFindingsAsyncPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupFindingsAsyncPager: Response message for group by findings. Iterating over this object will yield @@ -1106,6 +1143,7 @@ async def group_findings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1141,11 +1179,12 @@ async def list_assets( r"""Lists an organization's assets. Args: - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest`): The request object. Request message for listing assets. parent (:class:`str`): Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1157,7 +1196,7 @@ async def list_assets( sent along with the request as metadata. Returns: - ~.pagers.ListAssetsAsyncPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListAssetsAsyncPager: Response message for listing assets. Iterating over this object will yield results and resolve additional pages @@ -1193,6 +1232,7 @@ async def list_assets( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1232,7 +1272,7 @@ async def list_findings( /v1p1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest`): The request object. Request message for listing findings. parent (:class:`str`): @@ -1241,6 +1281,7 @@ async def list_findings( "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1252,7 +1293,7 @@ async def list_findings( sent along with the request as metadata. Returns: - ~.pagers.ListFindingsAsyncPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListFindingsAsyncPager: Response message for listing findings. Iterating over this object will yield @@ -1289,6 +1330,7 @@ async def list_findings( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=DEFAULT_CLIENT_INFO, @@ -1324,13 +1366,14 @@ async def list_notification_configs( r"""Lists notification configs. Args: - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest`): The request object. Request message for listing notification configs. parent (:class:`str`): Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1342,7 +1385,7 @@ async def list_notification_configs( sent along with the request as metadata. Returns: - ~.pagers.ListNotificationConfigsAsyncPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListNotificationConfigsAsyncPager: Response message for listing notification configs. Iterating over this object will yield @@ -1379,6 +1422,7 @@ async def list_notification_configs( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1414,12 +1458,13 @@ async def list_sources( r"""Lists all sources belonging to an organization. Args: - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest`): The request object. Request message for listing sources. parent (:class:`str`): Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1431,7 +1476,7 @@ async def list_sources( sent along with the request as metadata. Returns: - ~.pagers.ListSourcesAsyncPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListSourcesAsyncPager: Response message for listing sources. Iterating over this object will yield results and resolve additional pages @@ -1467,6 +1512,7 @@ async def list_sources( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1507,13 +1553,14 @@ async def run_asset_discovery( receive a TOO_MANY_REQUESTS error. Args: - request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryRequest`): The request object. Request message for running asset discovery for an organization. parent (:class:`str`): Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1525,11 +1572,11 @@ async def run_asset_discovery( sent along with the request as metadata. Returns: - ~.operation_async.AsyncOperation: + google.api_core.operation_async.AsyncOperation: An object representing a long-running operation. The result type for the operation will be - :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``: + :class:`google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse` Response of asset discovery run """ @@ -1593,7 +1640,7 @@ async def set_finding_state( r"""Updates the state of a finding. Args: - request (:class:`~.securitycenter_service.SetFindingStateRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.SetFindingStateRequest`): The request object. Request message for updating a finding's state. name (:class:`str`): @@ -1602,18 +1649,21 @@ async def set_finding_state( https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - state (:class:`~.finding.Finding.State`): + state (:class:`google.cloud.securitycenter_v1p1beta1.types.Finding.State`): Required. The desired State of the finding. + This corresponds to the ``state`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - start_time (:class:`~.timestamp.Timestamp`): + start_time (:class:`google.protobuf.timestamp_pb2.Timestamp`): Required. The time at which the updated state takes effect. + This corresponds to the ``start_time`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1625,7 +1675,7 @@ async def set_finding_state( sent along with the request as metadata. Returns: - ~.finding.Finding: + google.cloud.securitycenter_v1p1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -1692,7 +1742,7 @@ async def set_iam_policy( Source. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. resource (:class:`str`): @@ -1700,6 +1750,7 @@ async def set_iam_policy( policy is being specified. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1711,72 +1762,62 @@ async def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1831,7 +1872,7 @@ async def test_iam_permissions( specified source. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. resource (:class:`str`): @@ -1839,6 +1880,7 @@ async def test_iam_permissions( policy detail is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1847,6 +1889,7 @@ async def test_iam_permissions( Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview `__. + This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1858,8 +1901,8 @@ async def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have @@ -1892,6 +1935,7 @@ async def test_iam_permissions( predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, @@ -1923,10 +1967,10 @@ async def update_finding( source must exist for a finding creation to succeed. Args: - request (:class:`~.securitycenter_service.UpdateFindingRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateFindingRequest`): The request object. Request message for updating or creating a finding. - finding (:class:`~.gcs_finding.Finding`): + finding (:class:`google.cloud.securitycenter_v1p1beta1.types.Finding`): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -1934,10 +1978,11 @@ async def update_finding( In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. @@ -1947,6 +1992,7 @@ async def update_finding( source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1958,7 +2004,7 @@ async def update_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1p1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -2026,20 +2072,22 @@ async def update_notification_config( allowed: description, pubsub_topic, streaming_config.filter Args: - request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateNotificationConfigRequest`): The request object. Request message for updating a notification config. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (:class:`google.cloud.securitycenter_v1p1beta1.types.NotificationConfig`): Required. The notification config to update. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2051,7 +2099,7 @@ async def update_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1p1beta1.types.NotificationConfig: Security Command Center notification configs. A notification config is a Security @@ -2115,12 +2163,13 @@ async def update_organization_settings( r"""Updates an organization's settings. Args: - request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateOrganizationSettingsRequest`): The request object. Request message for updating an organization's settings. - organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`): + organization_settings (:class:`google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings`): Required. The organization settings resource to update. + This corresponds to the ``organization_settings`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2132,7 +2181,7 @@ async def update_organization_settings( sent along with the request as metadata. Returns: - ~.gcs_organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -2191,20 +2240,22 @@ async def update_source( r"""Updates a source. Args: - request (:class:`~.securitycenter_service.UpdateSourceRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateSourceRequest`): The request object. Request message for updating a source. - source (:class:`~.gcs_source.Source`): + source (:class:`google.cloud.securitycenter_v1p1beta1.types.Source`): Required. The source resource to update. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2216,7 +2267,7 @@ async def update_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1p1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -2280,16 +2331,17 @@ async def update_security_marks( r"""Updates security marks. Args: - request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`): + request (:class:`google.cloud.securitycenter_v1p1beta1.types.UpdateSecurityMarksRequest`): The request object. Request message for updating a SecurityMarks resource. - security_marks (:class:`~.gcs_security_marks.SecurityMarks`): + security_marks (:class:`google.cloud.securitycenter_v1p1beta1.types.SecurityMarks`): Required. The security marks resource to update. + This corresponds to the ``security_marks`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): The FieldMask to use when updating the security marks resource. @@ -2297,6 +2349,7 @@ async def update_security_marks( empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2308,7 +2361,7 @@ async def update_security_marks( sent along with the request as metadata. Returns: - ~.gcs_security_marks.SecurityMarks: + google.cloud.securitycenter_v1p1beta1.types.SecurityMarks: User specified security marks that are attached to the parent Security Command Center resource. Security marks diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py index b2b042e8..bbee6898 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py @@ -134,6 +134,22 @@ def _get_default_mtls_endpoint(api_endpoint): DEFAULT_ENDPOINT ) + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecurityCenterClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials @@ -146,7 +162,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): kwargs: Additional arguments to pass to the constructor. Returns: - {@api.name}: The constructed client. + SecurityCenterClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_file(filename) kwargs["credentials"] = credentials @@ -342,10 +358,10 @@ def __init__( credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. - transport (Union[str, ~.SecurityCenterTransport]): The + transport (Union[str, SecurityCenterTransport]): The transport to use. If set to None, a transport is chosen automatically. - client_options (client_options_lib.ClientOptions): Custom options for the + client_options (google.api_core.client_options.ClientOptions): Custom options for the client. It won't take effect if a ``transport`` instance is provided. (1) The ``api_endpoint`` property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT @@ -381,21 +397,17 @@ def __init__( util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) ) - ssl_credentials = None + client_cert_source_func = None is_mtls = False if use_client_cert: if client_options.client_cert_source: - import grpc # type: ignore - - cert, key = client_options.client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) is_mtls = True + client_cert_source_func = client_options.client_cert_source else: - creds = SslCredentials() - is_mtls = creds.is_mtls - ssl_credentials = creds.ssl_credentials if is_mtls else None + is_mtls = mtls.has_default_client_cert_source() + client_cert_source_func = ( + mtls.default_client_cert_source() if is_mtls else None + ) # Figure out which api endpoint to use. if client_options.api_endpoint is not None: @@ -438,7 +450,7 @@ def __init__( credentials_file=client_options.credentials_file, host=api_endpoint, scopes=client_options.scopes, - ssl_channel_credentials=ssl_credentials, + client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, ) @@ -456,19 +468,21 @@ def create_source( r"""Creates a source. Args: - request (:class:`~.securitycenter_service.CreateSourceRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.CreateSourceRequest): The request object. Request message for creating a source. - parent (:class:`str`): + parent (str): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - source (:class:`~.gcs_source.Source`): + source (google.cloud.securitycenter_v1p1beta1.types.Source): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -480,7 +494,7 @@ def create_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1p1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -545,26 +559,29 @@ def create_finding( exist for finding creation to succeed. Args: - request (:class:`~.securitycenter_service.CreateFindingRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.CreateFindingRequest): The request object. Request message for creating a finding. - parent (:class:`str`): + parent (str): Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding_id (:class:`str`): + finding_id (str): Required. Unique identifier provided by the client within the parent scope. + This corresponds to the ``finding_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - finding (:class:`~.gcs_finding.Finding`): + finding (google.cloud.securitycenter_v1p1beta1.types.Finding): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -576,7 +593,7 @@ def create_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1p1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -645,29 +662,32 @@ def create_notification_config( r"""Creates a notification config. Args: - request (:class:`~.securitycenter_service.CreateNotificationConfigRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.CreateNotificationConfigRequest): The request object. Request message for creating a notification config. - parent (:class:`str`): + parent (str): Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - config_id (:class:`str`): + config_id (str): Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. + This corresponds to the ``config_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig): Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -679,7 +699,7 @@ def create_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1p1beta1.types.NotificationConfig: Security Command Center notification configs. A notification config is a Security @@ -748,13 +768,14 @@ def delete_notification_config( r"""Deletes a notification config. Args: - request (:class:`~.securitycenter_service.DeleteNotificationConfigRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.DeleteNotificationConfigRequest): The request object. Request message for deleting a notification config. - name (:class:`str`): + name (str): Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -820,14 +841,15 @@ def get_iam_policy( Source. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest): The request object. Request message for `GetIamPolicy` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -839,72 +861,62 @@ def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -917,13 +929,16 @@ def get_iam_policy( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.GetIamPolicyRequest(**request) - elif not request: - request = iam_policy.GetIamPolicyRequest(resource=resource,) + # Null request, just make one. + request = iam_policy.GetIamPolicyRequest() + + if resource is not None: + request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -953,13 +968,14 @@ def get_notification_config( r"""Gets a notification config. Args: - request (:class:`~.securitycenter_service.GetNotificationConfigRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GetNotificationConfigRequest): The request object. Request message for getting a notification config. - name (:class:`str`): + name (str): Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -971,7 +987,7 @@ def get_notification_config( sent along with the request as metadata. Returns: - ~.notification_config.NotificationConfig: + google.cloud.securitycenter_v1p1beta1.types.NotificationConfig: Security Command Center notification configs. A notification config is a Security @@ -1032,13 +1048,14 @@ def get_organization_settings( r"""Gets the settings for an organization. Args: - request (:class:`~.securitycenter_service.GetOrganizationSettingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GetOrganizationSettingsRequest): The request object. Request message for getting organization settings. - name (:class:`str`): + name (str): Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1050,7 +1067,7 @@ def get_organization_settings( sent along with the request as metadata. Returns: - ~.organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -1111,13 +1128,14 @@ def get_source( r"""Gets a source. Args: - request (:class:`~.securitycenter_service.GetSourceRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GetSourceRequest): The request object. Request message for getting a source. - name (:class:`str`): + name (str): Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1129,7 +1147,7 @@ def get_source( sent along with the request as metadata. Returns: - ~.source.Source: + google.cloud.securitycenter_v1p1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -1189,7 +1207,7 @@ def group_assets( their specified properties. Args: - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest): The request object. Request message for grouping by assets. @@ -1200,7 +1218,7 @@ def group_assets( sent along with the request as metadata. Returns: - ~.pagers.GroupAssetsPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupAssetsPager: Response message for grouping by assets. Iterating over this object will yield @@ -1257,19 +1275,20 @@ def group_findings( /v1p1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest): The request object. Request message for grouping by findings. - parent (:class:`str`): + parent (str): Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - group_by (:class:`str`): + group_by (str): Required. Expression that defines what assets fields to use for grouping (including ``state_change``). The string value should follow SQL syntax: comma separated @@ -1280,8 +1299,7 @@ def group_findings( - resource_name - category - state - - parent - + - parent - severity The following fields are supported when compare_duration @@ -1300,7 +1318,7 @@ def group_findings( sent along with the request as metadata. Returns: - ~.pagers.GroupFindingsPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.GroupFindingsPager: Response message for group by findings. Iterating over this object will yield @@ -1367,11 +1385,12 @@ def list_assets( r"""Lists an organization's assets. Args: - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest): The request object. Request message for listing assets. - parent (:class:`str`): + parent (str): Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1383,7 +1402,7 @@ def list_assets( sent along with the request as metadata. Returns: - ~.pagers.ListAssetsPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListAssetsPager: Response message for listing assets. Iterating over this object will yield results and resolve additional pages @@ -1451,15 +1470,16 @@ def list_findings( /v1p1beta1/organizations/{organization_id}/sources/-/findings Args: - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest): The request object. Request message for listing findings. - parent (:class:`str`): + parent (str): Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of ``-``. For example: organizations/{organization_id}/sources/- + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1471,7 +1491,7 @@ def list_findings( sent along with the request as metadata. Returns: - ~.pagers.ListFindingsPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListFindingsPager: Response message for listing findings. Iterating over this object will yield @@ -1536,13 +1556,14 @@ def list_notification_configs( r"""Lists notification configs. Args: - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest): The request object. Request message for listing notification configs. - parent (:class:`str`): + parent (str): Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1554,7 +1575,7 @@ def list_notification_configs( sent along with the request as metadata. Returns: - ~.pagers.ListNotificationConfigsPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListNotificationConfigsPager: Response message for listing notification configs. Iterating over this object will yield @@ -1623,12 +1644,13 @@ def list_sources( r"""Lists all sources belonging to an organization. Args: - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest): The request object. Request message for listing sources. - parent (:class:`str`): + parent (str): Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1640,7 +1662,7 @@ def list_sources( sent along with the request as metadata. Returns: - ~.pagers.ListSourcesPager: + google.cloud.securitycenter_v1p1beta1.services.security_center.pagers.ListSourcesPager: Response message for listing sources. Iterating over this object will yield results and resolve additional pages @@ -1709,13 +1731,14 @@ def run_asset_discovery( receive a TOO_MANY_REQUESTS error. Args: - request (:class:`~.securitycenter_service.RunAssetDiscoveryRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryRequest): The request object. Request message for running asset discovery for an organization. - parent (:class:`str`): + parent (str): Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1727,11 +1750,11 @@ def run_asset_discovery( sent along with the request as metadata. Returns: - ~.operation.Operation: + google.api_core.operation.Operation: An object representing a long-running operation. The result type for the operation will be - :class:``~.run_asset_discovery_response.RunAssetDiscoveryResponse``: + :class:`google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse` Response of asset discovery run """ @@ -1796,27 +1819,30 @@ def set_finding_state( r"""Updates the state of a finding. Args: - request (:class:`~.securitycenter_service.SetFindingStateRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.SetFindingStateRequest): The request object. Request message for updating a finding's state. - name (:class:`str`): + name (str): Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - state (:class:`~.finding.Finding.State`): + state (google.cloud.securitycenter_v1p1beta1.types.Finding.State): Required. The desired State of the finding. + This corresponds to the ``state`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - start_time (:class:`~.timestamp.Timestamp`): + start_time (google.protobuf.timestamp_pb2.Timestamp): Required. The time at which the updated state takes effect. + This corresponds to the ``start_time`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1828,7 +1854,7 @@ def set_finding_state( sent along with the request as metadata. Returns: - ~.finding.Finding: + google.cloud.securitycenter_v1p1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -1896,14 +1922,15 @@ def set_iam_policy( Source. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest): The request object. Request message for `SetIamPolicy` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1915,72 +1942,62 @@ def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1993,13 +2010,16 @@ def set_iam_policy( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.SetIamPolicyRequest(**request) - elif not request: - request = iam_policy.SetIamPolicyRequest(resource=resource,) + # Null request, just make one. + request = iam_policy.SetIamPolicyRequest() + + if resource is not None: + request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2031,22 +2051,24 @@ def test_iam_permissions( specified source. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest): The request object. Request message for `TestIamPermissions` method. - resource (:class:`str`): + resource (str): REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. + This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - permissions (:class:`Sequence[str]`): + permissions (Sequence[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview `__. + This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2058,8 +2080,8 @@ def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have @@ -2071,15 +2093,19 @@ def test_iam_permissions( "the individual field arguments should be set." ) - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. request = iam_policy.TestIamPermissionsRequest(**request) - elif not request: - request = iam_policy.TestIamPermissionsRequest( - resource=resource, permissions=permissions, - ) + # Null request, just make one. + request = iam_policy.TestIamPermissionsRequest() + + if resource is not None: + request.resource = resource + + if permissions: + request.permissions.extend(permissions) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2111,10 +2137,10 @@ def update_finding( source must exist for a finding creation to succeed. Args: - request (:class:`~.securitycenter_service.UpdateFindingRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.UpdateFindingRequest): The request object. Request message for updating or creating a finding. - finding (:class:`~.gcs_finding.Finding`): + finding (google.cloud.securitycenter_v1p1beta1.types.Finding): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -2122,10 +2148,11 @@ def update_finding( In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. + This corresponds to the ``finding`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. @@ -2135,6 +2162,7 @@ def update_finding( source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2146,7 +2174,7 @@ def update_finding( sent along with the request as metadata. Returns: - ~.gcs_finding.Finding: + google.cloud.securitycenter_v1p1beta1.types.Finding: Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) @@ -2215,20 +2243,22 @@ def update_notification_config( allowed: description, pubsub_topic, streaming_config.filter Args: - request (:class:`~.securitycenter_service.UpdateNotificationConfigRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.UpdateNotificationConfigRequest): The request object. Request message for updating a notification config. - notification_config (:class:`~.gcs_notification_config.NotificationConfig`): + notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig): Required. The notification config to update. + This corresponds to the ``notification_config`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2240,7 +2270,7 @@ def update_notification_config( sent along with the request as metadata. Returns: - ~.gcs_notification_config.NotificationConfig: + google.cloud.securitycenter_v1p1beta1.types.NotificationConfig: Security Command Center notification configs. A notification config is a Security @@ -2309,12 +2339,13 @@ def update_organization_settings( r"""Updates an organization's settings. Args: - request (:class:`~.securitycenter_service.UpdateOrganizationSettingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.UpdateOrganizationSettingsRequest): The request object. Request message for updating an organization's settings. - organization_settings (:class:`~.gcs_organization_settings.OrganizationSettings`): + organization_settings (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings): Required. The organization settings resource to update. + This corresponds to the ``organization_settings`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2326,7 +2357,7 @@ def update_organization_settings( sent along with the request as metadata. Returns: - ~.gcs_organization_settings.OrganizationSettings: + google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings: User specified settings that are attached to the Security Command Center organization. @@ -2390,20 +2421,22 @@ def update_source( r"""Updates a source. Args: - request (:class:`~.securitycenter_service.UpdateSourceRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.UpdateSourceRequest): The request object. Request message for updating a source. - source (:class:`~.gcs_source.Source`): + source (google.cloud.securitycenter_v1p1beta1.types.Source): Required. The source resource to update. + This corresponds to the ``source`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2415,7 +2448,7 @@ def update_source( sent along with the request as metadata. Returns: - ~.gcs_source.Source: + google.cloud.securitycenter_v1p1beta1.types.Source: Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. @@ -2480,16 +2513,17 @@ def update_security_marks( r"""Updates security marks. Args: - request (:class:`~.securitycenter_service.UpdateSecurityMarksRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.UpdateSecurityMarksRequest): The request object. Request message for updating a SecurityMarks resource. - security_marks (:class:`~.gcs_security_marks.SecurityMarks`): + security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks): Required. The security marks resource to update. + This corresponds to the ``security_marks`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the security marks resource. @@ -2497,6 +2531,7 @@ def update_security_marks( empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -2508,7 +2543,7 @@ def update_security_marks( sent along with the request as metadata. Returns: - ~.gcs_security_marks.SecurityMarks: + google.cloud.securitycenter_v1p1beta1.types.SecurityMarks: User specified security marks that are attached to the parent Security Command Center resource. Security marks diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py index 561db76f..712fa98f 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py @@ -15,7 +15,16 @@ # limitations under the License. # -from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple +from typing import ( + Any, + AsyncIterable, + Awaitable, + Callable, + Iterable, + Sequence, + Tuple, + Optional, +) from google.cloud.securitycenter_v1p1beta1.types import notification_config from google.cloud.securitycenter_v1p1beta1.types import securitycenter_service @@ -26,7 +35,7 @@ class GroupAssetsPager: """A pager for iterating through ``group_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse` object, and provides an ``__iter__`` method to iterate through its ``group_by_results`` field. @@ -35,7 +44,7 @@ class GroupAssetsPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -53,9 +62,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupAssetsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -88,7 +97,7 @@ class GroupAssetsAsyncPager: """A pager for iterating through ``group_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse` object, and provides an ``__aiter__`` method to iterate through its ``group_by_results`` field. @@ -97,7 +106,7 @@ class GroupAssetsAsyncPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -115,9 +124,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupAssetsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupAssetsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -154,7 +163,7 @@ class GroupFindingsPager: """A pager for iterating through ``group_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse` object, and provides an ``__iter__`` method to iterate through its ``group_by_results`` field. @@ -163,7 +172,7 @@ class GroupFindingsPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -181,9 +190,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupFindingsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -216,7 +225,7 @@ class GroupFindingsAsyncPager: """A pager for iterating through ``group_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.GroupFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse` object, and provides an ``__aiter__`` method to iterate through its ``group_by_results`` field. @@ -225,7 +234,7 @@ class GroupFindingsAsyncPager: through the ``group_by_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.GroupFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -243,9 +252,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.GroupFindingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.GroupFindingsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -284,7 +293,7 @@ class ListAssetsPager: """A pager for iterating through ``list_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse` object, and provides an ``__iter__`` method to iterate through its ``list_assets_results`` field. @@ -293,7 +302,7 @@ class ListAssetsPager: through the ``list_assets_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -311,9 +320,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListAssetsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -348,7 +357,7 @@ class ListAssetsAsyncPager: """A pager for iterating through ``list_assets`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListAssetsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse` object, and provides an ``__aiter__`` method to iterate through its ``list_assets_results`` field. @@ -357,7 +366,7 @@ class ListAssetsAsyncPager: through the ``list_assets_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListAssetsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -375,9 +384,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListAssetsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListAssetsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -416,7 +425,7 @@ class ListFindingsPager: """A pager for iterating through ``list_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse` object, and provides an ``__iter__`` method to iterate through its ``list_findings_results`` field. @@ -425,7 +434,7 @@ class ListFindingsPager: through the ``list_findings_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -443,9 +452,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListFindingsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -480,7 +489,7 @@ class ListFindingsAsyncPager: """A pager for iterating through ``list_findings`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListFindingsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse` object, and provides an ``__aiter__`` method to iterate through its ``list_findings_results`` field. @@ -489,7 +498,7 @@ class ListFindingsAsyncPager: through the ``list_findings_results`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListFindingsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -507,9 +516,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListFindingsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListFindingsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -548,7 +557,7 @@ class ListNotificationConfigsPager: """A pager for iterating through ``list_notification_configs`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse` object, and provides an ``__iter__`` method to iterate through its ``notification_configs`` field. @@ -557,7 +566,7 @@ class ListNotificationConfigsPager: through the ``notification_configs`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -575,9 +584,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -610,7 +619,7 @@ class ListNotificationConfigsAsyncPager: """A pager for iterating through ``list_notification_configs`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListNotificationConfigsResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse` object, and provides an ``__aiter__`` method to iterate through its ``notification_configs`` field. @@ -619,7 +628,7 @@ class ListNotificationConfigsAsyncPager: through the ``notification_configs`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListNotificationConfigsResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -639,9 +648,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListNotificationConfigsRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest): The initial request object. - response (:class:`~.securitycenter_service.ListNotificationConfigsResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -680,7 +689,7 @@ class ListSourcesPager: """A pager for iterating through ``list_sources`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListSourcesResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse` object, and provides an ``__iter__`` method to iterate through its ``sources`` field. @@ -689,7 +698,7 @@ class ListSourcesPager: through the ``sources`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListSourcesResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -707,9 +716,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest): The initial request object. - response (:class:`~.securitycenter_service.ListSourcesResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -742,7 +751,7 @@ class ListSourcesAsyncPager: """A pager for iterating through ``list_sources`` requests. This class thinly wraps an initial - :class:`~.securitycenter_service.ListSourcesResponse` object, and + :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse` object, and provides an ``__aiter__`` method to iterate through its ``sources`` field. @@ -751,7 +760,7 @@ class ListSourcesAsyncPager: through the ``sources`` field on the corresponding responses. - All the usual :class:`~.securitycenter_service.ListSourcesResponse` + All the usual :class:`google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -769,9 +778,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.securitycenter_service.ListSourcesRequest`): + request (google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest): The initial request object. - response (:class:`~.securitycenter_service.ListSourcesResponse`): + response (google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py index 59b77852..fddc88f5 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py @@ -23,7 +23,6 @@ from google.api_core import exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore -from google.api_core import retry as retries # type: ignore from google.api_core import operations_v1 # type: ignore from google.auth import credentials # type: ignore @@ -90,10 +89,10 @@ def __init__( scope (Optional[Sequence[str]]): A list of scopes. quota_project_id (Optional[str]): An optional project to use for billing and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing your own client library. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. @@ -101,6 +100,9 @@ def __init__( host += ":443" self._host = host + # Save the scopes. + self._scopes = scopes or self.AUTH_SCOPES + # If no credentials are provided, then determine the appropriate # defaults. if credentials and credentials_file: @@ -110,20 +112,17 @@ def __init__( if credentials_file is not None: credentials, _ = auth.load_credentials_from_file( - credentials_file, scopes=scopes, quota_project_id=quota_project_id + credentials_file, scopes=self._scopes, quota_project_id=quota_project_id ) elif credentials is None: credentials, _ = auth.default( - scopes=scopes, quota_project_id=quota_project_id + scopes=self._scopes, quota_project_id=quota_project_id ) # Save the credentials. self._credentials = credentials - # Lifted into its own function so it can be stubbed out during tests. - self._prep_wrapped_messages(client_info) - def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { @@ -152,6 +151,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -165,6 +165,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -178,6 +179,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -191,6 +193,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -204,6 +207,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -217,6 +221,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -230,6 +235,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -243,6 +249,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=480.0, ), default_timeout=480.0, client_info=client_info, @@ -256,6 +263,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -269,6 +277,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, @@ -291,6 +300,7 @@ def _prep_wrapped_messages(self, client_info): predicate=retries.if_exception_type( exceptions.DeadlineExceeded, exceptions.ServiceUnavailable, ), + deadline=60.0, ), default_timeout=60.0, client_info=client_info, diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py index d402248c..15182889 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py @@ -77,6 +77,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: @@ -107,6 +108,10 @@ def __init__( ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. client_info (google.api_core.gapic_v1.client_info.ClientInfo): @@ -121,72 +126,61 @@ def __init__( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ + self._grpc_channel = None self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) if channel: - # Sanity check: Ensure that channel and credentials are not both - # provided. + # Ignore credentials if a channel was passed. credentials = False - # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - elif api_mtls_endpoint: - warnings.warn( - "api_mtls_endpoint and client_cert_source are deprecated", - DeprecationWarning, - ) - host = ( - api_mtls_endpoint - if ":" in api_mtls_endpoint - else api_mtls_endpoint + ":443" - ) + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) else: - ssl_credentials = SslCredentials().ssl_credentials + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) - # create a new channel. The provided one is ignored. - self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - ssl_credentials=ssl_credentials, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - self._ssl_channel_credentials = ssl_credentials - else: - host = host if ":" in host else host + ":443" - - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + ) - # create a new channel. The provided one is ignored. + if not self._grpc_channel: self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, + self._host, + credentials=self._credentials, credentials_file=credentials_file, - ssl_credentials=ssl_channel_credentials, - scopes=scopes or self.AUTH_SCOPES, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, quota_project_id=quota_project_id, options=[ ("grpc.max_send_message_length", -1), @@ -194,18 +188,8 @@ def __init__( ], ) - self._stubs = {} # type: Dict[str, Callable] - self._operations_client = None - - # Run the base constructor. - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - client_info=client_info, - ) + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) @classmethod def create_channel( @@ -219,7 +203,7 @@ def create_channel( ) -> grpc.Channel: """Create and return a gRPC channel object. Args: - address (Optional[str]): The host for the channel to use. + host (Optional[str]): The host for the channel to use. credentials (Optional[~.Credentials]): The authorization credentials to attach to requests. These credentials identify this application to the service. If diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py index 3269c916..dfb65374 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py @@ -81,7 +81,7 @@ def create_channel( ) -> aio.Channel: """Create and return a gRPC AsyncIO channel object. Args: - address (Optional[str]): The host for the channel to use. + host (Optional[str]): The host for the channel to use. credentials (Optional[~.Credentials]): The authorization credentials to attach to requests. These credentials identify this application to the service. If @@ -121,6 +121,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: @@ -152,12 +153,16 @@ def __init__( ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing your own client library. Raises: @@ -166,72 +171,61 @@ def __init__( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ + self._grpc_channel = None self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) if channel: - # Sanity check: Ensure that channel and credentials are not both - # provided. + # Ignore credentials if a channel was passed. credentials = False - # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - elif api_mtls_endpoint: - warnings.warn( - "api_mtls_endpoint and client_cert_source are deprecated", - DeprecationWarning, - ) - host = ( - api_mtls_endpoint - if ":" in api_mtls_endpoint - else api_mtls_endpoint + ":443" - ) + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - ssl_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) else: - ssl_credentials = SslCredentials().ssl_credentials + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) - # create a new channel. The provided one is ignored. - self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - ssl_credentials=ssl_credentials, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - self._ssl_channel_credentials = ssl_credentials - else: - host = host if ":" in host else host + ":443" - - if credentials is None: - credentials, _ = auth.default( - scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id - ) + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + ) - # create a new channel. The provided one is ignored. + if not self._grpc_channel: self._grpc_channel = type(self).create_channel( - host, - credentials=credentials, + self._host, + credentials=self._credentials, credentials_file=credentials_file, - ssl_credentials=ssl_channel_credentials, - scopes=scopes or self.AUTH_SCOPES, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, quota_project_id=quota_project_id, options=[ ("grpc.max_send_message_length", -1), @@ -239,18 +233,8 @@ def __init__( ], ) - # Run the base constructor. - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes or self.AUTH_SCOPES, - quota_project_id=quota_project_id, - client_info=client_info, - ) - - self._stubs = {} - self._operations_client = None + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) @property def grpc_channel(self) -> aio.Channel: diff --git a/google/cloud/securitycenter_v1p1beta1/types/__init__.py b/google/cloud/securitycenter_v1p1beta1/types/__init__.py index 1a1ebb24..0d3cb34a 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/__init__.py +++ b/google/cloud/securitycenter_v1p1beta1/types/__init__.py @@ -15,15 +15,14 @@ # limitations under the License. # -from .security_marks import SecurityMarks from .asset import Asset from .finding import Finding from .notification_config import NotificationConfig -from .resource import Resource from .notification_message import NotificationMessage from .organization_settings import OrganizationSettings +from .resource import Resource from .run_asset_discovery_response import RunAssetDiscoveryResponse -from .source import Source +from .security_marks import SecurityMarks from .securitycenter_service import ( CreateFindingRequest, CreateNotificationConfigRequest, @@ -37,33 +36,33 @@ GroupFindingsRequest, GroupFindingsResponse, GroupResult, - ListNotificationConfigsRequest, - ListNotificationConfigsResponse, - ListSourcesRequest, - ListSourcesResponse, ListAssetsRequest, ListAssetsResponse, ListFindingsRequest, ListFindingsResponse, - SetFindingStateRequest, + ListNotificationConfigsRequest, + ListNotificationConfigsResponse, + ListSourcesRequest, + ListSourcesResponse, RunAssetDiscoveryRequest, + SetFindingStateRequest, UpdateFindingRequest, UpdateNotificationConfigRequest, UpdateOrganizationSettingsRequest, - UpdateSourceRequest, UpdateSecurityMarksRequest, + UpdateSourceRequest, ) +from .source import Source __all__ = ( - "SecurityMarks", "Asset", "Finding", "NotificationConfig", - "Resource", "NotificationMessage", "OrganizationSettings", + "Resource", "RunAssetDiscoveryResponse", - "Source", + "SecurityMarks", "CreateFindingRequest", "CreateNotificationConfigRequest", "CreateSourceRequest", @@ -76,19 +75,20 @@ "GroupFindingsRequest", "GroupFindingsResponse", "GroupResult", - "ListNotificationConfigsRequest", - "ListNotificationConfigsResponse", - "ListSourcesRequest", - "ListSourcesResponse", "ListAssetsRequest", "ListAssetsResponse", "ListFindingsRequest", "ListFindingsResponse", - "SetFindingStateRequest", + "ListNotificationConfigsRequest", + "ListNotificationConfigsResponse", + "ListSourcesRequest", + "ListSourcesResponse", "RunAssetDiscoveryRequest", + "SetFindingStateRequest", "UpdateFindingRequest", "UpdateNotificationConfigRequest", "UpdateOrganizationSettingsRequest", - "UpdateSourceRequest", "UpdateSecurityMarksRequest", + "UpdateSourceRequest", + "Source", ) diff --git a/google/cloud/securitycenter_v1p1beta1/types/asset.py b/google/cloud/securitycenter_v1p1beta1/types/asset.py index 9d7f0742..50406de4 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/asset.py +++ b/google/cloud/securitycenter_v1p1beta1/types/asset.py @@ -46,26 +46,26 @@ class Asset(proto.Message): https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/assets/{asset_id}". - security_center_properties (~.asset.Asset.SecurityCenterProperties): + security_center_properties (google.cloud.securitycenter_v1p1beta1.types.Asset.SecurityCenterProperties): Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user. - resource_properties (Sequence[~.asset.Asset.ResourcePropertiesEntry]): + resource_properties (Sequence[google.cloud.securitycenter_v1p1beta1.types.Asset.ResourcePropertiesEntry]): Resource managed properties. These properties are managed and defined by the Google Cloud resource and cannot be modified by the user. - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks): User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the asset was created in Security Command Center. - update_time (~.timestamp.Timestamp): + update_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the asset was last updated, added, or deleted in Cloud SCC. - iam_policy (~.asset.Asset.IamPolicy): + iam_policy (google.cloud.securitycenter_v1p1beta1.types.Asset.IamPolicy): Cloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information diff --git a/google/cloud/securitycenter_v1p1beta1/types/finding.py b/google/cloud/securitycenter_v1p1beta1/types/finding.py index 1d6e12cb..0e667d8c 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/finding.py +++ b/google/cloud/securitycenter_v1p1beta1/types/finding.py @@ -57,7 +57,7 @@ class Finding(proto.Message): When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time. - state (~.finding.Finding.State): + state (google.cloud.securitycenter_v1p1beta1.types.Finding.State): The state of the finding. category (str): The additional taxonomy group within findings from a given @@ -69,18 +69,18 @@ class Finding(proto.Message): additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. - source_properties (Sequence[~.finding.Finding.SourcePropertiesEntry]): + source_properties (Sequence[google.cloud.securitycenter_v1p1beta1.types.Finding.SourcePropertiesEntry]): Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks): Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. - event_time (~.timestamp.Timestamp): + event_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open @@ -89,10 +89,10 @@ class Finding(proto.Message): is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the finding was created in Security Command Center. - severity (~.finding.Finding.Severity): + severity (google.cloud.securitycenter_v1p1beta1.types.Finding.Severity): The severity of the finding. This field is managed by the source that writes the finding. """ diff --git a/google/cloud/securitycenter_v1p1beta1/types/notification_config.py b/google/cloud/securitycenter_v1p1beta1/types/notification_config.py index 2be493b4..99befd9d 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/notification_config.py +++ b/google/cloud/securitycenter_v1p1beta1/types/notification_config.py @@ -38,7 +38,7 @@ class NotificationConfig(proto.Message): description (str): The description of the notification config (max of 1024 characters). - event_type (~.notification_config.NotificationConfig.EventType): + event_type (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig.EventType): The type of events the config is for, e.g. FINDING. pubsub_topic (str): @@ -48,7 +48,7 @@ class NotificationConfig(proto.Message): Output only. The service account that needs "pubsub.topics.publish" permission to publish to the Pub/Sub topic. - streaming_config (~.notification_config.NotificationConfig.StreamingConfig): + streaming_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig.StreamingConfig): The config for triggering streaming-based notifications. """ diff --git a/google/cloud/securitycenter_v1p1beta1/types/notification_message.py b/google/cloud/securitycenter_v1p1beta1/types/notification_message.py index 700d68eb..215cd555 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/notification_message.py +++ b/google/cloud/securitycenter_v1p1beta1/types/notification_message.py @@ -34,10 +34,10 @@ class NotificationMessage(proto.Message): notification_config_name (str): Name of the notification config that generated current notification. - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1p1beta1.types.Finding): If it's a Finding based notification config, this field will be populated. - resource (~.gcs_resource.Resource): + resource (google.cloud.securitycenter_v1p1beta1.types.Resource): The Cloud resource tied to the notification. """ diff --git a/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py b/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py index 70fec686..1cc1caeb 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py +++ b/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py @@ -38,7 +38,7 @@ class OrganizationSettings(proto.Message): If the flag is set to ``true``, then discovery of assets will occur. If it is set to \`false, all historical assets will remain, but discovery of future assets will not occur. - asset_discovery_config (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig): + asset_discovery_config (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings.AssetDiscoveryConfig): The configuration used for Asset Discovery runs. """ @@ -50,7 +50,7 @@ class AssetDiscoveryConfig(proto.Message): project_ids (Sequence[str]): The project ids to use for filtering asset discovery. - inclusion_mode (~.organization_settings.OrganizationSettings.AssetDiscoveryConfig.InclusionMode): + inclusion_mode (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings.AssetDiscoveryConfig.InclusionMode): The mode to use for filtering asset discovery. """ diff --git a/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py index 9c474a45..d1201368 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py +++ b/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py @@ -31,9 +31,9 @@ class RunAssetDiscoveryResponse(proto.Message): r"""Response of asset discovery run Attributes: - state (~.run_asset_discovery_response.RunAssetDiscoveryResponse.State): + state (google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse.State): The state of an asset discovery run. - duration (~.gp_duration.Duration): + duration (google.protobuf.duration_pb2.Duration): The duration between asset discovery run start and end """ diff --git a/google/cloud/securitycenter_v1p1beta1/types/security_marks.py b/google/cloud/securitycenter_v1p1beta1/types/security_marks.py index a7671f48..1d84bd55 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/security_marks.py +++ b/google/cloud/securitycenter_v1p1beta1/types/security_marks.py @@ -37,7 +37,7 @@ class SecurityMarks(proto.Message): Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks". - marks (Sequence[~.security_marks.SecurityMarks.MarksEntry]): + marks (Sequence[google.cloud.securitycenter_v1p1beta1.types.SecurityMarks.MarksEntry]): Mutable user specified security marks belonging to the parent resource. Constraints are as follows: diff --git a/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py b/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py index bd319164..e608de04 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py +++ b/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py @@ -81,7 +81,7 @@ class CreateFindingRequest(proto.Message): finding_id (str): Required. Unique identifier provided by the client within the parent scope. - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1p1beta1.types.Finding): Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. @@ -107,7 +107,7 @@ class CreateNotificationConfigRequest(proto.Message): between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. - notification_config (~.gcs_notification_config.NotificationConfig): + notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig): Required. The notification config being created. The name and the service account will be ignored as they are both output only fields @@ -130,7 +130,7 @@ class CreateSourceRequest(proto.Message): parent (str): Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". - source (~.gcs_source.Source): + source (google.cloud.securitycenter_v1p1beta1.types.Source): Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. @@ -302,7 +302,7 @@ class GroupAssetsRequest(proto.Message): - security_center_properties.resource_type - security_center_properties.resource_project_display_name - security_center_properties.resource_parent_display_name - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the @@ -334,7 +334,7 @@ class GroupAssetsRequest(proto.Message): If this field is set then ``state_change`` must be a specified field in ``group_by``. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those @@ -370,13 +370,13 @@ class GroupAssetsResponse(proto.Message): r"""Response message for grouping by assets. Attributes: - group_by_results (Sequence[~.securitycenter_service.GroupResult]): + group_by_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult]): Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the groupBy request. next_page_token (str): Token to retrieve the next page of results, @@ -492,13 +492,13 @@ class GroupFindingsRequest(proto.Message): set: - state_change - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained @@ -565,13 +565,13 @@ class GroupFindingsResponse(proto.Message): r"""Response message for group by findings. Attributes: - group_by_results (Sequence[~.securitycenter_service.GroupResult]): + group_by_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult]): Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the groupBy request. next_page_token (str): Token to retrieve the next page of results, @@ -601,7 +601,7 @@ class GroupResult(proto.Message): request. Attributes: - properties (Sequence[~.securitycenter_service.GroupResult.PropertiesEntry]): + properties (Sequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult.PropertiesEntry]): Properties matching the groupBy fields in the request. count (int): @@ -645,7 +645,7 @@ class ListNotificationConfigsResponse(proto.Message): r"""Response message for listing notification configs. Attributes: - notification_configs (Sequence[~.gcs_notification_config.NotificationConfig]): + notification_configs (Sequence[google.cloud.securitycenter_v1p1beta1.types.NotificationConfig]): Notification configs belonging to the requested parent. next_page_token (str): @@ -693,7 +693,7 @@ class ListSourcesResponse(proto.Message): r"""Response message for listing sources. Attributes: - sources (Sequence[~.gcs_source.Source]): + sources (Sequence[google.cloud.securitycenter_v1p1beta1.types.Source]): Sources belonging to the requested parent. next_page_token (str): Token to retrieve the next page of results, @@ -820,13 +820,13 @@ class ListAssetsRequest(proto.Message): security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the @@ -854,7 +854,7 @@ class ListAssetsRequest(proto.Message): If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. - field_mask (~.gp_field_mask.FieldMask): + field_mask (google.protobuf.field_mask_pb2.FieldMask): A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields. @@ -890,9 +890,9 @@ class ListAssetsResponse(proto.Message): r"""Response message for listing assets. Attributes: - list_assets_results (Sequence[~.securitycenter_service.ListAssetsResponse.ListAssetsResult]): + list_assets_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse.ListAssetsResult]): Assets matching the list request. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the list request. next_page_token (str): Token to retrieve the next page of results, @@ -906,9 +906,9 @@ class ListAssetsResult(proto.Message): r"""Result containing the Asset and its State. Attributes: - asset (~.gcs_asset.Asset): + asset (google.cloud.securitycenter_v1p1beta1.types.Asset): Asset matching the search request. - state_change (~.securitycenter_service.ListAssetsResponse.ListAssetsResult.StateChange): + state_change (google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse.ListAssetsResult.StateChange): State change of the asset between the points in time. """ @@ -1036,13 +1036,13 @@ class ListFindingsRequest(proto.Message): The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW. - compare_duration (~.duration.Duration): + compare_duration (google.protobuf.duration_pb2.Duration): When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained @@ -1076,7 +1076,7 @@ class ListFindingsRequest(proto.Message): If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. - field_mask (~.gp_field_mask.FieldMask): + field_mask (google.protobuf.field_mask_pb2.FieldMask): A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. @@ -1112,9 +1112,9 @@ class ListFindingsResponse(proto.Message): r"""Response message for listing findings. Attributes: - list_findings_results (Sequence[~.securitycenter_service.ListFindingsResponse.ListFindingsResult]): + list_findings_results (Sequence[google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult]): Findings matching the list request. - read_time (~.timestamp.Timestamp): + read_time (google.protobuf.timestamp_pb2.Timestamp): Time used for executing the list request. next_page_token (str): Token to retrieve the next page of results, @@ -1128,12 +1128,12 @@ class ListFindingsResult(proto.Message): r"""Result containing the Finding and its StateChange. Attributes: - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1p1beta1.types.Finding): Finding matching the search request. - state_change (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.StateChange): + state_change (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult.StateChange): State change of the finding between the points in time. - resource (~.securitycenter_service.ListFindingsResponse.ListFindingsResult.Resource): + resource (google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult.Resource): Output only. Resource that is associated with this finding. """ @@ -1222,9 +1222,9 @@ class SetFindingStateRequest(proto.Message): https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". - state (~.gcs_finding.Finding.State): + state (google.cloud.securitycenter_v1p1beta1.types.Finding.State): Required. The desired State of the finding. - start_time (~.timestamp.Timestamp): + start_time (google.protobuf.timestamp_pb2.Timestamp): Required. The time at which the updated state takes effect. """ @@ -1253,7 +1253,7 @@ class UpdateFindingRequest(proto.Message): r"""Request message for updating or creating a finding. Attributes: - finding (~.gcs_finding.Finding): + finding (google.cloud.securitycenter_v1p1beta1.types.Finding): Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. @@ -1261,7 +1261,7 @@ class UpdateFindingRequest(proto.Message): In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. @@ -1280,9 +1280,9 @@ class UpdateNotificationConfigRequest(proto.Message): r"""Request message for updating a notification config. Attributes: - notification_config (~.gcs_notification_config.NotificationConfig): + notification_config (google.cloud.securitycenter_v1p1beta1.types.NotificationConfig): Required. The notification config to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. @@ -1299,10 +1299,10 @@ class UpdateOrganizationSettingsRequest(proto.Message): r"""Request message for updating an organization's settings. Attributes: - organization_settings (~.gcs_organization_settings.OrganizationSettings): + organization_settings (google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings): Required. The organization settings resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the settings resource. @@ -1320,9 +1320,9 @@ class UpdateSourceRequest(proto.Message): r"""Request message for updating a source. Attributes: - source (~.gcs_source.Source): + source (google.cloud.securitycenter_v1p1beta1.types.Source): Required. The source resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. @@ -1337,17 +1337,17 @@ class UpdateSecurityMarksRequest(proto.Message): r"""Request message for updating a SecurityMarks resource. Attributes: - security_marks (~.gcs_security_marks.SecurityMarks): + security_marks (google.cloud.securitycenter_v1p1beta1.types.SecurityMarks): Required. The security marks resource to update. - update_mask (~.gp_field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". - start_time (~.timestamp.Timestamp): + start_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the diff --git a/noxfile.py b/noxfile.py index a57e24be..43dd3024 100644 --- a/noxfile.py +++ b/noxfile.py @@ -18,6 +18,7 @@ from __future__ import absolute_import import os +import pathlib import shutil import nox @@ -30,6 +31,22 @@ SYSTEM_TEST_PYTHON_VERSIONS = ["3.8"] UNIT_TEST_PYTHON_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] +CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute() + +# 'docfx' is excluded since it only needs to run in 'docs-presubmit' +nox.options.sessions = [ + "unit", + "system", + "cover", + "lint", + "lint_setup_py", + "blacken", + "docs", +] + +# Error if a python version is missing +nox.options.error_on_missing_interpreters = True + @nox.session(python=DEFAULT_PYTHON_VERSION) def lint(session): @@ -70,17 +87,21 @@ def lint_setup_py(session): def default(session): # Install all test dependencies, then install this package in-place. - session.install("asyncmock", "pytest-asyncio") - session.install( - "mock", "pytest", "pytest-cov", + constraints_path = str( + CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" ) - session.install("-e", ".") + session.install("asyncmock", "pytest-asyncio", "-c", constraints_path) + + session.install("mock", "pytest", "pytest-cov", "-c", constraints_path) + + session.install("-e", ".", "-c", constraints_path) # Run py.test against the unit tests. session.run( "py.test", "--quiet", + f"--junitxml=unit_{session.python}_sponge_log.xml", "--cov=google/cloud", "--cov=tests/unit", "--cov-append", @@ -101,6 +122,9 @@ def unit(session): @nox.session(python=SYSTEM_TEST_PYTHON_VERSIONS) def system(session): """Run the system test suite.""" + constraints_path = str( + CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" + ) system_test_path = os.path.join("tests", "system.py") system_test_folder_path = os.path.join("tests", "system") @@ -110,6 +134,9 @@ def system(session): # Sanity check: Only run tests if the environment variable is set. if not os.environ.get("GOOGLE_APPLICATION_CREDENTIALS", ""): session.skip("Credentials must be set via environment variable") + # Install pyopenssl for mTLS testing. + if os.environ.get("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true": + session.install("pyopenssl") system_test_exists = os.path.exists(system_test_path) system_test_folder_exists = os.path.exists(system_test_folder_path) @@ -122,16 +149,26 @@ def system(session): # Install all test dependencies, then install this package into the # virtualenv's dist-packages. - session.install( - "mock", "pytest", "google-cloud-testutils", - ) - session.install("-e", ".") + session.install("mock", "pytest", "google-cloud-testutils", "-c", constraints_path) + session.install("-e", ".", "-c", constraints_path) # Run py.test against the system tests. if system_test_exists: - session.run("py.test", "--quiet", system_test_path, *session.posargs) + session.run( + "py.test", + "--quiet", + f"--junitxml=system_{session.python}_sponge_log.xml", + system_test_path, + *session.posargs, + ) if system_test_folder_exists: - session.run("py.test", "--quiet", system_test_folder_path, *session.posargs) + session.run( + "py.test", + "--quiet", + f"--junitxml=system_{session.python}_sponge_log.xml", + system_test_folder_path, + *session.posargs, + ) @nox.session(python=DEFAULT_PYTHON_VERSION) @@ -142,7 +179,7 @@ def cover(session): test runs (not system test runs), and then erases coverage data. """ session.install("coverage", "pytest-cov") - session.run("coverage", "report", "--show-missing", "--fail-under=99") + session.run("coverage", "report", "--show-missing", "--fail-under=98") session.run("coverage", "erase") diff --git a/renovate.json b/renovate.json index 4fa94931..f08bc22c 100644 --- a/renovate.json +++ b/renovate.json @@ -1,5 +1,6 @@ { "extends": [ "config:base", ":preserveSemverRanges" - ] + ], + "ignorePaths": [".pre-commit-config.yaml"] } diff --git a/samples/snippets/noxfile.py b/samples/snippets/noxfile.py index bca0522e..97bf7da8 100644 --- a/samples/snippets/noxfile.py +++ b/samples/snippets/noxfile.py @@ -85,7 +85,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to tested samples. -ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8"] +ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8", "3.9"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] diff --git a/setup.py b/setup.py index 2e201757..c639c9da 100644 --- a/setup.py +++ b/setup.py @@ -24,11 +24,11 @@ version = "1.1.0" release_status = "Development Status :: 3 - Alpha" dependencies = [ - "google-api-core[grpc] >= 1.22.0, < 2.0.0dev", + "google-api-core[grpc] >= 1.22.2, < 2.0.0dev", "grpc-google-iam-v1 >= 0.12.3, < 0.13dev", "proto-plus >= 1.10.0", - "libcst >= 0.2.5", ] +extras = {"libcst": "libcst >= 0.2.5"} package_root = os.path.abspath(os.path.dirname(__file__)) @@ -71,6 +71,7 @@ packages=packages, namespace_packages=namespaces, install_requires=dependencies, + extras_requires=extras, python_requires=">=3.6", scripts=[ "scripts/fixup_securitycenter_v1_keywords.py", diff --git a/synth.metadata b/synth.metadata index cb1fa7e9..5e9ab512 100644 --- a/synth.metadata +++ b/synth.metadata @@ -3,30 +3,30 @@ { "git": { "name": ".", - "remote": "https://github.com/googleapis/python-securitycenter.git", - "sha": "8d37bea1658bda9a646277aca90b812ddeee5494" + "remote": "git@github.com:googleapis/python-securitycenter.git", + "sha": "7e7e448e1b4b05aa51b948f7f3463982aa2d302b" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "e9135d3cb8a99f77ee2ba3318ebc2c9b807581d0", - "internalRef": "347410691" + "sha": "7c8d16188e68347aac0053a40ab1dc2056a44899", + "internalRef": "365829960" } }, { "git": { "name": "synthtool", "remote": "https://github.com/googleapis/synthtool.git", - "sha": "41a4e56982620d3edcf110d76f4fcdfdec471ac8" + "sha": "572ef8f70edd9041f5bcfa71511aed6aecfc2098" } }, { "git": { "name": "synthtool", "remote": "https://github.com/googleapis/synthtool.git", - "sha": "41a4e56982620d3edcf110d76f4fcdfdec471ac8" + "sha": "572ef8f70edd9041f5bcfa71511aed6aecfc2098" } } ], @@ -58,182 +58,5 @@ "generator": "bazel" } } - ], - "generatedFiles": [ - ".flake8", - ".github/CONTRIBUTING.md", - ".github/ISSUE_TEMPLATE/bug_report.md", - ".github/ISSUE_TEMPLATE/feature_request.md", - ".github/ISSUE_TEMPLATE/support_request.md", - ".github/PULL_REQUEST_TEMPLATE.md", - ".github/release-please.yml", - ".github/snippet-bot.yml", - ".gitignore", - ".kokoro/build.sh", - ".kokoro/continuous/common.cfg", - ".kokoro/continuous/continuous.cfg", - ".kokoro/docker/docs/Dockerfile", - ".kokoro/docker/docs/fetch_gpg_keys.sh", - ".kokoro/docs/common.cfg", - ".kokoro/docs/docs-presubmit.cfg", - ".kokoro/docs/docs.cfg", - ".kokoro/populate-secrets.sh", - ".kokoro/presubmit/common.cfg", - ".kokoro/presubmit/presubmit.cfg", - ".kokoro/publish-docs.sh", - ".kokoro/release.sh", - ".kokoro/release/common.cfg", - ".kokoro/release/release.cfg", - ".kokoro/samples/lint/common.cfg", - ".kokoro/samples/lint/continuous.cfg", - ".kokoro/samples/lint/periodic.cfg", - ".kokoro/samples/lint/presubmit.cfg", - ".kokoro/samples/python3.6/common.cfg", - ".kokoro/samples/python3.6/continuous.cfg", - ".kokoro/samples/python3.6/periodic.cfg", - ".kokoro/samples/python3.6/presubmit.cfg", - ".kokoro/samples/python3.7/common.cfg", - ".kokoro/samples/python3.7/continuous.cfg", - ".kokoro/samples/python3.7/periodic.cfg", - ".kokoro/samples/python3.7/presubmit.cfg", - ".kokoro/samples/python3.8/common.cfg", - ".kokoro/samples/python3.8/continuous.cfg", - ".kokoro/samples/python3.8/periodic.cfg", - ".kokoro/samples/python3.8/presubmit.cfg", - ".kokoro/test-samples.sh", - ".kokoro/trampoline.sh", - ".kokoro/trampoline_v2.sh", - ".pre-commit-config.yaml", - ".trampolinerc", - "CODE_OF_CONDUCT.md", - "CONTRIBUTING.rst", - "LICENSE", - "MANIFEST.in", - "docs/_static/custom.css", - "docs/_templates/layout.html", - "docs/conf.py", - "docs/multiprocessing.rst", - "docs/securitycenter_v1/services.rst", - "docs/securitycenter_v1/types.rst", - "docs/securitycenter_v1beta1/services.rst", - "docs/securitycenter_v1beta1/types.rst", - "docs/securitycenter_v1p1beta1/services.rst", - "docs/securitycenter_v1p1beta1/types.rst", - "google/cloud/securitycenter/__init__.py", - "google/cloud/securitycenter/py.typed", - "google/cloud/securitycenter_v1/__init__.py", - "google/cloud/securitycenter_v1/proto/asset.proto", - "google/cloud/securitycenter_v1/proto/finding.proto", - "google/cloud/securitycenter_v1/proto/notification_config.proto", - "google/cloud/securitycenter_v1/proto/notification_message.proto", - "google/cloud/securitycenter_v1/proto/organization_settings.proto", - "google/cloud/securitycenter_v1/proto/resource.proto", - "google/cloud/securitycenter_v1/proto/run_asset_discovery_response.proto", - "google/cloud/securitycenter_v1/proto/security_marks.proto", - "google/cloud/securitycenter_v1/proto/securitycenter_service.proto", - "google/cloud/securitycenter_v1/proto/source.proto", - "google/cloud/securitycenter_v1/py.typed", - "google/cloud/securitycenter_v1/services/__init__.py", - "google/cloud/securitycenter_v1/services/security_center/__init__.py", - "google/cloud/securitycenter_v1/services/security_center/async_client.py", - "google/cloud/securitycenter_v1/services/security_center/client.py", - "google/cloud/securitycenter_v1/services/security_center/pagers.py", - "google/cloud/securitycenter_v1/services/security_center/transports/__init__.py", - "google/cloud/securitycenter_v1/services/security_center/transports/base.py", - "google/cloud/securitycenter_v1/services/security_center/transports/grpc.py", - "google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py", - "google/cloud/securitycenter_v1/types/__init__.py", - "google/cloud/securitycenter_v1/types/asset.py", - "google/cloud/securitycenter_v1/types/finding.py", - "google/cloud/securitycenter_v1/types/notification_config.py", - "google/cloud/securitycenter_v1/types/notification_message.py", - "google/cloud/securitycenter_v1/types/organization_settings.py", - "google/cloud/securitycenter_v1/types/resource.py", - "google/cloud/securitycenter_v1/types/run_asset_discovery_response.py", - "google/cloud/securitycenter_v1/types/security_marks.py", - "google/cloud/securitycenter_v1/types/securitycenter_service.py", - "google/cloud/securitycenter_v1/types/source.py", - "google/cloud/securitycenter_v1beta1/__init__.py", - "google/cloud/securitycenter_v1beta1/proto/asset.proto", - "google/cloud/securitycenter_v1beta1/proto/finding.proto", - "google/cloud/securitycenter_v1beta1/proto/organization_settings.proto", - "google/cloud/securitycenter_v1beta1/proto/run_asset_discovery_response.proto", - "google/cloud/securitycenter_v1beta1/proto/security_marks.proto", - "google/cloud/securitycenter_v1beta1/proto/securitycenter_service.proto", - "google/cloud/securitycenter_v1beta1/proto/source.proto", - "google/cloud/securitycenter_v1beta1/py.typed", - "google/cloud/securitycenter_v1beta1/services/__init__.py", - "google/cloud/securitycenter_v1beta1/services/security_center/__init__.py", - "google/cloud/securitycenter_v1beta1/services/security_center/async_client.py", - "google/cloud/securitycenter_v1beta1/services/security_center/client.py", - "google/cloud/securitycenter_v1beta1/services/security_center/pagers.py", - "google/cloud/securitycenter_v1beta1/services/security_center/transports/__init__.py", - "google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py", - "google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py", - "google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py", - "google/cloud/securitycenter_v1beta1/types/__init__.py", - "google/cloud/securitycenter_v1beta1/types/asset.py", - "google/cloud/securitycenter_v1beta1/types/finding.py", - "google/cloud/securitycenter_v1beta1/types/organization_settings.py", - "google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py", - "google/cloud/securitycenter_v1beta1/types/security_marks.py", - "google/cloud/securitycenter_v1beta1/types/securitycenter_service.py", - "google/cloud/securitycenter_v1beta1/types/source.py", - "google/cloud/securitycenter_v1p1beta1/__init__.py", - "google/cloud/securitycenter_v1p1beta1/proto/asset.proto", - "google/cloud/securitycenter_v1p1beta1/proto/finding.proto", - "google/cloud/securitycenter_v1p1beta1/proto/notification_config.proto", - "google/cloud/securitycenter_v1p1beta1/proto/notification_message.proto", - "google/cloud/securitycenter_v1p1beta1/proto/organization_settings.proto", - "google/cloud/securitycenter_v1p1beta1/proto/resource.proto", - "google/cloud/securitycenter_v1p1beta1/proto/run_asset_discovery_response.proto", - "google/cloud/securitycenter_v1p1beta1/proto/security_marks.proto", - "google/cloud/securitycenter_v1p1beta1/proto/securitycenter_service.proto", - "google/cloud/securitycenter_v1p1beta1/proto/source.proto", - "google/cloud/securitycenter_v1p1beta1/py.typed", - "google/cloud/securitycenter_v1p1beta1/services/__init__.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/__init__.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/async_client.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/client.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/pagers.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/__init__.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py", - "google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py", - "google/cloud/securitycenter_v1p1beta1/types/__init__.py", - "google/cloud/securitycenter_v1p1beta1/types/asset.py", - "google/cloud/securitycenter_v1p1beta1/types/finding.py", - "google/cloud/securitycenter_v1p1beta1/types/notification_config.py", - "google/cloud/securitycenter_v1p1beta1/types/notification_message.py", - "google/cloud/securitycenter_v1p1beta1/types/organization_settings.py", - "google/cloud/securitycenter_v1p1beta1/types/resource.py", - "google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py", - "google/cloud/securitycenter_v1p1beta1/types/security_marks.py", - "google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py", - "google/cloud/securitycenter_v1p1beta1/types/source.py", - "mypy.ini", - "noxfile.py", - "renovate.json", - "samples/AUTHORING_GUIDE.md", - "samples/CONTRIBUTING.md", - "samples/snippets/noxfile.py", - "scripts/decrypt-secrets.sh", - "scripts/fixup_securitycenter_v1_keywords.py", - "scripts/fixup_securitycenter_v1beta1_keywords.py", - "scripts/fixup_securitycenter_v1p1beta1_keywords.py", - "scripts/readme-gen/readme_gen.py", - "scripts/readme-gen/templates/README.tmpl.rst", - "scripts/readme-gen/templates/auth.tmpl.rst", - "scripts/readme-gen/templates/auth_api_key.tmpl.rst", - "scripts/readme-gen/templates/install_deps.tmpl.rst", - "scripts/readme-gen/templates/install_portaudio.tmpl.rst", - "setup.cfg", - "testing/.gitignore", - "tests/unit/gapic/securitycenter_v1/__init__.py", - "tests/unit/gapic/securitycenter_v1/test_security_center.py", - "tests/unit/gapic/securitycenter_v1beta1/__init__.py", - "tests/unit/gapic/securitycenter_v1beta1/test_security_center.py", - "tests/unit/gapic/securitycenter_v1p1beta1/__init__.py", - "tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py" ] } \ No newline at end of file diff --git a/synth.py b/synth.py index b5771bae..4c9f818d 100644 --- a/synth.py +++ b/synth.py @@ -50,7 +50,7 @@ templated_files = common.py_library( samples=True, microgenerator=True, # set to True only if there are samples - cov_level=99, + cov_level=98, ) s.move( templated_files, excludes=[".coveragerc"] diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index caba91f9..d9594657 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -5,7 +5,7 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-api-core==1.22.0 +google-api-core==1.22.2 grpc-google-iam-v1==0.12.3 proto-plus==1.10.0 -libcst==0.2.5 \ No newline at end of file +libcst==0.2.5 diff --git a/tests/unit/gapic/securitycenter_v1/__init__.py b/tests/unit/gapic/securitycenter_v1/__init__.py index 8b137891..42ffdf2b 100644 --- a/tests/unit/gapic/securitycenter_v1/__init__.py +++ b/tests/unit/gapic/securitycenter_v1/__init__.py @@ -1 +1,16 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/securitycenter_v1/test_security_center.py b/tests/unit/gapic/securitycenter_v1/test_security_center.py index 0553ce66..ae141baa 100644 --- a/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -114,7 +114,24 @@ def test__get_default_mtls_endpoint(): @pytest.mark.parametrize( - "client_class", [SecurityCenterClient, SecurityCenterAsyncClient] + "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,] +) +def test_security_center_client_from_service_account_info(client_class): + creds = credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "securitycenter.googleapis.com:443" + + +@pytest.mark.parametrize( + "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,] ) def test_security_center_client_from_service_account_file(client_class): creds = credentials.AnonymousCredentials() @@ -124,16 +141,21 @@ def test_security_center_client_from_service_account_file(client_class): factory.return_value = creds client = client_class.from_service_account_file("dummy/file/path.json") assert client.transport._credentials == creds + assert isinstance(client, client_class) client = client_class.from_service_account_json("dummy/file/path.json") assert client.transport._credentials == creds + assert isinstance(client, client_class) assert client.transport._host == "securitycenter.googleapis.com:443" def test_security_center_client_get_transport_class(): transport = SecurityCenterClient.get_transport_class() - assert transport == transports.SecurityCenterGrpcTransport + available_transports = [ + transports.SecurityCenterGrpcTransport, + ] + assert transport in available_transports transport = SecurityCenterClient.get_transport_class("grpc") assert transport == transports.SecurityCenterGrpcTransport @@ -184,7 +206,7 @@ def test_security_center_client_client_options( credentials_file=None, host="squid.clam.whelk", scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -200,7 +222,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -216,7 +238,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_MTLS_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -244,7 +266,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -295,29 +317,25 @@ def test_security_center_client_mtls_env_auto( client_cert_source=client_cert_source_callback ) with mock.patch.object(transport_class, "__init__") as patched: - ssl_channel_creds = mock.Mock() - with mock.patch( - "grpc.ssl_channel_credentials", return_value=ssl_channel_creds - ): - patched.return_value = None - client = client_class(client_options=options) + patched.return_value = None + client = client_class(client_options=options) - if use_client_cert_env == "false": - expected_ssl_channel_creds = None - expected_host = client.DEFAULT_ENDPOINT - else: - expected_ssl_channel_creds = ssl_channel_creds - expected_host = client.DEFAULT_MTLS_ENDPOINT + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - ssl_channel_credentials=expected_ssl_channel_creds, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - ) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + ) # Check the case ADC client cert is provided. Whether client cert is used depends on # GOOGLE_API_USE_CLIENT_CERTIFICATE value. @@ -326,66 +344,53 @@ def test_security_center_client_mtls_env_auto( ): with mock.patch.object(transport_class, "__init__") as patched: with mock.patch( - "google.auth.transport.grpc.SslCredentials.__init__", return_value=None + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, ): with mock.patch( - "google.auth.transport.grpc.SslCredentials.is_mtls", - new_callable=mock.PropertyMock, - ) as is_mtls_mock: - with mock.patch( - "google.auth.transport.grpc.SslCredentials.ssl_credentials", - new_callable=mock.PropertyMock, - ) as ssl_credentials_mock: - if use_client_cert_env == "false": - is_mtls_mock.return_value = False - ssl_credentials_mock.return_value = None - expected_host = client.DEFAULT_ENDPOINT - expected_ssl_channel_creds = None - else: - is_mtls_mock.return_value = True - ssl_credentials_mock.return_value = mock.Mock() - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_ssl_channel_creds = ( - ssl_credentials_mock.return_value - ) - - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - ssl_channel_credentials=expected_ssl_channel_creds, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - ) + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} - ): - with mock.patch.object(transport_class, "__init__") as patched: - with mock.patch( - "google.auth.transport.grpc.SslCredentials.__init__", return_value=None - ): - with mock.patch( - "google.auth.transport.grpc.SslCredentials.is_mtls", - new_callable=mock.PropertyMock, - ) as is_mtls_mock: - is_mtls_mock.return_value = False patched.return_value = None client = client_class() patched.assert_called_once_with( credentials=None, credentials_file=None, - host=client.DEFAULT_ENDPOINT, + host=expected_host, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + ) + @pytest.mark.parametrize( "client_class,transport_class,transport_name", @@ -411,7 +416,7 @@ def test_security_center_client_client_options_scopes( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=["1", "2"], - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -441,7 +446,7 @@ def test_security_center_client_client_options_credentials_file( credentials_file="credentials.json", host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -460,7 +465,7 @@ def test_security_center_client_client_options_from_dict(): credentials_file=None, host="squid.clam.whelk", scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -509,6 +514,22 @@ def test_create_source_from_dict(): test_create_source(request_type=dict) +def test_create_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_source), "__call__") as call: + client.create_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateSourceRequest() + + @pytest.mark.asyncio async def test_create_source_async( transport: str = "grpc_asyncio", @@ -737,6 +758,22 @@ def test_create_finding_from_dict(): test_create_finding(request_type=dict) +def test_create_finding_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_finding), "__call__") as call: + client.create_finding() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateFindingRequest() + + @pytest.mark.asyncio async def test_create_finding_async( transport: str = "grpc_asyncio", @@ -984,6 +1021,24 @@ def test_create_notification_config_from_dict(): test_create_notification_config(request_type=dict) +def test_create_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_notification_config), "__call__" + ) as call: + client.create_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateNotificationConfigRequest() + + @pytest.mark.asyncio async def test_create_notification_config_async( transport: str = "grpc_asyncio", @@ -1235,6 +1290,24 @@ def test_delete_notification_config_from_dict(): test_delete_notification_config(request_type=dict) +def test_delete_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_notification_config), "__call__" + ) as call: + client.delete_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.DeleteNotificationConfigRequest() + + @pytest.mark.asyncio async def test_delete_notification_config_async( transport: str = "grpc_asyncio", @@ -1431,6 +1504,22 @@ def test_get_iam_policy_from_dict(): test_get_iam_policy(request_type=dict) +def test_get_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_iam_policy), "__call__") as call: + client.get_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.GetIamPolicyRequest() + + @pytest.mark.asyncio async def test_get_iam_policy_async( transport: str = "grpc_asyncio", request_type=iam_policy.GetIamPolicyRequest @@ -1653,6 +1742,24 @@ def test_get_notification_config_from_dict(): test_get_notification_config(request_type=dict) +def test_get_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_notification_config), "__call__" + ) as call: + client.get_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetNotificationConfigRequest() + + @pytest.mark.asyncio async def test_get_notification_config_async( transport: str = "grpc_asyncio", @@ -1873,6 +1980,24 @@ def test_get_organization_settings_from_dict(): test_get_organization_settings(request_type=dict) +def test_get_organization_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_organization_settings), "__call__" + ) as call: + client.get_organization_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetOrganizationSettingsRequest() + + @pytest.mark.asyncio async def test_get_organization_settings_async( transport: str = "grpc_asyncio", @@ -2087,6 +2212,22 @@ def test_get_source_from_dict(): test_get_source(request_type=dict) +def test_get_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_source), "__call__") as call: + client.get_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetSourceRequest() + + @pytest.mark.asyncio async def test_get_source_async( transport: str = "grpc_asyncio", @@ -2287,6 +2428,22 @@ def test_group_assets_from_dict(): test_group_assets(request_type=dict) +def test_group_assets_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.group_assets), "__call__") as call: + client.group_assets() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GroupAssetsRequest() + + @pytest.mark.asyncio async def test_group_assets_async( transport: str = "grpc_asyncio", @@ -2582,6 +2739,22 @@ def test_group_findings_from_dict(): test_group_findings(request_type=dict) +def test_group_findings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.group_findings), "__call__") as call: + client.group_findings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GroupFindingsRequest() + + @pytest.mark.asyncio async def test_group_findings_async( transport: str = "grpc_asyncio", @@ -2956,6 +3129,22 @@ def test_list_assets_from_dict(): test_list_assets(request_type=dict) +def test_list_assets_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_assets), "__call__") as call: + client.list_assets() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListAssetsRequest() + + @pytest.mark.asyncio async def test_list_assets_async( transport: str = "grpc_asyncio", @@ -3265,6 +3454,22 @@ def test_list_findings_from_dict(): test_list_findings(request_type=dict) +def test_list_findings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_findings), "__call__") as call: + client.list_findings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListFindingsRequest() + + @pytest.mark.asyncio async def test_list_findings_async( transport: str = "grpc_asyncio", @@ -3579,6 +3784,24 @@ def test_list_notification_configs_from_dict(): test_list_notification_configs(request_type=dict) +def test_list_notification_configs_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_notification_configs), "__call__" + ) as call: + client.list_notification_configs() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListNotificationConfigsRequest() + + @pytest.mark.asyncio async def test_list_notification_configs_async( transport: str = "grpc_asyncio", @@ -3961,6 +4184,22 @@ def test_list_sources_from_dict(): test_list_sources(request_type=dict) +def test_list_sources_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_sources), "__call__") as call: + client.list_sources() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListSourcesRequest() + + @pytest.mark.asyncio async def test_list_sources_async( transport: str = "grpc_asyncio", @@ -4285,6 +4524,24 @@ def test_run_asset_discovery_from_dict(): test_run_asset_discovery(request_type=dict) +def test_run_asset_discovery_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.run_asset_discovery), "__call__" + ) as call: + client.run_asset_discovery() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.RunAssetDiscoveryRequest() + + @pytest.mark.asyncio async def test_run_asset_discovery_async( transport: str = "grpc_asyncio", @@ -4507,6 +4764,24 @@ def test_set_finding_state_from_dict(): test_set_finding_state(request_type=dict) +def test_set_finding_state_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_finding_state), "__call__" + ) as call: + client.set_finding_state() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.SetFindingStateRequest() + + @pytest.mark.asyncio async def test_set_finding_state_async( transport: str = "grpc_asyncio", @@ -4753,6 +5028,22 @@ def test_set_iam_policy_from_dict(): test_set_iam_policy(request_type=dict) +def test_set_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.set_iam_policy), "__call__") as call: + client.set_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.SetIamPolicyRequest() + + @pytest.mark.asyncio async def test_set_iam_policy_async( transport: str = "grpc_asyncio", request_type=iam_policy.SetIamPolicyRequest @@ -4962,6 +5253,24 @@ def test_test_iam_permissions_from_dict(): test_test_iam_permissions(request_type=dict) +def test_test_iam_permissions_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), "__call__" + ) as call: + client.test_iam_permissions() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.TestIamPermissionsRequest() + + @pytest.mark.asyncio async def test_test_iam_permissions_async( transport: str = "grpc_asyncio", request_type=iam_policy.TestIamPermissionsRequest @@ -5213,6 +5522,22 @@ def test_update_finding_from_dict(): test_update_finding(request_type=dict) +def test_update_finding_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_finding), "__call__") as call: + client.update_finding() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateFindingRequest() + + @pytest.mark.asyncio async def test_update_finding_async( transport: str = "grpc_asyncio", @@ -5446,6 +5771,24 @@ def test_update_notification_config_from_dict(): test_update_notification_config(request_type=dict) +def test_update_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_notification_config), "__call__" + ) as call: + client.update_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateNotificationConfigRequest() + + @pytest.mark.asyncio async def test_update_notification_config_async( transport: str = "grpc_asyncio", @@ -5702,6 +6045,24 @@ def test_update_organization_settings_from_dict(): test_update_organization_settings(request_type=dict) +def test_update_organization_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_organization_settings), "__call__" + ) as call: + client.update_organization_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateOrganizationSettingsRequest() + + @pytest.mark.asyncio async def test_update_organization_settings_async( transport: str = "grpc_asyncio", @@ -5944,6 +6305,22 @@ def test_update_source_from_dict(): test_update_source(request_type=dict) +def test_update_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_source), "__call__") as call: + client.update_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateSourceRequest() + + @pytest.mark.asyncio async def test_update_source_async( transport: str = "grpc_asyncio", @@ -6147,6 +6524,24 @@ def test_update_security_marks_from_dict(): test_update_security_marks(request_type=dict) +def test_update_security_marks_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_security_marks), "__call__" + ) as call: + client.update_security_marks() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateSecurityMarksRequest() + + @pytest.mark.asyncio async def test_update_security_marks_async( transport: str = "grpc_asyncio", @@ -6516,6 +6911,51 @@ def test_security_center_transport_auth_adc(): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=("https://www.googleapis.com/auth/cloud-platform",), + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + def test_security_center_host_no_port(): client = SecurityCenterClient( credentials=credentials.AnonymousCredentials(), @@ -6537,7 +6977,7 @@ def test_security_center_host_with_port(): def test_security_center_grpc_transport_channel(): - channel = grpc.insecure_channel("http://localhost/") + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecurityCenterGrpcTransport( @@ -6549,7 +6989,7 @@ def test_security_center_grpc_transport_channel(): def test_security_center_grpc_asyncio_transport_channel(): - channel = aio.insecure_channel("http://localhost/") + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecurityCenterGrpcAsyncIOTransport( @@ -6560,6 +7000,8 @@ def test_security_center_grpc_asyncio_transport_channel(): assert transport._ssl_channel_credentials == None +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( "transport_class", [ @@ -6574,7 +7016,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( "grpc.ssl_channel_credentials", autospec=True ) as grpc_ssl_channel_cred: with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_ssl_cred = mock.Mock() grpc_ssl_channel_cred.return_value = mock_ssl_cred @@ -6612,6 +7054,8 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( assert transport._ssl_channel_credentials == mock_ssl_cred +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( "transport_class", [ @@ -6627,7 +7071,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class): ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), ): with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_grpc_channel = mock.Mock() grpc_create_channel.return_value = mock_grpc_channel diff --git a/tests/unit/gapic/securitycenter_v1beta1/__init__.py b/tests/unit/gapic/securitycenter_v1beta1/__init__.py index 8b137891..42ffdf2b 100644 --- a/tests/unit/gapic/securitycenter_v1beta1/__init__.py +++ b/tests/unit/gapic/securitycenter_v1beta1/__init__.py @@ -1 +1,16 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py index fc005bf6..bc4bb9a2 100644 --- a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py @@ -113,7 +113,24 @@ def test__get_default_mtls_endpoint(): @pytest.mark.parametrize( - "client_class", [SecurityCenterClient, SecurityCenterAsyncClient] + "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,] +) +def test_security_center_client_from_service_account_info(client_class): + creds = credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "securitycenter.googleapis.com:443" + + +@pytest.mark.parametrize( + "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,] ) def test_security_center_client_from_service_account_file(client_class): creds = credentials.AnonymousCredentials() @@ -123,16 +140,21 @@ def test_security_center_client_from_service_account_file(client_class): factory.return_value = creds client = client_class.from_service_account_file("dummy/file/path.json") assert client.transport._credentials == creds + assert isinstance(client, client_class) client = client_class.from_service_account_json("dummy/file/path.json") assert client.transport._credentials == creds + assert isinstance(client, client_class) assert client.transport._host == "securitycenter.googleapis.com:443" def test_security_center_client_get_transport_class(): transport = SecurityCenterClient.get_transport_class() - assert transport == transports.SecurityCenterGrpcTransport + available_transports = [ + transports.SecurityCenterGrpcTransport, + ] + assert transport in available_transports transport = SecurityCenterClient.get_transport_class("grpc") assert transport == transports.SecurityCenterGrpcTransport @@ -183,7 +205,7 @@ def test_security_center_client_client_options( credentials_file=None, host="squid.clam.whelk", scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -199,7 +221,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -215,7 +237,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_MTLS_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -243,7 +265,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -294,29 +316,25 @@ def test_security_center_client_mtls_env_auto( client_cert_source=client_cert_source_callback ) with mock.patch.object(transport_class, "__init__") as patched: - ssl_channel_creds = mock.Mock() - with mock.patch( - "grpc.ssl_channel_credentials", return_value=ssl_channel_creds - ): - patched.return_value = None - client = client_class(client_options=options) + patched.return_value = None + client = client_class(client_options=options) - if use_client_cert_env == "false": - expected_ssl_channel_creds = None - expected_host = client.DEFAULT_ENDPOINT - else: - expected_ssl_channel_creds = ssl_channel_creds - expected_host = client.DEFAULT_MTLS_ENDPOINT + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - ssl_channel_credentials=expected_ssl_channel_creds, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - ) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + ) # Check the case ADC client cert is provided. Whether client cert is used depends on # GOOGLE_API_USE_CLIENT_CERTIFICATE value. @@ -325,66 +343,53 @@ def test_security_center_client_mtls_env_auto( ): with mock.patch.object(transport_class, "__init__") as patched: with mock.patch( - "google.auth.transport.grpc.SslCredentials.__init__", return_value=None + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, ): with mock.patch( - "google.auth.transport.grpc.SslCredentials.is_mtls", - new_callable=mock.PropertyMock, - ) as is_mtls_mock: - with mock.patch( - "google.auth.transport.grpc.SslCredentials.ssl_credentials", - new_callable=mock.PropertyMock, - ) as ssl_credentials_mock: - if use_client_cert_env == "false": - is_mtls_mock.return_value = False - ssl_credentials_mock.return_value = None - expected_host = client.DEFAULT_ENDPOINT - expected_ssl_channel_creds = None - else: - is_mtls_mock.return_value = True - ssl_credentials_mock.return_value = mock.Mock() - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_ssl_channel_creds = ( - ssl_credentials_mock.return_value - ) - - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - ssl_channel_credentials=expected_ssl_channel_creds, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - ) + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} - ): - with mock.patch.object(transport_class, "__init__") as patched: - with mock.patch( - "google.auth.transport.grpc.SslCredentials.__init__", return_value=None - ): - with mock.patch( - "google.auth.transport.grpc.SslCredentials.is_mtls", - new_callable=mock.PropertyMock, - ) as is_mtls_mock: - is_mtls_mock.return_value = False patched.return_value = None client = client_class() patched.assert_called_once_with( credentials=None, credentials_file=None, - host=client.DEFAULT_ENDPOINT, + host=expected_host, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + ) + @pytest.mark.parametrize( "client_class,transport_class,transport_name", @@ -410,7 +415,7 @@ def test_security_center_client_client_options_scopes( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=["1", "2"], - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -440,7 +445,7 @@ def test_security_center_client_client_options_credentials_file( credentials_file="credentials.json", host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -459,7 +464,7 @@ def test_security_center_client_client_options_from_dict(): credentials_file=None, host="squid.clam.whelk", scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -508,6 +513,22 @@ def test_create_source_from_dict(): test_create_source(request_type=dict) +def test_create_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_source), "__call__") as call: + client.create_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateSourceRequest() + + @pytest.mark.asyncio async def test_create_source_async( transport: str = "grpc_asyncio", @@ -733,6 +754,22 @@ def test_create_finding_from_dict(): test_create_finding(request_type=dict) +def test_create_finding_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_finding), "__call__") as call: + client.create_finding() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateFindingRequest() + + @pytest.mark.asyncio async def test_create_finding_async( transport: str = "grpc_asyncio", @@ -962,6 +999,22 @@ def test_get_iam_policy_from_dict(): test_get_iam_policy(request_type=dict) +def test_get_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_iam_policy), "__call__") as call: + client.get_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.GetIamPolicyRequest() + + @pytest.mark.asyncio async def test_get_iam_policy_async( transport: str = "grpc_asyncio", request_type=iam_policy.GetIamPolicyRequest @@ -1174,6 +1227,24 @@ def test_get_organization_settings_from_dict(): test_get_organization_settings(request_type=dict) +def test_get_organization_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_organization_settings), "__call__" + ) as call: + client.get_organization_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetOrganizationSettingsRequest() + + @pytest.mark.asyncio async def test_get_organization_settings_async( transport: str = "grpc_asyncio", @@ -1388,6 +1459,22 @@ def test_get_source_from_dict(): test_get_source(request_type=dict) +def test_get_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_source), "__call__") as call: + client.get_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetSourceRequest() + + @pytest.mark.asyncio async def test_get_source_async( transport: str = "grpc_asyncio", @@ -1586,6 +1673,22 @@ def test_group_assets_from_dict(): test_group_assets(request_type=dict) +def test_group_assets_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.group_assets), "__call__") as call: + client.group_assets() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GroupAssetsRequest() + + @pytest.mark.asyncio async def test_group_assets_async( transport: str = "grpc_asyncio", @@ -1877,6 +1980,22 @@ def test_group_findings_from_dict(): test_group_findings(request_type=dict) +def test_group_findings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.group_findings), "__call__") as call: + client.group_findings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GroupFindingsRequest() + + @pytest.mark.asyncio async def test_group_findings_async( transport: str = "grpc_asyncio", @@ -2249,6 +2368,22 @@ def test_list_assets_from_dict(): test_list_assets(request_type=dict) +def test_list_assets_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_assets), "__call__") as call: + client.list_assets() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListAssetsRequest() + + @pytest.mark.asyncio async def test_list_assets_async( transport: str = "grpc_asyncio", @@ -2558,6 +2693,22 @@ def test_list_findings_from_dict(): test_list_findings(request_type=dict) +def test_list_findings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_findings), "__call__") as call: + client.list_findings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListFindingsRequest() + + @pytest.mark.asyncio async def test_list_findings_async( transport: str = "grpc_asyncio", @@ -2819,6 +2970,22 @@ def test_list_sources_from_dict(): test_list_sources(request_type=dict) +def test_list_sources_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_sources), "__call__") as call: + client.list_sources() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListSourcesRequest() + + @pytest.mark.asyncio async def test_list_sources_async( transport: str = "grpc_asyncio", @@ -3143,6 +3310,24 @@ def test_run_asset_discovery_from_dict(): test_run_asset_discovery(request_type=dict) +def test_run_asset_discovery_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.run_asset_discovery), "__call__" + ) as call: + client.run_asset_discovery() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.RunAssetDiscoveryRequest() + + @pytest.mark.asyncio async def test_run_asset_discovery_async( transport: str = "grpc_asyncio", @@ -3362,6 +3547,24 @@ def test_set_finding_state_from_dict(): test_set_finding_state(request_type=dict) +def test_set_finding_state_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_finding_state), "__call__" + ) as call: + client.set_finding_state() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.SetFindingStateRequest() + + @pytest.mark.asyncio async def test_set_finding_state_async( transport: str = "grpc_asyncio", @@ -3605,6 +3808,22 @@ def test_set_iam_policy_from_dict(): test_set_iam_policy(request_type=dict) +def test_set_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.set_iam_policy), "__call__") as call: + client.set_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.SetIamPolicyRequest() + + @pytest.mark.asyncio async def test_set_iam_policy_async( transport: str = "grpc_asyncio", request_type=iam_policy.SetIamPolicyRequest @@ -3814,6 +4033,24 @@ def test_test_iam_permissions_from_dict(): test_test_iam_permissions(request_type=dict) +def test_test_iam_permissions_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), "__call__" + ) as call: + client.test_iam_permissions() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.TestIamPermissionsRequest() + + @pytest.mark.asyncio async def test_test_iam_permissions_async( transport: str = "grpc_asyncio", request_type=iam_policy.TestIamPermissionsRequest @@ -4062,6 +4299,22 @@ def test_update_finding_from_dict(): test_update_finding(request_type=dict) +def test_update_finding_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_finding), "__call__") as call: + client.update_finding() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateFindingRequest() + + @pytest.mark.asyncio async def test_update_finding_async( transport: str = "grpc_asyncio", @@ -4282,6 +4535,24 @@ def test_update_organization_settings_from_dict(): test_update_organization_settings(request_type=dict) +def test_update_organization_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_organization_settings), "__call__" + ) as call: + client.update_organization_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateOrganizationSettingsRequest() + + @pytest.mark.asyncio async def test_update_organization_settings_async( transport: str = "grpc_asyncio", @@ -4524,6 +4795,22 @@ def test_update_source_from_dict(): test_update_source(request_type=dict) +def test_update_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_source), "__call__") as call: + client.update_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateSourceRequest() + + @pytest.mark.asyncio async def test_update_source_async( transport: str = "grpc_asyncio", @@ -4727,6 +5014,24 @@ def test_update_security_marks_from_dict(): test_update_security_marks(request_type=dict) +def test_update_security_marks_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_security_marks), "__call__" + ) as call: + client.update_security_marks() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateSecurityMarksRequest() + + @pytest.mark.asyncio async def test_update_security_marks_async( transport: str = "grpc_asyncio", @@ -5091,6 +5396,51 @@ def test_security_center_transport_auth_adc(): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=("https://www.googleapis.com/auth/cloud-platform",), + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + def test_security_center_host_no_port(): client = SecurityCenterClient( credentials=credentials.AnonymousCredentials(), @@ -5112,7 +5462,7 @@ def test_security_center_host_with_port(): def test_security_center_grpc_transport_channel(): - channel = grpc.insecure_channel("http://localhost/") + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecurityCenterGrpcTransport( @@ -5124,7 +5474,7 @@ def test_security_center_grpc_transport_channel(): def test_security_center_grpc_asyncio_transport_channel(): - channel = aio.insecure_channel("http://localhost/") + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecurityCenterGrpcAsyncIOTransport( @@ -5135,6 +5485,8 @@ def test_security_center_grpc_asyncio_transport_channel(): assert transport._ssl_channel_credentials == None +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( "transport_class", [ @@ -5149,7 +5501,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( "grpc.ssl_channel_credentials", autospec=True ) as grpc_ssl_channel_cred: with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_ssl_cred = mock.Mock() grpc_ssl_channel_cred.return_value = mock_ssl_cred @@ -5187,6 +5539,8 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( assert transport._ssl_channel_credentials == mock_ssl_cred +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( "transport_class", [ @@ -5202,7 +5556,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class): ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), ): with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_grpc_channel = mock.Mock() grpc_create_channel.return_value = mock_grpc_channel diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py b/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py index 8b137891..42ffdf2b 100644 --- a/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py +++ b/tests/unit/gapic/securitycenter_v1p1beta1/__init__.py @@ -1 +1,16 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py index ecc8ecb0..4e7ebe8b 100644 --- a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py @@ -118,7 +118,24 @@ def test__get_default_mtls_endpoint(): @pytest.mark.parametrize( - "client_class", [SecurityCenterClient, SecurityCenterAsyncClient] + "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,] +) +def test_security_center_client_from_service_account_info(client_class): + creds = credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "securitycenter.googleapis.com:443" + + +@pytest.mark.parametrize( + "client_class", [SecurityCenterClient, SecurityCenterAsyncClient,] ) def test_security_center_client_from_service_account_file(client_class): creds = credentials.AnonymousCredentials() @@ -128,16 +145,21 @@ def test_security_center_client_from_service_account_file(client_class): factory.return_value = creds client = client_class.from_service_account_file("dummy/file/path.json") assert client.transport._credentials == creds + assert isinstance(client, client_class) client = client_class.from_service_account_json("dummy/file/path.json") assert client.transport._credentials == creds + assert isinstance(client, client_class) assert client.transport._host == "securitycenter.googleapis.com:443" def test_security_center_client_get_transport_class(): transport = SecurityCenterClient.get_transport_class() - assert transport == transports.SecurityCenterGrpcTransport + available_transports = [ + transports.SecurityCenterGrpcTransport, + ] + assert transport in available_transports transport = SecurityCenterClient.get_transport_class("grpc") assert transport == transports.SecurityCenterGrpcTransport @@ -188,7 +210,7 @@ def test_security_center_client_client_options( credentials_file=None, host="squid.clam.whelk", scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -204,7 +226,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -220,7 +242,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_MTLS_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -248,7 +270,7 @@ def test_security_center_client_client_options( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -299,29 +321,25 @@ def test_security_center_client_mtls_env_auto( client_cert_source=client_cert_source_callback ) with mock.patch.object(transport_class, "__init__") as patched: - ssl_channel_creds = mock.Mock() - with mock.patch( - "grpc.ssl_channel_credentials", return_value=ssl_channel_creds - ): - patched.return_value = None - client = client_class(client_options=options) + patched.return_value = None + client = client_class(client_options=options) - if use_client_cert_env == "false": - expected_ssl_channel_creds = None - expected_host = client.DEFAULT_ENDPOINT - else: - expected_ssl_channel_creds = ssl_channel_creds - expected_host = client.DEFAULT_MTLS_ENDPOINT + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - ssl_channel_credentials=expected_ssl_channel_creds, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - ) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + ) # Check the case ADC client cert is provided. Whether client cert is used depends on # GOOGLE_API_USE_CLIENT_CERTIFICATE value. @@ -330,66 +348,53 @@ def test_security_center_client_mtls_env_auto( ): with mock.patch.object(transport_class, "__init__") as patched: with mock.patch( - "google.auth.transport.grpc.SslCredentials.__init__", return_value=None + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, ): with mock.patch( - "google.auth.transport.grpc.SslCredentials.is_mtls", - new_callable=mock.PropertyMock, - ) as is_mtls_mock: - with mock.patch( - "google.auth.transport.grpc.SslCredentials.ssl_credentials", - new_callable=mock.PropertyMock, - ) as ssl_credentials_mock: - if use_client_cert_env == "false": - is_mtls_mock.return_value = False - ssl_credentials_mock.return_value = None - expected_host = client.DEFAULT_ENDPOINT - expected_ssl_channel_creds = None - else: - is_mtls_mock.return_value = True - ssl_credentials_mock.return_value = mock.Mock() - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_ssl_channel_creds = ( - ssl_credentials_mock.return_value - ) - - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - ssl_channel_credentials=expected_ssl_channel_creds, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - ) + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} - ): - with mock.patch.object(transport_class, "__init__") as patched: - with mock.patch( - "google.auth.transport.grpc.SslCredentials.__init__", return_value=None - ): - with mock.patch( - "google.auth.transport.grpc.SslCredentials.is_mtls", - new_callable=mock.PropertyMock, - ) as is_mtls_mock: - is_mtls_mock.return_value = False patched.return_value = None client = client_class() patched.assert_called_once_with( credentials=None, credentials_file=None, - host=client.DEFAULT_ENDPOINT, + host=expected_host, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + ) + @pytest.mark.parametrize( "client_class,transport_class,transport_name", @@ -415,7 +420,7 @@ def test_security_center_client_client_options_scopes( credentials_file=None, host=client.DEFAULT_ENDPOINT, scopes=["1", "2"], - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -445,7 +450,7 @@ def test_security_center_client_client_options_credentials_file( credentials_file="credentials.json", host=client.DEFAULT_ENDPOINT, scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -464,7 +469,7 @@ def test_security_center_client_client_options_from_dict(): credentials_file=None, host="squid.clam.whelk", scopes=None, - ssl_channel_credentials=None, + client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -513,6 +518,22 @@ def test_create_source_from_dict(): test_create_source(request_type=dict) +def test_create_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_source), "__call__") as call: + client.create_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateSourceRequest() + + @pytest.mark.asyncio async def test_create_source_async( transport: str = "grpc_asyncio", @@ -741,6 +762,22 @@ def test_create_finding_from_dict(): test_create_finding(request_type=dict) +def test_create_finding_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_finding), "__call__") as call: + client.create_finding() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateFindingRequest() + + @pytest.mark.asyncio async def test_create_finding_async( transport: str = "grpc_asyncio", @@ -994,6 +1031,24 @@ def test_create_notification_config_from_dict(): test_create_notification_config(request_type=dict) +def test_create_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_notification_config), "__call__" + ) as call: + client.create_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.CreateNotificationConfigRequest() + + @pytest.mark.asyncio async def test_create_notification_config_async( transport: str = "grpc_asyncio", @@ -1251,6 +1306,24 @@ def test_delete_notification_config_from_dict(): test_delete_notification_config(request_type=dict) +def test_delete_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_notification_config), "__call__" + ) as call: + client.delete_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.DeleteNotificationConfigRequest() + + @pytest.mark.asyncio async def test_delete_notification_config_async( transport: str = "grpc_asyncio", @@ -1447,6 +1520,22 @@ def test_get_iam_policy_from_dict(): test_get_iam_policy(request_type=dict) +def test_get_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_iam_policy), "__call__") as call: + client.get_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.GetIamPolicyRequest() + + @pytest.mark.asyncio async def test_get_iam_policy_async( transport: str = "grpc_asyncio", request_type=iam_policy.GetIamPolicyRequest @@ -1674,6 +1763,24 @@ def test_get_notification_config_from_dict(): test_get_notification_config(request_type=dict) +def test_get_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_notification_config), "__call__" + ) as call: + client.get_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetNotificationConfigRequest() + + @pytest.mark.asyncio async def test_get_notification_config_async( transport: str = "grpc_asyncio", @@ -1899,6 +2006,24 @@ def test_get_organization_settings_from_dict(): test_get_organization_settings(request_type=dict) +def test_get_organization_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_organization_settings), "__call__" + ) as call: + client.get_organization_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetOrganizationSettingsRequest() + + @pytest.mark.asyncio async def test_get_organization_settings_async( transport: str = "grpc_asyncio", @@ -2113,6 +2238,22 @@ def test_get_source_from_dict(): test_get_source(request_type=dict) +def test_get_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_source), "__call__") as call: + client.get_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GetSourceRequest() + + @pytest.mark.asyncio async def test_get_source_async( transport: str = "grpc_asyncio", @@ -2313,6 +2454,22 @@ def test_group_assets_from_dict(): test_group_assets(request_type=dict) +def test_group_assets_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.group_assets), "__call__") as call: + client.group_assets() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GroupAssetsRequest() + + @pytest.mark.asyncio async def test_group_assets_async( transport: str = "grpc_asyncio", @@ -2608,6 +2765,22 @@ def test_group_findings_from_dict(): test_group_findings(request_type=dict) +def test_group_findings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.group_findings), "__call__") as call: + client.group_findings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.GroupFindingsRequest() + + @pytest.mark.asyncio async def test_group_findings_async( transport: str = "grpc_asyncio", @@ -2982,6 +3155,22 @@ def test_list_assets_from_dict(): test_list_assets(request_type=dict) +def test_list_assets_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_assets), "__call__") as call: + client.list_assets() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListAssetsRequest() + + @pytest.mark.asyncio async def test_list_assets_async( transport: str = "grpc_asyncio", @@ -3358,6 +3547,22 @@ def test_list_findings_from_dict(): test_list_findings(request_type=dict) +def test_list_findings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_findings), "__call__") as call: + client.list_findings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListFindingsRequest() + + @pytest.mark.asyncio async def test_list_findings_async( transport: str = "grpc_asyncio", @@ -3739,6 +3944,24 @@ def test_list_notification_configs_from_dict(): test_list_notification_configs(request_type=dict) +def test_list_notification_configs_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_notification_configs), "__call__" + ) as call: + client.list_notification_configs() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListNotificationConfigsRequest() + + @pytest.mark.asyncio async def test_list_notification_configs_async( transport: str = "grpc_asyncio", @@ -4121,6 +4344,22 @@ def test_list_sources_from_dict(): test_list_sources(request_type=dict) +def test_list_sources_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_sources), "__call__") as call: + client.list_sources() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.ListSourcesRequest() + + @pytest.mark.asyncio async def test_list_sources_async( transport: str = "grpc_asyncio", @@ -4445,6 +4684,24 @@ def test_run_asset_discovery_from_dict(): test_run_asset_discovery(request_type=dict) +def test_run_asset_discovery_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.run_asset_discovery), "__call__" + ) as call: + client.run_asset_discovery() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.RunAssetDiscoveryRequest() + + @pytest.mark.asyncio async def test_run_asset_discovery_async( transport: str = "grpc_asyncio", @@ -4667,6 +4924,24 @@ def test_set_finding_state_from_dict(): test_set_finding_state(request_type=dict) +def test_set_finding_state_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_finding_state), "__call__" + ) as call: + client.set_finding_state() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.SetFindingStateRequest() + + @pytest.mark.asyncio async def test_set_finding_state_async( transport: str = "grpc_asyncio", @@ -4913,6 +5188,22 @@ def test_set_iam_policy_from_dict(): test_set_iam_policy(request_type=dict) +def test_set_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.set_iam_policy), "__call__") as call: + client.set_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.SetIamPolicyRequest() + + @pytest.mark.asyncio async def test_set_iam_policy_async( transport: str = "grpc_asyncio", request_type=iam_policy.SetIamPolicyRequest @@ -5122,6 +5413,24 @@ def test_test_iam_permissions_from_dict(): test_test_iam_permissions(request_type=dict) +def test_test_iam_permissions_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), "__call__" + ) as call: + client.test_iam_permissions() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == iam_policy.TestIamPermissionsRequest() + + @pytest.mark.asyncio async def test_test_iam_permissions_async( transport: str = "grpc_asyncio", request_type=iam_policy.TestIamPermissionsRequest @@ -5373,6 +5682,22 @@ def test_update_finding_from_dict(): test_update_finding(request_type=dict) +def test_update_finding_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_finding), "__call__") as call: + client.update_finding() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateFindingRequest() + + @pytest.mark.asyncio async def test_update_finding_async( transport: str = "grpc_asyncio", @@ -5622,6 +5947,24 @@ def test_update_notification_config_from_dict(): test_update_notification_config(request_type=dict) +def test_update_notification_config_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_notification_config), "__call__" + ) as call: + client.update_notification_config() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateNotificationConfigRequest() + + @pytest.mark.asyncio async def test_update_notification_config_async( transport: str = "grpc_asyncio", @@ -5884,6 +6227,24 @@ def test_update_organization_settings_from_dict(): test_update_organization_settings(request_type=dict) +def test_update_organization_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_organization_settings), "__call__" + ) as call: + client.update_organization_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateOrganizationSettingsRequest() + + @pytest.mark.asyncio async def test_update_organization_settings_async( transport: str = "grpc_asyncio", @@ -6126,6 +6487,22 @@ def test_update_source_from_dict(): test_update_source(request_type=dict) +def test_update_source_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_source), "__call__") as call: + client.update_source() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateSourceRequest() + + @pytest.mark.asyncio async def test_update_source_async( transport: str = "grpc_asyncio", @@ -6339,6 +6716,24 @@ def test_update_security_marks_from_dict(): test_update_security_marks(request_type=dict) +def test_update_security_marks_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SecurityCenterClient( + credentials=credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_security_marks), "__call__" + ) as call: + client.update_security_marks() + call.assert_called() + _, args, _ = call.mock_calls[0] + + assert args[0] == securitycenter_service.UpdateSecurityMarksRequest() + + @pytest.mark.asyncio async def test_update_security_marks_async( transport: str = "grpc_asyncio", @@ -6716,6 +7111,51 @@ def test_security_center_transport_auth_adc(): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=("https://www.googleapis.com/auth/cloud-platform",), + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + def test_security_center_host_no_port(): client = SecurityCenterClient( credentials=credentials.AnonymousCredentials(), @@ -6737,7 +7177,7 @@ def test_security_center_host_with_port(): def test_security_center_grpc_transport_channel(): - channel = grpc.insecure_channel("http://localhost/") + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecurityCenterGrpcTransport( @@ -6749,7 +7189,7 @@ def test_security_center_grpc_transport_channel(): def test_security_center_grpc_asyncio_transport_channel(): - channel = aio.insecure_channel("http://localhost/") + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecurityCenterGrpcAsyncIOTransport( @@ -6760,6 +7200,8 @@ def test_security_center_grpc_asyncio_transport_channel(): assert transport._ssl_channel_credentials == None +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( "transport_class", [ @@ -6774,7 +7216,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( "grpc.ssl_channel_credentials", autospec=True ) as grpc_ssl_channel_cred: with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_ssl_cred = mock.Mock() grpc_ssl_channel_cred.return_value = mock_ssl_cred @@ -6812,6 +7254,8 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( assert transport._ssl_channel_credentials == mock_ssl_cred +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( "transport_class", [ @@ -6827,7 +7271,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class): ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), ): with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_grpc_channel = mock.Mock() grpc_create_channel.return_value = mock_grpc_channel