feat: add canonical_name and folder fields

Assets and findings may be created in organizations, folders or projects, however in the current API version the name field for resources will always be prefixed by "organizations/...", for historical reasons. The "canonical_name" field shows the actual location of the resource, and in requests either the name or "canonical name" can be used for the "name" in the request.

The "folder" field contains the folders in the resource's ancestry.

PiperOrigin-RevId: 372964926

google/cloud/securitycenter/v1p1beta1/BUILD.bazel

@@ -23,6 +23,7 @@ proto_library(
     srcs = [
         "asset.proto",
         "finding.proto",
+        "folder.proto",
         "notification_config.proto",
         "notification_message.proto",
         "organization_settings.proto",

google/cloud/securitycenter/v1p1beta1/asset.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,11 +16,12 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/api/resource.proto";
+import "google/cloud/securitycenter/v1p1beta1/folder.proto";
 import "google/cloud/securitycenter/v1p1beta1/security_marks.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -40,6 +41,8 @@ message Asset {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/Asset"
     pattern: "organizations/{organization}/assets/{asset}"
+    pattern: "folders/{folder}/assets/{asset}"
+    pattern: "projects/{project}/assets/{asset}"
   };
 
   // Security Command Center managed properties. These properties are managed by
@@ -75,6 +78,11 @@ message Asset {
 
     // The user defined display name for the project of this resource.
     string resource_project_display_name = 8;
+
+    // Contains a Folder message for each folder in the assets ancestry.
+    // The first folder is the deepest nested folder, and the last folder is the
+    // folder directly under the Organization.
+    repeated Folder folders = 10;
   }
 
   // Cloud IAM Policy information associated with the Google Cloud resource
@@ -109,8 +117,7 @@ message Asset {
   // The time at which the asset was created in Security Command Center.
   google.protobuf.Timestamp create_time = 9;
 
-  // The time at which the asset was last updated, added, or deleted in Cloud
-  // SCC.
+  // The time at which the asset was last updated or added in Cloud SCC.
   google.protobuf.Timestamp update_time = 10;
 
   // Cloud IAM Policy information associated with the Google Cloud resource
@@ -118,4 +125,11 @@ message Asset {
   // and defined by the Google Cloud resource and cannot be modified by the
   // user.
   IamPolicy iam_policy = 11;
+
+  // The canonical name of the resource. It's either
+  // "organizations/{organization_id}/assets/{asset_id}",
+  // "folders/{folder_id}/assets/{asset_id}" or
+  // "projects/{project_number}/assets/{asset_id}", depending on the closest CRM
+  // ancestor of the resource.
+  string canonical_name = 13;
 }

google/cloud/securitycenter/v1p1beta1/finding.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,12 +16,12 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1p1beta1/security_marks.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -40,6 +40,8 @@ message Finding {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/Finding"
     pattern: "organizations/{organization}/sources/{source}/findings/{finding}"
+    pattern: "folders/{folder}/sources/{source}/findings/{finding}"
+    pattern: "projects/{project}/sources/{source}/findings/{finding}"
   };
 
   // The state of the finding.
@@ -123,7 +125,8 @@ message Finding {
   // occurred. For example, if the finding represents an open firewall it would
   // capture the time the detector believes the firewall became open. The
   // accuracy is determined by the detector. If the finding were to be resolved
-  // afterward, this time would reflect when the finding was resolved.
+  // afterward, this time would reflect when the finding was resolved. Must not
+  // be set to a value greater than the current timestamp.
   google.protobuf.Timestamp event_time = 9;
 
   // The time at which the finding was created in Security Command Center.
@@ -132,4 +135,12 @@ message Finding {
   // The severity of the finding. This field is managed by the source that
   // writes the finding.
   Severity severity = 13;
+
+  // The canonical name of the finding. It's either
+  // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}",
+  // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or
+  // "projects/{project_number}/sources/{source_id}/findings/{finding_id}",
+  // depending on the closest CRM ancestor of the resource associated with the
+  // finding.
+  string canonical_name = 14;
 }

google/cloud/securitycenter/v1p1beta1/folder.proto

@@ -0,0 +1,38 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1p1beta1;
+
+import "google/api/annotations.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "FolderProto";
+option java_package = "com.google.cloud.securitycenter.v1p1beta1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1p1Beta1";
+
+// Message that contains the resource name and display name of a folder
+// resource.
+message Folder {
+  // Full resource name of this folder. See:
+  // https://cloud.google.com/apis/design/resource_names#full_resource_name
+  string resource_folder = 1;
+
+  // The user defined display name for this folder.
+  string resource_folder_display_name = 2;
+}

google/cloud/securitycenter/v1p1beta1/notification_config.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,9 +16,9 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -92,9 +92,9 @@ message NotificationConfig {
 
   // The Pub/Sub topic to send notifications to. Its format is
   // "projects/[project_id]/topics/[topic]".
-  string pubsub_topic = 4 [
-    (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }
-  ];
+  string pubsub_topic = 4 [(google.api.resource_reference) = {
+                             type: "pubsub.googleapis.com/Topic"
+                           }];
 
   // Output only. The service account that needs "pubsub.topics.publish"
   // permission to publish to the Pub/Sub topic.

google/cloud/securitycenter/v1p1beta1/notification_message.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,10 +16,9 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
-import "google/cloud/securitycenter/v1p1beta1/asset.proto";
 import "google/cloud/securitycenter/v1p1beta1/finding.proto";
 import "google/cloud/securitycenter/v1p1beta1/resource.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";

google/cloud/securitycenter/v1p1beta1/organization_settings.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,8 +16,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/api/resource.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -63,6 +63,10 @@ message OrganizationSettings {
 
     // The mode to use for filtering asset discovery.
     InclusionMode inclusion_mode = 2;
+
+    // The folder ids to use for filtering asset discovery.
+    // It consists of only digits, e.g., 756619654966.
+    repeated string folder_ids = 3;
   }
 
   // The relative resource name of the settings. See:

google/cloud/securitycenter/v1p1beta1/resource.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
+import "google/api/field_behavior.proto";
+import "google/cloud/securitycenter/v1p1beta1/folder.proto";
 import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
@@ -43,4 +45,9 @@ message Resource {
 
   // The human readable name of resource's parent.
   string parent_display_name = 5;
+
+  // Output only. Contains a Folder message for each folder in the assets ancestry.
+  // The first folder is the deepest nested folder, and the last folder is the
+  // folder directly under the Organization.
+  repeated Folder folders = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
 }

google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,8 +16,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/protobuf/duration.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";

google/cloud/securitycenter/v1p1beta1/security_marks.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,8 +16,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/api/resource.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -35,6 +35,10 @@ message SecurityMarks {
     type: "securitycenter.googleapis.com/SecurityMarks"
     pattern: "organizations/{organization}/assets/{asset}/securityMarks"
     pattern: "organizations/{organization}/sources/{source}/findings/{finding}/securityMarks"
+    pattern: "folders/{folder}/assets/{asset}/securityMarks"
+    pattern: "projects/{project}/assets/{asset}/securityMarks"
+    pattern: "folders/{folder}/sources/{source}/findings/{finding}/securityMarks"
+    pattern: "projects/{project}/sources/{source}/findings/{finding}/securityMarks"
   };
 
   // The relative resource name of the SecurityMarks. See:
@@ -53,4 +57,14 @@ message SecurityMarks {
   //   * Values have leading and trailing whitespace trimmed, remaining
   //     characters must be between 1 - 4096 characters (inclusive)
   map<string, string> marks = 2;
+
+  // The canonical name of the marks.
+  // Examples:
+  // "organizations/{organization_id}/assets/{asset_id}/securityMarks"
+  // "folders/{folder_id}/assets/{asset_id}/securityMarks"
+  // "projects/{project_number}/assets/{asset_id}/securityMarks"
+  // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks"
+  // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks"
+  // "projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks"
+  string canonical_name = 3;
 }

google/cloud/securitycenter/v1p1beta1/securitycenter_service.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1p1beta1/asset.proto";
 import "google/cloud/securitycenter/v1p1beta1/finding.proto";
+import "google/cloud/securitycenter/v1p1beta1/folder.proto";
 import "google/cloud/securitycenter/v1p1beta1/notification_config.proto";
 import "google/cloud/securitycenter/v1p1beta1/organization_settings.proto";
 import "google/cloud/securitycenter/v1p1beta1/security_marks.proto";
@@ -126,6 +127,14 @@ service SecurityCenter {
     option (google.api.http) = {
       post: "/v1p1beta1/{parent=organizations/*}/assets:group"
       body: "*"
+      additional_bindings {
+        post: "/v1p1beta1/{parent=folders/*}/assets:group"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1p1beta1/{parent=projects/*}/assets:group"
+        body: "*"
+      }
     };
   }
 
@@ -133,11 +142,21 @@ service SecurityCenter {
   // specified properties.
   //
   // To group across all sources provide a `-` as the source id.
-  // Example: /v1p1beta1/organizations/{organization_id}/sources/-/findings
+  // Example: /v1/organizations/{organization_id}/sources/-/findings,
+  // /v1/folders/{folder_id}/sources/-/findings,
+  // /v1/projects/{project_id}/sources/-/findings
   rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) {
     option (google.api.http) = {
       post: "/v1p1beta1/{parent=organizations/*/sources/*}/findings:group"
       body: "*"
+      additional_bindings {
+        post: "/v1p1beta1/{parent=folders/*/sources/*}/findings:group"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1p1beta1/{parent=projects/*/sources/*}/findings:group"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "parent,group_by";
   }
@@ -146,6 +165,12 @@ service SecurityCenter {
   rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) {
     option (google.api.http) = {
       get: "/v1p1beta1/{parent=organizations/*}/assets"
+      additional_bindings {
+        get: "/v1p1beta1/{parent=folders/*}/assets"
+      }
+      additional_bindings {
+        get: "/v1p1beta1/{parent=projects/*}/assets"
+      }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -157,6 +182,12 @@ service SecurityCenter {
   rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
     option (google.api.http) = {
       get: "/v1p1beta1/{parent=organizations/*/sources/*}/findings"
+      additional_bindings {
+        get: "/v1p1beta1/{parent=folders/*/sources/*}/findings"
+      }
+      additional_bindings {
+        get: "/v1p1beta1/{parent=projects/*/sources/*}/findings"
+      }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -173,6 +204,12 @@ service SecurityCenter {
   rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) {
     option (google.api.http) = {
       get: "/v1p1beta1/{parent=organizations/*}/sources"
+      additional_bindings {
+        get: "/v1p1beta1/{parent=folders/*}/sources"
+      }
+      additional_bindings {
+        get: "/v1p1beta1/{parent=projects/*}/sources"
+      }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -200,6 +237,14 @@ service SecurityCenter {
     option (google.api.http) = {
       post: "/v1p1beta1/{name=organizations/*/sources/*/findings/*}:setState"
       body: "*"
+      additional_bindings {
+        post: "/v1p1beta1/{name=folders/*/sources/*/findings/*}:setState"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1p1beta1/{name=projects/*/sources/*/findings/*}:setState"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "name,state,start_time";
   }
@@ -228,6 +273,14 @@ service SecurityCenter {
     option (google.api.http) = {
       patch: "/v1p1beta1/{finding.name=organizations/*/sources/*/findings/*}"
       body: "finding"
+      additional_bindings {
+        patch: "/v1p1beta1/{finding.name=folders/*/sources/*/findings/*}"
+        body: "finding"
+      }
+      additional_bindings {
+        patch: "/v1p1beta1/{finding.name=projects/*/sources/*/findings/*}"
+        body: "finding"
+      }
     };
     option (google.api.method_signature) = "finding";
     option (google.api.method_signature) = "finding,update_mask";
@@ -268,10 +321,26 @@ service SecurityCenter {
     option (google.api.http) = {
       patch: "/v1p1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}"
       body: "security_marks"
+      additional_bindings {
+        patch: "/v1p1beta1/{security_marks.name=folders/*/assets/*/securityMarks}"
+        body: "security_marks"
+      }
+      additional_bindings {
+        patch: "/v1p1beta1/{security_marks.name=projects/*/assets/*/securityMarks}"
+        body: "security_marks"
+      }
       additional_bindings {
         patch: "/v1p1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}"
         body: "security_marks"
       }
+      additional_bindings {
+        patch: "/v1p1beta1/{security_marks.name=folders/*/sources/*/findings/*/securityMarks}"
+        body: "security_marks"
+      }
+      additional_bindings {
+        patch: "/v1p1beta1/{security_marks.name=projects/*/sources/*/findings/*/securityMarks}"
+        body: "security_marks"
+      }
     };
     option (google.api.method_signature) = "security_marks";
     option (google.api.method_signature) = "security_marks,update_mask";
@@ -385,11 +454,12 @@ message GetSourceRequest {
 // Request message for grouping by assets.
 message GroupAssetsRequest {
   // Required. Name of the organization to groupBy. Its format is
-  // "organizations/[organization_id]".
+  // "organizations/[organization_id], folders/[folder_id], or
+  // projects/[project_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Organization"
+      child_type: "securitycenter.googleapis.com/Asset"
     }
   ];
 
@@ -543,9 +613,12 @@ message GroupAssetsResponse {
 // Request message for grouping by findings.
 message GroupFindingsRequest {
   // Required. Name of the source to groupBy. Its format is
-  // "organizations/[organization_id]/sources/[source_id]". To groupBy across
-  // all sources provide a source_id of `-`. For example:
-  // organizations/{organization_id}/sources/-
+  // "organizations/[organization_id]/sources/[source_id]",
+  // folders/[folder_id]/sources/[source_id], or
+  // projects/[project_id]/sources/[source_id]. To groupBy across all sources
+  // provide a source_id of `-`. For example:
+  // organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-,
+  // or projects/{project_id}/sources/-
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -733,11 +806,12 @@ message ListNotificationConfigsResponse {
 // Request message for listing sources.
 message ListSourcesRequest {
   // Required. Resource name of the parent of sources to list. Its format should be
-  // "organizations/[organization_id]".
+  // "organizations/[organization_id], folders/[folder_id], or
+  // projects/[project_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Organization"
+      child_type: "securitycenter.googleapis.com/Source"
     }
   ];
 
@@ -764,11 +838,12 @@ message ListSourcesResponse {
 // Request message for listing assets.
 message ListAssetsRequest {
   // Required. Name of the organization assets should belong to. Its format is
-  // "organizations/[organization_id]".
+  // "organizations/[organization_id], folders/[folder_id], or
+  // projects/[project_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Organization"
+      child_type: "securitycenter.googleapis.com/Asset"
     }
   ];
 
@@ -954,9 +1029,12 @@ message ListAssetsResponse {
 // Request message for listing findings.
 message ListFindingsRequest {
   // Required. Name of the source the findings belong to. Its format is
-  // "organizations/[organization_id]/sources/[source_id]". To list across all
-  // sources provide a source_id of `-`. For example:
-  // organizations/{organization_id}/sources/-
+  // "organizations/[organization_id]/sources/[source_id],
+  // folders/[folder_id]/sources/[source_id], or
+  // projects/[project_id]/sources/[source_id]". To list across all sources
+  // provide a source_id of `-`. For example:
+  // organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or
+  // projects/{projects_id}/sources/-
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1110,6 +1188,11 @@ message ListFindingsResponse {
 
       // The human readable name of resource's parent.
       string parent_display_name = 5;
+
+      // Contains a Folder message for each folder in the assets ancestry.
+      // The first folder is the deepest nested folder, and the last folder is
+      // the folder directly under the Organization.
+      repeated Folder folders = 10;
     }
 
     // The change in state of the finding.

google/cloud/securitycenter/v1p1beta1/securitycenter_v1p1beta1.yaml

@@ -25,18 +25,15 @@ backend:
 
 http:
   rules:
-  - selector: google.longrunning.Operations.ListOperations
-    get: '/v1p1beta1/{name=organizations/*/operations}'
-
-  - selector: google.longrunning.Operations.GetOperation
-    get: '/v1p1beta1/{name=organizations/*/operations/*}'
-
-  - selector: google.longrunning.Operations.DeleteOperation
-    delete: '/v1p1beta1/{name=organizations/*/operations/*}'
-
   - selector: google.longrunning.Operations.CancelOperation
     post: '/v1p1beta1/{name=organizations/*/operations/*}:cancel'
     body: '*'
+  - selector: google.longrunning.Operations.DeleteOperation
+    delete: '/v1p1beta1/{name=organizations/*/operations/*}'
+  - selector: google.longrunning.Operations.GetOperation
+    get: '/v1p1beta1/{name=organizations/*/operations/*}'
+  - selector: google.longrunning.Operations.ListOperations
+    get: '/v1p1beta1/{name=organizations/*/operations}'
 
 authentication:
   rules:

google/cloud/securitycenter/v1p1beta1/source.proto

@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,8 +16,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1p1beta1;
 
-import "google/api/annotations.proto";
 import "google/api/resource.proto";
+import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter";
@@ -33,6 +33,8 @@ message Source {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/Source"
     pattern: "organizations/{organization}/sources/{source}"
+    pattern: "folders/{folder}/sources/{source}"
+    pattern: "projects/{project}/sources/{source}"
   };
 
   // The relative resource name of this source. See:
@@ -56,4 +58,12 @@ message Source {
   // (XSS), Flash injection, mixed content (HTTP in HTTPS), and
   // outdated/insecure libraries."
   string description = 3;
+
+  // The canonical name of the finding. It's either
+  // "organizations/{organization_id}/sources/{source_id}",
+  // "folders/{folder_id}/sources/{source_id}" or
+  // "projects/{project_number}/sources/{source_id}",
+  // depending on the closest CRM ancestor of the resource associated with the
+  // finding.
+  string canonical_name = 14;
 }