|
| 1 | +// Copyright 2023 Google LLC |
| 2 | +// |
| 3 | +// Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | +// you may not use this file except in compliance with the License. |
| 5 | +// You may obtain a copy of the License at |
| 6 | +// |
| 7 | +// http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +// |
| 9 | +// Unless required by applicable law or agreed to in writing, software |
| 10 | +// distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +// See the License for the specific language governing permissions and |
| 13 | +// limitations under the License. |
| 14 | + |
| 15 | +syntax = "proto3"; |
| 16 | + |
| 17 | +package google.cloud.securitycenter.v2; |
| 18 | + |
| 19 | +option csharp_namespace = "Google.Cloud.SecurityCenter.V2"; |
| 20 | +option go_package = "cloud.google.com/go/securitycenter/apiv2/securitycenterpb;securitycenterpb"; |
| 21 | +option java_multiple_files = true; |
| 22 | +option java_outer_classname = "AccessProto"; |
| 23 | +option java_package = "com.google.cloud.securitycenter.v2"; |
| 24 | +option php_namespace = "Google\\Cloud\\SecurityCenter\\V2"; |
| 25 | +option ruby_package = "Google::Cloud::SecurityCenter::V2"; |
| 26 | + |
| 27 | +// Represents an access event. |
| 28 | +message Access { |
| 29 | + // Associated email, such as "[email protected]". |
| 30 | + // |
| 31 | + // The email address of the authenticated user or a service account acting on |
| 32 | + // behalf of a third party principal making the request. For third party |
| 33 | + // identity callers, the `principal_subject` field is populated instead of |
| 34 | + // this field. For privacy reasons, the principal email address is sometimes |
| 35 | + // redacted. For more information, see [Caller identities in audit |
| 36 | + // logs](https://cloud.google.com/logging/docs/audit#user-id). |
| 37 | + string principal_email = 1; |
| 38 | + |
| 39 | + // Caller's IP address, such as "1.1.1.1". |
| 40 | + string caller_ip = 2; |
| 41 | + |
| 42 | + // The caller IP's geolocation, which identifies where the call came from. |
| 43 | + Geolocation caller_ip_geo = 3; |
| 44 | + |
| 45 | + // Type of user agent associated with the finding. For example, an operating |
| 46 | + // system shell or an embedded or standalone application. |
| 47 | + string user_agent_family = 4; |
| 48 | + |
| 49 | + // The caller's user agent string associated with the finding. |
| 50 | + string user_agent = 5; |
| 51 | + |
| 52 | + // This is the API service that the service account made a call to, e.g. |
| 53 | + // "iam.googleapis.com" |
| 54 | + string service_name = 6; |
| 55 | + |
| 56 | + // The method that the service account called, e.g. "SetIamPolicy". |
| 57 | + string method_name = 7; |
| 58 | + |
| 59 | + // A string that represents the principal_subject that is associated with the |
| 60 | + // identity. Unlike `principal_email`, `principal_subject` supports principals |
| 61 | + // that aren't associated with email addresses, such as third party |
| 62 | + // principals. For most identities, the format is |
| 63 | + // `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. |
| 64 | + // Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, |
| 65 | + // still use the legacy format `serviceAccount:{identity pool |
| 66 | + // name}[{subject}]`. |
| 67 | + string principal_subject = 8; |
| 68 | + |
| 69 | + // The name of the service account key that was used to create or exchange |
| 70 | + // credentials when authenticating the service account that made the request. |
| 71 | + // This is a scheme-less URI full resource name. For example: |
| 72 | + // |
| 73 | + // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}". |
| 74 | + // |
| 75 | + string service_account_key_name = 9; |
| 76 | + |
| 77 | + // The identity delegation history of an authenticated service account that |
| 78 | + // made the request. The `serviceAccountDelegationInfo[]` object contains |
| 79 | + // information about the real authorities that try to access Google Cloud |
| 80 | + // resources by delegating on a service account. When multiple authorities are |
| 81 | + // present, they are guaranteed to be sorted based on the original ordering of |
| 82 | + // the identity delegation events. |
| 83 | + repeated ServiceAccountDelegationInfo service_account_delegation_info = 10; |
| 84 | + |
| 85 | + // A string that represents a username. The username provided depends on the |
| 86 | + // type of the finding and is likely not an IAM principal. For example, this |
| 87 | + // can be a system username if the finding is related to a virtual machine, or |
| 88 | + // it can be an application login username. |
| 89 | + string user_name = 11; |
| 90 | +} |
| 91 | + |
| 92 | +// Identity delegation history of an authenticated service account. |
| 93 | +message ServiceAccountDelegationInfo { |
| 94 | + // The email address of a Google account. |
| 95 | + string principal_email = 1; |
| 96 | + |
| 97 | + // A string representing the principal_subject associated with the identity. |
| 98 | + // As compared to `principal_email`, supports principals that aren't |
| 99 | + // associated with email addresses, such as third party principals. For most |
| 100 | + // identities, the format will be `principal://iam.googleapis.com/{identity |
| 101 | + // pool name}/subjects/{subject}` except for some GKE identities |
| 102 | + // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy |
| 103 | + // format `serviceAccount:{identity pool name}[{subject}]` |
| 104 | + string principal_subject = 2; |
| 105 | +} |
| 106 | + |
| 107 | +// Represents a geographical location for a given access. |
| 108 | +message Geolocation { |
| 109 | + // A CLDR. |
| 110 | + string region_code = 1; |
| 111 | +} |
0 commit comments