Creates a ResourceValueConfig for an organization. Maps user's tags to difference resource values for use by the attack path simulation.

Method Details

batchCreate(parent, body=None, x__xgafv=None)

Creates a ResourceValueConfig for an organization. Maps user's tags to difference resource values for use by the attack path simulation.

Args:
parent: string, Required. Resource name of the new ResourceValueConfig's parent. The parent field in the CreateResourceValueConfigRequest messages must either be empty or match this field. (required)
body: object, The request body.
The object takes the form of:

{ # Request message to create multiple resource value configs
"requests": [ # Required. The resource value configs to be created.
{ # Request message to create single resource value config
"parent": "A String", # Required. Resource name of the new ResourceValueConfig's parent.
"resourceValueConfig": { # A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations. # Required. The resource value config being created.
"cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value configuration was created.
"description": "A String", # Description of the resource value configuration.
"name": "A String", # Name for the resource value configuration
"resourceLabelsSelector": { # List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
"a_key": "A String",
},
"resourceType": "A String", # Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
"resourceValue": "A String", # Required. Resource value level this expression represents
"scope": "A String", # Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
"sensitiveDataProtectionMapping": { # Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. # A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".
"highSensitivityMapping": "A String", # Resource value mapping for high-sensitivity Sensitive Data Protection findings
"mediumSensitivityMapping": "A String", # Resource value mapping for medium-sensitivity Sensitive Data Protection findings
},
"tagValues": [ # Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
"A String",
],
"updateTime": "A String", # Output only. Timestamp this resource value configuration was last updated.
},
},
],
}

x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format

Returns:
An object of the form:

{ # Response message for BatchCreateResourceValueConfigs
"resourceValueConfigs": [ # The resource value configs created
{ # A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
"cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value configuration was created.
"description": "A String", # Description of the resource value configuration.
"name": "A String", # Name for the resource value configuration
"resourceLabelsSelector": { # List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
"a_key": "A String",
},
"resourceType": "A String", # Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
"resourceValue": "A String", # Required. Resource value level this expression represents
"scope": "A String", # Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
"sensitiveDataProtectionMapping": { # Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. # A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".
"highSensitivityMapping": "A String", # Resource value mapping for high-sensitivity Sensitive Data Protection findings
"mediumSensitivityMapping": "A String", # Resource value mapping for medium-sensitivity Sensitive Data Protection findings
},
"tagValues": [ # Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
"A String",
],
"updateTime": "A String", # Output only. Timestamp this resource value configuration was last updated.
},
],
}

close()

Close httplib2 connections.

delete(name, x__xgafv=None)

Deletes a ResourceValueConfig.

Args:
  name: string, Required. Name of the ResourceValueConfig to delete (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
}

get(name, x__xgafv=None)

Gets a ResourceValueConfig.

Args:
  name: string, Required. Name of the resource value config to retrieve. Its format is `organizations/{organization}/resourceValueConfigs/{config_id}`. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
  "cloudProvider": "A String", # Cloud provider this configuration applies to
  "createTime": "A String", # Output only. Timestamp this resource value configuration was created.
  "description": "A String", # Description of the resource value configuration.
  "name": "A String", # Name for the resource value configuration
  "resourceLabelsSelector": { # List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
    "a_key": "A String",
  },
  "resourceType": "A String", # Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
  "resourceValue": "A String", # Required. Resource value level this expression represents
  "scope": "A String", # Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
  "sensitiveDataProtectionMapping": { # Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. # A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".
    "highSensitivityMapping": "A String", # Resource value mapping for high-sensitivity Sensitive Data Protection findings
    "mediumSensitivityMapping": "A String", # Resource value mapping for medium-sensitivity Sensitive Data Protection findings
  },
  "tagValues": [ # Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
    "A String",
  ],
  "updateTime": "A String", # Output only. Timestamp this resource value configuration was last updated.
}

list(parent, pageSize=None, pageToken=None, x__xgafv=None)

Lists all ResourceValueConfigs.

Args:
parent: string, Required. The parent, which owns the collection of resource value configs. Its format is `organizations/[organization_id]` (required)
pageSize: integer, The number of results to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
pageToken: string, A page token, received from a previous `ListResourceValueConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListResourceValueConfigs` must match the call that provided the page token. page_size can be specified, and the new page_size will be used.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format

Returns:
An object of the form:

{ # Response message to list resource value configs
"nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is empty, there are no subsequent pages.
"resourceValueConfigs": [ # The resource value configs from the specified parent.
{ # A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
"cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value configuration was created.
"description": "A String", # Description of the resource value configuration.
"name": "A String", # Name for the resource value configuration
"resourceLabelsSelector": { # List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
"a_key": "A String",
},
"resourceType": "A String", # Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
"resourceValue": "A String", # Required. Resource value level this expression represents
"scope": "A String", # Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
"sensitiveDataProtectionMapping": { # Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. # A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".
"highSensitivityMapping": "A String", # Resource value mapping for high-sensitivity Sensitive Data Protection findings
"mediumSensitivityMapping": "A String", # Resource value mapping for medium-sensitivity Sensitive Data Protection findings
},
"tagValues": [ # Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
"A String",
],
"updateTime": "A String", # Output only. Timestamp this resource value configuration was last updated.
},
],
}

list_next()

Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.

patch(name, body=None, updateMask=None, x__xgafv=None)

Updates an existing ResourceValueConfigs with new rules.

Args:
  name: string, Name for the resource value configuration (required)
  body: object, The request body.
    The object takes the form of:

{ # A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
  "cloudProvider": "A String", # Cloud provider this configuration applies to
  "createTime": "A String", # Output only. Timestamp this resource value configuration was created.
  "description": "A String", # Description of the resource value configuration.
  "name": "A String", # Name for the resource value configuration
  "resourceLabelsSelector": { # List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
    "a_key": "A String",
  },
  "resourceType": "A String", # Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
  "resourceValue": "A String", # Required. Resource value level this expression represents
  "scope": "A String", # Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
  "sensitiveDataProtectionMapping": { # Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. # A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".
    "highSensitivityMapping": "A String", # Resource value mapping for high-sensitivity Sensitive Data Protection findings
    "mediumSensitivityMapping": "A String", # Resource value mapping for medium-sensitivity Sensitive Data Protection findings
  },
  "tagValues": [ # Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
    "A String",
  ],
  "updateTime": "A String", # Output only. Timestamp this resource value configuration was last updated.
}

  updateMask: string, The list of fields to be updated. If empty all mutable fields will be updated.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
  "cloudProvider": "A String", # Cloud provider this configuration applies to
  "createTime": "A String", # Output only. Timestamp this resource value configuration was created.
  "description": "A String", # Description of the resource value configuration.
  "name": "A String", # Name for the resource value configuration
  "resourceLabelsSelector": { # List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
    "a_key": "A String",
  },
  "resourceType": "A String", # Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
  "resourceValue": "A String", # Required. Resource value level this expression represents
  "scope": "A String", # Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
  "sensitiveDataProtectionMapping": { # Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. # A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".
    "highSensitivityMapping": "A String", # Resource value mapping for high-sensitivity Sensitive Data Protection findings
    "mediumSensitivityMapping": "A String", # Resource value mapping for medium-sensitivity Sensitive Data Protection findings
  },
  "tagValues": [ # Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
    "A String",
  ],
  "updateTime": "A String", # Output only. Timestamp this resource value configuration was last updated.
}

Security Command Center API . organizations . resourceValueConfigs

Instance Methods

Method Details