feat(security_center): Add NotificationConfig

* Add SecurityCenter#create_notification_config
* Add SecurityCenter#delete_notification_config
* Add SecurityCenter#get_notification_config
* Add SecurityCenter#list_notification_configs
* Add SecurityCenter#update_notification_config

google-cloud-security_center/lib/google/cloud/security_center/v1.rb

@@ -15,6 +15,7 @@
 
 require "google/cloud/security_center/v1/security_center_client"
 require "google/cloud/security_center/v1/helpers"
+require "google/cloud/security_center/v1/notification_message_pb"
 require "google/cloud/security_center/v1/run_asset_discovery_response_pb"
 
 module Google

google-cloud-security_center/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/notification_config.rb

@@ -0,0 +1,75 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Cloud
+    module Securitycenter
+      module V1
+        # Cloud Security Command Center (Cloud SCC) notification configs.
+        #
+        # A notification config is a Cloud SCC resource that contains the configuration
+        # to send notifications for create/update events of findings, assets and etc.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     The relative resource name of this notification config. See:
+        #     https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        #     Example:
+        #     "organizations/{organization_id}/notificationConfigs/notify_public_bucket".
+        # @!attribute [rw] description
+        #   @return [String]
+        #     The description of the notification config (max of 1024 characters).
+        # @!attribute [rw] pubsub_topic
+        #   @return [String]
+        #     The PubSub topic to send notifications to. Its format is
+        #     "projects/[project_id]/topics/[topic]".
+        # @!attribute [rw] service_account
+        #   @return [String]
+        #     Output only. The service account that needs "pubsub.topics.publish"
+        #     permission to publish to the PubSub topic.
+        # @!attribute [rw] streaming_config
+        #   @return [Google::Cloud::SecurityCenter::V1::NotificationConfig::StreamingConfig]
+        #     The config for triggering streaming-based notifications.
+        class NotificationConfig
+          # The config for streaming-based notifications, which send each event as soon
+          # as it is detected.
+          # @!attribute [rw] filter
+          #   @return [String]
+          #     Expression that defines the filter to apply across create/update events
+          #     of assets or findings as specified by the event type. The expression is a
+          #     list of zero or more restrictions combined via logical operators `AND`
+          #     and `OR`. Parentheses are supported, and `OR` has higher precedence than
+          #     `AND`.
+          #
+          #     Restrictions have the form `<field> <operator> <value>` and may have a
+          #     `-` character in front of them to indicate negation. The fields map to
+          #     those defined in the corresponding resource.
+          #
+          #     The supported operators are:
+          #
+          #     * `=` for all value types.
+          #     * `>`, `<`, `>=`, `<=` for integer values.
+          #     * `:`, meaning substring matching, for strings.
+          #
+          #     The supported value types are:
+          #
+          #     * string literals in quotes.
+          #     * integer literals without quotes.
+          #     * boolean literals `true` and `false` without quotes.
+          class StreamingConfig; end
+        end
+      end
+    end
+  end
+end

google-cloud-security_center/lib/google/cloud/security_center/v1/doc/google/cloud/securitycenter/v1/securitycenter_service.rb

@@ -29,26 +29,58 @@ module V1
         #     greater than 0 characters in length.
         # @!attribute [rw] finding
         #   @return [Google::Cloud::SecurityCenter::V1::Finding]
-        #     Required. The Finding being created. The name and security_marks will be ignored as
-        #     they are both output only fields on this resource.
+        #     Required. The Finding being created. The name and security_marks will be
+        #     ignored as they are both output only fields on this resource.
         class CreateFindingRequest; end
 
+        # Request message for creating a notification config.
+        # @!attribute [rw] parent
+        #   @return [String]
+        #     Required. Resource name of the new notification config's parent. Its format
+        #     is "organizations/[organization_id]".
+        # @!attribute [rw] config_id
+        #   @return [String]
+        #     Required.
+        #     Unique identifier provided by the client within the parent scope.
+        #     It must be between 1 and 128 characters, and contains alphanumeric
+        #     characters, underscores or hyphens only.
+        # @!attribute [rw] notification_config
+        #   @return [Google::Cloud::SecurityCenter::V1::NotificationConfig]
+        #     Required. The notification config being created. The name and the service
+        #     account will be ignored as they are both output only fields on this
+        #     resource.
+        class CreateNotificationConfigRequest; end
+
         # Request message for creating a source.
         # @!attribute [rw] parent
         #   @return [String]
         #     Required. Resource name of the new source's parent. Its format should be
         #     "organizations/[organization_id]".
         # @!attribute [rw] source
         #   @return [Google::Cloud::SecurityCenter::V1::Source]
-        #     Required. The Source being created, only the display_name and description will be
-        #     used. All other fields will be ignored.
+        #     Required. The Source being created, only the display_name and description
+        #     will be used. All other fields will be ignored.
         class CreateSourceRequest; end
 
+        # Request message for deleting a notification config.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     Required. Name of the notification config to delete. Its format is
+        #     "organizations/[organization_id]/notificationConfigs/[config_id]".
+        class DeleteNotificationConfigRequest; end
+
+        # Request message for getting a notification config.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     Required. Name of the notification config to get. Its format is
+        #     "organizations/[organization_id]/notificationConfigs/[config_id]".
+        class GetNotificationConfigRequest; end
+
         # Request message for getting organization settings.
         # @!attribute [rw] name
         #   @return [String]
-        #     Required. Name of the organization to get organization settings for. Its format is
-        #     "organizations/[organization_id]/organizationSettings".
+        #     Required. Name of the organization to get organization settings for. Its
+        #     format is "organizations/[organization_id]/organizationSettings".
         class GetOrganizationSettingsRequest; end
 
         # Request message for getting a source.
@@ -123,9 +155,9 @@ class GetSourceRequest; end
         #     For example, `resource_properties.size = 100` is a valid filter string.
         # @!attribute [rw] group_by
         #   @return [String]
-        #     Required. Expression that defines what assets fields to use for grouping. The string
-        #     value should follow SQL syntax: comma separated list of fields. For
-        #     example:
+        #     Required. Expression that defines what assets fields to use for grouping.
+        #     The string value should follow SQL syntax: comma separated list of fields.
+        #     For example:
         #     "security_center_properties.resource_project,security_center_properties.project".
         #
         #     The following fields are supported when compare_duration is not set:
@@ -259,9 +291,9 @@ class GroupAssetsResponse; end
         #     For example, `source_properties.size = 100` is a valid filter string.
         # @!attribute [rw] group_by
         #   @return [String]
-        #     Required. Expression that defines what assets fields to use for grouping (including
-        #     `state_change`). The string value should follow SQL syntax: comma separated
-        #     list of fields. For example: "parent,resource_name".
+        #     Required. Expression that defines what assets fields to use for grouping
+        #     (including `state_change`). The string value should follow SQL syntax:
+        #     comma separated list of fields. For example: "parent,resource_name".
         #
         #     The following fields are supported:
         #
@@ -294,12 +326,18 @@ class GroupAssetsResponse; end
         #
         #     Possible "state_change" values when compare_duration is specified:
         #
-        #     * "CHANGED":   indicates that the finding was present at the start of
-        #       compare_duration, but changed its state at read_time.
-        #     * "UNCHANGED": indicates that the finding was present at the start of
-        #       compare_duration and did not change state at read_time.
-        #     * "ADDED":     indicates that the finding was not present at the start
-        #       of compare_duration, but was present at read_time.
+        #     * "CHANGED":   indicates that the finding was present and matched the given
+        #       filter at the start of compare_duration, but changed its
+        #       state at read_time.
+        #     * "UNCHANGED": indicates that the finding was present and matched the given
+        #       filter at the start of compare_duration and did not change
+        #       state at read_time.
+        #     * "ADDED":     indicates that the finding did not match the given filter or
+        #       was not present at the start of compare_duration, but was
+        #       present at read_time.
+        #     * "REMOVED":   indicates that the finding was present and matched the
+        #       filter at the start of compare_duration, but did not match
+        #       the filter at read_time.
         #
         #     If compare_duration is not specified, then the only possible state_change
         #     is "UNUSED",  which will be the state_change set for all findings present
@@ -345,11 +383,37 @@ class GroupFindingsResponse; end
         #     Total count of resources for the given properties.
         class GroupResult; end
 
+        # Request message for listing notification configs.
+        # @!attribute [rw] parent
+        #   @return [String]
+        #     Required. Name of the organization to list notification configs.
+        #     Its format is "organizations/[organization_id]".
+        # @!attribute [rw] page_token
+        #   @return [String]
+        #     The value returned by the last `ListNotificationConfigsResponse`; indicates
+        #     that this is a continuation of a prior `ListNotificationConfigs` call, and
+        #     that the system should return the next page of data.
+        # @!attribute [rw] page_size
+        #   @return [Integer]
+        #     The maximum number of results to return in a single response. Default is
+        #     10, minimum is 1, maximum is 1000.
+        class ListNotificationConfigsRequest; end
+
+        # Response message for listing notification configs.
+        # @!attribute [rw] notification_configs
+        #   @return [Array<Google::Cloud::SecurityCenter::V1::NotificationConfig>]
+        #     Notification configs belonging to the requested parent.
+        # @!attribute [rw] next_page_token
+        #   @return [String]
+        #     Token to retrieve the next page of results, or empty if there are no more
+        #     results.
+        class ListNotificationConfigsResponse; end
+
         # Request message for listing sources.
         # @!attribute [rw] parent
         #   @return [String]
-        #     Required. Resource name of the parent of sources to list. Its format should be
-        #     "organizations/[organization_id]".
+        #     Required. Resource name of the parent of sources to list. Its format should
+        #     be "organizations/[organization_id]".
         # @!attribute [rw] page_token
         #   @return [String]
         #     The value returned by the last `ListSourcesResponse`; indicates
@@ -491,9 +555,8 @@ class ListSourcesResponse; end
         #     read_time.
         # @!attribute [rw] field_mask
         #   @return [Google::Protobuf::FieldMask]
-        #     Optional. A field mask to specify the ListAssetsResult fields to be listed in the
-        #     response.
-        #     An empty field mask will list all fields.
+        #     Optional. A field mask to specify the ListAssetsResult fields to be listed
+        #     in the response. An empty field mask will list all fields.
         # @!attribute [rw] page_token
         #   @return [String]
         #     The value returned by the last `ListAssetsResponse`; indicates
@@ -644,20 +707,26 @@ module StateChange
         #
         #     Possible "state_change" values when compare_duration is specified:
         #
-        #     * "CHANGED":   indicates that the finding was present at the start of
-        #       compare_duration, but changed its state at read_time.
-        #     * "UNCHANGED": indicates that the finding was present at the start of
-        #       compare_duration and did not change state at read_time.
-        #     * "ADDED":     indicates that the finding was not present at the start
-        #       of compare_duration, but was present at read_time.
+        #     * "CHANGED":   indicates that the finding was present and matched the given
+        #       filter at the start of compare_duration, but changed its
+        #       state at read_time.
+        #     * "UNCHANGED": indicates that the finding was present and matched the given
+        #       filter at the start of compare_duration and did not change
+        #       state at read_time.
+        #     * "ADDED":     indicates that the finding did not match the given filter or
+        #       was not present at the start of compare_duration, but was
+        #       present at read_time.
+        #     * "REMOVED":   indicates that the finding was present and matched the
+        #       filter at the start of compare_duration, but did not match
+        #       the filter at read_time.
         #
         #     If compare_duration is not specified, then the only possible state_change
         #     is "UNUSED", which will be the state_change set for all findings present at
         #     read_time.
         # @!attribute [rw] field_mask
         #   @return [Google::Protobuf::FieldMask]
-        #     Optional. A field mask to specify the Finding fields to be listed in the response.
-        #     An empty field mask will list all fields.
+        #     Optional. A field mask to specify the Finding fields to be listed in the
+        #     response. An empty field mask will list all fields.
         # @!attribute [rw] page_token
         #   @return [String]
         #     The value returned by the last `ListFindingsResponse`; indicates
@@ -763,15 +832,15 @@ class SetFindingStateRequest; end
         # Request message for running asset discovery for an organization.
         # @!attribute [rw] parent
         #   @return [String]
-        #     Required. Name of the organization to run asset discovery for. Its format is
-        #     "organizations/[organization_id]".
+        #     Required. Name of the organization to run asset discovery for. Its format
+        #     is "organizations/[organization_id]".
         class RunAssetDiscoveryRequest; end
 
         # Request message for updating or creating a finding.
         # @!attribute [rw] finding
         #   @return [Google::Cloud::SecurityCenter::V1::Finding]
-        #     Required. The finding resource to update or create if it does not already exist.
-        #     parent, security_marks, and update_time will be ignored.
+        #     Required. The finding resource to update or create if it does not already
+        #     exist. parent, security_marks, and update_time will be ignored.
         #
         #     In the case of creation, the finding id portion of the name must be
         #     alphanumeric and less than or equal to 32 characters and greater than 0
@@ -787,6 +856,17 @@ class RunAssetDiscoveryRequest; end
         #     mask.
         class UpdateFindingRequest; end
 
+        # Request message for updating a notification config.
+        # @!attribute [rw] notification_config
+        #   @return [Google::Cloud::SecurityCenter::V1::NotificationConfig]
+        #     Required. The notification config to update.
+        # @!attribute [rw] update_mask
+        #   @return [Google::Protobuf::FieldMask]
+        #     The FieldMask to use when updating the notification config.
+        #
+        #     If empty all mutable fields will be updated.
+        class UpdateNotificationConfigRequest; end
+
         # Request message for updating an organization's settings.
         # @!attribute [rw] organization_settings
         #   @return [Google::Cloud::SecurityCenter::V1::OrganizationSettings]

google-cloud-security_center/lib/google/cloud/security_center/v1/doc/google/protobuf/empty.rb

@@ -0,0 +1,29 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Protobuf
+    # A generic empty message that you can re-use to avoid defining duplicated
+    # empty messages in your APIs. A typical example is to use it as the request
+    # or the response type of an API method. For instance:
+    #
+    #     service Foo {
+    #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
+    #     }
+    #
+    # The JSON representation for `Empty` is empty JSON object `{}`.
+    class Empty; end
+  end
+end