davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/__init__.py Normal file
View File

@@ -0,0 +1,27 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Cloud SCC Assets."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
class Asset(base.Group):
"""Manage Cloud SCC (Security Command Center) assets."""
category = base.SECURITY_CATEGORY

65
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/describe.yaml Normal file
View File

@@ -0,0 +1,65 @@
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
# This command calls a list operation behind the scenes but we can't make command_type as list
# since it doesn't support any of the list-flags.
command_type: GENERIC
generic:
disable_paging_flags: true
help_text:
brief: Describe an asset given its resource name or asset id.
description: Describe an asset given its resource name or asset id.
examples: |
Describe an asset under organization 123456, given its full resource name (https://cloud.google.com/apis/design/resource_names#full_resource_name) e.g. //storage.googleapis.com/my-bucket:
$ {command} 123456 --resource-name="//storage.googleapis.com/my-bucket"
Describe an asset under organization 123456, given its Cloud SCC asset id 5678
$ {command} 123456 --asset=5678
Describe an asset under project example-project, given its Cloud SCC asset id 5678
$ {command} projects/example-project/assets/5678
Describe an asset under folder 456, given its Cloud SCC asset id 5678
$ {command} folders/456/assets/5678
request:
collection: securitycenter.organizations.assets
api_version: v1
method: list
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:DescribeAssetReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendParentArg
params:
- group:
mutex: true
required: true
params:
- arg_name: asset
help_text: |
Cloud SCC specific asset. It's derived from the the asset's relative resource name.
See: https://cloud.google.com/apis/design/resource_names#relative_resource_name.
For Example, for the given asset name: "organizations/123/assets/456", 456 represents
asset id.
- arg_name: resource-name
help_text: |
Asset's resource name. Full resource name of the Google Cloud Platform resource
this asset represents. This field is immutable after create time. See:
https://cloud.google.com/apis/design/resource_names#full_resource_name.
For Example: "//cloudresourcemanager.googleapis.com/projects/1234567890123" could be the
resource-name for a project.
response:
modify_response_hooks:
- googlecloudsdk.command_lib.scc.assets.response_hooks:ExtractMatchingAssetFromDescribeResponse

58
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/get_parent.yaml Normal file
View File

@@ -0,0 +1,58 @@
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
# This command calls a list operation behind the scenes but we can't make command_type as list
# since it doesn't support any of the list-flags.
command_type: GENERIC
generic:
disable_paging_flags: true
help_text:
brief: Get the Parent for an asset given its resource name or asset id.
description: Get the Parent for an asset given its resource name or asset id.
examples: |
Get parent's relative resource name given an asset's full resource name (https://cloud.google.com/apis/design/resource_names#full_resource_name) e.g. //storage.googleapis.com/my-bucket under organization 123456:
$ {command} 123456 --resource-name="//storage.googleapis.com/my-bucket"
Get parent's relative resource name given an asset's Cloud SCC id 5678 under organization 123456.
$ {command} 123456 --asset=5678
request:
collection: securitycenter.organizations.assets
api_version: v1
method: list
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:GetParentAssetReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendOrgArg
params:
- group:
mutex: true
required: true
params:
- arg_name: asset
help_text: |
Cloud SCC specific asset. It's derived from the the asset's relative resource name.
See: https://cloud.google.com/apis/design/resource_names#relative_resource_name.
For Example, for the given asset name: "organizations/123/assets/456", 456 represents
asset id.
- arg_name: resource-name
help_text: |
Asset's resource name. Full resource name of the Google Cloud Platform resource
this asset represents. This field is immutable after create time. See:
https://cloud.google.com/apis/design/resource_names#full_resource_name.
For Example: "//cloudresourcemanager.googleapis.com/projects/1234567890123" could be the
resource-name for a project.
response:
modify_response_hooks:
- googlecloudsdk.command_lib.scc.assets.response_hooks:ExtractMatchingAssetFromGetParentResponse

58
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/get_project.yaml Normal file
View File

@@ -0,0 +1,58 @@
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
# This command calls a list operation behind the scenes but we can't make command_type as list
# since it doesn't support any of the list-flags.
command_type: GENERIC
generic:
disable_paging_flags: true
help_text:
brief: Get the Project for an asset given its resource name or asset id.
description: Get the Project for an asset given its resource name or asset id.
examples: |
Get project id (https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) given an asset's full resource name (https://cloud.google.com/apis/design/resource_names#full_resource_name) e.g. //storage.googleapis.com/my-bucket under organization 123456:
$ {command} 123456 --resource-name="//storage.googleapis.com/my-bucket"
Get project id given an asset's Cloud SCC id 5678 under organization 123456.
$ {command} 123456 --asset=5678
request:
collection: securitycenter.organizations.assets
api_version: v1
method: list
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:GetProjectAssetReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendOrgArg
params:
- group:
mutex: true
required: true
params:
- arg_name: asset
help_text: |
Cloud SCC specific asset. It's derived from the the asset's relative resource name.
See: https://cloud.google.com/apis/design/resource_names#relative_resource_name.
For Example, for the given asset name: "organizations/123/assets/456", 456 represents
asset id.
- arg_name: resource-name
help_text: |
Asset's resource name. Full resource name of the Google Cloud Platform resource
this asset represents. This field is immutable after create time. See:
https://cloud.google.com/apis/design/resource_names#full_resource_name.
For Example: "//cloudresourcemanager.googleapis.com/projects/1234567890123" could be the
resource-name for a project.
response:
modify_response_hooks:
- googlecloudsdk.command_lib.scc.assets.response_hooks:ExtractMatchingAssetFromGetProjectResponse

80
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/group.yaml Normal file
View File

@@ -0,0 +1,80 @@
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
help_text:
brief: Filter an organization's assets and groups them by their specified properties.
description: Filter an organization's assets and groups them by their specified properties.
examples: |
Group assets under organization 123456 by their type (e.g. project, disk, compute instance, service etc):
$ {command} 123456 --group-by="security_center_properties.resource_type"
Group assets under project example-project by their type (e.g. project, disk, compute instance, service etc):
$ {command} projects/example-project --group-by="security_center_properties.resource_type"
Group assets under folder 456 by their type (e.g. project, disk, compute instance, service etc):
$ {command} folders/456 --group-by="security_center_properties.resource_type"
Group compute instances (assets) under organization 123456 by their respective projects:
$ {command} 123456 --filter="security_center_properties.resource_type=\"google.compute.Instance\"" --group-by="security_center_properties.resource_project"
Group assets that were updated on or after 2019-01-01T01:00:00 GMT by their types.
$ {command} 123456 --filter="update_time >= 1546304400000" --group-by="security_center_properties.resource_type"
Group assets into following 3 state_changes (ADDED/DELETED/ACTIVE) based on the activity during past 24 hours:
$ {command} 123456 --compare-duration=86400s --group-by="state_change"
request:
collection: securitycenter.organizations.assets
api_version: v1
method: group
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:GroupAssetsReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendParentArg
params:
- _REF_: googlecloudsdk.command_lib.scc.flags:read_time
api_field: groupAssetsRequest.readTime
- _REF_: googlecloudsdk.command_lib.scc.assets.flags:compare_duration
api_field: groupAssetsRequest.compareDuration
- arg_name: group-by
api_field: groupAssetsRequest.groupBy
help_text: |
Expression that defines what asset fields to use for grouping (including 'state').
String value should follow SQL syntax: comma separated list of fields.
For example: "parent,resource_name". The following fields are supported:
* security_center_properties.resource_project
* security_center_properties.resource_type
* security_center_properties.resource_parent
* state_change
- arg_name: filter
api_field: groupAssetsRequest.filter
help_text: |
Expression is a list of one or more restrictions combined via logical operators
'AND' and 'OR'. Parentheses are not supported, and 'OR' has higher precedence than
'AND'. For example, 'update_time > 100 AND
security_center_properties.resource_type=\"google.cloud.resourcemanager.Organization\"'
is a valid filter string.
- arg_name: page-size
api_field: groupAssetsRequest.pageSize
help_text: |
The maximum number of results to return in a single response. Default is
10, minimum is 1, maximum is 1000.
- arg_name: page-token
api_field: groupAssetsRequest.pageToken
help_text: |
Value returned by the last 'GroupAssetsResponse'; indicates
that this is a continuation of a prior 'GroupAssets' call, and that the
system should return the next page of data.

97
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/list.yaml Normal file
View File

@@ -0,0 +1,97 @@
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
help_text:
brief: List Cloud Security Command Center assets.
description: List Cloud Security Command Center assets.
examples: |
List all assets under organization (123456)
$ {command} 123456
List all assets under project (example-project)
$ {command} projects/example-project
List all assets under folder (456)
$ {command} folders/456
List all assets under organization (123456) that were present as of 2019-01-01T01:00:00 GMT time.
$ {command} 123456 --read-time="2019-01-01T01:00:00Z"
Only list category and resource_name for all assets under organization (123456):
$ {command} 123456 --field-mask="category,resource_name"
List all compute instances under organization (123456):
$ {command} 123456 --filter="security_center_properties.resource_type=\"google.compute.Instance\""
List all firewall rules that have open HTTP Ports:
$ {command} 123456 --filter="security_center_properties.resource_type = \"google.compute.Firewall\" AND resource_properties.name =\"default-allow-http\""
List all assets that belong to either projects: 5678 OR 78910 (project's numeric identifier).
$ {command} 123456 --filter="security_center_properties.resource_parent = \"//cloudresourcemanager.googleapis.com/projects/5678\" OR security_center_properties.resource_parent = "\78910\""
List all projects that are owned by a user:someone@domain.com. Notice the usage of : which enforces partial matching.
$ {command} 123456 --filter="security_center_properties.resource_type = \"google.cloud.resourcemanager.Project\" AND security_center_properties.resource_owners : \"user:someone@domain.com\""
List assets and add a state_change property that indicates if the asset was added, removed, or remained present during the past 24 hours period:
$ {command} 123456 --compare-duration=86400s
request:
collection: securitycenter.organizations.assets
api_version: v1
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:ListAssetsReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendParentArg
params:
- !REF googlecloudsdk.command_lib.scc.flags:read_time
- !REF googlecloudsdk.command_lib.scc.assets.flags:compare_duration
- arg_name: field-mask
api_field: fieldMask
help_text: |
Field mask to specify the Asset fields to be listed in the response. An empty field mask will list all fields.
Example field mask: "asset.security_center_properties.resource_type,asset.security_center_properties.resource_parent"
- arg_name: order-by
api_field: orderBy
help_text: |
Expression that defines what fields and order to use for sorting.
Example order by: "resource_properties.sort_prop ASC"
- arg_name: page-token
api_field: pageToken
help_text: |
The value returned by the last 'ListAssetsResponse'; indicates
that this is a continuation of a prior 'ListAssets' call, and that the
system should return the next page of data.

43
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/list_marks.yaml Normal file
View File

@@ -0,0 +1,43 @@
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
command_type: LIST
help_text:
brief: List an assets's security marks.
description: List an assets's security marks.
examples: |
List all security marks for asset (8910) under organization (123456):
$ {command} 8910 --organization=123456
List all security marks for asset (8910) under project (example-project):
$ {command} projects/example-project/assets/8910 --organization=123456
List all security marks for asset (8910) under folder (456):
$ {command} folders/456/assets/8910 --organization=123456
request:
collection: securitycenter.organizations.assets
api_version: v1
method: list
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:ListAssetSecurityMarksReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.assets.resource_hooks:AppendAssetArg
params:
- !REF googlecloudsdk.command_lib.scc.flags:page_token
- !REF googlecloudsdk.command_lib.scc.flags:read_time
response:
modify_response_hooks:
- googlecloudsdk.command_lib.scc.assets.response_hooks:ExtractSecurityMarksFromResponse

42
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/run_discovery.yaml Normal file
View File

@@ -0,0 +1,42 @@
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
help_text:
brief: Scan an organization for new/modified/deleted assets.
description: Scan an organization for new/modified/deleted assets. Note that this API can only
be called with limited frequency for an organization. If it is called too frequently the
caller will receive a TOO_MANY_REQUESTS error.
examples: |
Run new scan for organization (123456):
$ {command} 123456
request:
collection: securitycenter.organizations.assets
api_version: v1
method: runDiscovery
arguments:
resource:
help_text: The organization for which scan should be run.
override_resource_collection: true
spec: !REF googlecloudsdk.command_lib.scc.resources:organization

59
gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/assets/update_marks.yaml Normal file
View File

@@ -0,0 +1,59 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Update Cloud Security Command Center asset's security marks.
description: Update Cloud Security Command Center asset's security marks.
examples: |
Selectively update value of security mark (key1) with 'val1.1' on asset 5678 under organization 123456. Note that other security marks on the same asset will not change.
$ {command} 5678 --organization=123456 --security-marks="key1=val1.1" --update-mask="marks.key1"
Update value of security mark (key1) and delete other marks on asset 5678 under organization 123456:
$ {command} 5678 --organization=123456 --security-marks="key1=updatedVal"
Update value of security mark (key1) and delete other marks on asset 5678 under project example-project:
$ {command} projects/example-project/assets/5678 --security-marks="key1=updatedVal"
Update value of security mark (key1) and delete other marks on asset 5678 under folder 456:
$ {command} folders/456/assets/5678 --security-marks="key1=updatedVal"
Delete all security marks on asset 5678 under organization 123456:
$ {command} 5678 --organization=123456 --security-marks=""
request:
collection: securitycenter.organizations.assets
api_version: v1
method: updateSecurityMarks
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:UpdateAssetSecurityMarksReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.assets.resource_hooks:AppendAssetArg
params:
- arg_name: start-time
type: googlecloudsdk.core.util.times:ParseDateTime
processor: googlecloudsdk.core.util.times:FormatDateTime
api_field: startTime
help_text: |
Time at which the updated SecurityMarks take effect. See `$ gcloud topic datetimes` for
information on supported time formats.
- arg_name: security-marks
metavar: KEY=VALUE
api_field: securityMarks
help_text: |
SecurityMarks resource to be passed as the request body. It's a key=value pair separated
by comma (,). For example: --security-marks="key1=val1,key2=val2".
type: "googlecloudsdk.calliope.arg_parsers:ArgDict:"
processor: googlecloudsdk.command_lib.scc.hooks:SecurityMarksHook
- arg_name: update-mask
api_field: updateMask
help_text: |
Use update-mask if you want to selectively update marks represented by --security-marks
flag. For example: --update-mask="marks.key1,marks.key2". If you want to override all the
marks for the given asset either skip the update-mask flag or provide an empty value
(--update-mask '') for it.