Defines, assesses, and monitors the overall status of your security in Google Cloud. You can use security postures to evaluate your current cloud security against defined benchmarks and help maintain the level of security that your organization requires.

Details of a Cloud Asset Inventory asset that caused a violation.

The request message for Operations.CancelOperation.

Information about a compliance standard that the policy helps enforce.

Metadata for a constraint in a Policy.

Request message for CreateIaCValidationReport.

Defines the root interface for all clients that generate credentials for calling Google APIs. All clients should implement this interface.

A custom module configuration for Security Health Analytics. Use CustomConfig to create custom detectors that generate custom findings for resources that you specify.

Definitions of custom source properties that can appear in findings.

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

Request message for ExtractPosture.

A custom, user-defined constraint. You can apply the constraint only to the resource types specified in the constraint, and only within the organization where the constraint is defined. When you create a custom constraint, it is not enforced automatically. You must use an organization policy to enforce the constraint.

A rule that defines the allowed and denied values for an organization policy constraint.

The allowed and denied values for a list constraint. For all constraints, these fields can contain literal values. Optionally, you can add the is: prefix to these values. If the value contains a colon (:), then the is: prefix is required. Some constraints allow you to specify a portion of the resource hierarchy, known as a hierarchy subtree, that the constraint applies to. To specify a hierarchy subtree, use the under: prefix, followed by a value with one of these formats: - projects/{project_id} (for example, projects/tokyo-rain-123) - folders/{folder_id} (for example, folders/1234567890123) - organizations/{organization_id} (for example, organizations/123456789012) A constraint's supports_under field indicates whether you can specify a hierarchy subtree. To learn which predefined constraints let you specify a hierarchy subtree, see the constraints reference.

Details of an infrastructure-as-code (IaC) configuration.

Details of an infrastructure-as-code (IaC) validation report.

The response message for Locations.ListLocations.

The response message for Operations.ListOperations.

Response message for ListPostureDeployments.

Response message for ListPostureRevisions.

Response message for ListPostures.

Response message for ListPostureTemplates.

Response message for ListReports.

A resource that represents a Google Cloud location.

This resource represents a long-running operation that is the result of a network API call.

Metadata for an Operation.

Additional options for SecurityPosture#organizationsLocationsOperationsList.

Additional options for SecurityPosture#organizationsLocationsPostureDeploymentsCreate.

Additional options for SecurityPosture#organizationsLocationsPostureDeploymentsDelete.

Additional options for SecurityPosture#organizationsLocationsPostureDeploymentsList.

Additional options for SecurityPosture#organizationsLocationsPostureDeploymentsPatch.

Additional options for SecurityPosture#organizationsLocationsPosturesCreate.

Additional options for SecurityPosture#organizationsLocationsPosturesDelete.

Additional options for SecurityPosture#organizationsLocationsPosturesGet.

Additional options for SecurityPosture#organizationsLocationsPosturesList.

Additional options for SecurityPosture#organizationsLocationsPosturesListRevisions.

Additional options for SecurityPosture#organizationsLocationsPosturesPatch.

Additional options for SecurityPosture#organizationsLocationsPostureTemplatesGet.

Additional options for SecurityPosture#organizationsLocationsPostureTemplatesList.

Additional options for SecurityPosture#organizationsLocationsReportsList.

A predefined organization policy constraint.

A custom organization policy constraint.

The details of a policy, including the constraints that it includes.

Details of a policy that was violated.

A group of one or more Policy resources.

The details of a posture.

Details for a Posture deployment on an organization, folder, or project. You can deploy at most one posture to each organization, folder, or project. The parent resource for a posture deployment is always the organization, even if the deployment applies to a folder or project.

Details of a posture deployment.

The details of a posture template.

Additional options for SecurityPosture#projectsLocationsList.

A name-value pair used as a custom source property.

Details of a report.

A selector for the resource types to run the detector on.

Set multiple resource types for one policy, eg: resourceTypes: included: - compute.googleapis.com/Instance - compute.googleapis.com/Disk Constraint definition contains an empty resource type in order to support multiple resource types in the policy. Only support Google managed constriaint and method type is GOVERN_TAGS Refer go/multi-resource-support-force-tags-gmc to get more details.

A custom module for Security Health Analytics.

A built-in detector for Security Health Analytics.

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

Details of a violation.