Package Classes (0.2.0)

Config Service manages compliance frameworks, cloud controls, and their configurations.

Config Service manages compliance frameworks, cloud controls, and their configurations.

A pager for iterating through list_cloud_controls requests.

This class thinly wraps an initial ListCloudControlsResponse object, and provides an __aiter__ method to iterate through its cloud_controls field.

If there are more pages, the __aiter__ method will make additional ListCloudControls requests and continue to iterate through the cloud_controls field on the corresponding responses.

All the usual ListCloudControlsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_cloud_controls requests.

This class thinly wraps an initial ListCloudControlsResponse object, and provides an __iter__ method to iterate through its cloud_controls field.

If there are more pages, the __iter__ method will make additional ListCloudControls requests and continue to iterate through the cloud_controls field on the corresponding responses.

All the usual ListCloudControlsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_frameworks requests.

This class thinly wraps an initial ListFrameworksResponse object, and provides an __aiter__ method to iterate through its frameworks field.

If there are more pages, the __aiter__ method will make additional ListFrameworks requests and continue to iterate through the frameworks field on the corresponding responses.

All the usual ListFrameworksResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_frameworks requests.

This class thinly wraps an initial ListFrameworksResponse object, and provides an __iter__ method to iterate through its frameworks field.

If there are more pages, the __iter__ method will make additional ListFrameworks requests and continue to iterate through the frameworks field on the corresponding responses.

All the usual ListFrameworksResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Deployment service allows users to manage deployments of Frameworks and Cloud Controls on a target resource.

Deployment service allows users to manage deployments of Frameworks and Cloud Controls on a target resource.

A pager for iterating through list_cloud_control_deployments requests.

This class thinly wraps an initial ListCloudControlDeploymentsResponse object, and provides an __aiter__ method to iterate through its cloud_control_deployments field.

If there are more pages, the __aiter__ method will make additional ListCloudControlDeployments requests and continue to iterate through the cloud_control_deployments field on the corresponding responses.

All the usual ListCloudControlDeploymentsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_cloud_control_deployments requests.

This class thinly wraps an initial ListCloudControlDeploymentsResponse object, and provides an __iter__ method to iterate through its cloud_control_deployments field.

If there are more pages, the __iter__ method will make additional ListCloudControlDeployments requests and continue to iterate through the cloud_control_deployments field on the corresponding responses.

All the usual ListCloudControlDeploymentsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_framework_deployments requests.

This class thinly wraps an initial ListFrameworkDeploymentsResponse object, and provides an __aiter__ method to iterate through its framework_deployments field.

If there are more pages, the __aiter__ method will make additional ListFrameworkDeployments requests and continue to iterate through the framework_deployments field on the corresponding responses.

All the usual ListFrameworkDeploymentsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_framework_deployments requests.

This class thinly wraps an initial ListFrameworkDeploymentsResponse object, and provides an __iter__ method to iterate through its framework_deployments field.

If there are more pages, the __iter__ method will make additional ListFrameworkDeployments requests and continue to iterate through the framework_deployments field on the corresponding responses.

All the usual ListFrameworkDeploymentsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Allowed set of values for the parameter.

Attribute at the given path is substituted entirely.

A CEL expression <https://cloud.google.com/certificate-authority-service/docs/using-cel>__.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

A CloudControl is the fundamental unit encapsulating the rules to meet a specific security or compliance intent. It can contain various rule types (like Organization Policies, CEL expressions, etc.) enabling different enforcement modes (Preventive, Detective, Audit). CloudControls are often parameterized for reusability and can be either BUILT_IN (provided by Google) or CUSTOM (defined by the user).

The category of the cloud control.

CloudControlDeployment represents deployment of a CloudControl on a target resource. Supported target resources are organizations/{organization}, folders/{folder}, and projects/{project}.

The reference to a CloudControlDeployment.

CloudControlDetails contains the details of a CloudControl.

CloudControlMetadata contains the enforcement mode and parameters of a Cloud Control Deployment.

The cloud platform.

Request message for creating a CloudControl

Request message for CreateFrameworkDeployment API.

Request message for creating a Framework

Request message for deleting a CloudControl.

Request message for DeleteFrameworkDeployment.

Request message for deleting a Framework.

DeploymentState represents the state of the Deployment resource.

The enforcement mode of the cloud control.

FolderCreationConfig contains the config to create a new folder to be used as the target_resource of a deployment.

A Framework is a collection of CloudControls to address security and compliance requirements. Frameworks can be used for prevention, detection, and auditing. They can be either built-in, industry-standard frameworks provided by GCP/AZURE/AWS (e.g., NIST, FedRAMP) or custom frameworks created by users.

The type of the framework.

The category of the framework.

FrameworkDeployment represents deployment of a Framework on a target resource. Supported target resources are organizations/{organization}, folders/{folder}, and projects/{project}.

The reference to a FrameworkDeployment.

FrameworkReference contains the reference of a framework.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Request message for GetCloudControlDeployment.

Request message for getting a CloudControl.

Request message for GetFrameworkDeployment.

Request message for getting a Framework.

Number range for number parameters.

Request message for ListCloudControlDeployments.

Response message for ListCloudControlDeployments.

Request message for listing CloudControls.

Response message for ListCloudControls.

Request message for ListFrameworkDeployments.

Response message for ListFrameworkDeployments.

Request message for listing Frameworks.

Response message for listing Frameworks. Contains a paginated list of Framework resources.

Represents the metadata of the long-running operation.

Possible parameter value types.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Parameters is a key-value pair.

A parameter spec of the cloud control.

The type of the parameter value.

Parameter substitution rules.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Placeholder is substituted in the rendered string.

ProjectCreationConfig contains the config to create a new project to be used as the target_resource of a deployment.

Regular Expression Validator for parameter values.

A rule of the cloud control.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

The action type of the rule.

The severity of the finding.

    A critical vulnerability is easily discoverable
    by an external actor, exploitable, and results
    in the direct ability to execute arbitrary code,
    exfiltrate data, and otherwise gain additional
    access and privileges to cloud resources and
    workloads. Examples include publicly accessible
    unprotected user data and public SSH access with
    weak or no passwords.

    Threat:

    Indicates a threat that is able to access,
    modify, or delete data or execute unauthorized
    code within existing resources.
HIGH (2):
    Vulnerability:

    A high risk vulnerability can be easily
    discovered and exploited in combination with
    other vulnerabilities in order to gain direct
    access and the ability to execute arbitrary
    code, exfiltrate data, and otherwise gain
    additional access and privileges to cloud
    resources and workloads. An example is a
    database with weak or no passwords that is only
    accessible internally. This database could
    easily be compromised by an actor that had
    access to the internal network.

    Threat:

    Indicates a threat that is able to create new
    computational resources in an environment but
    not able to access data or execute code in
    existing resources.
MEDIUM (3):
    Vulnerability:

    A medium risk vulnerability could be used by an
    actor to gain access to resources or privileges
    that enable them to eventually (through multiple
    steps or a complex exploit) gain access and the
    ability to execute arbitrary code or exfiltrate
    data. An example is a service account with
    access to more projects than it should have. If
    an actor gains access to the service account,
    they could potentially use that access to
    manipulate a project the service account was not
    intended to.

    Threat:

    Indicates a threat that is able to cause
    operational impact but may not access data or
    execute unauthorized code.
LOW (4):
    Vulnerability:

    A low risk vulnerability hampers a security
    organization's ability to detect vulnerabilities
    or active threats in their deployment, or
    prevents the root cause investigation of
    security issues. An example is monitoring and
    logs being disabled for resource configurations
    and access.

    Threat:

    Indicates a threat that has obtained minimal
    access to an environment but is not able to
    access data, execute code, or create resources.

A list of strings.

TargetResourceConfig contains either the name of the target_resource or contains the config to create a new target_resource.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

TargetResourceCreationConfig contains the config to create a new resource to be used as the target_resource of a deployment.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

TargetResourceType represents the type of resource that a control or framework can be applied to.

Request message for UpdateCloudControl.

Request message for updating a Framework.

Validation of the parameter.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

API documentation for cloudsecuritycompliance_v1.services.config.pagers module.

API documentation for cloudsecuritycompliance_v1.services.deployment.pagers module.