REST Resource: organizations.locations.resourceValueConfigs

Resource: ResourceValueConfig

A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.

JSON representation
{
  "name": string,
  "resourceValue": enum (ResourceValue),
  "tagValues": [
    string
  ],
  "resourceType": string,
  "scope": string,
  "resourceLabelsSelector": {
    string: string,
    ...
  },
  "description": string,
  "createTime": string,
  "updateTime": string,
  "cloudProvider": enum (CloudProvider),
  "sensitiveDataProtectionMapping": {
    object (SensitiveDataProtectionMapping)
  }
}
Fields
name

string

Identifier. Name for the resource value configuration

resourceValue

enum (ResourceValue)

Resource value level this expression represents Only required when there is no Sensitive Data Protection mapping in the request

tagValues[]

string

Tag values combined with AND to check against. Values in the form "tagValues/123" Example: [ "tagValues/123", "tagValues/456", "tagValues/789" ] https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing

resourceType

string

Apply resourceValue only to resources that match resourceType. resourceType will be checked with AND of other resources. For example, "storage.googleapis.com/Bucket" with resourceValue "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.

scope

string

Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope and will be checked with AND of other resources.

resourceLabelsSelector

map (key: string, value: string)

List of resource labels to search for, evaluated with AND. For example, "resourceLabelsSelector": {"key": "value", "env": "prod"} will match resources with labels "key": "value" AND "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

description

string

Description of the resource value configuration.

createTime

string (Timestamp format)

Output only. Timestamp this resource value configuration was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. Timestamp this resource value configuration was last updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

cloudProvider

enum (CloudProvider)

Cloud provider this configuration applies to

sensitiveDataProtectionMapping

object (SensitiveDataProtectionMapping)

A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resourceType that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset".

ResourceValue

Value enum to map to a resource

Enums
RESOURCE_VALUE_UNSPECIFIED Unspecific value
HIGH High resource value
MEDIUM Medium resource value
LOW Low resource value
NONE No resource value, e.g. ignore these resources

SensitiveDataProtectionMapping

Resource value mapping for Sensitive Data Protection findings If any of these mappings have a resource value that is not unspecified, the resourceValue field will be ignored when reading this configuration.

JSON representation
{
  "highSensitivityMapping": enum (ResourceValue),
  "mediumSensitivityMapping": enum (ResourceValue)
}
Fields
highSensitivityMapping

enum (ResourceValue)

Resource value mapping for high-sensitivity Sensitive Data Protection findings

mediumSensitivityMapping

enum (ResourceValue)

Resource value mapping for medium-sensitivity Sensitive Data Protection findings

Methods

batchCreate

Creates a ResourceValueConfig for an organization.

delete

Deletes a ResourceValueConfig.

get

Gets a ResourceValueConfig.

list

Lists all ResourceValueConfigs.

patch

Updates an existing ResourceValueConfigs with new rules.