feat: Adding database access information, such as queries field to a finding. A database may be a sub-resource of an instance (as in the case of CloudSQL instances or Cloud Spanner instances), or the database instance itself

Google APIs · copybara-github · commit a887434dd3a1 · 2022-08-23T13:41:00.000-07:00
PiperOrigin-RevId: 469544940
diff --git a/google/cloud/securitycenter/v1/BUILD.bazel b/google/cloud/securitycenter/v1/BUILD.bazel
@@ -59,6 +59,7 @@ proto_library(
         "connection.proto",
         "contact_details.proto",
         "container.proto",
+        "database.proto",
         "exfiltration.proto",
         "external_system.proto",
         "file.proto",
diff --git a/google/cloud/securitycenter/v1/database.proto b/google/cloud/securitycenter/v1/database.proto
@@ -0,0 +1,52 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "DatabaseProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Represents database access information, such as queries.
+// A database may be a sub-resource of an instance (as in the case of CloudSQL
+// instances or Cloud Spanner instances), or the database instance itself.
+// Some database resources may not have the full resource name populated
+// because these resource types are not yet supported by Cloud Asset Inventory
+// (e.g. CloudSQL databases).  In these cases only the display name will be
+// provided.
+message Database {
+  // The full resource name of the database the user connected to, if it is
+  // supported by CAI. (https://google.aip.dev/122#full-resource-names)
+  string name = 1;
+
+  // The human readable name of the database the user connected to.
+  string display_name = 2;
+
+  // The username used to connect to the DB. This may not necessarily be an IAM
+  // principal, and has no required format.
+  string user_name = 3;
+
+  // The SQL statement associated with the relevant access.
+  string query = 4;
+
+  // The target usernames/roles/groups of a SQL privilege grant (not an IAM
+  // policy change).
+  repeated string grantees = 5;
+}
diff --git a/google/cloud/securitycenter/v1/finding.proto b/google/cloud/securitycenter/v1/finding.proto
@@ -23,6 +23,7 @@ import "google/cloud/securitycenter/v1/compliance.proto";
 import "google/cloud/securitycenter/v1/connection.proto";
 import "google/cloud/securitycenter/v1/contact_details.proto";
 import "google/cloud/securitycenter/v1/container.proto";
+import "google/cloud/securitycenter/v1/database.proto";
 import "google/cloud/securitycenter/v1/exfiltration.proto";
 import "google/cloud/securitycenter/v1/external_system.proto";
 import "google/cloud/securitycenter/v1/iam_binding.proto";
@@ -257,11 +258,13 @@ message Finding {
   Vulnerability vulnerability = 20;
 
   // Output only. The most recent time this finding was muted or unmuted.
-  google.protobuf.Timestamp mute_update_time = 21 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp mute_update_time = 21
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Output only. Third party SIEM/SOAR fields within SCC, contains external system
-  // information and external system finding fields.
-  map<string, ExternalSystem> external_systems = 22 [(google.api.field_behavior) = OUTPUT_ONLY];
+  // Output only. Third party SIEM/SOAR fields within SCC, contains external
+  // system information and external system finding fields.
+  map<string, ExternalSystem> external_systems = 22
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // MITRE ATT&CK tactics and techniques related to this finding.
   // See: https://attack.mitre.org
@@ -283,9 +286,9 @@ message Finding {
   // Represents operating system processes associated with the Finding.
   repeated Process processes = 30;
 
-  // Output only. Map containing the point of contacts for the given finding. The key
-  // represents the type of contact, while the value contains a list of all the
-  // contacts that pertain. Please refer to:
+  // Output only. Map containing the point of contacts for the given finding.
+  // The key represents the type of contact, while the value contains a list of
+  // all the contacts that pertain. Please refer to:
   // https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
   //
   //     {
@@ -300,7 +303,8 @@ message Finding {
   //         ]
   //       }
   //     }
-  map<string, ContactDetails> contacts = 33 [(google.api.field_behavior) = OUTPUT_ONLY];
+  map<string, ContactDetails> contacts = 33
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Contains compliance information for security standards associated to the
   // finding.
@@ -324,4 +328,7 @@ message Finding {
 
   // Kubernetes resources associated with the finding.
   Kubernetes kubernetes = 43;
+
+  // Database associated with the finding.
+  Database database = 44;
 }
