// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.securitycenter.v1; option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; option java_multiple_files = true; option java_outer_classname = "AccessProto"; option java_package = "com.google.cloud.securitycenter.v1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; option ruby_package = "Google::Cloud::SecurityCenter::V1"; // Represents an access event. message Access { // Associated email, such as "foo@google.com". // // The email address of the authenticated user (or service account on behalf // of third party principal) making the request. For third party identity // callers, the `principal_subject` field is populated instead of this field. // For privacy reasons, the principal email address is sometimes redacted. // For more information, see [Caller identities in audit // logs](https://cloud.google.com/logging/docs/audit#user-id). string principal_email = 1; // Caller's IP address, such as "1.1.1.1". string caller_ip = 2; // The caller IP's geolocation, which identifies where the call came from. Geolocation caller_ip_geo = 3; // What kind of user agent is associated, e.g. operating system shells, // embedded or stand-alone applications, etc. string user_agent_family = 4; // This is the API service that the service account made a call to, e.g. // "iam.googleapis.com" string service_name = 5; // The method that the service account called, e.g. "SetIamPolicy". string method_name = 6; // A string representing the principal_subject associated with the identity. // As compared to `principal_email`, supports principals that aren't // associated with email addresses, such as third party principals. For most // identities, the format will be `principal://iam.googleapis.com/{identity // pool name}/subjects/{subject}` except for some GKE identities // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy // format `serviceAccount:{identity pool name}[{subject}]` string principal_subject = 7; // The name of the service account key used to create or exchange // credentials for authenticating the service account making the request. // This is a scheme-less URI full resource name. For example: // // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" // string service_account_key_name = 8; // Identity delegation history of an authenticated service account that makes // the request. It contains information on the real authorities that try to // access GCP resources by delegating on a service account. When multiple // authorities are present, they are guaranteed to be sorted based on the // original ordering of the identity delegation events. repeated ServiceAccountDelegationInfo service_account_delegation_info = 9; } // Identity delegation history of an authenticated service account. message ServiceAccountDelegationInfo { // The email address of a Google account. string principal_email = 1; // A string representing the principal_subject associated with the identity. // As compared to `principal_email`, supports principals that aren't // associated with email addresses, such as third party principals. For most // identities, the format will be `principal://iam.googleapis.com/{identity // pool name}/subjects/{subject}` except for some GKE identities // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy // format `serviceAccount:{identity pool name}[{subject}]` string principal_subject = 2; } // Represents a geographical location for a given access. message Geolocation { // A CLDR. string region_code = 1; }