refactor: update field options (#180)

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/asset.proto

@@ -18,6 +18,7 @@ syntax = "proto3";
 package google.cloud.securitycenter.v1;
 
 import "google/api/annotations.proto";
+import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
@@ -36,6 +37,11 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 // GCP resource. All modifications to an Asset are only within the context of
 // Cloud SCC and don't affect the referenced GCP resource.
 message Asset {
+  option (google.api.resource) = {
+    type: "securitycenter.googleapis.com/Asset"
+    pattern: "organizations/{organization}/assets/{asset}"
+  };
+
   // Cloud SCC managed properties. These properties are managed by Cloud SCC and
   // cannot be modified by the user.
   message SecurityCenterProperties {
@@ -75,7 +81,7 @@ message Asset {
   // The relative resource name of this asset. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Example:
-  // "organizations/123/assets/456".
+  // "organizations/{organization_id}/assets/{asset_id}".
   string name = 1;
 
   // Cloud SCC managed properties. These properties are managed by

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto

@@ -18,6 +18,8 @@ syntax = "proto3";
 package google.cloud.securitycenter.v1;
 
 import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
@@ -31,11 +33,17 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 
 // Cloud Security Command Center (Cloud SCC) finding.
 //
-// A finding is a record of assessment data (security, risk, health or privacy)
-// ingested into Cloud SCC for presentation, notification, analysis,
-// policy testing, and enforcement. For example, an XSS vulnerability in an
-// App Engine application is a finding.
+// A finding is a record of assessment data like security, risk, health, or
+// privacy, that is ingested into Cloud SCC for presentation, notification,
+// analysis, policy testing, and enforcement. For example, a
+// cross-site scripting (XSS) vulnerability in an App Engine application is a
+// finding.
 message Finding {
+  option (google.api.resource) = {
+    type: "securitycenter.googleapis.com/Finding"
+    pattern: "organizations/{organization}/sources/{source}/findings/{finding}"
+  };
+
   // The state of the finding.
   enum State {
     // Unspecified state.
@@ -52,19 +60,21 @@ message Finding {
   // The relative resource name of this finding. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Example:
-  // "organizations/123/sources/456/findings/789"
+  // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   string name = 1;
 
   // The relative resource name of the source the finding belongs to. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // This field is immutable after creation time.
   // For example:
-  // "organizations/123/sources/456"
+  // "organizations/{organization_id}/sources/{source_id}"
   string parent = 2;
 
-  // The full resource name of the Google Cloud Platform (GCP) resource this
-  // finding is for. See:
+  // For findings on Google Cloud Platform (GCP) resources, the full resource
+  // name of the GCP resource this finding is for. See:
   // https://cloud.google.com/apis/design/resource_names#full_resource_name
+  // When the finding is for a non-GCP resource, the resourceName can be a
+  // customer or partner defined string.
   // This field is immutable after creation time.
   string resource_name = 3;
 
@@ -90,11 +100,11 @@ message Finding {
   // Output only. User specified security marks. These marks are entirely
   // managed by the user and come from the SecurityMarks resource that belongs
   // to the finding.
-  SecurityMarks security_marks = 8;
+  SecurityMarks security_marks = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // The time at which the event took place. For example, if the finding
-  // represents an open firewall it would capture the time the open firewall was
-  // detected.
+  // represents an open firewall it would capture the time the detector believes
+  // the firewall became open. The accuracy is determined by the detector.
   google.protobuf.Timestamp event_time = 9;
 
   // The time at which the finding was created in Cloud SCC.

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/organization_settings.proto

@@ -18,6 +18,7 @@ syntax = "proto3";
 package google.cloud.securitycenter.v1;
 
 import "google/api/annotations.proto";
+import "google/api/resource.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
@@ -29,6 +30,11 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 // User specified settings that are attached to the Cloud Security Command
 // Center (Cloud SCC) organization.
 message OrganizationSettings {
+  option (google.api.resource) = {
+    type: "securitycenter.googleapis.com/OrganizationSettings"
+    pattern: "organizations/{organization}/organizationSettings"
+  };
+
   // The configuration used for Asset Discovery runs.
   message AssetDiscoveryConfig {
     // The mode of inclusion when running Asset Discovery.
@@ -63,7 +69,7 @@ message OrganizationSettings {
   // The relative resource name of the settings. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Example:
-  // "organizations/123/organizationSettings".
+  // "organizations/{organization_id}/organizationSettings".
   string name = 1;
 
   // A flag that indicates if Asset Discovery should be enabled. If the flag is
@@ -74,6 +80,4 @@ message OrganizationSettings {
 
   // The configuration used for Asset Discovery runs.
   AssetDiscoveryConfig asset_discovery_config = 3;
-
-  reserved 4, 5;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/run_asset_discovery_response.proto

@@ -17,9 +17,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1;
 
-import "google/protobuf/duration.proto";
-import "google/protobuf/timestamp.proto";
 import "google/api/annotations.proto";
+import "google/protobuf/duration.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/security_marks.proto

@@ -18,6 +18,7 @@ syntax = "proto3";
 package google.cloud.securitycenter.v1;
 
 import "google/api/annotations.proto";
+import "google/api/resource.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
@@ -31,19 +32,26 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 // SCC organization -- they can be modified and viewed by all users who have
 // proper permissions on the organization.
 message SecurityMarks {
+  option (google.api.resource) = {
+    type: "securitycenter.googleapis.com/SecurityMarks"
+    pattern: "organizations/{organization}/assets/{asset}/securityMarks"
+    pattern: "organizations/{organization}/sources/{source}/findings/{finding}/securityMarks"
+  };
+
   // The relative resource name of the SecurityMarks. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Examples:
-  // "organizations/123/assets/456/securityMarks"
-  // "organizations/123/sources/456/findings/789/securityMarks".
+  // "organizations/{organization_id}/assets/{asset_id}/securityMarks"
+  // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
   string name = 1;
 
   // Mutable user specified security marks belonging to the parent resource.
   // Constraints are as follows:
-  //   - Keys and values are treated as case insensitive
-  //   - Keys must be between 1 - 256 characters (inclusive)
-  //   - Keys must be letters, numbers, underscores, or dashes
-  //   - Values have leading and trailing whitespace trimmed, remaining
+  //
+  //   * Keys and values are treated as case insensitive
+  //   * Keys must be between 1 - 256 characters (inclusive)
+  //   * Keys must be letters, numbers, underscores, or dashes
+  //   * Values have leading and trailing whitespace trimmed, remaining
   //     characters must be between 1 - 4096 characters (inclusive)
   map<string, string> marks = 2;
 }