feat: Added container field to findings attributes (#499)

* feat: Added container field to findings attributes
feat: Added kubernetes field to findings attribute. This field is populated only when the container is a kubernetes cluster explicitly

PiperOrigin-RevId: 462248767

Source-Link: googleapis/googleapis@dd2b0d2

Source-Link: googleapis/googleapis-gen@0be13cf
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMGJlMTNjZjUzY2E0NTU1NTQ4OWQ3MzQxOWQxMDUzYTcwOWE4ZGVjZCJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/container.proto

@@ -0,0 +1,45 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/cloud/securitycenter/v1/label.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "ContainerProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Container associated with the finding.
+message Container {
+  // Container name.
+  string name = 1;
+
+  // Container image URI provided when configuring a pod/container.
+  // May identify a container image version using mutable tags.
+  string uri = 2;
+
+  // Optional container image id, when provided by the container runtime.
+  // Uniquely identifies the container image launched using a container image
+  // digest.
+  string image_id = 3;
+
+  // Container labels, as provided by the container runtime.
+  repeated Label labels = 4;
+}

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto

@@ -22,10 +22,12 @@ import "google/cloud/securitycenter/v1/access.proto";
 import "google/cloud/securitycenter/v1/compliance.proto";
 import "google/cloud/securitycenter/v1/connection.proto";
 import "google/cloud/securitycenter/v1/contact_details.proto";
+import "google/cloud/securitycenter/v1/container.proto";
 import "google/cloud/securitycenter/v1/exfiltration.proto";
 import "google/cloud/securitycenter/v1/external_system.proto";
 import "google/cloud/securitycenter/v1/iam_binding.proto";
 import "google/cloud/securitycenter/v1/indicator.proto";
+import "google/cloud/securitycenter/v1/kubernetes.proto";
 import "google/cloud/securitycenter/v1/mitre_attack.proto";
 import "google/cloud/securitycenter/v1/process.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
@@ -315,4 +317,11 @@ message Finding {
 
   // Next steps associate to the finding.
   string next_steps = 40;
+
+  // Containers associated with the finding. containers provides information
+  // for both Kubernetes and non-Kubernetes containers.
+  repeated Container containers = 42;
+
+  // Kubernetes resources associated with the finding.
+  Kubernetes kubernetes = 43;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/kubernetes.proto

@@ -0,0 +1,181 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/cloud/securitycenter/v1/container.proto";
+import "google/cloud/securitycenter/v1/label.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "KubernetesProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Kubernetes related attributes.
+message Kubernetes {
+  // Kubernetes Pod.
+  message Pod {
+    // Kubernetes Pod namespace.
+    string ns = 1;
+
+    // Kubernetes Pod name.
+    string name = 2;
+
+    // Pod labels.  For Kubernetes containers, these are applied to the
+    // container.
+    repeated Label labels = 3;
+
+    // Pod containers associated with this finding, if any.
+    repeated Container containers = 4;
+  }
+
+  // Kubernetes Nodes associated with the finding.
+  message Node {
+    // Full Resource name of the Compute Engine VM running the
+    // cluster node.
+    string name = 1;
+  }
+
+  // Provides GKE Node Pool information.
+  message NodePool {
+    // Kubernetes Node pool name.
+    string name = 1;
+
+    // Nodes associated with the finding.
+    repeated Node nodes = 2;
+  }
+
+  // Kubernetes Role or ClusterRole.
+  message Role {
+    // Types of Kubernetes roles.
+    enum Kind {
+      // Role type is not specified.
+      KIND_UNSPECIFIED = 0;
+
+      // Kubernetes Role.
+      ROLE = 1;
+
+      // Kubernetes ClusterRole.
+      CLUSTER_ROLE = 2;
+    }
+
+    // Role type.
+    Kind kind = 1;
+
+    // Role namespace.
+    string ns = 2;
+
+    // Role name.
+    string name = 3;
+  }
+
+  // Represents a Kubernetes RoleBinding or ClusterRoleBinding.
+  message Binding {
+    // Namespace for binding.
+    string ns = 1;
+
+    // Name for binding.
+    string name = 2;
+
+    // The Role or ClusterRole referenced by the binding.
+    Role role = 3;
+
+    // Represents the subjects(s) bound to the role. Not always available
+    // for PATCH requests.
+    repeated Subject subjects = 4;
+  }
+
+  // Represents a Kubernetes Subject.
+  message Subject {
+    // Auth types that can be used for Subject's kind field.
+    enum AuthType {
+      // Authentication is not specified.
+      AUTH_TYPE_UNSPECIFIED = 0;
+
+      // User with valid certificate.
+      USER = 1;
+
+      // Users managed by Kubernetes API with credentials stored as Secrets.
+      SERVICEACCOUNT = 2;
+
+      // Collection of users.
+      GROUP = 3;
+    }
+
+    // Authentication type for subject.
+    AuthType kind = 1;
+
+    // Namespace for subject.
+    string ns = 2;
+
+    // Name for subject.
+    string name = 3;
+  }
+
+  // Conveys information about a Kubernetes access review (e.g. kubectl auth
+  // can-i ...) that was involved in a finding.
+  message AccessReview {
+    // Group is the API Group of the Resource. "*" means all.
+    string group = 1;
+
+    // Namespace of the action being requested. Currently, there is no
+    // distinction between no namespace and all namespaces.  Both
+    // are represented by "" (empty).
+    string ns = 2;
+
+    // Name is the name of the resource being requested. Empty means all.
+    string name = 3;
+
+    // Resource is the optional resource type requested. "*" means all.
+    string resource = 4;
+
+    // Subresource is the optional subresource type.
+    string subresource = 5;
+
+    // Verb is a Kubernetes resource API verb, like: get, list, watch, create,
+    // update, delete, proxy. "*" means all.
+    string verb = 6;
+
+    // Version is the API Version of the Resource. "*" means all.
+    string version = 7;
+  }
+
+  // Kubernetes Pods associated with the finding. This field will contain Pod
+  // records for each container that is owned by a Pod.
+  repeated Pod pods = 1;
+
+  // Provides Kubernetes Node information.
+  repeated Node nodes = 2;
+
+  // GKE Node Pools associated with the finding. This field will
+  // contain NodePool information for each Node, when it is available.
+  repeated NodePool node_pools = 3;
+
+  // Provides Kubernetes role information for findings that involve
+  // Roles or ClusterRoles.
+  repeated Role roles = 4;
+
+  // Provides Kubernetes role binding information for findings that involve
+  // RoleBindings or ClusterRoleBindings.
+  repeated Binding bindings = 5;
+
+  // Provides information on any Kubernetes access reviews (i.e. privilege
+  // checks) relevant to the finding.
+  repeated AccessReview access_reviews = 6;
+}

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/label.proto

@@ -0,0 +1,35 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "LabelProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Label represents a generic name=value label. Label has separate name and
+// value fields to support filtering with contains().
+message Label {
+  // Label name.
+  string name = 1;
+
+  // Label value.
+  string value = 2;
+}

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/mitre_attack.proto

@@ -174,6 +174,9 @@ message MitreAttack {
 
     // T1562
     IMPAIR_DEFENSES = 31;
+
+    // T1046
+    NETWORK_SERVICE_DISCOVERY = 32;
   }
 
   // The MITRE ATT&CK tactic most closely represented by this finding, if any.