feat(v1): add field severity to findings; add common resource helper; expose client tranport (#87)

* changes without context

        autosynth cannot find the source of changes triggered by earlier changes in this
        repository, or by version upgrades to tools such as linters.

* chore(python): use BUILD_SPECIFIC_GCLOUD_PROJECT for samples

https://github.com/googleapis/python-talent/blob/ef045e8eb348db36d7a2a611e6f26b11530d273b/samples/snippets/noxfile_config.py#L27-L32

`BUILD_SPECIFIC_GCLOUD_PROJECT` is an alternate project used for sample tests that do poorly with concurrent runs on the same project.

Source-Author: Bu Sun Kim <[email protected]>
Source-Date: Wed Sep 30 13:06:03 2020 -0600
Source-Repo: googleapis/synthtool
Source-Sha: 9b0da5204ab90bcc36f8cd4e5689eff1a54cc3e4
Source-Link: googleapis/synthtool@9b0da52

* fix: switch all local LRO Go GAPIC deps to remote

PiperOrigin-RevId: 338561467

Source-Author: Google APIs <[email protected]>
Source-Date: Thu Oct 22 15:29:48 2020 -0700
Source-Repo: googleapis/googleapis
Source-Sha: 7391e775fd3620c1306b9677bfbcf6221d42f3c3
Source-Link: googleapis/googleapis@7391e77

* chore: update grpc dependency to v1.33.1

PiperOrigin-RevId: 338646463

Source-Author: Google APIs <[email protected]>
Source-Date: Fri Oct 23 03:57:15 2020 -0700
Source-Repo: googleapis/googleapis
Source-Sha: 20b11dfe4538cd5da7b4c3dd7d2bf5b9922ff3ed
Source-Link: googleapis/googleapis@20b11df

* chore: upgrade to gapic-generator 0.35.9

PiperOrigin-RevId: 339292950

Source-Author: Google APIs <[email protected]>
Source-Date: Tue Oct 27 11:32:46 2020 -0700
Source-Repo: googleapis/googleapis
Source-Sha: 07d41a7e5cade45aba6f0d277c89722b48f2c956
Source-Link: googleapis/googleapis@07d41a7

* fix: remove client recv msg limit fix: add enums to `types/__init__.py`

PiperOrigin-RevId: 347055288

Source-Author: Google APIs <[email protected]>
Source-Date: Fri Dec 11 12:44:37 2020 -0800
Source-Repo: googleapis/googleapis
Source-Sha: dd372aa22ded7a8ba6f0e03a80e06358a3fa0907
Source-Link: googleapis/googleapis@dd372aa

* feat: added field severity to findings in v1 API

Clients will now see a new field, severity, on findings. They will also be able to filter and group by severity on ListFinding and GroupFinding API calls.

PiperOrigin-RevId: 347410691

Source-Author: Google APIs <[email protected]>
Source-Date: Mon Dec 14 10:08:23 2020 -0800
Source-Repo: googleapis/googleapis
Source-Sha: e9135d3cb8a99f77ee2ba3318ebc2c9b807581d0
Source-Link: googleapis/googleapis@e9135d3

Author: yoshi-automation

docs/securitycenter_v1/types.rst

@@ -3,3 +3,4 @@ Types for Google Cloud Securitycenter v1 API
 
 .. automodule:: google.cloud.securitycenter_v1.types
     :members:
+    :show-inheritance:

docs/securitycenter_v1beta1/types.rst

@@ -3,3 +3,4 @@ Types for Google Cloud Securitycenter v1beta1 API
 
 .. automodule:: google.cloud.securitycenter_v1beta1.types
     :members:
+    :show-inheritance:

docs/securitycenter_v1p1beta1/types.rst

@@ -3,3 +3,4 @@ Types for Google Cloud Securitycenter v1p1beta1 API
 
 .. automodule:: google.cloud.securitycenter_v1p1beta1.types
     :members:
+    :show-inheritance:

google/cloud/securitycenter_v1/proto/finding.proto

@@ -56,6 +56,65 @@ message Finding {
     INACTIVE = 2;
   }
 
+  // The severity of the finding.
+  enum Severity {
+    // This value is used for findings when a source doesn't write a severity
+    // value.
+    SEVERITY_UNSPECIFIED = 0;
+
+    // Vulnerability:
+    // A critical vulnerability is easily discoverable by an external actor,
+    // exploitable, and results in the direct ability to execute arbitrary code,
+    // exfiltrate data, and otherwise gain additional access and privileges to
+    // cloud resources and workloads. Examples include publicly accessible
+    // unprotected user data, public SSH access with weak or no passwords, etc.
+    //
+    // Threat:
+    // Indicates a threat that is able to access, modify, or delete data or
+    // execute unauthorized code within existing resources.
+    CRITICAL = 1;
+
+    // Vulnerability:
+    // A high risk vulnerability can be easily discovered and exploited in
+    // combination with other vulnerabilities in order to gain direct access and
+    // the ability to execute arbitrary code, exfiltrate data, and otherwise
+    // gain additional access and privileges to cloud resources and workloads.
+    // An example is a database with weak or no passwords that is only
+    // accessible internally. This database could easily be compromised by an
+    // actor that had access to the internal network.
+    //
+    // Threat:
+    // Indicates a threat that is able to create new computational resources in
+    // an environment but not able to access data or execute code in existing
+    // resources.
+    HIGH = 2;
+
+    // Vulnerability:
+    // A medium risk vulnerability could be used by an actor to gain access to
+    // resources or privileges that enable them to eventually (through multiple
+    // steps or a complex exploit) gain access and the ability to execute
+    // arbitrary code or exfiltrate data. An example is a service account with
+    // access to more projects than it should have. If an actor gains access to
+    // the service account, they could potentially use that access to manipulate
+    // a project the service account was not intended to.
+    //
+    // Threat:
+    // Indicates a threat that is able to cause operational impact but may not
+    // access data or execute unauthorized code.
+    MEDIUM = 3;
+
+    // Vulnerability:
+    // A low risk vulnerability hampers a security organization’s ability to
+    // detect vulnerabilities or active threats in their deployment, or prevents
+    // the root cause investigation of security issues. An example is monitoring
+    // and logs being disabled for resource configurations and access.
+    //
+    // Threat:
+    // Indicates a threat that has obtained minimal access to an environment but
+    // is not able to access data, execute code, or create resources.
+    LOW = 4;
+  }
+
   // The relative resource name of this finding. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Example:
@@ -110,4 +169,8 @@ message Finding {
 
   // The time at which the finding was created in Security Command Center.
   google.protobuf.Timestamp create_time = 10;
+
+  // The severity of the finding. This field is managed by the source that
+  // writes the finding.
+  Severity severity = 12;
 }

google/cloud/securitycenter_v1/proto/notification_config.proto

@@ -78,14 +78,14 @@ message NotificationConfig {
   // The description of the notification config (max of 1024 characters).
   string description = 2;
 
-  // The PubSub topic to send notifications to. Its format is
+  // The Pub/Sub topic to send notifications to. Its format is
   // "projects/[project_id]/topics/[topic]".
-  string pubsub_topic = 3 [
-    (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }
-  ];
+  string pubsub_topic = 3 [(google.api.resource_reference) = {
+                             type: "pubsub.googleapis.com/Topic"
+                           }];
 
   // Output only. The service account that needs "pubsub.topics.publish"
-  // permission to publish to the PubSub topic.
+  // permission to publish to the Pub/Sub topic.
   string service_account = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // The config for triggering notifications.