Struct google_api_proto::google::cloud::securitycenter::v1p1beta1::GroupFindingsRequest

source · 
pub struct GroupFindingsRequest {
    pub parent: String,
    pub filter: String,
    pub group_by: String,
    pub read_time: Option<Timestamp>,
    pub compare_duration: Option<Duration>,
    pub page_token: String,
    pub page_size: i32,
}
Expand description

Request message for grouping by findings.

Fields§

§parent: String

Required. Name of the source to groupBy. Its format is “organizations/[organization_id]/sources/[source_id]”, folders/[folder_id]/sources/[source_id], or projects/[project_id]/sources/[source_id]. To groupBy across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-, or projects/{project_id}/sources/-

§filter: String

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

  • name
  • source_properties.a_property
  • security_marks.marks.marka

The supported operators are:

  • = for all value types.
  • >, <, >=, <= for integer values.
  • :, meaning substring matching, for strings.

The supported value types are:

  • string literals in quotes.
  • integer literals without quotes.
  • boolean literals true and false without quotes.

The following field and operator combinations are supported:

  • name: =

  • parent: =, :

  • resource_name: =, :

  • state: =, :

  • category: =, :

  • external_uri: =, :

  • event_time: =, >, <, >=, <=

  • severity: =, :

    Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

  • security_marks.marks: =, :

  • source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

§group_by: String

Required. Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: “parent,resource_name”.

The following fields are supported:

  • resource_name
  • category
  • state
  • parent
  • severity

The following fields are supported when compare_duration is set:

  • state_change
§read_time: Option<Timestamp>

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.

§compare_duration: Option<Duration>

When compare_duration is set, the GroupResult’s “state_change” attribute is updated to indicate whether the finding had its state changed, the finding’s state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don’t affect the result. For example, the results aren’t affected if the finding is made inactive and then active again.

Possible “state_change” values when compare_duration is specified:

  • “CHANGED”: indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
  • “UNCHANGED”: indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
  • “ADDED”: indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
  • “REMOVED”: indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is “UNUSED”, which will be the state_change set for all findings present at read_time.

If this field is set then state_change must be a specified field in group_by.

§page_token: String

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

§page_size: i32

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Trait Implementations§

source§

impl Clone for GroupFindingsRequest

source§

fn clone(&self) -> GroupFindingsRequest

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for GroupFindingsRequest

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for GroupFindingsRequest

source§

fn default() -> Self

Returns the “default value” for a type. Read more
source§

impl Message for GroupFindingsRequest

source§

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.
source§

fn clear(&mut self)

Clears the message, resetting all fields to their default.
source§

fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError>
where B: BufMut, Self: Sized,

Encodes the message to a buffer. Read more
source§

fn encode_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message to a newly allocated buffer.
source§

fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError>
where B: BufMut, Self: Sized,

Encodes the message with a length-delimiter to a buffer. Read more
source§

fn encode_length_delimited_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message with a length-delimiter to a newly allocated buffer.
source§

fn decode<B>(buf: B) -> Result<Self, DecodeError>
where B: Buf, Self: Default,

Decodes an instance of the message from a buffer. Read more
source§

fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError>
where B: Buf, Self: Default,

Decodes a length-delimited instance of the message from the buffer.
source§

fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError>
where B: Buf, Self: Sized,

Decodes an instance of the message from a buffer, and merges it into self. Read more
source§

fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError>
where B: Buf, Self: Sized,

Decodes a length-delimited instance of the message from buffer, and merges it into self.
source§

impl PartialEq for GroupFindingsRequest

source§

fn eq(&self, other: &GroupFindingsRequest) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl StructuralPartialEq for GroupFindingsRequest

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoRequest<T> for T

source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more