Skip to main content

resource_value_configs

Creates, updates, deletes, gets or lists a resource_value_configs resource.

Overview

Nameresource_value_configs
TypeResource
Idgoogle.securitycenter.resource_value_configs

Fields

The following fields are returned by SELECT queries:

Successful response

NameDatatypeDescription
namestringName for the resource value configuration
cloudProviderstringCloud provider this configuration applies to
createTimestring (google-datetime)Output only. Timestamp this resource value configuration was created.
descriptionstringDescription of the resource value configuration.
resourceLabelsSelectorobjectList of resource labels to search for, evaluated with AND. For example, "resource_labels_selector": {"key": "value", "env": "prod"} will match resources with labels "key": "value" AND "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
resourceTypestringApply resource_value only to resources that match resource_type. resource_type will be checked with AND of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
resourceValuestringRequired. Resource value level this expression represents
scopestringProject or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with AND of other resources.
sensitiveDataProtectionMappingobjectA mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset". (id: GoogleCloudSecuritycenterV1SensitiveDataProtectionMapping)
tagValuesarrayRequired. Tag values combined with AND to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: [ "tagValues/123", "tagValues/456", "tagValues/789" ] https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
updateTimestring (google-datetime)Output only. Timestamp this resource value configuration was last updated.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
organizations_resource_value_configs_getselectorganizationsId, resourceValueConfigsIdGets a ResourceValueConfig.
organizations_resource_value_configs_listselectorganizationsIdpageSize, pageTokenLists all ResourceValueConfigs.
organizations_resource_value_configs_batch_createinsertorganizationsIdCreates a ResourceValueConfig for an organization. Maps user's tags to difference resource values for use by the attack path simulation.
organizations_resource_value_configs_patchupdateorganizationsId, resourceValueConfigsIdupdateMaskUpdates an existing ResourceValueConfigs with new rules.
organizations_resource_value_configs_deletedeleteorganizationsId, resourceValueConfigsIdDeletes a ResourceValueConfig.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
organizationsIdstring
resourceValueConfigsIdstring
pageSizeinteger (int32)
pageTokenstring
updateMaskstring (google-fieldmask)

SELECT examples

Gets a ResourceValueConfig.

SELECT
name,
cloudProvider,
createTime,
description,
resourceLabelsSelector,
resourceType,
resourceValue,
scope,
sensitiveDataProtectionMapping,
tagValues,
updateTime
FROM google.securitycenter.resource_value_configs
WHERE organizationsId = '{{ organizationsId }}' -- required
AND resourceValueConfigsId = '{{ resourceValueConfigsId }}' -- required;

INSERT examples

Creates a ResourceValueConfig for an organization. Maps user's tags to difference resource values for use by the attack path simulation.

INSERT INTO google.securitycenter.resource_value_configs (
data__requests,
organizationsId
)
SELECT 
'{{ requests }}',
'{{ organizationsId }}'
RETURNING
resourceValueConfigs
;

UPDATE examples

Updates an existing ResourceValueConfigs with new rules.

UPDATE google.securitycenter.resource_value_configs
SET 
data__name = '{{ name }}',
data__resourceValue = '{{ resourceValue }}',
data__tagValues = '{{ tagValues }}',
data__resourceType = '{{ resourceType }}',
data__scope = '{{ scope }}',
data__resourceLabelsSelector = '{{ resourceLabelsSelector }}',
data__description = '{{ description }}',
data__cloudProvider = '{{ cloudProvider }}',
data__sensitiveDataProtectionMapping = '{{ sensitiveDataProtectionMapping }}'
WHERE 
organizationsId = '{{ organizationsId }}' --required
AND resourceValueConfigsId = '{{ resourceValueConfigsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
cloudProvider,
createTime,
description,
resourceLabelsSelector,
resourceType,
resourceValue,
scope,
sensitiveDataProtectionMapping,
tagValues,
updateTime;

DELETE examples

Deletes a ResourceValueConfig.

DELETE FROM google.securitycenter.resource_value_configs
WHERE organizationsId = '{{ organizationsId }}' --required
AND resourceValueConfigsId = '{{ resourceValueConfigsId }}' --required;