resource_value_configs

Creates, updates, deletes, gets or lists a resource_value_configs resource.

Overview

Name	`resource_value_configs`
Type	Resource
Id	`google.securitycenter.resource_value_configs`

Fields

Name	Datatype	Description
`name`	`string`	Name for the resource value configuration
`description`	`string`	Description of the resource value configuration.
`cloudProvider`	`string`	Cloud provider this configuration applies to
`createTime`	`string`	Output only. Timestamp this resource value configuration was created.
`resourceLabelsSelector`	`object`	List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels
`resourceType`	`string`	Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
`resourceValue`	`string`	Required. Resource value level this expression represents
`scope`	`string`	Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources.
`sensitiveDataProtectionMapping`	`object`	Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration.
`tagValues`	`array`	Required. Tag values combined with `AND` to check against. Values in the form "tagValues/123" Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
`updateTime`	`string`	Output only. Timestamp this resource value configuration was last updated.

Methods

Name	Accessible by	Required Params	Description
`organizations_resource_value_configs_get`	`SELECT`	`organizationsId, resourceValueConfigsId`	Gets a ResourceValueConfig.
`organizations_resource_value_configs_list`	`SELECT`	`organizationsId`	Lists all ResourceValueConfigs.
`organizations_resource_value_configs_batch_create`	`INSERT`	`organizationsId`	Creates a ResourceValueConfig for an organization. Maps user's tags to difference resource values for use by the attack path simulation.
`organizations_resource_value_configs_delete`	`DELETE`	`organizationsId, resourceValueConfigsId`	Deletes a ResourceValueConfig.
`organizations_resource_value_configs_patch`	`UPDATE`	`organizationsId, resourceValueConfigsId`	Updates an existing ResourceValueConfigs with new rules.

`SELECT` examples

Lists all ResourceValueConfigs.

SELECT
name,
description,
cloudProvider,
createTime,
resourceLabelsSelector,
resourceType,
resourceValue,
scope,
sensitiveDataProtectionMapping,
tagValues,
updateTime
FROM google.securitycenter.resource_value_configs
WHERE organizationsId = '{{ organizationsId }}';

`INSERT` example

Use the following StackQL query and manifest file to create a new resource_value_configs resource.

All Properties
Manifest

/*+ create */
INSERT INTO google.securitycenter.resource_value_configs (
organizationsId,
requests
)
SELECT 
'{{ organizationsId }}',
'{{ requests }}'
;

- name: your_resource_model_name
  props:
    - name: requests
      value:
        - - name: parent
            value: string
          - name: resourceValueConfig
            value:
              - name: name
                value: string
              - name: resourceValue
                value: string
              - name: tagValues
                value:
                  - string
              - name: resourceType
                value: string
              - name: scope
                value: string
              - name: resourceLabelsSelector
                value: object
              - name: description
                value: string
              - name: createTime
                value: string
              - name: updateTime
                value: string
              - name: cloudProvider
                value: string
              - name: sensitiveDataProtectionMapping
                value:
                  - name: highSensitivityMapping
                    value: string
                  - name: mediumSensitivityMapping
                    value: string

`UPDATE` example

Updates a resource_value_configs resource.

/*+ update */
UPDATE google.securitycenter.resource_value_configs
SET 
name = '{{ name }}',
resourceValue = '{{ resourceValue }}',
tagValues = '{{ tagValues }}',
resourceType = '{{ resourceType }}',
scope = '{{ scope }}',
resourceLabelsSelector = '{{ resourceLabelsSelector }}',
description = '{{ description }}',
cloudProvider = '{{ cloudProvider }}',
sensitiveDataProtectionMapping = '{{ sensitiveDataProtectionMapping }}'
WHERE 
organizationsId = '{{ organizationsId }}'
AND resourceValueConfigsId = '{{ resourceValueConfigsId }}';

`DELETE` example

Deletes the specified resource_value_configs resource.

/*+ delete */
DELETE FROM google.securitycenter.resource_value_configs
WHERE organizationsId = '{{ organizationsId }}'
AND resourceValueConfigsId = '{{ resourceValueConfigsId }}';

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​