feat: [google-cloud-os-config] Add highest_upgradable_cve_severity field to Vulnerability report (#14209)

- [ ] Regenerate this pull request now.


BEGIN_COMMIT_OVERRIDE
feat: Add highest_upgradable_cve_severity field to Vulnerability report
docs: A comment for field `update_time` in message
`.google.cloud.osconfig.v1.VulnerabilityReport` is changed
docs: A comment for field `filter` in message
`.google.cloud.osconfig.v1.ListVulnerabilityReportsRequest` is changed
END_COMMIT_OVERRIDE


PiperOrigin-RevId: 792763000

Source-Link:
googleapis/googleapis@eef0d65

Source-Link:
googleapis/googleapis-gen@8a589ca
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLW9zLWNvbmZpZy8uT3dsQm90LnlhbWwiLCJoIjoiOGE1ODljYWM2MWRhMGI2ZGZkNGJkMGRhOThlYjQwYzM3NjlmOWRhZCJ9

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

packages/google-cloud-os-config/google/cloud/osconfig/gapic_version.py

@@ -13,4 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-__version__ = "1.20.2"  # {x-release-please-version}
+__version__ = "0.0.0"  # {x-release-please-version}

packages/google-cloud-os-config/google/cloud/osconfig_v1/gapic_version.py

@@ -13,4 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-__version__ = "1.20.2"  # {x-release-please-version}
+__version__ = "0.0.0"  # {x-release-please-version}

packages/google-cloud-os-config/google/cloud/osconfig_v1/types/vulnerability.py

@@ -52,8 +52,44 @@ class VulnerabilityReport(proto.Message):
         update_time (google.protobuf.timestamp_pb2.Timestamp):
             Output only. The timestamp for when the last
             vulnerability report was generated for the VM.
+        highest_upgradable_cve_severity (google.cloud.osconfig_v1.types.VulnerabilityReport.VulnerabilitySeverityLevel):
+            Output only. Highest level of severity among
+            all the upgradable vulnerabilities with CVEs
+            attached.
     """
 
+    class VulnerabilitySeverityLevel(proto.Enum):
+        r"""Severity levels for vulnerabilities.
+
+        Values:
+            VULNERABILITY_SEVERITY_LEVEL_UNSPECIFIED (0):
+                Default SeverityLevel. This value is unused.
+            NONE (1):
+                Vulnerability has no severity level.
+            MINIMAL (2):
+                Vulnerability severity level is minimal. This
+                is level below the low severity level.
+            LOW (3):
+                Vulnerability severity level is low. This is
+                level below the medium severity level.
+            MEDIUM (4):
+                Vulnerability severity level is medium. This
+                is level below the high severity level.
+            HIGH (5):
+                Vulnerability severity level is high. This is
+                level below the critical severity level.
+            CRITICAL (6):
+                Vulnerability severity level is critical.
+                This is the highest severity level.
+        """
+        VULNERABILITY_SEVERITY_LEVEL_UNSPECIFIED = 0
+        NONE = 1
+        MINIMAL = 2
+        LOW = 3
+        MEDIUM = 4
+        HIGH = 5
+        CRITICAL = 6
+
     class Vulnerability(proto.Message):
         r"""A vulnerability affecting the VM instance.
 
@@ -255,6 +291,11 @@ class Item(proto.Message):
         number=3,
         message=timestamp_pb2.Timestamp,
     )
+    highest_upgradable_cve_severity: VulnerabilitySeverityLevel = proto.Field(
+        proto.ENUM,
+        number=4,
+        enum=VulnerabilitySeverityLevel,
+    )
 
 
 class GetVulnerabilityReportRequest(proto.Message):
@@ -300,9 +341,24 @@ class ListVulnerabilityReportsRequest(proto.Message):
             ``ListVulnerabilityReports`` that indicates where this
             listing should continue from.
         filter (str):
-            If provided, this field specifies the criteria that must be
-            met by a ``vulnerabilityReport`` API resource to be included
-            in the response.
+            This field supports filtering by the severity level for the
+            vulnerability. For a list of severity levels, see `Severity
+            levels for
+            vulnerabilities <https://cloud.google.com/container-analysis/docs/container-scanning-overview#severity_levels_for_vulnerabilities>`__.
+
+            The filter field follows the rules described in the
+            `AIP-160 <https://google.aip.dev/160>`__ guidelines as
+            follows:
+
+            -  **Filter for a specific severity type**: you can list
+               reports that contain vulnerabilities that are classified
+               as medium by specifying
+               ``vulnerabilities.details.severity:MEDIUM``.
+
+            -  **Filter for a range of severities** : you can list
+               reports that have vulnerabilities that are classified as
+               critical or high by specifying
+               ``vulnerabilities.details.severity:HIGH OR vulnerabilities.details.severity:CRITICAL``
     """
 
     parent: str = proto.Field(

packages/google-cloud-os-config/google/cloud/osconfig_v1alpha/gapic_version.py

@@ -13,4 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-__version__ = "1.20.2"  # {x-release-please-version}
+__version__ = "0.0.0"  # {x-release-please-version}

packages/google-cloud-os-config/samples/generated_samples/snippet_metadata_google.cloud.osconfig.v1.json

@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-os-config",
-    "version": "1.20.2"
+    "version": "0.1.0"
   },
   "snippets": [
     {

packages/google-cloud-os-config/samples/generated_samples/snippet_metadata_google.cloud.osconfig.v1alpha.json

@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-os-config",
-    "version": "1.20.2"
+    "version": "0.1.0"
   },
   "snippets": [
     {

packages/google-cloud-os-config/tests/unit/gapic/osconfig_v1/test_os_config_zonal_service.py

@@ -5561,6 +5561,7 @@ def test_get_vulnerability_report(request_type, transport: str = "grpc"):
         # Designate an appropriate return value for the call.
         call.return_value = vulnerability.VulnerabilityReport(
             name="name_value",
+            highest_upgradable_cve_severity=vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE,
         )
         response = client.get_vulnerability_report(request)
 
@@ -5573,6 +5574,10 @@ def test_get_vulnerability_report(request_type, transport: str = "grpc"):
     # Establish that the response is the type that we expect.
     assert isinstance(response, vulnerability.VulnerabilityReport)
     assert response.name == "name_value"
+    assert (
+        response.highest_upgradable_cve_severity
+        == vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE
+    )
 
 
 def test_get_vulnerability_report_non_empty_request_with_auto_populated_field():
@@ -5709,6 +5714,7 @@ async def test_get_vulnerability_report_async(
         call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
             vulnerability.VulnerabilityReport(
                 name="name_value",
+                highest_upgradable_cve_severity=vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE,
             )
         )
         response = await client.get_vulnerability_report(request)
@@ -5722,6 +5728,10 @@ async def test_get_vulnerability_report_async(
     # Establish that the response is the type that we expect.
     assert isinstance(response, vulnerability.VulnerabilityReport)
     assert response.name == "name_value"
+    assert (
+        response.highest_upgradable_cve_severity
+        == vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE
+    )
 
 
 @pytest.mark.asyncio
@@ -9842,6 +9852,7 @@ async def test_get_vulnerability_report_empty_call_grpc_asyncio():
         call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
             vulnerability.VulnerabilityReport(
                 name="name_value",
+                highest_upgradable_cve_severity=vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE,
             )
         )
         await client.get_vulnerability_report(request=None)
@@ -11723,6 +11734,7 @@ def test_get_vulnerability_report_rest_call_success(request_type):
         # Designate an appropriate value for the returned response.
         return_value = vulnerability.VulnerabilityReport(
             name="name_value",
+            highest_upgradable_cve_severity=vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE,
         )
 
         # Wrap the value into a proper Response obj
@@ -11740,6 +11752,10 @@ def test_get_vulnerability_report_rest_call_success(request_type):
     # Establish that the response is the type that we expect.
     assert isinstance(response, vulnerability.VulnerabilityReport)
     assert response.name == "name_value"
+    assert (
+        response.highest_upgradable_cve_severity
+        == vulnerability.VulnerabilityReport.VulnerabilitySeverityLevel.NONE
+    )
 
 
 @pytest.mark.parametrize("null_interceptor", [True, False])