google-apis-cloudasset_v1 0.50.0 → 0.52.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/cloudasset_v1/classes.rb +1055 -75
- data/lib/google/apis/cloudasset_v1/gem_version.rb +3 -3
- data/lib/google/apis/cloudasset_v1/representations.rb +391 -0
- data/lib/google/apis/cloudasset_v1/service.rb +301 -81
- data/lib/google/apis/cloudasset_v1.rb +2 -1
- metadata +4 -4
@@ -51,7 +51,7 @@ module Google
|
|
51
51
|
end
|
52
52
|
|
53
53
|
# Represents the metadata of the longrunning operation for the
|
54
|
-
# AnalyzeIamPolicyLongrunning
|
54
|
+
# AnalyzeIamPolicyLongrunning RPC.
|
55
55
|
class AnalyzeIamPolicyLongrunningMetadata
|
56
56
|
include Google::Apis::Core::Hashable
|
57
57
|
|
@@ -164,7 +164,7 @@ module Google
|
|
164
164
|
include Google::Apis::Core::Hashable
|
165
165
|
|
166
166
|
# The list of analyses returned from performing the intended resource move
|
167
|
-
# analysis. The analysis is grouped by different Cloud services.
|
167
|
+
# analysis. The analysis is grouped by different Google Cloud services.
|
168
168
|
# Corresponds to the JSON property `moveAnalysis`
|
169
169
|
# @return [Array<Google::Apis::CloudassetV1::MoveAnalysis>]
|
170
170
|
attr_accessor :move_analysis
|
@@ -179,11 +179,193 @@ module Google
|
|
179
179
|
end
|
180
180
|
end
|
181
181
|
|
182
|
+
# The response message for AssetService.AnalyzeOrgPolicies.
|
183
|
+
class AnalyzeOrgPoliciesResponse
|
184
|
+
include Google::Apis::Core::Hashable
|
185
|
+
|
186
|
+
# The organization policy constraint definition.
|
187
|
+
# Corresponds to the JSON property `constraint`
|
188
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicyConstraint]
|
189
|
+
attr_accessor :constraint
|
190
|
+
|
191
|
+
# The page token to fetch the next page for AnalyzeOrgPoliciesResponse.
|
192
|
+
# org_policy_results.
|
193
|
+
# Corresponds to the JSON property `nextPageToken`
|
194
|
+
# @return [String]
|
195
|
+
attr_accessor :next_page_token
|
196
|
+
|
197
|
+
# The organization policies under the AnalyzeOrgPoliciesRequest.scope with the
|
198
|
+
# AnalyzeOrgPoliciesRequest.constraint.
|
199
|
+
# Corresponds to the JSON property `orgPolicyResults`
|
200
|
+
# @return [Array<Google::Apis::CloudassetV1::OrgPolicyResult>]
|
201
|
+
attr_accessor :org_policy_results
|
202
|
+
|
203
|
+
def initialize(**args)
|
204
|
+
update!(**args)
|
205
|
+
end
|
206
|
+
|
207
|
+
# Update properties of this object
|
208
|
+
def update!(**args)
|
209
|
+
@constraint = args[:constraint] if args.key?(:constraint)
|
210
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
211
|
+
@org_policy_results = args[:org_policy_results] if args.key?(:org_policy_results)
|
212
|
+
end
|
213
|
+
end
|
214
|
+
|
215
|
+
# The response message for AssetService.AnalyzeOrgPolicyGovernedAssets.
|
216
|
+
class AnalyzeOrgPolicyGovernedAssetsResponse
|
217
|
+
include Google::Apis::Core::Hashable
|
218
|
+
|
219
|
+
# The organization policy constraint definition.
|
220
|
+
# Corresponds to the JSON property `constraint`
|
221
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicyConstraint]
|
222
|
+
attr_accessor :constraint
|
223
|
+
|
224
|
+
# The list of the analyzed governed assets.
|
225
|
+
# Corresponds to the JSON property `governedAssets`
|
226
|
+
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset>]
|
227
|
+
attr_accessor :governed_assets
|
228
|
+
|
229
|
+
# The page token to fetch the next page for
|
230
|
+
# AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets.
|
231
|
+
# Corresponds to the JSON property `nextPageToken`
|
232
|
+
# @return [String]
|
233
|
+
attr_accessor :next_page_token
|
234
|
+
|
235
|
+
def initialize(**args)
|
236
|
+
update!(**args)
|
237
|
+
end
|
238
|
+
|
239
|
+
# Update properties of this object
|
240
|
+
def update!(**args)
|
241
|
+
@constraint = args[:constraint] if args.key?(:constraint)
|
242
|
+
@governed_assets = args[:governed_assets] if args.key?(:governed_assets)
|
243
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
244
|
+
end
|
245
|
+
end
|
246
|
+
|
247
|
+
# The response message for AssetService.AnalyzeOrgPolicyGovernedContainers.
|
248
|
+
class AnalyzeOrgPolicyGovernedContainersResponse
|
249
|
+
include Google::Apis::Core::Hashable
|
250
|
+
|
251
|
+
# The organization policy constraint definition.
|
252
|
+
# Corresponds to the JSON property `constraint`
|
253
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicyConstraint]
|
254
|
+
attr_accessor :constraint
|
255
|
+
|
256
|
+
# The list of the analyzed governed containers.
|
257
|
+
# Corresponds to the JSON property `governedContainers`
|
258
|
+
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1GovernedContainer>]
|
259
|
+
attr_accessor :governed_containers
|
260
|
+
|
261
|
+
# The page token to fetch the next page for
|
262
|
+
# AnalyzeOrgPolicyGovernedContainersResponse.governed_containers.
|
263
|
+
# Corresponds to the JSON property `nextPageToken`
|
264
|
+
# @return [String]
|
265
|
+
attr_accessor :next_page_token
|
266
|
+
|
267
|
+
def initialize(**args)
|
268
|
+
update!(**args)
|
269
|
+
end
|
270
|
+
|
271
|
+
# Update properties of this object
|
272
|
+
def update!(**args)
|
273
|
+
@constraint = args[:constraint] if args.key?(:constraint)
|
274
|
+
@governed_containers = args[:governed_containers] if args.key?(:governed_containers)
|
275
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
279
|
+
# This organization policy message is a modified version of the one defined in
|
280
|
+
# the Organization Policy system. This message contains several fields defined
|
281
|
+
# in the original organization policy with some new fields for analysis purpose.
|
282
|
+
class AnalyzerOrgPolicy
|
283
|
+
include Google::Apis::Core::Hashable
|
284
|
+
|
285
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
286
|
+
# resource-name-format) of an organization/folder/project resource where this
|
287
|
+
# organization policy applies to. For any user defined org policies, this field
|
288
|
+
# has the same value as the [attached_resource] field. Only for default policy,
|
289
|
+
# this field has the different value.
|
290
|
+
# Corresponds to the JSON property `appliedResource`
|
291
|
+
# @return [String]
|
292
|
+
attr_accessor :applied_resource
|
293
|
+
|
294
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
295
|
+
# resource-name-format) of an organization/folder/project resource where this
|
296
|
+
# organization policy is set. Notice that some type of constraints are defined
|
297
|
+
# with default policy. This field will be empty for them.
|
298
|
+
# Corresponds to the JSON property `attachedResource`
|
299
|
+
# @return [String]
|
300
|
+
attr_accessor :attached_resource
|
301
|
+
|
302
|
+
# If `inherit_from_parent` is true, Rules set higher up in the hierarchy (up to
|
303
|
+
# the closest root) are inherited and present in the effective policy. If it is
|
304
|
+
# false, then no rules are inherited, and this policy becomes the effective root
|
305
|
+
# for evaluation.
|
306
|
+
# Corresponds to the JSON property `inheritFromParent`
|
307
|
+
# @return [Boolean]
|
308
|
+
attr_accessor :inherit_from_parent
|
309
|
+
alias_method :inherit_from_parent?, :inherit_from_parent
|
310
|
+
|
311
|
+
# Ignores policies set above this resource and restores the default behavior of
|
312
|
+
# the constraint at this resource. This field can be set in policies for either
|
313
|
+
# list or boolean constraints. If set, `rules` must be empty and `
|
314
|
+
# inherit_from_parent` must be set to false.
|
315
|
+
# Corresponds to the JSON property `reset`
|
316
|
+
# @return [Boolean]
|
317
|
+
attr_accessor :reset
|
318
|
+
alias_method :reset?, :reset
|
319
|
+
|
320
|
+
# List of rules for this organization policy.
|
321
|
+
# Corresponds to the JSON property `rules`
|
322
|
+
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1Rule>]
|
323
|
+
attr_accessor :rules
|
324
|
+
|
325
|
+
def initialize(**args)
|
326
|
+
update!(**args)
|
327
|
+
end
|
328
|
+
|
329
|
+
# Update properties of this object
|
330
|
+
def update!(**args)
|
331
|
+
@applied_resource = args[:applied_resource] if args.key?(:applied_resource)
|
332
|
+
@attached_resource = args[:attached_resource] if args.key?(:attached_resource)
|
333
|
+
@inherit_from_parent = args[:inherit_from_parent] if args.key?(:inherit_from_parent)
|
334
|
+
@reset = args[:reset] if args.key?(:reset)
|
335
|
+
@rules = args[:rules] if args.key?(:rules)
|
336
|
+
end
|
337
|
+
end
|
338
|
+
|
339
|
+
# The organization policy constraint definition.
|
340
|
+
class AnalyzerOrgPolicyConstraint
|
341
|
+
include Google::Apis::Core::Hashable
|
342
|
+
|
343
|
+
# The definition of a custom constraint.
|
344
|
+
# Corresponds to the JSON property `customConstraint`
|
345
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1CustomConstraint]
|
346
|
+
attr_accessor :custom_constraint
|
347
|
+
|
348
|
+
# The definition of a constraint.
|
349
|
+
# Corresponds to the JSON property `googleDefinedConstraint`
|
350
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1Constraint]
|
351
|
+
attr_accessor :google_defined_constraint
|
352
|
+
|
353
|
+
def initialize(**args)
|
354
|
+
update!(**args)
|
355
|
+
end
|
356
|
+
|
357
|
+
# Update properties of this object
|
358
|
+
def update!(**args)
|
359
|
+
@custom_constraint = args[:custom_constraint] if args.key?(:custom_constraint)
|
360
|
+
@google_defined_constraint = args[:google_defined_constraint] if args.key?(:google_defined_constraint)
|
361
|
+
end
|
362
|
+
end
|
363
|
+
|
182
364
|
# An asset in Google Cloud. An asset can be any resource in the Google Cloud [
|
183
365
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
184
366
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
185
367
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
186
|
-
# (e.g.
|
368
|
+
# (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
|
187
369
|
# relationship). See [Supported asset types](https://cloud.google.com/asset-
|
188
370
|
# inventory/docs/supported-asset-types) for more information.
|
189
371
|
class Asset
|
@@ -282,9 +464,9 @@ module Google
|
|
282
464
|
# ancestors. An asset can be any resource in the Google Cloud [resource
|
283
465
|
# hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
|
284
466
|
# resource-hierarchy), a resource outside the Google Cloud resource hierarchy (
|
285
|
-
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g.
|
286
|
-
#
|
287
|
-
#
|
467
|
+
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM
|
468
|
+
# policy). See [Supported asset types](https://cloud.google.com/asset-inventory/
|
469
|
+
# docs/supported-asset-types) for more information.
|
288
470
|
# Corresponds to the JSON property `relatedAsset`
|
289
471
|
# @return [Google::Apis::CloudassetV1::RelatedAsset]
|
290
472
|
attr_accessor :related_asset
|
@@ -1063,7 +1245,7 @@ module Google
|
|
1063
1245
|
class GcsDestination
|
1064
1246
|
include Google::Apis::Core::Hashable
|
1065
1247
|
|
1066
|
-
# The
|
1248
|
+
# The URI of the Cloud Storage object. It's the same URI that is used by gsutil.
|
1067
1249
|
# Example: "gs://bucket_name/object_name". See [Viewing and Editing Object
|
1068
1250
|
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for
|
1069
1251
|
# more information. If the specified Cloud Storage object already exists and
|
@@ -1073,8 +1255,8 @@ module Google
|
|
1073
1255
|
# @return [String]
|
1074
1256
|
attr_accessor :uri
|
1075
1257
|
|
1076
|
-
# The
|
1077
|
-
# bucket_name/object_name_prefix". Each object
|
1258
|
+
# The URI prefix of all generated Cloud Storage objects. Example: "gs://
|
1259
|
+
# bucket_name/object_name_prefix". Each object URI is in format: "gs://
|
1078
1260
|
# bucket_name/object_name_prefix// and only contains assets for that type.
|
1079
1261
|
# starts from 0. Example: "gs://bucket_name/object_name_prefix/compute.
|
1080
1262
|
# googleapis.com/Disk/0" is the first shard of output objects containing all
|
@@ -1181,6 +1363,184 @@ module Google
|
|
1181
1363
|
end
|
1182
1364
|
end
|
1183
1365
|
|
1366
|
+
# Represents a Google Cloud asset(resource or IAM policy) governed by the
|
1367
|
+
# organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1368
|
+
class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset
|
1369
|
+
include Google::Apis::Core::Hashable
|
1370
|
+
|
1371
|
+
# This organization policy message is a modified version of the one defined in
|
1372
|
+
# the Organization Policy system. This message contains several fields defined
|
1373
|
+
# in the original organization policy with some new fields for analysis purpose.
|
1374
|
+
# Corresponds to the JSON property `consolidatedPolicy`
|
1375
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicy]
|
1376
|
+
attr_accessor :consolidated_policy
|
1377
|
+
|
1378
|
+
# The IAM policies governed by the organization policies of the
|
1379
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1380
|
+
# Corresponds to the JSON property `governedIamPolicy`
|
1381
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy]
|
1382
|
+
attr_accessor :governed_iam_policy
|
1383
|
+
|
1384
|
+
# The Google Cloud resources governed by the organization policies of the
|
1385
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1386
|
+
# Corresponds to the JSON property `governedResource`
|
1387
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource]
|
1388
|
+
attr_accessor :governed_resource
|
1389
|
+
|
1390
|
+
# The ordered list of all organization policies from the
|
1391
|
+
# AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.
|
1392
|
+
# attached_resource to the scope specified in the request. If the constraint is
|
1393
|
+
# defined with default policy, it will also appear in the list.
|
1394
|
+
# Corresponds to the JSON property `policyBundle`
|
1395
|
+
# @return [Array<Google::Apis::CloudassetV1::AnalyzerOrgPolicy>]
|
1396
|
+
attr_accessor :policy_bundle
|
1397
|
+
|
1398
|
+
def initialize(**args)
|
1399
|
+
update!(**args)
|
1400
|
+
end
|
1401
|
+
|
1402
|
+
# Update properties of this object
|
1403
|
+
def update!(**args)
|
1404
|
+
@consolidated_policy = args[:consolidated_policy] if args.key?(:consolidated_policy)
|
1405
|
+
@governed_iam_policy = args[:governed_iam_policy] if args.key?(:governed_iam_policy)
|
1406
|
+
@governed_resource = args[:governed_resource] if args.key?(:governed_resource)
|
1407
|
+
@policy_bundle = args[:policy_bundle] if args.key?(:policy_bundle)
|
1408
|
+
end
|
1409
|
+
end
|
1410
|
+
|
1411
|
+
# The IAM policies governed by the organization policies of the
|
1412
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1413
|
+
class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy
|
1414
|
+
include Google::Apis::Core::Hashable
|
1415
|
+
|
1416
|
+
# The full resource name of the resource associated with this IAM policy.
|
1417
|
+
# Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/
|
1418
|
+
# instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://
|
1419
|
+
# cloud.google.com/asset-inventory/docs/resource-name-format) for more
|
1420
|
+
# information.
|
1421
|
+
# Corresponds to the JSON property `attachedResource`
|
1422
|
+
# @return [String]
|
1423
|
+
attr_accessor :attached_resource
|
1424
|
+
|
1425
|
+
# The folder(s) that this IAM policy belongs to, in the form of folders/`
|
1426
|
+
# FOLDER_NUMBER`. This field is available when the IAM policy belongs(directly
|
1427
|
+
# or cascadingly) to one or more folders.
|
1428
|
+
# Corresponds to the JSON property `folders`
|
1429
|
+
# @return [Array<String>]
|
1430
|
+
attr_accessor :folders
|
1431
|
+
|
1432
|
+
# The organization that this IAM policy belongs to, in the form of organizations/
|
1433
|
+
# `ORGANIZATION_NUMBER`. This field is available when the IAM policy belongs(
|
1434
|
+
# directly or cascadingly) to an organization.
|
1435
|
+
# Corresponds to the JSON property `organization`
|
1436
|
+
# @return [String]
|
1437
|
+
attr_accessor :organization
|
1438
|
+
|
1439
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1440
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1441
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1442
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1443
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1444
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1445
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1446
|
+
# logical expression that allows access to a resource only if the expression
|
1447
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1448
|
+
# the request, the resource, or both. To learn which resources support
|
1449
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1450
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
1451
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1452
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1453
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1454
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1455
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1456
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1457
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1458
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
1459
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1460
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
1461
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
1462
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
1463
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
1464
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
1465
|
+
# cloud.google.com/iam/docs/).
|
1466
|
+
# Corresponds to the JSON property `policy`
|
1467
|
+
# @return [Google::Apis::CloudassetV1::Policy]
|
1468
|
+
attr_accessor :policy
|
1469
|
+
|
1470
|
+
# The project that this IAM policy belongs to, in the form of projects/`
|
1471
|
+
# PROJECT_NUMBER`. This field is available when the IAM policy belongs to a
|
1472
|
+
# project.
|
1473
|
+
# Corresponds to the JSON property `project`
|
1474
|
+
# @return [String]
|
1475
|
+
attr_accessor :project
|
1476
|
+
|
1477
|
+
def initialize(**args)
|
1478
|
+
update!(**args)
|
1479
|
+
end
|
1480
|
+
|
1481
|
+
# Update properties of this object
|
1482
|
+
def update!(**args)
|
1483
|
+
@attached_resource = args[:attached_resource] if args.key?(:attached_resource)
|
1484
|
+
@folders = args[:folders] if args.key?(:folders)
|
1485
|
+
@organization = args[:organization] if args.key?(:organization)
|
1486
|
+
@policy = args[:policy] if args.key?(:policy)
|
1487
|
+
@project = args[:project] if args.key?(:project)
|
1488
|
+
end
|
1489
|
+
end
|
1490
|
+
|
1491
|
+
# The Google Cloud resources governed by the organization policies of the
|
1492
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1493
|
+
class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource
|
1494
|
+
include Google::Apis::Core::Hashable
|
1495
|
+
|
1496
|
+
# The folder(s) that this resource belongs to, in the form of folders/`
|
1497
|
+
# FOLDER_NUMBER`. This field is available when the resource belongs(directly or
|
1498
|
+
# cascadingly) to one or more folders.
|
1499
|
+
# Corresponds to the JSON property `folders`
|
1500
|
+
# @return [Array<String>]
|
1501
|
+
attr_accessor :folders
|
1502
|
+
|
1503
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1504
|
+
# resource-name-format) of the Google Cloud resource.
|
1505
|
+
# Corresponds to the JSON property `fullResourceName`
|
1506
|
+
# @return [String]
|
1507
|
+
attr_accessor :full_resource_name
|
1508
|
+
|
1509
|
+
# The organization that this resource belongs to, in the form of organizations/`
|
1510
|
+
# ORGANIZATION_NUMBER`. This field is available when the resource belongs(
|
1511
|
+
# directly or cascadingly) to an organization.
|
1512
|
+
# Corresponds to the JSON property `organization`
|
1513
|
+
# @return [String]
|
1514
|
+
attr_accessor :organization
|
1515
|
+
|
1516
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1517
|
+
# resource-name-format) of the parent of AnalyzeOrgPolicyGovernedAssetsResponse.
|
1518
|
+
# GovernedResource.full_resource_name.
|
1519
|
+
# Corresponds to the JSON property `parent`
|
1520
|
+
# @return [String]
|
1521
|
+
attr_accessor :parent
|
1522
|
+
|
1523
|
+
# The project that this resource belongs to, in the form of projects/`
|
1524
|
+
# PROJECT_NUMBER`. This field is available when the resource belongs to a
|
1525
|
+
# project.
|
1526
|
+
# Corresponds to the JSON property `project`
|
1527
|
+
# @return [String]
|
1528
|
+
attr_accessor :project
|
1529
|
+
|
1530
|
+
def initialize(**args)
|
1531
|
+
update!(**args)
|
1532
|
+
end
|
1533
|
+
|
1534
|
+
# Update properties of this object
|
1535
|
+
def update!(**args)
|
1536
|
+
@folders = args[:folders] if args.key?(:folders)
|
1537
|
+
@full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
|
1538
|
+
@organization = args[:organization] if args.key?(:organization)
|
1539
|
+
@parent = args[:parent] if args.key?(:parent)
|
1540
|
+
@project = args[:project] if args.key?(:project)
|
1541
|
+
end
|
1542
|
+
end
|
1543
|
+
|
1184
1544
|
# A BigQuery destination.
|
1185
1545
|
class GoogleCloudAssetV1BigQueryDestination
|
1186
1546
|
include Google::Apis::Core::Hashable
|
@@ -1233,6 +1593,136 @@ module Google
|
|
1233
1593
|
end
|
1234
1594
|
end
|
1235
1595
|
|
1596
|
+
# A `Constraint` that is either enforced or not. For example a constraint `
|
1597
|
+
# constraints/compute.disableSerialPortAccess`. If it is enforced on a VM
|
1598
|
+
# instance, serial port connections will not be opened to that instance.
|
1599
|
+
class GoogleCloudAssetV1BooleanConstraint
|
1600
|
+
include Google::Apis::Core::Hashable
|
1601
|
+
|
1602
|
+
def initialize(**args)
|
1603
|
+
update!(**args)
|
1604
|
+
end
|
1605
|
+
|
1606
|
+
# Update properties of this object
|
1607
|
+
def update!(**args)
|
1608
|
+
end
|
1609
|
+
end
|
1610
|
+
|
1611
|
+
# The definition of a constraint.
|
1612
|
+
class GoogleCloudAssetV1Constraint
|
1613
|
+
include Google::Apis::Core::Hashable
|
1614
|
+
|
1615
|
+
# A `Constraint` that is either enforced or not. For example a constraint `
|
1616
|
+
# constraints/compute.disableSerialPortAccess`. If it is enforced on a VM
|
1617
|
+
# instance, serial port connections will not be opened to that instance.
|
1618
|
+
# Corresponds to the JSON property `booleanConstraint`
|
1619
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1BooleanConstraint]
|
1620
|
+
attr_accessor :boolean_constraint
|
1621
|
+
|
1622
|
+
# The evaluation behavior of this constraint in the absence of 'Policy'.
|
1623
|
+
# Corresponds to the JSON property `constraintDefault`
|
1624
|
+
# @return [String]
|
1625
|
+
attr_accessor :constraint_default
|
1626
|
+
|
1627
|
+
# Detailed description of what this `Constraint` controls as well as how and
|
1628
|
+
# where it is enforced.
|
1629
|
+
# Corresponds to the JSON property `description`
|
1630
|
+
# @return [String]
|
1631
|
+
attr_accessor :description
|
1632
|
+
|
1633
|
+
# The human readable name of the constraint.
|
1634
|
+
# Corresponds to the JSON property `displayName`
|
1635
|
+
# @return [String]
|
1636
|
+
attr_accessor :display_name
|
1637
|
+
|
1638
|
+
# A `Constraint` that allows or disallows a list of string values, which are
|
1639
|
+
# configured by an organization's policy administrator with a `Policy`.
|
1640
|
+
# Corresponds to the JSON property `listConstraint`
|
1641
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1ListConstraint]
|
1642
|
+
attr_accessor :list_constraint
|
1643
|
+
|
1644
|
+
# The unique name of the constraint. Format of the name should be * `constraints/
|
1645
|
+
# `constraint_name`` For example, `constraints/compute.disableSerialPortAccess`.
|
1646
|
+
# Corresponds to the JSON property `name`
|
1647
|
+
# @return [String]
|
1648
|
+
attr_accessor :name
|
1649
|
+
|
1650
|
+
def initialize(**args)
|
1651
|
+
update!(**args)
|
1652
|
+
end
|
1653
|
+
|
1654
|
+
# Update properties of this object
|
1655
|
+
def update!(**args)
|
1656
|
+
@boolean_constraint = args[:boolean_constraint] if args.key?(:boolean_constraint)
|
1657
|
+
@constraint_default = args[:constraint_default] if args.key?(:constraint_default)
|
1658
|
+
@description = args[:description] if args.key?(:description)
|
1659
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
1660
|
+
@list_constraint = args[:list_constraint] if args.key?(:list_constraint)
|
1661
|
+
@name = args[:name] if args.key?(:name)
|
1662
|
+
end
|
1663
|
+
end
|
1664
|
+
|
1665
|
+
# The definition of a custom constraint.
|
1666
|
+
class GoogleCloudAssetV1CustomConstraint
|
1667
|
+
include Google::Apis::Core::Hashable
|
1668
|
+
|
1669
|
+
# Allow or deny type.
|
1670
|
+
# Corresponds to the JSON property `actionType`
|
1671
|
+
# @return [String]
|
1672
|
+
attr_accessor :action_type
|
1673
|
+
|
1674
|
+
# Organization Policy condition/expression. For example: `resource.instanceName.
|
1675
|
+
# matches("[production|test]_.*_(\d)+")'` or, `resource.management.auto_upgrade =
|
1676
|
+
# = true`
|
1677
|
+
# Corresponds to the JSON property `condition`
|
1678
|
+
# @return [String]
|
1679
|
+
attr_accessor :condition
|
1680
|
+
|
1681
|
+
# Detailed information about this custom policy constraint.
|
1682
|
+
# Corresponds to the JSON property `description`
|
1683
|
+
# @return [String]
|
1684
|
+
attr_accessor :description
|
1685
|
+
|
1686
|
+
# One line display name for the UI.
|
1687
|
+
# Corresponds to the JSON property `displayName`
|
1688
|
+
# @return [String]
|
1689
|
+
attr_accessor :display_name
|
1690
|
+
|
1691
|
+
# All the operations being applied for this constraint.
|
1692
|
+
# Corresponds to the JSON property `methodTypes`
|
1693
|
+
# @return [Array<String>]
|
1694
|
+
attr_accessor :method_types
|
1695
|
+
|
1696
|
+
# Name of the constraint. This is unique within the organization. Format of the
|
1697
|
+
# name should be * `organizations/`organization_id`/customConstraints/`
|
1698
|
+
# custom_constraint_id`` Example : "organizations/123/customConstraints/custom.
|
1699
|
+
# createOnlyE2TypeVms"
|
1700
|
+
# Corresponds to the JSON property `name`
|
1701
|
+
# @return [String]
|
1702
|
+
attr_accessor :name
|
1703
|
+
|
1704
|
+
# The Resource Instance type on which this policy applies to. Format will be of
|
1705
|
+
# the form : "/" Example: * `compute.googleapis.com/Instance`.
|
1706
|
+
# Corresponds to the JSON property `resourceTypes`
|
1707
|
+
# @return [Array<String>]
|
1708
|
+
attr_accessor :resource_types
|
1709
|
+
|
1710
|
+
def initialize(**args)
|
1711
|
+
update!(**args)
|
1712
|
+
end
|
1713
|
+
|
1714
|
+
# Update properties of this object
|
1715
|
+
def update!(**args)
|
1716
|
+
@action_type = args[:action_type] if args.key?(:action_type)
|
1717
|
+
@condition = args[:condition] if args.key?(:condition)
|
1718
|
+
@description = args[:description] if args.key?(:description)
|
1719
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
1720
|
+
@method_types = args[:method_types] if args.key?(:method_types)
|
1721
|
+
@name = args[:name] if args.key?(:name)
|
1722
|
+
@resource_types = args[:resource_types] if args.key?(:resource_types)
|
1723
|
+
end
|
1724
|
+
end
|
1725
|
+
|
1236
1726
|
# A directional edge.
|
1237
1727
|
class GoogleCloudAssetV1Edge
|
1238
1728
|
include Google::Apis::Core::Hashable
|
@@ -1264,7 +1754,7 @@ module Google
|
|
1264
1754
|
class GoogleCloudAssetV1GcsDestination
|
1265
1755
|
include Google::Apis::Core::Hashable
|
1266
1756
|
|
1267
|
-
# Required. The
|
1757
|
+
# Required. The URI of the Cloud Storage object. It's the same URI that is used
|
1268
1758
|
# by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing
|
1269
1759
|
# Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-
|
1270
1760
|
# metadata) for more information. If the specified Cloud Storage object already
|
@@ -1280,7 +1770,54 @@ module Google
|
|
1280
1770
|
|
1281
1771
|
# Update properties of this object
|
1282
1772
|
def update!(**args)
|
1283
|
-
@uri = args[:uri] if args.key?(:uri)
|
1773
|
+
@uri = args[:uri] if args.key?(:uri)
|
1774
|
+
end
|
1775
|
+
end
|
1776
|
+
|
1777
|
+
# The organization/folder/project resource governed by organization policies of
|
1778
|
+
# AnalyzeOrgPolicyGovernedContainersRequest.constraint.
|
1779
|
+
class GoogleCloudAssetV1GovernedContainer
|
1780
|
+
include Google::Apis::Core::Hashable
|
1781
|
+
|
1782
|
+
# This organization policy message is a modified version of the one defined in
|
1783
|
+
# the Organization Policy system. This message contains several fields defined
|
1784
|
+
# in the original organization policy with some new fields for analysis purpose.
|
1785
|
+
# Corresponds to the JSON property `consolidatedPolicy`
|
1786
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicy]
|
1787
|
+
attr_accessor :consolidated_policy
|
1788
|
+
|
1789
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1790
|
+
# resource-name-format) of an organization/folder/project resource.
|
1791
|
+
# Corresponds to the JSON property `fullResourceName`
|
1792
|
+
# @return [String]
|
1793
|
+
attr_accessor :full_resource_name
|
1794
|
+
|
1795
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1796
|
+
# resource-name-format) of the parent of
|
1797
|
+
# AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.
|
1798
|
+
# full_resource_name.
|
1799
|
+
# Corresponds to the JSON property `parent`
|
1800
|
+
# @return [String]
|
1801
|
+
attr_accessor :parent
|
1802
|
+
|
1803
|
+
# The ordered list of all organization policies from the
|
1804
|
+
# AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.
|
1805
|
+
# attached_resource. to the scope specified in the request. If the constraint is
|
1806
|
+
# defined with default policy, it will also appear in the list.
|
1807
|
+
# Corresponds to the JSON property `policyBundle`
|
1808
|
+
# @return [Array<Google::Apis::CloudassetV1::AnalyzerOrgPolicy>]
|
1809
|
+
attr_accessor :policy_bundle
|
1810
|
+
|
1811
|
+
def initialize(**args)
|
1812
|
+
update!(**args)
|
1813
|
+
end
|
1814
|
+
|
1815
|
+
# Update properties of this object
|
1816
|
+
def update!(**args)
|
1817
|
+
@consolidated_policy = args[:consolidated_policy] if args.key?(:consolidated_policy)
|
1818
|
+
@full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
|
1819
|
+
@parent = args[:parent] if args.key?(:parent)
|
1820
|
+
@policy_bundle = args[:policy_bundle] if args.key?(:policy_bundle)
|
1284
1821
|
end
|
1285
1822
|
end
|
1286
1823
|
|
@@ -1344,6 +1881,77 @@ module Google
|
|
1344
1881
|
end
|
1345
1882
|
end
|
1346
1883
|
|
1884
|
+
# A `Constraint` that allows or disallows a list of string values, which are
|
1885
|
+
# configured by an organization's policy administrator with a `Policy`.
|
1886
|
+
class GoogleCloudAssetV1ListConstraint
|
1887
|
+
include Google::Apis::Core::Hashable
|
1888
|
+
|
1889
|
+
# Indicates whether values grouped into categories can be used in `Policy.
|
1890
|
+
# allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would
|
1891
|
+
# match any value in the 'Python' group.
|
1892
|
+
# Corresponds to the JSON property `supportsIn`
|
1893
|
+
# @return [Boolean]
|
1894
|
+
attr_accessor :supports_in
|
1895
|
+
alias_method :supports_in?, :supports_in
|
1896
|
+
|
1897
|
+
# Indicates whether subtrees of Cloud Resource Manager resource hierarchy can be
|
1898
|
+
# used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"
|
1899
|
+
# under:folders/123"` would match any resource under the 'folders/123' folder.
|
1900
|
+
# Corresponds to the JSON property `supportsUnder`
|
1901
|
+
# @return [Boolean]
|
1902
|
+
attr_accessor :supports_under
|
1903
|
+
alias_method :supports_under?, :supports_under
|
1904
|
+
|
1905
|
+
def initialize(**args)
|
1906
|
+
update!(**args)
|
1907
|
+
end
|
1908
|
+
|
1909
|
+
# Update properties of this object
|
1910
|
+
def update!(**args)
|
1911
|
+
@supports_in = args[:supports_in] if args.key?(:supports_in)
|
1912
|
+
@supports_under = args[:supports_under] if args.key?(:supports_under)
|
1913
|
+
end
|
1914
|
+
end
|
1915
|
+
|
1916
|
+
# BigQuery destination.
|
1917
|
+
class GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination
|
1918
|
+
include Google::Apis::Core::Hashable
|
1919
|
+
|
1920
|
+
# Required. The BigQuery dataset where the query results will be saved. It has
|
1921
|
+
# the format of "projects/`projectId`/datasets/`datasetId`".
|
1922
|
+
# Corresponds to the JSON property `dataset`
|
1923
|
+
# @return [String]
|
1924
|
+
attr_accessor :dataset
|
1925
|
+
|
1926
|
+
# Required. The BigQuery table where the query results will be saved. If this
|
1927
|
+
# table does not exist, a new table with the given name will be created.
|
1928
|
+
# Corresponds to the JSON property `table`
|
1929
|
+
# @return [String]
|
1930
|
+
attr_accessor :table
|
1931
|
+
|
1932
|
+
# Specifies the action that occurs if the destination table or partition already
|
1933
|
+
# exists. The following values are supported: * WRITE_TRUNCATE: If the table or
|
1934
|
+
# partition already exists, BigQuery overwrites the entire table or all the
|
1935
|
+
# partitions data. * WRITE_APPEND: If the table or partition already exists,
|
1936
|
+
# BigQuery appends the data to the table or the latest partition. * WRITE_EMPTY:
|
1937
|
+
# If the table already exists and contains data, a 'duplicate' error is returned
|
1938
|
+
# in the job result. The default value is WRITE_EMPTY.
|
1939
|
+
# Corresponds to the JSON property `writeDisposition`
|
1940
|
+
# @return [String]
|
1941
|
+
attr_accessor :write_disposition
|
1942
|
+
|
1943
|
+
def initialize(**args)
|
1944
|
+
update!(**args)
|
1945
|
+
end
|
1946
|
+
|
1947
|
+
# Update properties of this object
|
1948
|
+
def update!(**args)
|
1949
|
+
@dataset = args[:dataset] if args.key?(:dataset)
|
1950
|
+
@table = args[:table] if args.key?(:table)
|
1951
|
+
@write_disposition = args[:write_disposition] if args.key?(:write_disposition)
|
1952
|
+
end
|
1953
|
+
end
|
1954
|
+
|
1347
1955
|
# A Google Cloud resource under analysis.
|
1348
1956
|
class GoogleCloudAssetV1Resource
|
1349
1957
|
include Google::Apis::Core::Hashable
|
@@ -1371,12 +1979,100 @@ module Google
|
|
1371
1979
|
end
|
1372
1980
|
end
|
1373
1981
|
|
1982
|
+
# Represents a rule defined in an organization policy
|
1983
|
+
class GoogleCloudAssetV1Rule
|
1984
|
+
include Google::Apis::Core::Hashable
|
1985
|
+
|
1986
|
+
# Setting this to true means that all values are allowed. This field can be set
|
1987
|
+
# only in Policies for list constraints.
|
1988
|
+
# Corresponds to the JSON property `allowAll`
|
1989
|
+
# @return [Boolean]
|
1990
|
+
attr_accessor :allow_all
|
1991
|
+
alias_method :allow_all?, :allow_all
|
1992
|
+
|
1993
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
1994
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
1995
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
1996
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
1997
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
1998
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
1999
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
2000
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
2001
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
2002
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
2003
|
+
# string" description: "Create a notification string with a timestamp."
|
2004
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
2005
|
+
# exact variables and functions that may be referenced within an expression are
|
2006
|
+
# determined by the service that evaluates it. See the service documentation for
|
2007
|
+
# additional information.
|
2008
|
+
# Corresponds to the JSON property `condition`
|
2009
|
+
# @return [Google::Apis::CloudassetV1::Expr]
|
2010
|
+
attr_accessor :condition
|
2011
|
+
|
2012
|
+
# Setting this to true means that all values are denied. This field can be set
|
2013
|
+
# only in Policies for list constraints.
|
2014
|
+
# Corresponds to the JSON property `denyAll`
|
2015
|
+
# @return [Boolean]
|
2016
|
+
attr_accessor :deny_all
|
2017
|
+
alias_method :deny_all?, :deny_all
|
2018
|
+
|
2019
|
+
# If `true`, then the `Policy` is enforced. If `false`, then any configuration
|
2020
|
+
# is acceptable. This field can be set only in Policies for boolean constraints.
|
2021
|
+
# Corresponds to the JSON property `enforce`
|
2022
|
+
# @return [Boolean]
|
2023
|
+
attr_accessor :enforce
|
2024
|
+
alias_method :enforce?, :enforce
|
2025
|
+
|
2026
|
+
# The string values for the list constraints.
|
2027
|
+
# Corresponds to the JSON property `values`
|
2028
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1StringValues]
|
2029
|
+
attr_accessor :values
|
2030
|
+
|
2031
|
+
def initialize(**args)
|
2032
|
+
update!(**args)
|
2033
|
+
end
|
2034
|
+
|
2035
|
+
# Update properties of this object
|
2036
|
+
def update!(**args)
|
2037
|
+
@allow_all = args[:allow_all] if args.key?(:allow_all)
|
2038
|
+
@condition = args[:condition] if args.key?(:condition)
|
2039
|
+
@deny_all = args[:deny_all] if args.key?(:deny_all)
|
2040
|
+
@enforce = args[:enforce] if args.key?(:enforce)
|
2041
|
+
@values = args[:values] if args.key?(:values)
|
2042
|
+
end
|
2043
|
+
end
|
2044
|
+
|
2045
|
+
# The string values for the list constraints.
|
2046
|
+
class GoogleCloudAssetV1StringValues
|
2047
|
+
include Google::Apis::Core::Hashable
|
2048
|
+
|
2049
|
+
# List of values allowed at this resource.
|
2050
|
+
# Corresponds to the JSON property `allowedValues`
|
2051
|
+
# @return [Array<String>]
|
2052
|
+
attr_accessor :allowed_values
|
2053
|
+
|
2054
|
+
# List of values denied at this resource.
|
2055
|
+
# Corresponds to the JSON property `deniedValues`
|
2056
|
+
# @return [Array<String>]
|
2057
|
+
attr_accessor :denied_values
|
2058
|
+
|
2059
|
+
def initialize(**args)
|
2060
|
+
update!(**args)
|
2061
|
+
end
|
2062
|
+
|
2063
|
+
# Update properties of this object
|
2064
|
+
def update!(**args)
|
2065
|
+
@allowed_values = args[:allowed_values] if args.key?(:allowed_values)
|
2066
|
+
@denied_values = args[:denied_values] if args.key?(:denied_values)
|
2067
|
+
end
|
2068
|
+
end
|
2069
|
+
|
1374
2070
|
# An asset in Google Cloud. An asset can be any resource in the Google Cloud [
|
1375
2071
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
1376
2072
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
1377
2073
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
1378
|
-
# (e.g.
|
1379
|
-
#
|
2074
|
+
# (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-
|
2075
|
+
# inventory/docs/supported-asset-types) for more information.
|
1380
2076
|
class GoogleCloudAssetV1p7beta1Asset
|
1381
2077
|
include Google::Apis::Core::Hashable
|
1382
2078
|
|
@@ -1513,9 +2209,9 @@ module Google
|
|
1513
2209
|
# An asset can be any resource in the Google Cloud [resource hierarchy](https://
|
1514
2210
|
# cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a
|
1515
2211
|
# resource outside the Google Cloud resource hierarchy (such as Google
|
1516
|
-
# Kubernetes Engine clusters and objects), or a policy (e.g.
|
1517
|
-
#
|
1518
|
-
#
|
2212
|
+
# Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [
|
2213
|
+
# Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-
|
2214
|
+
# asset-types) for more information.
|
1519
2215
|
class GoogleCloudAssetV1p7beta1RelatedAsset
|
1520
2216
|
include Google::Apis::Core::Hashable
|
1521
2217
|
|
@@ -1654,7 +2350,7 @@ module Google
|
|
1654
2350
|
# The full name of the immediate parent of this resource. See [Resource Names](
|
1655
2351
|
# https://cloud.google.com/apis/design/resource_names#full_resource_name) for
|
1656
2352
|
# more information. For Google Cloud assets, this value is the parent resource
|
1657
|
-
# defined in the [
|
2353
|
+
# defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/
|
1658
2354
|
# overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/
|
1659
2355
|
# projects/my_project_123` For third-party assets, this field may be set
|
1660
2356
|
# differently.
|
@@ -1992,10 +2688,10 @@ module Google
|
|
1992
2688
|
# @return [String]
|
1993
2689
|
attr_accessor :description
|
1994
2690
|
|
1995
|
-
#
|
1996
|
-
#
|
1997
|
-
#
|
1998
|
-
#
|
2691
|
+
# Resource name for the `AccessLevel`. Format: `accessPolicies/`access_policy`/
|
2692
|
+
# accessLevels/`access_level``. The `access_level` component must begin with a
|
2693
|
+
# letter, followed by alphanumeric characters or `_`. Its maximum length is 50
|
2694
|
+
# characters. After you create an `AccessLevel`, you cannot change its `name`.
|
1999
2695
|
# Corresponds to the JSON property `name`
|
2000
2696
|
# @return [String]
|
2001
2697
|
attr_accessor :name
|
@@ -2533,10 +3229,11 @@ module Google
|
|
2533
3229
|
|
2534
3230
|
# A Google Cloud resource that is allowed to ingress the perimeter. Requests
|
2535
3231
|
# from these resources will be allowed to access perimeter data. Currently only
|
2536
|
-
# projects are allowed.
|
2537
|
-
#
|
2538
|
-
#
|
2539
|
-
#
|
3232
|
+
# projects and VPCs are allowed. Project format: `projects/`project_number`` VPC
|
3233
|
+
# format: `//compute.googleapis.com/projects/`PROJECT_ID`/global/networks/`NAME``
|
3234
|
+
# . The project may be in any Google Cloud organization, not just the
|
3235
|
+
# organization that the perimeter is defined in. `*` is not allowed, the case of
|
3236
|
+
# allowing all Google Cloud resources only is not supported.
|
2540
3237
|
# Corresponds to the JSON property `resource`
|
2541
3238
|
# @return [String]
|
2542
3239
|
attr_accessor :resource
|
@@ -2666,9 +3363,10 @@ module Google
|
|
2666
3363
|
# @return [String]
|
2667
3364
|
attr_accessor :description
|
2668
3365
|
|
2669
|
-
#
|
2670
|
-
#
|
2671
|
-
#
|
3366
|
+
# Resource name for the `ServicePerimeter`. Format: `accessPolicies/`
|
3367
|
+
# access_policy`/servicePerimeters/`service_perimeter``. The `service_perimeter`
|
3368
|
+
# component must begin with a letter, followed by alphanumeric characters or `_`.
|
3369
|
+
# After you create a `ServicePerimeter`, you cannot change its `name`.
|
2672
3370
|
# Corresponds to the JSON property `name`
|
2673
3371
|
# @return [String]
|
2674
3372
|
attr_accessor :name
|
@@ -2760,7 +3458,9 @@ module Google
|
|
2760
3458
|
attr_accessor :ingress_policies
|
2761
3459
|
|
2762
3460
|
# A list of Google Cloud resources that are inside of the service perimeter.
|
2763
|
-
# Currently only projects are allowed.
|
3461
|
+
# Currently only projects and VPCs are allowed. Project format: `projects/`
|
3462
|
+
# project_number`` VPC format: `//compute.googleapis.com/projects/`PROJECT_ID`/
|
3463
|
+
# global/networks/`NAME``.
|
2764
3464
|
# Corresponds to the JSON property `resources`
|
2765
3465
|
# @return [Array<String>]
|
2766
3466
|
attr_accessor :resources
|
@@ -3093,8 +3793,8 @@ module Google
|
|
3093
3793
|
# @return [Google::Apis::CloudassetV1::Policy]
|
3094
3794
|
attr_accessor :policy
|
3095
3795
|
|
3096
|
-
# The project that the associated
|
3097
|
-
# projects/`PROJECT_NUMBER`. If an IAM policy is set on a resource (like VM
|
3796
|
+
# The project that the associated Google Cloud resource belongs to, in the form
|
3797
|
+
# of projects/`PROJECT_NUMBER`. If an IAM policy is set on a resource (like VM
|
3098
3798
|
# instance, Cloud Storage bucket), the project field will indicate the project
|
3099
3799
|
# that contains the resource. If an IAM policy is set on a folder or orgnization,
|
3100
3800
|
# this field will be empty. To search against the `project`: * specify the `
|
@@ -3341,7 +4041,7 @@ module Google
|
|
3341
4041
|
# @return [Google::Apis::CloudassetV1::MoveAnalysisResult]
|
3342
4042
|
attr_accessor :analysis
|
3343
4043
|
|
3344
|
-
# The user friendly display name of the analysis. E.g. IAM,
|
4044
|
+
# The user friendly display name of the analysis. E.g. IAM, organization policy
|
3345
4045
|
# etc.
|
3346
4046
|
# Corresponds to the JSON property `displayName`
|
3347
4047
|
# @return [String]
|
@@ -3485,19 +4185,19 @@ module Google
|
|
3485
4185
|
# Optional. If true, the response will include access analysis from identities
|
3486
4186
|
# to resources via service account impersonation. This is a very expensive
|
3487
4187
|
# operation, because many derived queries will be executed. We highly recommend
|
3488
|
-
# you use AssetService.AnalyzeIamPolicyLongrunning
|
4188
|
+
# you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if
|
3489
4189
|
# the request analyzes for which resources user A has permission P, and there's
|
3490
4190
|
# an IAM policy states user A has iam.serviceAccounts.getAccessToken permission
|
3491
4191
|
# to a service account SA, and there's another IAM policy states service account
|
3492
|
-
# SA has permission P to a
|
3493
|
-
# the
|
3494
|
-
# AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
3495
|
-
# example, if the request analyzes for who has permission P to a
|
3496
|
-
# and there's an IAM policy states user A has iam.
|
3497
|
-
# permission to a service account SA, and there's another
|
3498
|
-
# service account SA has permission P to the
|
3499
|
-
# potentially has access to the
|
3500
|
-
# results will be included in AnalyzeIamPolicyResponse.
|
4192
|
+
# SA has permission P to a Google Cloud folder F, then user A potentially has
|
4193
|
+
# access to the Google Cloud folder F. And those advanced analysis results will
|
4194
|
+
# be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
4195
|
+
# Another example, if the request analyzes for who has permission P to a Google
|
4196
|
+
# Cloud folder F, and there's an IAM policy states user A has iam.
|
4197
|
+
# serviceAccounts.actAs permission to a service account SA, and there's another
|
4198
|
+
# IAM policy states service account SA has permission P to the Google Cloud
|
4199
|
+
# folder F, then user A potentially has access to the Google Cloud folder F. And
|
4200
|
+
# those advanced analysis results will be included in AnalyzeIamPolicyResponse.
|
3501
4201
|
# service_account_impersonation_analysis. Only the following permissions are
|
3502
4202
|
# considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.
|
3503
4203
|
# serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.
|
@@ -3523,17 +4223,18 @@ module Google
|
|
3523
4223
|
# specified, the resource section of the result will expand any resource
|
3524
4224
|
# attached to an IAM policy to include resources lower in the resource hierarchy.
|
3525
4225
|
# For example, if the request analyzes for which resources user A has
|
3526
|
-
# permission P, and the results include an IAM policy with P on a
|
3527
|
-
# the results will also include resources in that folder with permission
|
3528
|
-
# true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
3529
|
-
# section of the result will expand the specified resource to include
|
3530
|
-
# lower in the resource hierarchy. Only project or lower resources are
|
3531
|
-
# Folder and organization
|
3532
|
-
# For example, if the request analyzes for which users have permission P
|
3533
|
-
#
|
3534
|
-
# have permission P on that project or any lower resource. If true,
|
3535
|
-
# max expansion per resource is 1000 for AssetService.
|
3536
|
-
# 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
4226
|
+
# permission P, and the results include an IAM policy with P on a Google Cloud
|
4227
|
+
# folder, the results will also include resources in that folder with permission
|
4228
|
+
# P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
4229
|
+
# resource section of the result will expand the specified resource to include
|
4230
|
+
# resources lower in the resource hierarchy. Only project or lower resources are
|
4231
|
+
# supported. Folder and organization resources cannot be used together with this
|
4232
|
+
# option. For example, if the request analyzes for which users have permission P
|
4233
|
+
# on a Google Cloud project with this option enabled, the results will include
|
4234
|
+
# all users who have permission P on that project or any lower resource. If true,
|
4235
|
+
# the default max expansion per resource is 1000 for AssetService.
|
4236
|
+
# AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
4237
|
+
# Default is false.
|
3537
4238
|
# Corresponds to the JSON property `expandResources`
|
3538
4239
|
# @return [Boolean]
|
3539
4240
|
attr_accessor :expand_resources
|
@@ -3579,6 +4280,36 @@ module Google
|
|
3579
4280
|
end
|
3580
4281
|
end
|
3581
4282
|
|
4283
|
+
# The organization policy result to the query.
|
4284
|
+
class OrgPolicyResult
|
4285
|
+
include Google::Apis::Core::Hashable
|
4286
|
+
|
4287
|
+
# This organization policy message is a modified version of the one defined in
|
4288
|
+
# the Organization Policy system. This message contains several fields defined
|
4289
|
+
# in the original organization policy with some new fields for analysis purpose.
|
4290
|
+
# Corresponds to the JSON property `consolidatedPolicy`
|
4291
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicy]
|
4292
|
+
attr_accessor :consolidated_policy
|
4293
|
+
|
4294
|
+
# The ordered list of all organization policies from the
|
4295
|
+
# AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.
|
4296
|
+
# attached_resource. to the scope specified in the request. If the constraint is
|
4297
|
+
# defined with default policy, it will also appear in the list.
|
4298
|
+
# Corresponds to the JSON property `policyBundle`
|
4299
|
+
# @return [Array<Google::Apis::CloudassetV1::AnalyzerOrgPolicy>]
|
4300
|
+
attr_accessor :policy_bundle
|
4301
|
+
|
4302
|
+
def initialize(**args)
|
4303
|
+
update!(**args)
|
4304
|
+
end
|
4305
|
+
|
4306
|
+
# Update properties of this object
|
4307
|
+
def update!(**args)
|
4308
|
+
@consolidated_policy = args[:consolidated_policy] if args.key?(:consolidated_policy)
|
4309
|
+
@policy_bundle = args[:policy_bundle] if args.key?(:policy_bundle)
|
4310
|
+
end
|
4311
|
+
end
|
4312
|
+
|
3582
4313
|
# Operating system information for the VM.
|
3583
4314
|
class OsInfo
|
3584
4315
|
include Google::Apis::Core::Hashable
|
@@ -3870,6 +4601,154 @@ module Google
|
|
3870
4601
|
end
|
3871
4602
|
end
|
3872
4603
|
|
4604
|
+
# Output configuration query assets.
|
4605
|
+
class QueryAssetsOutputConfig
|
4606
|
+
include Google::Apis::Core::Hashable
|
4607
|
+
|
4608
|
+
# BigQuery destination.
|
4609
|
+
# Corresponds to the JSON property `bigqueryDestination`
|
4610
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination]
|
4611
|
+
attr_accessor :bigquery_destination
|
4612
|
+
|
4613
|
+
def initialize(**args)
|
4614
|
+
update!(**args)
|
4615
|
+
end
|
4616
|
+
|
4617
|
+
# Update properties of this object
|
4618
|
+
def update!(**args)
|
4619
|
+
@bigquery_destination = args[:bigquery_destination] if args.key?(:bigquery_destination)
|
4620
|
+
end
|
4621
|
+
end
|
4622
|
+
|
4623
|
+
# QueryAssets request.
|
4624
|
+
class QueryAssetsRequest
|
4625
|
+
include Google::Apis::Core::Hashable
|
4626
|
+
|
4627
|
+
# Optional. Reference to the query job, which is from the `QueryAssetsResponse`
|
4628
|
+
# of previous `QueryAssets` call.
|
4629
|
+
# Corresponds to the JSON property `jobReference`
|
4630
|
+
# @return [String]
|
4631
|
+
attr_accessor :job_reference
|
4632
|
+
|
4633
|
+
# Output configuration query assets.
|
4634
|
+
# Corresponds to the JSON property `outputConfig`
|
4635
|
+
# @return [Google::Apis::CloudassetV1::QueryAssetsOutputConfig]
|
4636
|
+
attr_accessor :output_config
|
4637
|
+
|
4638
|
+
# Optional. The maximum number of rows to return in the results. Responses are
|
4639
|
+
# limited to 10 MB and 1000 rows. By default, the maximum row count is 1000.
|
4640
|
+
# When the byte or row count limit is reached, the rest of the query results
|
4641
|
+
# will be paginated. The field will be ignored when [output_config] is specified.
|
4642
|
+
# Corresponds to the JSON property `pageSize`
|
4643
|
+
# @return [Fixnum]
|
4644
|
+
attr_accessor :page_size
|
4645
|
+
|
4646
|
+
# Optional. A page token received from previous `QueryAssets`. The field will be
|
4647
|
+
# ignored when [output_config] is specified.
|
4648
|
+
# Corresponds to the JSON property `pageToken`
|
4649
|
+
# @return [String]
|
4650
|
+
attr_accessor :page_token
|
4651
|
+
|
4652
|
+
# Optional. Queries cloud assets as they appeared at the specified point in time.
|
4653
|
+
# Corresponds to the JSON property `readTime`
|
4654
|
+
# @return [String]
|
4655
|
+
attr_accessor :read_time
|
4656
|
+
|
4657
|
+
# A time window specified by its `start_time` and `end_time`.
|
4658
|
+
# Corresponds to the JSON property `readTimeWindow`
|
4659
|
+
# @return [Google::Apis::CloudassetV1::TimeWindow]
|
4660
|
+
attr_accessor :read_time_window
|
4661
|
+
|
4662
|
+
# Optional. A SQL statement that's compatible with [BigQuery Standard SQL](http:/
|
4663
|
+
# /cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
|
4664
|
+
# Corresponds to the JSON property `statement`
|
4665
|
+
# @return [String]
|
4666
|
+
attr_accessor :statement
|
4667
|
+
|
4668
|
+
# Optional. Specifies the maximum amount of time that the client is willing to
|
4669
|
+
# wait for the query to complete. By default, this limit is 5 min for the first
|
4670
|
+
# query, and 1 minute for the following queries. If the query is complete, the `
|
4671
|
+
# done` field in the `QueryAssetsResponse` is true, otherwise false. Like
|
4672
|
+
# BigQuery [jobs.query API](https://cloud.google.com/bigquery/docs/reference/
|
4673
|
+
# rest/v2/jobs/query#queryrequest) The call is not guaranteed to wait for the
|
4674
|
+
# specified timeout; it typically returns after around 200 seconds (200,000
|
4675
|
+
# milliseconds), even if the query is not complete. The field will be ignored
|
4676
|
+
# when [output_config] is specified.
|
4677
|
+
# Corresponds to the JSON property `timeout`
|
4678
|
+
# @return [String]
|
4679
|
+
attr_accessor :timeout
|
4680
|
+
|
4681
|
+
def initialize(**args)
|
4682
|
+
update!(**args)
|
4683
|
+
end
|
4684
|
+
|
4685
|
+
# Update properties of this object
|
4686
|
+
def update!(**args)
|
4687
|
+
@job_reference = args[:job_reference] if args.key?(:job_reference)
|
4688
|
+
@output_config = args[:output_config] if args.key?(:output_config)
|
4689
|
+
@page_size = args[:page_size] if args.key?(:page_size)
|
4690
|
+
@page_token = args[:page_token] if args.key?(:page_token)
|
4691
|
+
@read_time = args[:read_time] if args.key?(:read_time)
|
4692
|
+
@read_time_window = args[:read_time_window] if args.key?(:read_time_window)
|
4693
|
+
@statement = args[:statement] if args.key?(:statement)
|
4694
|
+
@timeout = args[:timeout] if args.key?(:timeout)
|
4695
|
+
end
|
4696
|
+
end
|
4697
|
+
|
4698
|
+
# QueryAssets response.
|
4699
|
+
class QueryAssetsResponse
|
4700
|
+
include Google::Apis::Core::Hashable
|
4701
|
+
|
4702
|
+
# The query response, which can be either an `error` or a valid `response`. If `
|
4703
|
+
# done` == `false` and the query result is being saved in a output, the
|
4704
|
+
# output_config field will be set. If `done` == `true`, exactly one of `error`, `
|
4705
|
+
# query_result` or `output_config` will be set.
|
4706
|
+
# Corresponds to the JSON property `done`
|
4707
|
+
# @return [Boolean]
|
4708
|
+
attr_accessor :done
|
4709
|
+
alias_method :done?, :done
|
4710
|
+
|
4711
|
+
# The `Status` type defines a logical error model that is suitable for different
|
4712
|
+
# programming environments, including REST APIs and RPC APIs. It is used by [
|
4713
|
+
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
|
4714
|
+
# data: error code, error message, and error details. You can find out more
|
4715
|
+
# about this error model and how to work with it in the [API Design Guide](https:
|
4716
|
+
# //cloud.google.com/apis/design/errors).
|
4717
|
+
# Corresponds to the JSON property `error`
|
4718
|
+
# @return [Google::Apis::CloudassetV1::Status]
|
4719
|
+
attr_accessor :error
|
4720
|
+
|
4721
|
+
# Reference to a query job.
|
4722
|
+
# Corresponds to the JSON property `jobReference`
|
4723
|
+
# @return [String]
|
4724
|
+
attr_accessor :job_reference
|
4725
|
+
|
4726
|
+
# Output configuration query assets.
|
4727
|
+
# Corresponds to the JSON property `outputConfig`
|
4728
|
+
# @return [Google::Apis::CloudassetV1::QueryAssetsOutputConfig]
|
4729
|
+
attr_accessor :output_config
|
4730
|
+
|
4731
|
+
# Execution results of the query. The result is formatted as rows represented by
|
4732
|
+
# BigQuery compatible [schema]. When pagination is necessary, it will contains
|
4733
|
+
# the page token to retrieve the results of following pages.
|
4734
|
+
# Corresponds to the JSON property `queryResult`
|
4735
|
+
# @return [Google::Apis::CloudassetV1::QueryResult]
|
4736
|
+
attr_accessor :query_result
|
4737
|
+
|
4738
|
+
def initialize(**args)
|
4739
|
+
update!(**args)
|
4740
|
+
end
|
4741
|
+
|
4742
|
+
# Update properties of this object
|
4743
|
+
def update!(**args)
|
4744
|
+
@done = args[:done] if args.key?(:done)
|
4745
|
+
@error = args[:error] if args.key?(:error)
|
4746
|
+
@job_reference = args[:job_reference] if args.key?(:job_reference)
|
4747
|
+
@output_config = args[:output_config] if args.key?(:output_config)
|
4748
|
+
@query_result = args[:query_result] if args.key?(:query_result)
|
4749
|
+
end
|
4750
|
+
end
|
4751
|
+
|
3873
4752
|
# The query content.
|
3874
4753
|
class QueryContent
|
3875
4754
|
include Google::Apis::Core::Hashable
|
@@ -3889,13 +4768,52 @@ module Google
|
|
3889
4768
|
end
|
3890
4769
|
end
|
3891
4770
|
|
4771
|
+
# Execution results of the query. The result is formatted as rows represented by
|
4772
|
+
# BigQuery compatible [schema]. When pagination is necessary, it will contains
|
4773
|
+
# the page token to retrieve the results of following pages.
|
4774
|
+
class QueryResult
|
4775
|
+
include Google::Apis::Core::Hashable
|
4776
|
+
|
4777
|
+
# Token to retrieve the next page of the results.
|
4778
|
+
# Corresponds to the JSON property `nextPageToken`
|
4779
|
+
# @return [String]
|
4780
|
+
attr_accessor :next_page_token
|
4781
|
+
|
4782
|
+
# Each row hold a query result in the format of `Struct`.
|
4783
|
+
# Corresponds to the JSON property `rows`
|
4784
|
+
# @return [Array<Hash<String,Object>>]
|
4785
|
+
attr_accessor :rows
|
4786
|
+
|
4787
|
+
# BigQuery Compatible table schema.
|
4788
|
+
# Corresponds to the JSON property `schema`
|
4789
|
+
# @return [Google::Apis::CloudassetV1::TableSchema]
|
4790
|
+
attr_accessor :schema
|
4791
|
+
|
4792
|
+
# Total rows of the whole query results.
|
4793
|
+
# Corresponds to the JSON property `totalRows`
|
4794
|
+
# @return [Fixnum]
|
4795
|
+
attr_accessor :total_rows
|
4796
|
+
|
4797
|
+
def initialize(**args)
|
4798
|
+
update!(**args)
|
4799
|
+
end
|
4800
|
+
|
4801
|
+
# Update properties of this object
|
4802
|
+
def update!(**args)
|
4803
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
4804
|
+
@rows = args[:rows] if args.key?(:rows)
|
4805
|
+
@schema = args[:schema] if args.key?(:schema)
|
4806
|
+
@total_rows = args[:total_rows] if args.key?(:total_rows)
|
4807
|
+
end
|
4808
|
+
end
|
4809
|
+
|
3892
4810
|
# An asset identifier in Google Cloud which contains its name, type and
|
3893
4811
|
# ancestors. An asset can be any resource in the Google Cloud [resource
|
3894
4812
|
# hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
|
3895
4813
|
# resource-hierarchy), a resource outside the Google Cloud resource hierarchy (
|
3896
|
-
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g.
|
3897
|
-
#
|
3898
|
-
#
|
4814
|
+
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM
|
4815
|
+
# policy). See [Supported asset types](https://cloud.google.com/asset-inventory/
|
4816
|
+
# docs/supported-asset-types) for more information.
|
3899
4817
|
class RelatedAsset
|
3900
4818
|
include Google::Apis::Core::Hashable
|
3901
4819
|
|
@@ -4092,7 +5010,7 @@ module Google
|
|
4092
5010
|
# The full name of the immediate parent of this resource. See [Resource Names](
|
4093
5011
|
# https://cloud.google.com/apis/design/resource_names#full_resource_name) for
|
4094
5012
|
# more information. For Google Cloud assets, this value is the parent resource
|
4095
|
-
# defined in the [
|
5013
|
+
# defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/
|
4096
5014
|
# overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/
|
4097
5015
|
# projects/my_project_123` For third-party assets, this field may be set
|
4098
5016
|
# differently.
|
@@ -4138,14 +5056,14 @@ module Google
|
|
4138
5056
|
# from one resource type to another. Examples: `projectId` for Project, `dnsName`
|
4139
5057
|
# for DNS ManagedZone. This field contains a subset of the resource metadata
|
4140
5058
|
# fields that are returned by the List or Get APIs provided by the corresponding
|
4141
|
-
#
|
5059
|
+
# Google Cloud service (e.g., Compute Engine). see [API references and supported
|
4142
5060
|
# searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-
|
4143
5061
|
# asset-types#searchable_asset_types) to see which fields are included. You can
|
4144
5062
|
# search values of these fields through free text search. However, you should
|
4145
5063
|
# not consume the field programically as the field names and values may change
|
4146
|
-
# as the
|
4147
|
-
# against the `additional_attributes`: * Use a free text query to match
|
4148
|
-
# attributes values. Example: to search `additional_attributes = ` dnsName: "
|
5064
|
+
# as the Google Cloud service updates to a new incompatible API version. To
|
5065
|
+
# search against the `additional_attributes`: * Use a free text query to match
|
5066
|
+
# the attributes values. Example: to search `additional_attributes = ` dnsName: "
|
4149
5067
|
# foobar" ``, you can issue a query `foobar`.
|
4150
5068
|
# Corresponds to the JSON property `additionalAttributes`
|
4151
5069
|
# @return [Hash<String,Object>]
|
@@ -4208,8 +5126,8 @@ module Google
|
|
4208
5126
|
# projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://
|
4209
5127
|
# cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.
|
4210
5128
|
# cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose
|
4211
|
-
# of backward compatibility. Please use the `kms_keys` field to retrieve
|
4212
|
-
# information. This field is available only when the resource's Protobuf
|
5129
|
+
# of backward compatibility. Please use the `kms_keys` field to retrieve Cloud
|
5130
|
+
# KMS key information. This field is available only when the resource's Protobuf
|
4213
5131
|
# contains it and will only be populated for [these resource types](https://
|
4214
5132
|
# cloud.google.com/asset-inventory/docs/legacy-field-names#
|
4215
5133
|
# resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible
|
@@ -4229,7 +5147,7 @@ module Google
|
|
4229
5147
|
# @return [Array<String>]
|
4230
5148
|
attr_accessor :kms_keys
|
4231
5149
|
|
4232
|
-
# Labels associated with this resource. See [Labelling and grouping
|
5150
|
+
# Labels associated with this resource. See [Labelling and grouping Google Cloud
|
4233
5151
|
# resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-
|
4234
5152
|
# your-google-cloud-platform-resources) for more information. This field is
|
4235
5153
|
# available only when the resource's Protobuf contains it. To search against the
|
@@ -4260,12 +5178,12 @@ module Google
|
|
4260
5178
|
attr_accessor :name
|
4261
5179
|
|
4262
5180
|
# Network tags associated with this resource. Like labels, network tags are a
|
4263
|
-
# type of annotations used to group
|
4264
|
-
# https://cloud.google.com/blog/products/gcp/labelling-
|
4265
|
-
# cloud-platform-resources) for more information. This
|
4266
|
-
# when the resource's Protobuf contains it. To search
|
4267
|
-
# * Use a field query. Example: `networkTags:
|
4268
|
-
# Example: `internal`
|
5181
|
+
# type of annotations used to group Google Cloud resources. See [Labelling
|
5182
|
+
# Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-
|
5183
|
+
# and-grouping-your-google-cloud-platform-resources) for more information. This
|
5184
|
+
# field is available only when the resource's Protobuf contains it. To search
|
5185
|
+
# against the `network_tags`: * Use a field query. Example: `networkTags:
|
5186
|
+
# internal` * Use a free text query. Example: `internal`
|
4269
5187
|
# Corresponds to the JSON property `networkTags`
|
4270
5188
|
# @return [Array<String>]
|
4271
5189
|
attr_accessor :network_tags
|
@@ -4320,7 +5238,7 @@ module Google
|
|
4320
5238
|
# include PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED,
|
4321
5239
|
# REPAIRING, and TERMINATED. See `status` definition in [API Reference](https://
|
4322
5240
|
# cloud.google.com/compute/docs/reference/rest/v1/instances). If the resource is
|
4323
|
-
# a project provided by
|
5241
|
+
# a project provided by Resource Manager, its state will include
|
4324
5242
|
# LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and DELETE_IN_PROGRESS.
|
4325
5243
|
# See `lifecycleState` definition in [API Reference](https://cloud.google.com/
|
4326
5244
|
# resource-manager/reference/rest/v1/projects). To search against the `state`: *
|
@@ -4510,8 +5428,8 @@ module Google
|
|
4510
5428
|
# @return [String]
|
4511
5429
|
attr_accessor :next_page_token
|
4512
5430
|
|
4513
|
-
# A list of
|
4514
|
-
# the associated resource is returned along with the policy.
|
5431
|
+
# A list of IAM policies that match the search query. Related information such
|
5432
|
+
# as the associated resource is returned along with the policy.
|
4515
5433
|
# Corresponds to the JSON property `results`
|
4516
5434
|
# @return [Array<Google::Apis::CloudassetV1::IamPolicySearchResult>]
|
4517
5435
|
attr_accessor :results
|
@@ -4673,6 +5591,68 @@ module Google
|
|
4673
5591
|
end
|
4674
5592
|
end
|
4675
5593
|
|
5594
|
+
# A field in TableSchema.
|
5595
|
+
class TableFieldSchema
|
5596
|
+
include Google::Apis::Core::Hashable
|
5597
|
+
|
5598
|
+
# The field name. The name must contain only letters (a-z, A-Z), numbers (0-9),
|
5599
|
+
# or underscores (_), and must start with a letter or underscore. The maximum
|
5600
|
+
# length is 128 characters.
|
5601
|
+
# Corresponds to the JSON property `field`
|
5602
|
+
# @return [String]
|
5603
|
+
attr_accessor :field
|
5604
|
+
|
5605
|
+
# Describes the nested schema fields if the type property is set to RECORD.
|
5606
|
+
# Corresponds to the JSON property `fields`
|
5607
|
+
# @return [Array<Google::Apis::CloudassetV1::TableFieldSchema>]
|
5608
|
+
attr_accessor :fields
|
5609
|
+
|
5610
|
+
# The field mode. Possible values include NULLABLE, REQUIRED and REPEATED. The
|
5611
|
+
# default value is NULLABLE.
|
5612
|
+
# Corresponds to the JSON property `mode`
|
5613
|
+
# @return [String]
|
5614
|
+
attr_accessor :mode
|
5615
|
+
|
5616
|
+
# The field data type. Possible values include * STRING * BYTES * INTEGER *
|
5617
|
+
# FLOAT * BOOLEAN * TIMESTAMP * DATE * TIME * DATETIME * GEOGRAPHY, * NUMERIC, *
|
5618
|
+
# BIGNUMERIC, * RECORD (where RECORD indicates that the field contains a nested
|
5619
|
+
# schema).
|
5620
|
+
# Corresponds to the JSON property `type`
|
5621
|
+
# @return [String]
|
5622
|
+
attr_accessor :type
|
5623
|
+
|
5624
|
+
def initialize(**args)
|
5625
|
+
update!(**args)
|
5626
|
+
end
|
5627
|
+
|
5628
|
+
# Update properties of this object
|
5629
|
+
def update!(**args)
|
5630
|
+
@field = args[:field] if args.key?(:field)
|
5631
|
+
@fields = args[:fields] if args.key?(:fields)
|
5632
|
+
@mode = args[:mode] if args.key?(:mode)
|
5633
|
+
@type = args[:type] if args.key?(:type)
|
5634
|
+
end
|
5635
|
+
end
|
5636
|
+
|
5637
|
+
# BigQuery Compatible table schema.
|
5638
|
+
class TableSchema
|
5639
|
+
include Google::Apis::Core::Hashable
|
5640
|
+
|
5641
|
+
# Describes the fields in a table.
|
5642
|
+
# Corresponds to the JSON property `fields`
|
5643
|
+
# @return [Array<Google::Apis::CloudassetV1::TableFieldSchema>]
|
5644
|
+
attr_accessor :fields
|
5645
|
+
|
5646
|
+
def initialize(**args)
|
5647
|
+
update!(**args)
|
5648
|
+
end
|
5649
|
+
|
5650
|
+
# Update properties of this object
|
5651
|
+
def update!(**args)
|
5652
|
+
@fields = args[:fields] if args.key?(:fields)
|
5653
|
+
end
|
5654
|
+
end
|
5655
|
+
|
4676
5656
|
# An asset in Google Cloud and its temporal metadata, including the time window
|
4677
5657
|
# when it was observed and its status during that window.
|
4678
5658
|
class TemporalAsset
|
@@ -4682,7 +5662,7 @@ module Google
|
|
4682
5662
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
4683
5663
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
4684
5664
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
4685
|
-
# (e.g.
|
5665
|
+
# (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
|
4686
5666
|
# relationship). See [Supported asset types](https://cloud.google.com/asset-
|
4687
5667
|
# inventory/docs/supported-asset-types) for more information.
|
4688
5668
|
# Corresponds to the JSON property `asset`
|
@@ -4699,7 +5679,7 @@ module Google
|
|
4699
5679
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
4700
5680
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
4701
5681
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
4702
|
-
# (e.g.
|
5682
|
+
# (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
|
4703
5683
|
# relationship). See [Supported asset types](https://cloud.google.com/asset-
|
4704
5684
|
# inventory/docs/supported-asset-types) for more information.
|
4705
5685
|
# Corresponds to the JSON property `priorAsset`
|