google-apis-cloudasset_v1 0.50.0 → 0.52.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/cloudasset_v1/classes.rb +1055 -75
- data/lib/google/apis/cloudasset_v1/gem_version.rb +3 -3
- data/lib/google/apis/cloudasset_v1/representations.rb +391 -0
- data/lib/google/apis/cloudasset_v1/service.rb +301 -81
- data/lib/google/apis/cloudasset_v1.rb +2 -1
- metadata +4 -4
@@ -51,7 +51,7 @@ module Google
|
|
51
51
|
end
|
52
52
|
|
53
53
|
# Represents the metadata of the longrunning operation for the
|
54
|
-
# AnalyzeIamPolicyLongrunning
|
54
|
+
# AnalyzeIamPolicyLongrunning RPC.
|
55
55
|
class AnalyzeIamPolicyLongrunningMetadata
|
56
56
|
include Google::Apis::Core::Hashable
|
57
57
|
|
@@ -164,7 +164,7 @@ module Google
|
|
164
164
|
include Google::Apis::Core::Hashable
|
165
165
|
|
166
166
|
# The list of analyses returned from performing the intended resource move
|
167
|
-
# analysis. The analysis is grouped by different Cloud services.
|
167
|
+
# analysis. The analysis is grouped by different Google Cloud services.
|
168
168
|
# Corresponds to the JSON property `moveAnalysis`
|
169
169
|
# @return [Array<Google::Apis::CloudassetV1::MoveAnalysis>]
|
170
170
|
attr_accessor :move_analysis
|
@@ -179,11 +179,193 @@ module Google
|
|
179
179
|
end
|
180
180
|
end
|
181
181
|
|
182
|
+
# The response message for AssetService.AnalyzeOrgPolicies.
|
183
|
+
class AnalyzeOrgPoliciesResponse
|
184
|
+
include Google::Apis::Core::Hashable
|
185
|
+
|
186
|
+
# The organization policy constraint definition.
|
187
|
+
# Corresponds to the JSON property `constraint`
|
188
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicyConstraint]
|
189
|
+
attr_accessor :constraint
|
190
|
+
|
191
|
+
# The page token to fetch the next page for AnalyzeOrgPoliciesResponse.
|
192
|
+
# org_policy_results.
|
193
|
+
# Corresponds to the JSON property `nextPageToken`
|
194
|
+
# @return [String]
|
195
|
+
attr_accessor :next_page_token
|
196
|
+
|
197
|
+
# The organization policies under the AnalyzeOrgPoliciesRequest.scope with the
|
198
|
+
# AnalyzeOrgPoliciesRequest.constraint.
|
199
|
+
# Corresponds to the JSON property `orgPolicyResults`
|
200
|
+
# @return [Array<Google::Apis::CloudassetV1::OrgPolicyResult>]
|
201
|
+
attr_accessor :org_policy_results
|
202
|
+
|
203
|
+
def initialize(**args)
|
204
|
+
update!(**args)
|
205
|
+
end
|
206
|
+
|
207
|
+
# Update properties of this object
|
208
|
+
def update!(**args)
|
209
|
+
@constraint = args[:constraint] if args.key?(:constraint)
|
210
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
211
|
+
@org_policy_results = args[:org_policy_results] if args.key?(:org_policy_results)
|
212
|
+
end
|
213
|
+
end
|
214
|
+
|
215
|
+
# The response message for AssetService.AnalyzeOrgPolicyGovernedAssets.
|
216
|
+
class AnalyzeOrgPolicyGovernedAssetsResponse
|
217
|
+
include Google::Apis::Core::Hashable
|
218
|
+
|
219
|
+
# The organization policy constraint definition.
|
220
|
+
# Corresponds to the JSON property `constraint`
|
221
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicyConstraint]
|
222
|
+
attr_accessor :constraint
|
223
|
+
|
224
|
+
# The list of the analyzed governed assets.
|
225
|
+
# Corresponds to the JSON property `governedAssets`
|
226
|
+
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset>]
|
227
|
+
attr_accessor :governed_assets
|
228
|
+
|
229
|
+
# The page token to fetch the next page for
|
230
|
+
# AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets.
|
231
|
+
# Corresponds to the JSON property `nextPageToken`
|
232
|
+
# @return [String]
|
233
|
+
attr_accessor :next_page_token
|
234
|
+
|
235
|
+
def initialize(**args)
|
236
|
+
update!(**args)
|
237
|
+
end
|
238
|
+
|
239
|
+
# Update properties of this object
|
240
|
+
def update!(**args)
|
241
|
+
@constraint = args[:constraint] if args.key?(:constraint)
|
242
|
+
@governed_assets = args[:governed_assets] if args.key?(:governed_assets)
|
243
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
244
|
+
end
|
245
|
+
end
|
246
|
+
|
247
|
+
# The response message for AssetService.AnalyzeOrgPolicyGovernedContainers.
|
248
|
+
class AnalyzeOrgPolicyGovernedContainersResponse
|
249
|
+
include Google::Apis::Core::Hashable
|
250
|
+
|
251
|
+
# The organization policy constraint definition.
|
252
|
+
# Corresponds to the JSON property `constraint`
|
253
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicyConstraint]
|
254
|
+
attr_accessor :constraint
|
255
|
+
|
256
|
+
# The list of the analyzed governed containers.
|
257
|
+
# Corresponds to the JSON property `governedContainers`
|
258
|
+
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1GovernedContainer>]
|
259
|
+
attr_accessor :governed_containers
|
260
|
+
|
261
|
+
# The page token to fetch the next page for
|
262
|
+
# AnalyzeOrgPolicyGovernedContainersResponse.governed_containers.
|
263
|
+
# Corresponds to the JSON property `nextPageToken`
|
264
|
+
# @return [String]
|
265
|
+
attr_accessor :next_page_token
|
266
|
+
|
267
|
+
def initialize(**args)
|
268
|
+
update!(**args)
|
269
|
+
end
|
270
|
+
|
271
|
+
# Update properties of this object
|
272
|
+
def update!(**args)
|
273
|
+
@constraint = args[:constraint] if args.key?(:constraint)
|
274
|
+
@governed_containers = args[:governed_containers] if args.key?(:governed_containers)
|
275
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
279
|
+
# This organization policy message is a modified version of the one defined in
|
280
|
+
# the Organization Policy system. This message contains several fields defined
|
281
|
+
# in the original organization policy with some new fields for analysis purpose.
|
282
|
+
class AnalyzerOrgPolicy
|
283
|
+
include Google::Apis::Core::Hashable
|
284
|
+
|
285
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
286
|
+
# resource-name-format) of an organization/folder/project resource where this
|
287
|
+
# organization policy applies to. For any user defined org policies, this field
|
288
|
+
# has the same value as the [attached_resource] field. Only for default policy,
|
289
|
+
# this field has the different value.
|
290
|
+
# Corresponds to the JSON property `appliedResource`
|
291
|
+
# @return [String]
|
292
|
+
attr_accessor :applied_resource
|
293
|
+
|
294
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
295
|
+
# resource-name-format) of an organization/folder/project resource where this
|
296
|
+
# organization policy is set. Notice that some type of constraints are defined
|
297
|
+
# with default policy. This field will be empty for them.
|
298
|
+
# Corresponds to the JSON property `attachedResource`
|
299
|
+
# @return [String]
|
300
|
+
attr_accessor :attached_resource
|
301
|
+
|
302
|
+
# If `inherit_from_parent` is true, Rules set higher up in the hierarchy (up to
|
303
|
+
# the closest root) are inherited and present in the effective policy. If it is
|
304
|
+
# false, then no rules are inherited, and this policy becomes the effective root
|
305
|
+
# for evaluation.
|
306
|
+
# Corresponds to the JSON property `inheritFromParent`
|
307
|
+
# @return [Boolean]
|
308
|
+
attr_accessor :inherit_from_parent
|
309
|
+
alias_method :inherit_from_parent?, :inherit_from_parent
|
310
|
+
|
311
|
+
# Ignores policies set above this resource and restores the default behavior of
|
312
|
+
# the constraint at this resource. This field can be set in policies for either
|
313
|
+
# list or boolean constraints. If set, `rules` must be empty and `
|
314
|
+
# inherit_from_parent` must be set to false.
|
315
|
+
# Corresponds to the JSON property `reset`
|
316
|
+
# @return [Boolean]
|
317
|
+
attr_accessor :reset
|
318
|
+
alias_method :reset?, :reset
|
319
|
+
|
320
|
+
# List of rules for this organization policy.
|
321
|
+
# Corresponds to the JSON property `rules`
|
322
|
+
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1Rule>]
|
323
|
+
attr_accessor :rules
|
324
|
+
|
325
|
+
def initialize(**args)
|
326
|
+
update!(**args)
|
327
|
+
end
|
328
|
+
|
329
|
+
# Update properties of this object
|
330
|
+
def update!(**args)
|
331
|
+
@applied_resource = args[:applied_resource] if args.key?(:applied_resource)
|
332
|
+
@attached_resource = args[:attached_resource] if args.key?(:attached_resource)
|
333
|
+
@inherit_from_parent = args[:inherit_from_parent] if args.key?(:inherit_from_parent)
|
334
|
+
@reset = args[:reset] if args.key?(:reset)
|
335
|
+
@rules = args[:rules] if args.key?(:rules)
|
336
|
+
end
|
337
|
+
end
|
338
|
+
|
339
|
+
# The organization policy constraint definition.
|
340
|
+
class AnalyzerOrgPolicyConstraint
|
341
|
+
include Google::Apis::Core::Hashable
|
342
|
+
|
343
|
+
# The definition of a custom constraint.
|
344
|
+
# Corresponds to the JSON property `customConstraint`
|
345
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1CustomConstraint]
|
346
|
+
attr_accessor :custom_constraint
|
347
|
+
|
348
|
+
# The definition of a constraint.
|
349
|
+
# Corresponds to the JSON property `googleDefinedConstraint`
|
350
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1Constraint]
|
351
|
+
attr_accessor :google_defined_constraint
|
352
|
+
|
353
|
+
def initialize(**args)
|
354
|
+
update!(**args)
|
355
|
+
end
|
356
|
+
|
357
|
+
# Update properties of this object
|
358
|
+
def update!(**args)
|
359
|
+
@custom_constraint = args[:custom_constraint] if args.key?(:custom_constraint)
|
360
|
+
@google_defined_constraint = args[:google_defined_constraint] if args.key?(:google_defined_constraint)
|
361
|
+
end
|
362
|
+
end
|
363
|
+
|
182
364
|
# An asset in Google Cloud. An asset can be any resource in the Google Cloud [
|
183
365
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
184
366
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
185
367
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
186
|
-
# (e.g.
|
368
|
+
# (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
|
187
369
|
# relationship). See [Supported asset types](https://cloud.google.com/asset-
|
188
370
|
# inventory/docs/supported-asset-types) for more information.
|
189
371
|
class Asset
|
@@ -282,9 +464,9 @@ module Google
|
|
282
464
|
# ancestors. An asset can be any resource in the Google Cloud [resource
|
283
465
|
# hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
|
284
466
|
# resource-hierarchy), a resource outside the Google Cloud resource hierarchy (
|
285
|
-
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g.
|
286
|
-
#
|
287
|
-
#
|
467
|
+
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM
|
468
|
+
# policy). See [Supported asset types](https://cloud.google.com/asset-inventory/
|
469
|
+
# docs/supported-asset-types) for more information.
|
288
470
|
# Corresponds to the JSON property `relatedAsset`
|
289
471
|
# @return [Google::Apis::CloudassetV1::RelatedAsset]
|
290
472
|
attr_accessor :related_asset
|
@@ -1063,7 +1245,7 @@ module Google
|
|
1063
1245
|
class GcsDestination
|
1064
1246
|
include Google::Apis::Core::Hashable
|
1065
1247
|
|
1066
|
-
# The
|
1248
|
+
# The URI of the Cloud Storage object. It's the same URI that is used by gsutil.
|
1067
1249
|
# Example: "gs://bucket_name/object_name". See [Viewing and Editing Object
|
1068
1250
|
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for
|
1069
1251
|
# more information. If the specified Cloud Storage object already exists and
|
@@ -1073,8 +1255,8 @@ module Google
|
|
1073
1255
|
# @return [String]
|
1074
1256
|
attr_accessor :uri
|
1075
1257
|
|
1076
|
-
# The
|
1077
|
-
# bucket_name/object_name_prefix". Each object
|
1258
|
+
# The URI prefix of all generated Cloud Storage objects. Example: "gs://
|
1259
|
+
# bucket_name/object_name_prefix". Each object URI is in format: "gs://
|
1078
1260
|
# bucket_name/object_name_prefix// and only contains assets for that type.
|
1079
1261
|
# starts from 0. Example: "gs://bucket_name/object_name_prefix/compute.
|
1080
1262
|
# googleapis.com/Disk/0" is the first shard of output objects containing all
|
@@ -1181,6 +1363,184 @@ module Google
|
|
1181
1363
|
end
|
1182
1364
|
end
|
1183
1365
|
|
1366
|
+
# Represents a Google Cloud asset(resource or IAM policy) governed by the
|
1367
|
+
# organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1368
|
+
class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset
|
1369
|
+
include Google::Apis::Core::Hashable
|
1370
|
+
|
1371
|
+
# This organization policy message is a modified version of the one defined in
|
1372
|
+
# the Organization Policy system. This message contains several fields defined
|
1373
|
+
# in the original organization policy with some new fields for analysis purpose.
|
1374
|
+
# Corresponds to the JSON property `consolidatedPolicy`
|
1375
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicy]
|
1376
|
+
attr_accessor :consolidated_policy
|
1377
|
+
|
1378
|
+
# The IAM policies governed by the organization policies of the
|
1379
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1380
|
+
# Corresponds to the JSON property `governedIamPolicy`
|
1381
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy]
|
1382
|
+
attr_accessor :governed_iam_policy
|
1383
|
+
|
1384
|
+
# The Google Cloud resources governed by the organization policies of the
|
1385
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1386
|
+
# Corresponds to the JSON property `governedResource`
|
1387
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource]
|
1388
|
+
attr_accessor :governed_resource
|
1389
|
+
|
1390
|
+
# The ordered list of all organization policies from the
|
1391
|
+
# AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.
|
1392
|
+
# attached_resource to the scope specified in the request. If the constraint is
|
1393
|
+
# defined with default policy, it will also appear in the list.
|
1394
|
+
# Corresponds to the JSON property `policyBundle`
|
1395
|
+
# @return [Array<Google::Apis::CloudassetV1::AnalyzerOrgPolicy>]
|
1396
|
+
attr_accessor :policy_bundle
|
1397
|
+
|
1398
|
+
def initialize(**args)
|
1399
|
+
update!(**args)
|
1400
|
+
end
|
1401
|
+
|
1402
|
+
# Update properties of this object
|
1403
|
+
def update!(**args)
|
1404
|
+
@consolidated_policy = args[:consolidated_policy] if args.key?(:consolidated_policy)
|
1405
|
+
@governed_iam_policy = args[:governed_iam_policy] if args.key?(:governed_iam_policy)
|
1406
|
+
@governed_resource = args[:governed_resource] if args.key?(:governed_resource)
|
1407
|
+
@policy_bundle = args[:policy_bundle] if args.key?(:policy_bundle)
|
1408
|
+
end
|
1409
|
+
end
|
1410
|
+
|
1411
|
+
# The IAM policies governed by the organization policies of the
|
1412
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1413
|
+
class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy
|
1414
|
+
include Google::Apis::Core::Hashable
|
1415
|
+
|
1416
|
+
# The full resource name of the resource associated with this IAM policy.
|
1417
|
+
# Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/
|
1418
|
+
# instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://
|
1419
|
+
# cloud.google.com/asset-inventory/docs/resource-name-format) for more
|
1420
|
+
# information.
|
1421
|
+
# Corresponds to the JSON property `attachedResource`
|
1422
|
+
# @return [String]
|
1423
|
+
attr_accessor :attached_resource
|
1424
|
+
|
1425
|
+
# The folder(s) that this IAM policy belongs to, in the form of folders/`
|
1426
|
+
# FOLDER_NUMBER`. This field is available when the IAM policy belongs(directly
|
1427
|
+
# or cascadingly) to one or more folders.
|
1428
|
+
# Corresponds to the JSON property `folders`
|
1429
|
+
# @return [Array<String>]
|
1430
|
+
attr_accessor :folders
|
1431
|
+
|
1432
|
+
# The organization that this IAM policy belongs to, in the form of organizations/
|
1433
|
+
# `ORGANIZATION_NUMBER`. This field is available when the IAM policy belongs(
|
1434
|
+
# directly or cascadingly) to an organization.
|
1435
|
+
# Corresponds to the JSON property `organization`
|
1436
|
+
# @return [String]
|
1437
|
+
attr_accessor :organization
|
1438
|
+
|
1439
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1440
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1441
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1442
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1443
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1444
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1445
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1446
|
+
# logical expression that allows access to a resource only if the expression
|
1447
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1448
|
+
# the request, the resource, or both. To learn which resources support
|
1449
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1450
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
1451
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1452
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1453
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1454
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1455
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1456
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1457
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1458
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
1459
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1460
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
1461
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
1462
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
1463
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
1464
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
1465
|
+
# cloud.google.com/iam/docs/).
|
1466
|
+
# Corresponds to the JSON property `policy`
|
1467
|
+
# @return [Google::Apis::CloudassetV1::Policy]
|
1468
|
+
attr_accessor :policy
|
1469
|
+
|
1470
|
+
# The project that this IAM policy belongs to, in the form of projects/`
|
1471
|
+
# PROJECT_NUMBER`. This field is available when the IAM policy belongs to a
|
1472
|
+
# project.
|
1473
|
+
# Corresponds to the JSON property `project`
|
1474
|
+
# @return [String]
|
1475
|
+
attr_accessor :project
|
1476
|
+
|
1477
|
+
def initialize(**args)
|
1478
|
+
update!(**args)
|
1479
|
+
end
|
1480
|
+
|
1481
|
+
# Update properties of this object
|
1482
|
+
def update!(**args)
|
1483
|
+
@attached_resource = args[:attached_resource] if args.key?(:attached_resource)
|
1484
|
+
@folders = args[:folders] if args.key?(:folders)
|
1485
|
+
@organization = args[:organization] if args.key?(:organization)
|
1486
|
+
@policy = args[:policy] if args.key?(:policy)
|
1487
|
+
@project = args[:project] if args.key?(:project)
|
1488
|
+
end
|
1489
|
+
end
|
1490
|
+
|
1491
|
+
# The Google Cloud resources governed by the organization policies of the
|
1492
|
+
# AnalyzeOrgPolicyGovernedAssetsRequest.constraint.
|
1493
|
+
class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource
|
1494
|
+
include Google::Apis::Core::Hashable
|
1495
|
+
|
1496
|
+
# The folder(s) that this resource belongs to, in the form of folders/`
|
1497
|
+
# FOLDER_NUMBER`. This field is available when the resource belongs(directly or
|
1498
|
+
# cascadingly) to one or more folders.
|
1499
|
+
# Corresponds to the JSON property `folders`
|
1500
|
+
# @return [Array<String>]
|
1501
|
+
attr_accessor :folders
|
1502
|
+
|
1503
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1504
|
+
# resource-name-format) of the Google Cloud resource.
|
1505
|
+
# Corresponds to the JSON property `fullResourceName`
|
1506
|
+
# @return [String]
|
1507
|
+
attr_accessor :full_resource_name
|
1508
|
+
|
1509
|
+
# The organization that this resource belongs to, in the form of organizations/`
|
1510
|
+
# ORGANIZATION_NUMBER`. This field is available when the resource belongs(
|
1511
|
+
# directly or cascadingly) to an organization.
|
1512
|
+
# Corresponds to the JSON property `organization`
|
1513
|
+
# @return [String]
|
1514
|
+
attr_accessor :organization
|
1515
|
+
|
1516
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1517
|
+
# resource-name-format) of the parent of AnalyzeOrgPolicyGovernedAssetsResponse.
|
1518
|
+
# GovernedResource.full_resource_name.
|
1519
|
+
# Corresponds to the JSON property `parent`
|
1520
|
+
# @return [String]
|
1521
|
+
attr_accessor :parent
|
1522
|
+
|
1523
|
+
# The project that this resource belongs to, in the form of projects/`
|
1524
|
+
# PROJECT_NUMBER`. This field is available when the resource belongs to a
|
1525
|
+
# project.
|
1526
|
+
# Corresponds to the JSON property `project`
|
1527
|
+
# @return [String]
|
1528
|
+
attr_accessor :project
|
1529
|
+
|
1530
|
+
def initialize(**args)
|
1531
|
+
update!(**args)
|
1532
|
+
end
|
1533
|
+
|
1534
|
+
# Update properties of this object
|
1535
|
+
def update!(**args)
|
1536
|
+
@folders = args[:folders] if args.key?(:folders)
|
1537
|
+
@full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
|
1538
|
+
@organization = args[:organization] if args.key?(:organization)
|
1539
|
+
@parent = args[:parent] if args.key?(:parent)
|
1540
|
+
@project = args[:project] if args.key?(:project)
|
1541
|
+
end
|
1542
|
+
end
|
1543
|
+
|
1184
1544
|
# A BigQuery destination.
|
1185
1545
|
class GoogleCloudAssetV1BigQueryDestination
|
1186
1546
|
include Google::Apis::Core::Hashable
|
@@ -1233,6 +1593,136 @@ module Google
|
|
1233
1593
|
end
|
1234
1594
|
end
|
1235
1595
|
|
1596
|
+
# A `Constraint` that is either enforced or not. For example a constraint `
|
1597
|
+
# constraints/compute.disableSerialPortAccess`. If it is enforced on a VM
|
1598
|
+
# instance, serial port connections will not be opened to that instance.
|
1599
|
+
class GoogleCloudAssetV1BooleanConstraint
|
1600
|
+
include Google::Apis::Core::Hashable
|
1601
|
+
|
1602
|
+
def initialize(**args)
|
1603
|
+
update!(**args)
|
1604
|
+
end
|
1605
|
+
|
1606
|
+
# Update properties of this object
|
1607
|
+
def update!(**args)
|
1608
|
+
end
|
1609
|
+
end
|
1610
|
+
|
1611
|
+
# The definition of a constraint.
|
1612
|
+
class GoogleCloudAssetV1Constraint
|
1613
|
+
include Google::Apis::Core::Hashable
|
1614
|
+
|
1615
|
+
# A `Constraint` that is either enforced or not. For example a constraint `
|
1616
|
+
# constraints/compute.disableSerialPortAccess`. If it is enforced on a VM
|
1617
|
+
# instance, serial port connections will not be opened to that instance.
|
1618
|
+
# Corresponds to the JSON property `booleanConstraint`
|
1619
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1BooleanConstraint]
|
1620
|
+
attr_accessor :boolean_constraint
|
1621
|
+
|
1622
|
+
# The evaluation behavior of this constraint in the absence of 'Policy'.
|
1623
|
+
# Corresponds to the JSON property `constraintDefault`
|
1624
|
+
# @return [String]
|
1625
|
+
attr_accessor :constraint_default
|
1626
|
+
|
1627
|
+
# Detailed description of what this `Constraint` controls as well as how and
|
1628
|
+
# where it is enforced.
|
1629
|
+
# Corresponds to the JSON property `description`
|
1630
|
+
# @return [String]
|
1631
|
+
attr_accessor :description
|
1632
|
+
|
1633
|
+
# The human readable name of the constraint.
|
1634
|
+
# Corresponds to the JSON property `displayName`
|
1635
|
+
# @return [String]
|
1636
|
+
attr_accessor :display_name
|
1637
|
+
|
1638
|
+
# A `Constraint` that allows or disallows a list of string values, which are
|
1639
|
+
# configured by an organization's policy administrator with a `Policy`.
|
1640
|
+
# Corresponds to the JSON property `listConstraint`
|
1641
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1ListConstraint]
|
1642
|
+
attr_accessor :list_constraint
|
1643
|
+
|
1644
|
+
# The unique name of the constraint. Format of the name should be * `constraints/
|
1645
|
+
# `constraint_name`` For example, `constraints/compute.disableSerialPortAccess`.
|
1646
|
+
# Corresponds to the JSON property `name`
|
1647
|
+
# @return [String]
|
1648
|
+
attr_accessor :name
|
1649
|
+
|
1650
|
+
def initialize(**args)
|
1651
|
+
update!(**args)
|
1652
|
+
end
|
1653
|
+
|
1654
|
+
# Update properties of this object
|
1655
|
+
def update!(**args)
|
1656
|
+
@boolean_constraint = args[:boolean_constraint] if args.key?(:boolean_constraint)
|
1657
|
+
@constraint_default = args[:constraint_default] if args.key?(:constraint_default)
|
1658
|
+
@description = args[:description] if args.key?(:description)
|
1659
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
1660
|
+
@list_constraint = args[:list_constraint] if args.key?(:list_constraint)
|
1661
|
+
@name = args[:name] if args.key?(:name)
|
1662
|
+
end
|
1663
|
+
end
|
1664
|
+
|
1665
|
+
# The definition of a custom constraint.
|
1666
|
+
class GoogleCloudAssetV1CustomConstraint
|
1667
|
+
include Google::Apis::Core::Hashable
|
1668
|
+
|
1669
|
+
# Allow or deny type.
|
1670
|
+
# Corresponds to the JSON property `actionType`
|
1671
|
+
# @return [String]
|
1672
|
+
attr_accessor :action_type
|
1673
|
+
|
1674
|
+
# Organization Policy condition/expression. For example: `resource.instanceName.
|
1675
|
+
# matches("[production|test]_.*_(\d)+")'` or, `resource.management.auto_upgrade =
|
1676
|
+
# = true`
|
1677
|
+
# Corresponds to the JSON property `condition`
|
1678
|
+
# @return [String]
|
1679
|
+
attr_accessor :condition
|
1680
|
+
|
1681
|
+
# Detailed information about this custom policy constraint.
|
1682
|
+
# Corresponds to the JSON property `description`
|
1683
|
+
# @return [String]
|
1684
|
+
attr_accessor :description
|
1685
|
+
|
1686
|
+
# One line display name for the UI.
|
1687
|
+
# Corresponds to the JSON property `displayName`
|
1688
|
+
# @return [String]
|
1689
|
+
attr_accessor :display_name
|
1690
|
+
|
1691
|
+
# All the operations being applied for this constraint.
|
1692
|
+
# Corresponds to the JSON property `methodTypes`
|
1693
|
+
# @return [Array<String>]
|
1694
|
+
attr_accessor :method_types
|
1695
|
+
|
1696
|
+
# Name of the constraint. This is unique within the organization. Format of the
|
1697
|
+
# name should be * `organizations/`organization_id`/customConstraints/`
|
1698
|
+
# custom_constraint_id`` Example : "organizations/123/customConstraints/custom.
|
1699
|
+
# createOnlyE2TypeVms"
|
1700
|
+
# Corresponds to the JSON property `name`
|
1701
|
+
# @return [String]
|
1702
|
+
attr_accessor :name
|
1703
|
+
|
1704
|
+
# The Resource Instance type on which this policy applies to. Format will be of
|
1705
|
+
# the form : "/" Example: * `compute.googleapis.com/Instance`.
|
1706
|
+
# Corresponds to the JSON property `resourceTypes`
|
1707
|
+
# @return [Array<String>]
|
1708
|
+
attr_accessor :resource_types
|
1709
|
+
|
1710
|
+
def initialize(**args)
|
1711
|
+
update!(**args)
|
1712
|
+
end
|
1713
|
+
|
1714
|
+
# Update properties of this object
|
1715
|
+
def update!(**args)
|
1716
|
+
@action_type = args[:action_type] if args.key?(:action_type)
|
1717
|
+
@condition = args[:condition] if args.key?(:condition)
|
1718
|
+
@description = args[:description] if args.key?(:description)
|
1719
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
1720
|
+
@method_types = args[:method_types] if args.key?(:method_types)
|
1721
|
+
@name = args[:name] if args.key?(:name)
|
1722
|
+
@resource_types = args[:resource_types] if args.key?(:resource_types)
|
1723
|
+
end
|
1724
|
+
end
|
1725
|
+
|
1236
1726
|
# A directional edge.
|
1237
1727
|
class GoogleCloudAssetV1Edge
|
1238
1728
|
include Google::Apis::Core::Hashable
|
@@ -1264,7 +1754,7 @@ module Google
|
|
1264
1754
|
class GoogleCloudAssetV1GcsDestination
|
1265
1755
|
include Google::Apis::Core::Hashable
|
1266
1756
|
|
1267
|
-
# Required. The
|
1757
|
+
# Required. The URI of the Cloud Storage object. It's the same URI that is used
|
1268
1758
|
# by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing
|
1269
1759
|
# Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-
|
1270
1760
|
# metadata) for more information. If the specified Cloud Storage object already
|
@@ -1280,7 +1770,54 @@ module Google
|
|
1280
1770
|
|
1281
1771
|
# Update properties of this object
|
1282
1772
|
def update!(**args)
|
1283
|
-
@uri = args[:uri] if args.key?(:uri)
|
1773
|
+
@uri = args[:uri] if args.key?(:uri)
|
1774
|
+
end
|
1775
|
+
end
|
1776
|
+
|
1777
|
+
# The organization/folder/project resource governed by organization policies of
|
1778
|
+
# AnalyzeOrgPolicyGovernedContainersRequest.constraint.
|
1779
|
+
class GoogleCloudAssetV1GovernedContainer
|
1780
|
+
include Google::Apis::Core::Hashable
|
1781
|
+
|
1782
|
+
# This organization policy message is a modified version of the one defined in
|
1783
|
+
# the Organization Policy system. This message contains several fields defined
|
1784
|
+
# in the original organization policy with some new fields for analysis purpose.
|
1785
|
+
# Corresponds to the JSON property `consolidatedPolicy`
|
1786
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicy]
|
1787
|
+
attr_accessor :consolidated_policy
|
1788
|
+
|
1789
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1790
|
+
# resource-name-format) of an organization/folder/project resource.
|
1791
|
+
# Corresponds to the JSON property `fullResourceName`
|
1792
|
+
# @return [String]
|
1793
|
+
attr_accessor :full_resource_name
|
1794
|
+
|
1795
|
+
# The [full resource name] (https://cloud.google.com/asset-inventory/docs/
|
1796
|
+
# resource-name-format) of the parent of
|
1797
|
+
# AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.
|
1798
|
+
# full_resource_name.
|
1799
|
+
# Corresponds to the JSON property `parent`
|
1800
|
+
# @return [String]
|
1801
|
+
attr_accessor :parent
|
1802
|
+
|
1803
|
+
# The ordered list of all organization policies from the
|
1804
|
+
# AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.
|
1805
|
+
# attached_resource. to the scope specified in the request. If the constraint is
|
1806
|
+
# defined with default policy, it will also appear in the list.
|
1807
|
+
# Corresponds to the JSON property `policyBundle`
|
1808
|
+
# @return [Array<Google::Apis::CloudassetV1::AnalyzerOrgPolicy>]
|
1809
|
+
attr_accessor :policy_bundle
|
1810
|
+
|
1811
|
+
def initialize(**args)
|
1812
|
+
update!(**args)
|
1813
|
+
end
|
1814
|
+
|
1815
|
+
# Update properties of this object
|
1816
|
+
def update!(**args)
|
1817
|
+
@consolidated_policy = args[:consolidated_policy] if args.key?(:consolidated_policy)
|
1818
|
+
@full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
|
1819
|
+
@parent = args[:parent] if args.key?(:parent)
|
1820
|
+
@policy_bundle = args[:policy_bundle] if args.key?(:policy_bundle)
|
1284
1821
|
end
|
1285
1822
|
end
|
1286
1823
|
|
@@ -1344,6 +1881,77 @@ module Google
|
|
1344
1881
|
end
|
1345
1882
|
end
|
1346
1883
|
|
1884
|
+
# A `Constraint` that allows or disallows a list of string values, which are
|
1885
|
+
# configured by an organization's policy administrator with a `Policy`.
|
1886
|
+
class GoogleCloudAssetV1ListConstraint
|
1887
|
+
include Google::Apis::Core::Hashable
|
1888
|
+
|
1889
|
+
# Indicates whether values grouped into categories can be used in `Policy.
|
1890
|
+
# allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would
|
1891
|
+
# match any value in the 'Python' group.
|
1892
|
+
# Corresponds to the JSON property `supportsIn`
|
1893
|
+
# @return [Boolean]
|
1894
|
+
attr_accessor :supports_in
|
1895
|
+
alias_method :supports_in?, :supports_in
|
1896
|
+
|
1897
|
+
# Indicates whether subtrees of Cloud Resource Manager resource hierarchy can be
|
1898
|
+
# used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"
|
1899
|
+
# under:folders/123"` would match any resource under the 'folders/123' folder.
|
1900
|
+
# Corresponds to the JSON property `supportsUnder`
|
1901
|
+
# @return [Boolean]
|
1902
|
+
attr_accessor :supports_under
|
1903
|
+
alias_method :supports_under?, :supports_under
|
1904
|
+
|
1905
|
+
def initialize(**args)
|
1906
|
+
update!(**args)
|
1907
|
+
end
|
1908
|
+
|
1909
|
+
# Update properties of this object
|
1910
|
+
def update!(**args)
|
1911
|
+
@supports_in = args[:supports_in] if args.key?(:supports_in)
|
1912
|
+
@supports_under = args[:supports_under] if args.key?(:supports_under)
|
1913
|
+
end
|
1914
|
+
end
|
1915
|
+
|
1916
|
+
# BigQuery destination.
|
1917
|
+
class GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination
|
1918
|
+
include Google::Apis::Core::Hashable
|
1919
|
+
|
1920
|
+
# Required. The BigQuery dataset where the query results will be saved. It has
|
1921
|
+
# the format of "projects/`projectId`/datasets/`datasetId`".
|
1922
|
+
# Corresponds to the JSON property `dataset`
|
1923
|
+
# @return [String]
|
1924
|
+
attr_accessor :dataset
|
1925
|
+
|
1926
|
+
# Required. The BigQuery table where the query results will be saved. If this
|
1927
|
+
# table does not exist, a new table with the given name will be created.
|
1928
|
+
# Corresponds to the JSON property `table`
|
1929
|
+
# @return [String]
|
1930
|
+
attr_accessor :table
|
1931
|
+
|
1932
|
+
# Specifies the action that occurs if the destination table or partition already
|
1933
|
+
# exists. The following values are supported: * WRITE_TRUNCATE: If the table or
|
1934
|
+
# partition already exists, BigQuery overwrites the entire table or all the
|
1935
|
+
# partitions data. * WRITE_APPEND: If the table or partition already exists,
|
1936
|
+
# BigQuery appends the data to the table or the latest partition. * WRITE_EMPTY:
|
1937
|
+
# If the table already exists and contains data, a 'duplicate' error is returned
|
1938
|
+
# in the job result. The default value is WRITE_EMPTY.
|
1939
|
+
# Corresponds to the JSON property `writeDisposition`
|
1940
|
+
# @return [String]
|
1941
|
+
attr_accessor :write_disposition
|
1942
|
+
|
1943
|
+
def initialize(**args)
|
1944
|
+
update!(**args)
|
1945
|
+
end
|
1946
|
+
|
1947
|
+
# Update properties of this object
|
1948
|
+
def update!(**args)
|
1949
|
+
@dataset = args[:dataset] if args.key?(:dataset)
|
1950
|
+
@table = args[:table] if args.key?(:table)
|
1951
|
+
@write_disposition = args[:write_disposition] if args.key?(:write_disposition)
|
1952
|
+
end
|
1953
|
+
end
|
1954
|
+
|
1347
1955
|
# A Google Cloud resource under analysis.
|
1348
1956
|
class GoogleCloudAssetV1Resource
|
1349
1957
|
include Google::Apis::Core::Hashable
|
@@ -1371,12 +1979,100 @@ module Google
|
|
1371
1979
|
end
|
1372
1980
|
end
|
1373
1981
|
|
1982
|
+
# Represents a rule defined in an organization policy
|
1983
|
+
class GoogleCloudAssetV1Rule
|
1984
|
+
include Google::Apis::Core::Hashable
|
1985
|
+
|
1986
|
+
# Setting this to true means that all values are allowed. This field can be set
|
1987
|
+
# only in Policies for list constraints.
|
1988
|
+
# Corresponds to the JSON property `allowAll`
|
1989
|
+
# @return [Boolean]
|
1990
|
+
attr_accessor :allow_all
|
1991
|
+
alias_method :allow_all?, :allow_all
|
1992
|
+
|
1993
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
1994
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
1995
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
1996
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
1997
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
1998
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
1999
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
2000
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
2001
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
2002
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
2003
|
+
# string" description: "Create a notification string with a timestamp."
|
2004
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
2005
|
+
# exact variables and functions that may be referenced within an expression are
|
2006
|
+
# determined by the service that evaluates it. See the service documentation for
|
2007
|
+
# additional information.
|
2008
|
+
# Corresponds to the JSON property `condition`
|
2009
|
+
# @return [Google::Apis::CloudassetV1::Expr]
|
2010
|
+
attr_accessor :condition
|
2011
|
+
|
2012
|
+
# Setting this to true means that all values are denied. This field can be set
|
2013
|
+
# only in Policies for list constraints.
|
2014
|
+
# Corresponds to the JSON property `denyAll`
|
2015
|
+
# @return [Boolean]
|
2016
|
+
attr_accessor :deny_all
|
2017
|
+
alias_method :deny_all?, :deny_all
|
2018
|
+
|
2019
|
+
# If `true`, then the `Policy` is enforced. If `false`, then any configuration
|
2020
|
+
# is acceptable. This field can be set only in Policies for boolean constraints.
|
2021
|
+
# Corresponds to the JSON property `enforce`
|
2022
|
+
# @return [Boolean]
|
2023
|
+
attr_accessor :enforce
|
2024
|
+
alias_method :enforce?, :enforce
|
2025
|
+
|
2026
|
+
# The string values for the list constraints.
|
2027
|
+
# Corresponds to the JSON property `values`
|
2028
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1StringValues]
|
2029
|
+
attr_accessor :values
|
2030
|
+
|
2031
|
+
def initialize(**args)
|
2032
|
+
update!(**args)
|
2033
|
+
end
|
2034
|
+
|
2035
|
+
# Update properties of this object
|
2036
|
+
def update!(**args)
|
2037
|
+
@allow_all = args[:allow_all] if args.key?(:allow_all)
|
2038
|
+
@condition = args[:condition] if args.key?(:condition)
|
2039
|
+
@deny_all = args[:deny_all] if args.key?(:deny_all)
|
2040
|
+
@enforce = args[:enforce] if args.key?(:enforce)
|
2041
|
+
@values = args[:values] if args.key?(:values)
|
2042
|
+
end
|
2043
|
+
end
|
2044
|
+
|
2045
|
+
# The string values for the list constraints.
|
2046
|
+
class GoogleCloudAssetV1StringValues
|
2047
|
+
include Google::Apis::Core::Hashable
|
2048
|
+
|
2049
|
+
# List of values allowed at this resource.
|
2050
|
+
# Corresponds to the JSON property `allowedValues`
|
2051
|
+
# @return [Array<String>]
|
2052
|
+
attr_accessor :allowed_values
|
2053
|
+
|
2054
|
+
# List of values denied at this resource.
|
2055
|
+
# Corresponds to the JSON property `deniedValues`
|
2056
|
+
# @return [Array<String>]
|
2057
|
+
attr_accessor :denied_values
|
2058
|
+
|
2059
|
+
def initialize(**args)
|
2060
|
+
update!(**args)
|
2061
|
+
end
|
2062
|
+
|
2063
|
+
# Update properties of this object
|
2064
|
+
def update!(**args)
|
2065
|
+
@allowed_values = args[:allowed_values] if args.key?(:allowed_values)
|
2066
|
+
@denied_values = args[:denied_values] if args.key?(:denied_values)
|
2067
|
+
end
|
2068
|
+
end
|
2069
|
+
|
1374
2070
|
# An asset in Google Cloud. An asset can be any resource in the Google Cloud [
|
1375
2071
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
1376
2072
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
1377
2073
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
1378
|
-
# (e.g.
|
1379
|
-
#
|
2074
|
+
# (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-
|
2075
|
+
# inventory/docs/supported-asset-types) for more information.
|
1380
2076
|
class GoogleCloudAssetV1p7beta1Asset
|
1381
2077
|
include Google::Apis::Core::Hashable
|
1382
2078
|
|
@@ -1513,9 +2209,9 @@ module Google
|
|
1513
2209
|
# An asset can be any resource in the Google Cloud [resource hierarchy](https://
|
1514
2210
|
# cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a
|
1515
2211
|
# resource outside the Google Cloud resource hierarchy (such as Google
|
1516
|
-
# Kubernetes Engine clusters and objects), or a policy (e.g.
|
1517
|
-
#
|
1518
|
-
#
|
2212
|
+
# Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [
|
2213
|
+
# Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-
|
2214
|
+
# asset-types) for more information.
|
1519
2215
|
class GoogleCloudAssetV1p7beta1RelatedAsset
|
1520
2216
|
include Google::Apis::Core::Hashable
|
1521
2217
|
|
@@ -1654,7 +2350,7 @@ module Google
|
|
1654
2350
|
# The full name of the immediate parent of this resource. See [Resource Names](
|
1655
2351
|
# https://cloud.google.com/apis/design/resource_names#full_resource_name) for
|
1656
2352
|
# more information. For Google Cloud assets, this value is the parent resource
|
1657
|
-
# defined in the [
|
2353
|
+
# defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/
|
1658
2354
|
# overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/
|
1659
2355
|
# projects/my_project_123` For third-party assets, this field may be set
|
1660
2356
|
# differently.
|
@@ -1992,10 +2688,10 @@ module Google
|
|
1992
2688
|
# @return [String]
|
1993
2689
|
attr_accessor :description
|
1994
2690
|
|
1995
|
-
#
|
1996
|
-
#
|
1997
|
-
#
|
1998
|
-
#
|
2691
|
+
# Resource name for the `AccessLevel`. Format: `accessPolicies/`access_policy`/
|
2692
|
+
# accessLevels/`access_level``. The `access_level` component must begin with a
|
2693
|
+
# letter, followed by alphanumeric characters or `_`. Its maximum length is 50
|
2694
|
+
# characters. After you create an `AccessLevel`, you cannot change its `name`.
|
1999
2695
|
# Corresponds to the JSON property `name`
|
2000
2696
|
# @return [String]
|
2001
2697
|
attr_accessor :name
|
@@ -2533,10 +3229,11 @@ module Google
|
|
2533
3229
|
|
2534
3230
|
# A Google Cloud resource that is allowed to ingress the perimeter. Requests
|
2535
3231
|
# from these resources will be allowed to access perimeter data. Currently only
|
2536
|
-
# projects are allowed.
|
2537
|
-
#
|
2538
|
-
#
|
2539
|
-
#
|
3232
|
+
# projects and VPCs are allowed. Project format: `projects/`project_number`` VPC
|
3233
|
+
# format: `//compute.googleapis.com/projects/`PROJECT_ID`/global/networks/`NAME``
|
3234
|
+
# . The project may be in any Google Cloud organization, not just the
|
3235
|
+
# organization that the perimeter is defined in. `*` is not allowed, the case of
|
3236
|
+
# allowing all Google Cloud resources only is not supported.
|
2540
3237
|
# Corresponds to the JSON property `resource`
|
2541
3238
|
# @return [String]
|
2542
3239
|
attr_accessor :resource
|
@@ -2666,9 +3363,10 @@ module Google
|
|
2666
3363
|
# @return [String]
|
2667
3364
|
attr_accessor :description
|
2668
3365
|
|
2669
|
-
#
|
2670
|
-
#
|
2671
|
-
#
|
3366
|
+
# Resource name for the `ServicePerimeter`. Format: `accessPolicies/`
|
3367
|
+
# access_policy`/servicePerimeters/`service_perimeter``. The `service_perimeter`
|
3368
|
+
# component must begin with a letter, followed by alphanumeric characters or `_`.
|
3369
|
+
# After you create a `ServicePerimeter`, you cannot change its `name`.
|
2672
3370
|
# Corresponds to the JSON property `name`
|
2673
3371
|
# @return [String]
|
2674
3372
|
attr_accessor :name
|
@@ -2760,7 +3458,9 @@ module Google
|
|
2760
3458
|
attr_accessor :ingress_policies
|
2761
3459
|
|
2762
3460
|
# A list of Google Cloud resources that are inside of the service perimeter.
|
2763
|
-
# Currently only projects are allowed.
|
3461
|
+
# Currently only projects and VPCs are allowed. Project format: `projects/`
|
3462
|
+
# project_number`` VPC format: `//compute.googleapis.com/projects/`PROJECT_ID`/
|
3463
|
+
# global/networks/`NAME``.
|
2764
3464
|
# Corresponds to the JSON property `resources`
|
2765
3465
|
# @return [Array<String>]
|
2766
3466
|
attr_accessor :resources
|
@@ -3093,8 +3793,8 @@ module Google
|
|
3093
3793
|
# @return [Google::Apis::CloudassetV1::Policy]
|
3094
3794
|
attr_accessor :policy
|
3095
3795
|
|
3096
|
-
# The project that the associated
|
3097
|
-
# projects/`PROJECT_NUMBER`. If an IAM policy is set on a resource (like VM
|
3796
|
+
# The project that the associated Google Cloud resource belongs to, in the form
|
3797
|
+
# of projects/`PROJECT_NUMBER`. If an IAM policy is set on a resource (like VM
|
3098
3798
|
# instance, Cloud Storage bucket), the project field will indicate the project
|
3099
3799
|
# that contains the resource. If an IAM policy is set on a folder or orgnization,
|
3100
3800
|
# this field will be empty. To search against the `project`: * specify the `
|
@@ -3341,7 +4041,7 @@ module Google
|
|
3341
4041
|
# @return [Google::Apis::CloudassetV1::MoveAnalysisResult]
|
3342
4042
|
attr_accessor :analysis
|
3343
4043
|
|
3344
|
-
# The user friendly display name of the analysis. E.g. IAM,
|
4044
|
+
# The user friendly display name of the analysis. E.g. IAM, organization policy
|
3345
4045
|
# etc.
|
3346
4046
|
# Corresponds to the JSON property `displayName`
|
3347
4047
|
# @return [String]
|
@@ -3485,19 +4185,19 @@ module Google
|
|
3485
4185
|
# Optional. If true, the response will include access analysis from identities
|
3486
4186
|
# to resources via service account impersonation. This is a very expensive
|
3487
4187
|
# operation, because many derived queries will be executed. We highly recommend
|
3488
|
-
# you use AssetService.AnalyzeIamPolicyLongrunning
|
4188
|
+
# you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if
|
3489
4189
|
# the request analyzes for which resources user A has permission P, and there's
|
3490
4190
|
# an IAM policy states user A has iam.serviceAccounts.getAccessToken permission
|
3491
4191
|
# to a service account SA, and there's another IAM policy states service account
|
3492
|
-
# SA has permission P to a
|
3493
|
-
# the
|
3494
|
-
# AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
3495
|
-
# example, if the request analyzes for who has permission P to a
|
3496
|
-
# and there's an IAM policy states user A has iam.
|
3497
|
-
# permission to a service account SA, and there's another
|
3498
|
-
# service account SA has permission P to the
|
3499
|
-
# potentially has access to the
|
3500
|
-
# results will be included in AnalyzeIamPolicyResponse.
|
4192
|
+
# SA has permission P to a Google Cloud folder F, then user A potentially has
|
4193
|
+
# access to the Google Cloud folder F. And those advanced analysis results will
|
4194
|
+
# be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
4195
|
+
# Another example, if the request analyzes for who has permission P to a Google
|
4196
|
+
# Cloud folder F, and there's an IAM policy states user A has iam.
|
4197
|
+
# serviceAccounts.actAs permission to a service account SA, and there's another
|
4198
|
+
# IAM policy states service account SA has permission P to the Google Cloud
|
4199
|
+
# folder F, then user A potentially has access to the Google Cloud folder F. And
|
4200
|
+
# those advanced analysis results will be included in AnalyzeIamPolicyResponse.
|
3501
4201
|
# service_account_impersonation_analysis. Only the following permissions are
|
3502
4202
|
# considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.
|
3503
4203
|
# serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.
|
@@ -3523,17 +4223,18 @@ module Google
|
|
3523
4223
|
# specified, the resource section of the result will expand any resource
|
3524
4224
|
# attached to an IAM policy to include resources lower in the resource hierarchy.
|
3525
4225
|
# For example, if the request analyzes for which resources user A has
|
3526
|
-
# permission P, and the results include an IAM policy with P on a
|
3527
|
-
# the results will also include resources in that folder with permission
|
3528
|
-
# true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
3529
|
-
# section of the result will expand the specified resource to include
|
3530
|
-
# lower in the resource hierarchy. Only project or lower resources are
|
3531
|
-
# Folder and organization
|
3532
|
-
# For example, if the request analyzes for which users have permission P
|
3533
|
-
#
|
3534
|
-
# have permission P on that project or any lower resource. If true,
|
3535
|
-
# max expansion per resource is 1000 for AssetService.
|
3536
|
-
# 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
4226
|
+
# permission P, and the results include an IAM policy with P on a Google Cloud
|
4227
|
+
# folder, the results will also include resources in that folder with permission
|
4228
|
+
# P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
4229
|
+
# resource section of the result will expand the specified resource to include
|
4230
|
+
# resources lower in the resource hierarchy. Only project or lower resources are
|
4231
|
+
# supported. Folder and organization resources cannot be used together with this
|
4232
|
+
# option. For example, if the request analyzes for which users have permission P
|
4233
|
+
# on a Google Cloud project with this option enabled, the results will include
|
4234
|
+
# all users who have permission P on that project or any lower resource. If true,
|
4235
|
+
# the default max expansion per resource is 1000 for AssetService.
|
4236
|
+
# AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
4237
|
+
# Default is false.
|
3537
4238
|
# Corresponds to the JSON property `expandResources`
|
3538
4239
|
# @return [Boolean]
|
3539
4240
|
attr_accessor :expand_resources
|
@@ -3579,6 +4280,36 @@ module Google
|
|
3579
4280
|
end
|
3580
4281
|
end
|
3581
4282
|
|
4283
|
+
# The organization policy result to the query.
|
4284
|
+
class OrgPolicyResult
|
4285
|
+
include Google::Apis::Core::Hashable
|
4286
|
+
|
4287
|
+
# This organization policy message is a modified version of the one defined in
|
4288
|
+
# the Organization Policy system. This message contains several fields defined
|
4289
|
+
# in the original organization policy with some new fields for analysis purpose.
|
4290
|
+
# Corresponds to the JSON property `consolidatedPolicy`
|
4291
|
+
# @return [Google::Apis::CloudassetV1::AnalyzerOrgPolicy]
|
4292
|
+
attr_accessor :consolidated_policy
|
4293
|
+
|
4294
|
+
# The ordered list of all organization policies from the
|
4295
|
+
# AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.
|
4296
|
+
# attached_resource. to the scope specified in the request. If the constraint is
|
4297
|
+
# defined with default policy, it will also appear in the list.
|
4298
|
+
# Corresponds to the JSON property `policyBundle`
|
4299
|
+
# @return [Array<Google::Apis::CloudassetV1::AnalyzerOrgPolicy>]
|
4300
|
+
attr_accessor :policy_bundle
|
4301
|
+
|
4302
|
+
def initialize(**args)
|
4303
|
+
update!(**args)
|
4304
|
+
end
|
4305
|
+
|
4306
|
+
# Update properties of this object
|
4307
|
+
def update!(**args)
|
4308
|
+
@consolidated_policy = args[:consolidated_policy] if args.key?(:consolidated_policy)
|
4309
|
+
@policy_bundle = args[:policy_bundle] if args.key?(:policy_bundle)
|
4310
|
+
end
|
4311
|
+
end
|
4312
|
+
|
3582
4313
|
# Operating system information for the VM.
|
3583
4314
|
class OsInfo
|
3584
4315
|
include Google::Apis::Core::Hashable
|
@@ -3870,6 +4601,154 @@ module Google
|
|
3870
4601
|
end
|
3871
4602
|
end
|
3872
4603
|
|
4604
|
+
# Output configuration query assets.
|
4605
|
+
class QueryAssetsOutputConfig
|
4606
|
+
include Google::Apis::Core::Hashable
|
4607
|
+
|
4608
|
+
# BigQuery destination.
|
4609
|
+
# Corresponds to the JSON property `bigqueryDestination`
|
4610
|
+
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination]
|
4611
|
+
attr_accessor :bigquery_destination
|
4612
|
+
|
4613
|
+
def initialize(**args)
|
4614
|
+
update!(**args)
|
4615
|
+
end
|
4616
|
+
|
4617
|
+
# Update properties of this object
|
4618
|
+
def update!(**args)
|
4619
|
+
@bigquery_destination = args[:bigquery_destination] if args.key?(:bigquery_destination)
|
4620
|
+
end
|
4621
|
+
end
|
4622
|
+
|
4623
|
+
# QueryAssets request.
|
4624
|
+
class QueryAssetsRequest
|
4625
|
+
include Google::Apis::Core::Hashable
|
4626
|
+
|
4627
|
+
# Optional. Reference to the query job, which is from the `QueryAssetsResponse`
|
4628
|
+
# of previous `QueryAssets` call.
|
4629
|
+
# Corresponds to the JSON property `jobReference`
|
4630
|
+
# @return [String]
|
4631
|
+
attr_accessor :job_reference
|
4632
|
+
|
4633
|
+
# Output configuration query assets.
|
4634
|
+
# Corresponds to the JSON property `outputConfig`
|
4635
|
+
# @return [Google::Apis::CloudassetV1::QueryAssetsOutputConfig]
|
4636
|
+
attr_accessor :output_config
|
4637
|
+
|
4638
|
+
# Optional. The maximum number of rows to return in the results. Responses are
|
4639
|
+
# limited to 10 MB and 1000 rows. By default, the maximum row count is 1000.
|
4640
|
+
# When the byte or row count limit is reached, the rest of the query results
|
4641
|
+
# will be paginated. The field will be ignored when [output_config] is specified.
|
4642
|
+
# Corresponds to the JSON property `pageSize`
|
4643
|
+
# @return [Fixnum]
|
4644
|
+
attr_accessor :page_size
|
4645
|
+
|
4646
|
+
# Optional. A page token received from previous `QueryAssets`. The field will be
|
4647
|
+
# ignored when [output_config] is specified.
|
4648
|
+
# Corresponds to the JSON property `pageToken`
|
4649
|
+
# @return [String]
|
4650
|
+
attr_accessor :page_token
|
4651
|
+
|
4652
|
+
# Optional. Queries cloud assets as they appeared at the specified point in time.
|
4653
|
+
# Corresponds to the JSON property `readTime`
|
4654
|
+
# @return [String]
|
4655
|
+
attr_accessor :read_time
|
4656
|
+
|
4657
|
+
# A time window specified by its `start_time` and `end_time`.
|
4658
|
+
# Corresponds to the JSON property `readTimeWindow`
|
4659
|
+
# @return [Google::Apis::CloudassetV1::TimeWindow]
|
4660
|
+
attr_accessor :read_time_window
|
4661
|
+
|
4662
|
+
# Optional. A SQL statement that's compatible with [BigQuery Standard SQL](http:/
|
4663
|
+
# /cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
|
4664
|
+
# Corresponds to the JSON property `statement`
|
4665
|
+
# @return [String]
|
4666
|
+
attr_accessor :statement
|
4667
|
+
|
4668
|
+
# Optional. Specifies the maximum amount of time that the client is willing to
|
4669
|
+
# wait for the query to complete. By default, this limit is 5 min for the first
|
4670
|
+
# query, and 1 minute for the following queries. If the query is complete, the `
|
4671
|
+
# done` field in the `QueryAssetsResponse` is true, otherwise false. Like
|
4672
|
+
# BigQuery [jobs.query API](https://cloud.google.com/bigquery/docs/reference/
|
4673
|
+
# rest/v2/jobs/query#queryrequest) The call is not guaranteed to wait for the
|
4674
|
+
# specified timeout; it typically returns after around 200 seconds (200,000
|
4675
|
+
# milliseconds), even if the query is not complete. The field will be ignored
|
4676
|
+
# when [output_config] is specified.
|
4677
|
+
# Corresponds to the JSON property `timeout`
|
4678
|
+
# @return [String]
|
4679
|
+
attr_accessor :timeout
|
4680
|
+
|
4681
|
+
def initialize(**args)
|
4682
|
+
update!(**args)
|
4683
|
+
end
|
4684
|
+
|
4685
|
+
# Update properties of this object
|
4686
|
+
def update!(**args)
|
4687
|
+
@job_reference = args[:job_reference] if args.key?(:job_reference)
|
4688
|
+
@output_config = args[:output_config] if args.key?(:output_config)
|
4689
|
+
@page_size = args[:page_size] if args.key?(:page_size)
|
4690
|
+
@page_token = args[:page_token] if args.key?(:page_token)
|
4691
|
+
@read_time = args[:read_time] if args.key?(:read_time)
|
4692
|
+
@read_time_window = args[:read_time_window] if args.key?(:read_time_window)
|
4693
|
+
@statement = args[:statement] if args.key?(:statement)
|
4694
|
+
@timeout = args[:timeout] if args.key?(:timeout)
|
4695
|
+
end
|
4696
|
+
end
|
4697
|
+
|
4698
|
+
# QueryAssets response.
|
4699
|
+
class QueryAssetsResponse
|
4700
|
+
include Google::Apis::Core::Hashable
|
4701
|
+
|
4702
|
+
# The query response, which can be either an `error` or a valid `response`. If `
|
4703
|
+
# done` == `false` and the query result is being saved in a output, the
|
4704
|
+
# output_config field will be set. If `done` == `true`, exactly one of `error`, `
|
4705
|
+
# query_result` or `output_config` will be set.
|
4706
|
+
# Corresponds to the JSON property `done`
|
4707
|
+
# @return [Boolean]
|
4708
|
+
attr_accessor :done
|
4709
|
+
alias_method :done?, :done
|
4710
|
+
|
4711
|
+
# The `Status` type defines a logical error model that is suitable for different
|
4712
|
+
# programming environments, including REST APIs and RPC APIs. It is used by [
|
4713
|
+
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
|
4714
|
+
# data: error code, error message, and error details. You can find out more
|
4715
|
+
# about this error model and how to work with it in the [API Design Guide](https:
|
4716
|
+
# //cloud.google.com/apis/design/errors).
|
4717
|
+
# Corresponds to the JSON property `error`
|
4718
|
+
# @return [Google::Apis::CloudassetV1::Status]
|
4719
|
+
attr_accessor :error
|
4720
|
+
|
4721
|
+
# Reference to a query job.
|
4722
|
+
# Corresponds to the JSON property `jobReference`
|
4723
|
+
# @return [String]
|
4724
|
+
attr_accessor :job_reference
|
4725
|
+
|
4726
|
+
# Output configuration query assets.
|
4727
|
+
# Corresponds to the JSON property `outputConfig`
|
4728
|
+
# @return [Google::Apis::CloudassetV1::QueryAssetsOutputConfig]
|
4729
|
+
attr_accessor :output_config
|
4730
|
+
|
4731
|
+
# Execution results of the query. The result is formatted as rows represented by
|
4732
|
+
# BigQuery compatible [schema]. When pagination is necessary, it will contains
|
4733
|
+
# the page token to retrieve the results of following pages.
|
4734
|
+
# Corresponds to the JSON property `queryResult`
|
4735
|
+
# @return [Google::Apis::CloudassetV1::QueryResult]
|
4736
|
+
attr_accessor :query_result
|
4737
|
+
|
4738
|
+
def initialize(**args)
|
4739
|
+
update!(**args)
|
4740
|
+
end
|
4741
|
+
|
4742
|
+
# Update properties of this object
|
4743
|
+
def update!(**args)
|
4744
|
+
@done = args[:done] if args.key?(:done)
|
4745
|
+
@error = args[:error] if args.key?(:error)
|
4746
|
+
@job_reference = args[:job_reference] if args.key?(:job_reference)
|
4747
|
+
@output_config = args[:output_config] if args.key?(:output_config)
|
4748
|
+
@query_result = args[:query_result] if args.key?(:query_result)
|
4749
|
+
end
|
4750
|
+
end
|
4751
|
+
|
3873
4752
|
# The query content.
|
3874
4753
|
class QueryContent
|
3875
4754
|
include Google::Apis::Core::Hashable
|
@@ -3889,13 +4768,52 @@ module Google
|
|
3889
4768
|
end
|
3890
4769
|
end
|
3891
4770
|
|
4771
|
+
# Execution results of the query. The result is formatted as rows represented by
|
4772
|
+
# BigQuery compatible [schema]. When pagination is necessary, it will contains
|
4773
|
+
# the page token to retrieve the results of following pages.
|
4774
|
+
class QueryResult
|
4775
|
+
include Google::Apis::Core::Hashable
|
4776
|
+
|
4777
|
+
# Token to retrieve the next page of the results.
|
4778
|
+
# Corresponds to the JSON property `nextPageToken`
|
4779
|
+
# @return [String]
|
4780
|
+
attr_accessor :next_page_token
|
4781
|
+
|
4782
|
+
# Each row hold a query result in the format of `Struct`.
|
4783
|
+
# Corresponds to the JSON property `rows`
|
4784
|
+
# @return [Array<Hash<String,Object>>]
|
4785
|
+
attr_accessor :rows
|
4786
|
+
|
4787
|
+
# BigQuery Compatible table schema.
|
4788
|
+
# Corresponds to the JSON property `schema`
|
4789
|
+
# @return [Google::Apis::CloudassetV1::TableSchema]
|
4790
|
+
attr_accessor :schema
|
4791
|
+
|
4792
|
+
# Total rows of the whole query results.
|
4793
|
+
# Corresponds to the JSON property `totalRows`
|
4794
|
+
# @return [Fixnum]
|
4795
|
+
attr_accessor :total_rows
|
4796
|
+
|
4797
|
+
def initialize(**args)
|
4798
|
+
update!(**args)
|
4799
|
+
end
|
4800
|
+
|
4801
|
+
# Update properties of this object
|
4802
|
+
def update!(**args)
|
4803
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
4804
|
+
@rows = args[:rows] if args.key?(:rows)
|
4805
|
+
@schema = args[:schema] if args.key?(:schema)
|
4806
|
+
@total_rows = args[:total_rows] if args.key?(:total_rows)
|
4807
|
+
end
|
4808
|
+
end
|
4809
|
+
|
3892
4810
|
# An asset identifier in Google Cloud which contains its name, type and
|
3893
4811
|
# ancestors. An asset can be any resource in the Google Cloud [resource
|
3894
4812
|
# hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
|
3895
4813
|
# resource-hierarchy), a resource outside the Google Cloud resource hierarchy (
|
3896
|
-
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g.
|
3897
|
-
#
|
3898
|
-
#
|
4814
|
+
# such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM
|
4815
|
+
# policy). See [Supported asset types](https://cloud.google.com/asset-inventory/
|
4816
|
+
# docs/supported-asset-types) for more information.
|
3899
4817
|
class RelatedAsset
|
3900
4818
|
include Google::Apis::Core::Hashable
|
3901
4819
|
|
@@ -4092,7 +5010,7 @@ module Google
|
|
4092
5010
|
# The full name of the immediate parent of this resource. See [Resource Names](
|
4093
5011
|
# https://cloud.google.com/apis/design/resource_names#full_resource_name) for
|
4094
5012
|
# more information. For Google Cloud assets, this value is the parent resource
|
4095
|
-
# defined in the [
|
5013
|
+
# defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/
|
4096
5014
|
# overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/
|
4097
5015
|
# projects/my_project_123` For third-party assets, this field may be set
|
4098
5016
|
# differently.
|
@@ -4138,14 +5056,14 @@ module Google
|
|
4138
5056
|
# from one resource type to another. Examples: `projectId` for Project, `dnsName`
|
4139
5057
|
# for DNS ManagedZone. This field contains a subset of the resource metadata
|
4140
5058
|
# fields that are returned by the List or Get APIs provided by the corresponding
|
4141
|
-
#
|
5059
|
+
# Google Cloud service (e.g., Compute Engine). see [API references and supported
|
4142
5060
|
# searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-
|
4143
5061
|
# asset-types#searchable_asset_types) to see which fields are included. You can
|
4144
5062
|
# search values of these fields through free text search. However, you should
|
4145
5063
|
# not consume the field programically as the field names and values may change
|
4146
|
-
# as the
|
4147
|
-
# against the `additional_attributes`: * Use a free text query to match
|
4148
|
-
# attributes values. Example: to search `additional_attributes = ` dnsName: "
|
5064
|
+
# as the Google Cloud service updates to a new incompatible API version. To
|
5065
|
+
# search against the `additional_attributes`: * Use a free text query to match
|
5066
|
+
# the attributes values. Example: to search `additional_attributes = ` dnsName: "
|
4149
5067
|
# foobar" ``, you can issue a query `foobar`.
|
4150
5068
|
# Corresponds to the JSON property `additionalAttributes`
|
4151
5069
|
# @return [Hash<String,Object>]
|
@@ -4208,8 +5126,8 @@ module Google
|
|
4208
5126
|
# projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://
|
4209
5127
|
# cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.
|
4210
5128
|
# cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose
|
4211
|
-
# of backward compatibility. Please use the `kms_keys` field to retrieve
|
4212
|
-
# information. This field is available only when the resource's Protobuf
|
5129
|
+
# of backward compatibility. Please use the `kms_keys` field to retrieve Cloud
|
5130
|
+
# KMS key information. This field is available only when the resource's Protobuf
|
4213
5131
|
# contains it and will only be populated for [these resource types](https://
|
4214
5132
|
# cloud.google.com/asset-inventory/docs/legacy-field-names#
|
4215
5133
|
# resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible
|
@@ -4229,7 +5147,7 @@ module Google
|
|
4229
5147
|
# @return [Array<String>]
|
4230
5148
|
attr_accessor :kms_keys
|
4231
5149
|
|
4232
|
-
# Labels associated with this resource. See [Labelling and grouping
|
5150
|
+
# Labels associated with this resource. See [Labelling and grouping Google Cloud
|
4233
5151
|
# resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-
|
4234
5152
|
# your-google-cloud-platform-resources) for more information. This field is
|
4235
5153
|
# available only when the resource's Protobuf contains it. To search against the
|
@@ -4260,12 +5178,12 @@ module Google
|
|
4260
5178
|
attr_accessor :name
|
4261
5179
|
|
4262
5180
|
# Network tags associated with this resource. Like labels, network tags are a
|
4263
|
-
# type of annotations used to group
|
4264
|
-
# https://cloud.google.com/blog/products/gcp/labelling-
|
4265
|
-
# cloud-platform-resources) for more information. This
|
4266
|
-
# when the resource's Protobuf contains it. To search
|
4267
|
-
# * Use a field query. Example: `networkTags:
|
4268
|
-
# Example: `internal`
|
5181
|
+
# type of annotations used to group Google Cloud resources. See [Labelling
|
5182
|
+
# Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-
|
5183
|
+
# and-grouping-your-google-cloud-platform-resources) for more information. This
|
5184
|
+
# field is available only when the resource's Protobuf contains it. To search
|
5185
|
+
# against the `network_tags`: * Use a field query. Example: `networkTags:
|
5186
|
+
# internal` * Use a free text query. Example: `internal`
|
4269
5187
|
# Corresponds to the JSON property `networkTags`
|
4270
5188
|
# @return [Array<String>]
|
4271
5189
|
attr_accessor :network_tags
|
@@ -4320,7 +5238,7 @@ module Google
|
|
4320
5238
|
# include PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED,
|
4321
5239
|
# REPAIRING, and TERMINATED. See `status` definition in [API Reference](https://
|
4322
5240
|
# cloud.google.com/compute/docs/reference/rest/v1/instances). If the resource is
|
4323
|
-
# a project provided by
|
5241
|
+
# a project provided by Resource Manager, its state will include
|
4324
5242
|
# LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and DELETE_IN_PROGRESS.
|
4325
5243
|
# See `lifecycleState` definition in [API Reference](https://cloud.google.com/
|
4326
5244
|
# resource-manager/reference/rest/v1/projects). To search against the `state`: *
|
@@ -4510,8 +5428,8 @@ module Google
|
|
4510
5428
|
# @return [String]
|
4511
5429
|
attr_accessor :next_page_token
|
4512
5430
|
|
4513
|
-
# A list of
|
4514
|
-
# the associated resource is returned along with the policy.
|
5431
|
+
# A list of IAM policies that match the search query. Related information such
|
5432
|
+
# as the associated resource is returned along with the policy.
|
4515
5433
|
# Corresponds to the JSON property `results`
|
4516
5434
|
# @return [Array<Google::Apis::CloudassetV1::IamPolicySearchResult>]
|
4517
5435
|
attr_accessor :results
|
@@ -4673,6 +5591,68 @@ module Google
|
|
4673
5591
|
end
|
4674
5592
|
end
|
4675
5593
|
|
5594
|
+
# A field in TableSchema.
|
5595
|
+
class TableFieldSchema
|
5596
|
+
include Google::Apis::Core::Hashable
|
5597
|
+
|
5598
|
+
# The field name. The name must contain only letters (a-z, A-Z), numbers (0-9),
|
5599
|
+
# or underscores (_), and must start with a letter or underscore. The maximum
|
5600
|
+
# length is 128 characters.
|
5601
|
+
# Corresponds to the JSON property `field`
|
5602
|
+
# @return [String]
|
5603
|
+
attr_accessor :field
|
5604
|
+
|
5605
|
+
# Describes the nested schema fields if the type property is set to RECORD.
|
5606
|
+
# Corresponds to the JSON property `fields`
|
5607
|
+
# @return [Array<Google::Apis::CloudassetV1::TableFieldSchema>]
|
5608
|
+
attr_accessor :fields
|
5609
|
+
|
5610
|
+
# The field mode. Possible values include NULLABLE, REQUIRED and REPEATED. The
|
5611
|
+
# default value is NULLABLE.
|
5612
|
+
# Corresponds to the JSON property `mode`
|
5613
|
+
# @return [String]
|
5614
|
+
attr_accessor :mode
|
5615
|
+
|
5616
|
+
# The field data type. Possible values include * STRING * BYTES * INTEGER *
|
5617
|
+
# FLOAT * BOOLEAN * TIMESTAMP * DATE * TIME * DATETIME * GEOGRAPHY, * NUMERIC, *
|
5618
|
+
# BIGNUMERIC, * RECORD (where RECORD indicates that the field contains a nested
|
5619
|
+
# schema).
|
5620
|
+
# Corresponds to the JSON property `type`
|
5621
|
+
# @return [String]
|
5622
|
+
attr_accessor :type
|
5623
|
+
|
5624
|
+
def initialize(**args)
|
5625
|
+
update!(**args)
|
5626
|
+
end
|
5627
|
+
|
5628
|
+
# Update properties of this object
|
5629
|
+
def update!(**args)
|
5630
|
+
@field = args[:field] if args.key?(:field)
|
5631
|
+
@fields = args[:fields] if args.key?(:fields)
|
5632
|
+
@mode = args[:mode] if args.key?(:mode)
|
5633
|
+
@type = args[:type] if args.key?(:type)
|
5634
|
+
end
|
5635
|
+
end
|
5636
|
+
|
5637
|
+
# BigQuery Compatible table schema.
|
5638
|
+
class TableSchema
|
5639
|
+
include Google::Apis::Core::Hashable
|
5640
|
+
|
5641
|
+
# Describes the fields in a table.
|
5642
|
+
# Corresponds to the JSON property `fields`
|
5643
|
+
# @return [Array<Google::Apis::CloudassetV1::TableFieldSchema>]
|
5644
|
+
attr_accessor :fields
|
5645
|
+
|
5646
|
+
def initialize(**args)
|
5647
|
+
update!(**args)
|
5648
|
+
end
|
5649
|
+
|
5650
|
+
# Update properties of this object
|
5651
|
+
def update!(**args)
|
5652
|
+
@fields = args[:fields] if args.key?(:fields)
|
5653
|
+
end
|
5654
|
+
end
|
5655
|
+
|
4676
5656
|
# An asset in Google Cloud and its temporal metadata, including the time window
|
4677
5657
|
# when it was observed and its status during that window.
|
4678
5658
|
class TemporalAsset
|
@@ -4682,7 +5662,7 @@ module Google
|
|
4682
5662
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
4683
5663
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
4684
5664
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
4685
|
-
# (e.g.
|
5665
|
+
# (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
|
4686
5666
|
# relationship). See [Supported asset types](https://cloud.google.com/asset-
|
4687
5667
|
# inventory/docs/supported-asset-types) for more information.
|
4688
5668
|
# Corresponds to the JSON property `asset`
|
@@ -4699,7 +5679,7 @@ module Google
|
|
4699
5679
|
# resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
|
4700
5680
|
# platform-resource-hierarchy), a resource outside the Google Cloud resource
|
4701
5681
|
# hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
|
4702
|
-
# (e.g.
|
5682
|
+
# (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
|
4703
5683
|
# relationship). See [Supported asset types](https://cloud.google.com/asset-
|
4704
5684
|
# inventory/docs/supported-asset-types) for more information.
|
4705
5685
|
# Corresponds to the JSON property `priorAsset`
|