google-apis-cloudasset_v1 0.50.0 → 0.52.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/cloudasset_v1/classes.rb +1055 -75
- data/lib/google/apis/cloudasset_v1/gem_version.rb +3 -3
- data/lib/google/apis/cloudasset_v1/representations.rb +391 -0
- data/lib/google/apis/cloudasset_v1/service.rb +301 -81
- data/lib/google/apis/cloudasset_v1.rb +2 -1
- metadata +4 -4
@@ -22,7 +22,8 @@ module Google
|
|
22
22
|
module CloudassetV1
|
23
23
|
# Cloud Asset API
|
24
24
|
#
|
25
|
-
# The
|
25
|
+
# The Cloud Asset API manages the history and inventory of Google Cloud
|
26
|
+
# resources.
|
26
27
|
#
|
27
28
|
# @example
|
28
29
|
# require 'google/apis/cloudasset_v1'
|
@@ -387,8 +388,8 @@ module Google
|
|
387
388
|
# @param [String] saved_query_id
|
388
389
|
# Required. The ID to use for the saved query, which must be unique in the
|
389
390
|
# specified parent. It will become the final component of the saved query's
|
390
|
-
# resource name. This value should be 4-63 characters, and valid characters are
|
391
|
-
# a-z
|
391
|
+
# resource name. This value should be 4-63 characters, and valid characters are `
|
392
|
+
# a-z-`. Notice that this field is required in the saved query creation, and the
|
392
393
|
# `name` field of the `saved_query` will be ignored.
|
393
394
|
# @param [String] fields
|
394
395
|
# Selector specifying which fields to include in a partial response.
|
@@ -607,19 +608,19 @@ module Google
|
|
607
608
|
# Optional. If true, the response will include access analysis from identities
|
608
609
|
# to resources via service account impersonation. This is a very expensive
|
609
610
|
# operation, because many derived queries will be executed. We highly recommend
|
610
|
-
# you use AssetService.AnalyzeIamPolicyLongrunning
|
611
|
+
# you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if
|
611
612
|
# the request analyzes for which resources user A has permission P, and there's
|
612
613
|
# an IAM policy states user A has iam.serviceAccounts.getAccessToken permission
|
613
614
|
# to a service account SA, and there's another IAM policy states service account
|
614
|
-
# SA has permission P to a
|
615
|
-
# the
|
616
|
-
# AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
617
|
-
# example, if the request analyzes for who has permission P to a
|
618
|
-
# and there's an IAM policy states user A has iam.
|
619
|
-
# permission to a service account SA, and there's another
|
620
|
-
# service account SA has permission P to the
|
621
|
-
# potentially has access to the
|
622
|
-
# results will be included in AnalyzeIamPolicyResponse.
|
615
|
+
# SA has permission P to a Google Cloud folder F, then user A potentially has
|
616
|
+
# access to the Google Cloud folder F. And those advanced analysis results will
|
617
|
+
# be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
618
|
+
# Another example, if the request analyzes for who has permission P to a Google
|
619
|
+
# Cloud folder F, and there's an IAM policy states user A has iam.
|
620
|
+
# serviceAccounts.actAs permission to a service account SA, and there's another
|
621
|
+
# IAM policy states service account SA has permission P to the Google Cloud
|
622
|
+
# folder F, then user A potentially has access to the Google Cloud folder F. And
|
623
|
+
# those advanced analysis results will be included in AnalyzeIamPolicyResponse.
|
623
624
|
# service_account_impersonation_analysis. Only the following permissions are
|
624
625
|
# considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.
|
625
626
|
# serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.
|
@@ -637,17 +638,18 @@ module Google
|
|
637
638
|
# specified, the resource section of the result will expand any resource
|
638
639
|
# attached to an IAM policy to include resources lower in the resource hierarchy.
|
639
640
|
# For example, if the request analyzes for which resources user A has
|
640
|
-
# permission P, and the results include an IAM policy with P on a
|
641
|
-
# the results will also include resources in that folder with permission
|
642
|
-
# true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
643
|
-
# section of the result will expand the specified resource to include
|
644
|
-
# lower in the resource hierarchy. Only project or lower resources are
|
645
|
-
# Folder and organization
|
646
|
-
# For example, if the request analyzes for which users have permission P
|
647
|
-
#
|
648
|
-
# have permission P on that project or any lower resource. If true,
|
649
|
-
# max expansion per resource is 1000 for AssetService.
|
650
|
-
# 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
641
|
+
# permission P, and the results include an IAM policy with P on a Google Cloud
|
642
|
+
# folder, the results will also include resources in that folder with permission
|
643
|
+
# P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
644
|
+
# resource section of the result will expand the specified resource to include
|
645
|
+
# resources lower in the resource hierarchy. Only project or lower resources are
|
646
|
+
# supported. Folder and organization resources cannot be used together with this
|
647
|
+
# option. For example, if the request analyzes for which users have permission P
|
648
|
+
# on a Google Cloud project with this option enabled, the results will include
|
649
|
+
# all users who have permission P on that project or any lower resource. If true,
|
650
|
+
# the default max expansion per resource is 1000 for AssetService.
|
651
|
+
# AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
652
|
+
# Default is false.
|
651
653
|
# @param [Boolean] analysis_query_options_expand_roles
|
652
654
|
# Optional. If true, the access section of result will expand any roles
|
653
655
|
# appearing in IAM policy bindings to include their permissions. If
|
@@ -780,14 +782,15 @@ module Google
|
|
780
782
|
# and configuration are subject to change before the actual resource migration
|
781
783
|
# takes place.
|
782
784
|
# @param [String] resource
|
783
|
-
# Required. Name of the resource to perform the analysis against. Only
|
784
|
-
#
|
785
|
-
# "projects/my-project-id") or a
|
785
|
+
# Required. Name of the resource to perform the analysis against. Only Google
|
786
|
+
# Cloud projects are supported as of today. Hence, this can only be a project ID
|
787
|
+
# (such as "projects/my-project-id") or a project number (such as "projects/
|
788
|
+
# 12345").
|
786
789
|
# @param [String] destination_parent
|
787
|
-
# Required. Name of the
|
788
|
-
# resource. The analysis will be performed against hypothetically moving
|
789
|
-
# resource to this specified desitination parent. This can only be a
|
790
|
-
# number (such as "folders/123") or an
|
790
|
+
# Required. Name of the Google Cloud folder or organization to reparent the
|
791
|
+
# target resource. The analysis will be performed against hypothetically moving
|
792
|
+
# the resource to this specified desitination parent. This can only be a folder
|
793
|
+
# number (such as "folders/123") or an organization number (such as "
|
791
794
|
# organizations/123").
|
792
795
|
# @param [String] view
|
793
796
|
# Analysis view indicating what information should be included in the analysis
|
@@ -821,6 +824,176 @@ module Google
|
|
821
824
|
execute_or_queue_command(command, &block)
|
822
825
|
end
|
823
826
|
|
827
|
+
# Analyzes organization policies under a scope.
|
828
|
+
# @param [String] scope
|
829
|
+
# Required. The organization to scope the request. Only organization policies
|
830
|
+
# within the scope will be analyzed. * organizations/`ORGANIZATION_NUMBER` (e.g.,
|
831
|
+
# "organizations/123456")
|
832
|
+
# @param [String] constraint
|
833
|
+
# Required. The name of the constraint to analyze organization policies for. The
|
834
|
+
# response only contains analyzed organization policies for the provided
|
835
|
+
# constraint.
|
836
|
+
# @param [String] filter
|
837
|
+
# The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The
|
838
|
+
# only supported field is `consolidated_policy.attached_resource`, and the only
|
839
|
+
# supported operator is `=`. Example: consolidated_policy.attached_resource="//
|
840
|
+
# cloudresourcemanager.googleapis.com/folders/001" will return the org policy
|
841
|
+
# results of"folders/001".
|
842
|
+
# @param [Fixnum] page_size
|
843
|
+
# The maximum number of items to return per page. If unspecified,
|
844
|
+
# AnalyzeOrgPoliciesResponse.org_policy_results will contain 20 items with a
|
845
|
+
# maximum of 200.
|
846
|
+
# @param [String] page_token
|
847
|
+
# The pagination token to retrieve the next page.
|
848
|
+
# @param [String] fields
|
849
|
+
# Selector specifying which fields to include in a partial response.
|
850
|
+
# @param [String] quota_user
|
851
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
852
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
853
|
+
# @param [Google::Apis::RequestOptions] options
|
854
|
+
# Request-specific options
|
855
|
+
#
|
856
|
+
# @yield [result, err] Result & error if block supplied
|
857
|
+
# @yieldparam result [Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse] parsed result object
|
858
|
+
# @yieldparam err [StandardError] error object if request failed
|
859
|
+
#
|
860
|
+
# @return [Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse]
|
861
|
+
#
|
862
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
863
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
864
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
865
|
+
def analyze_org_policies(scope, constraint: nil, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
866
|
+
command = make_simple_command(:get, 'v1/{+scope}:analyzeOrgPolicies', options)
|
867
|
+
command.response_representation = Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse::Representation
|
868
|
+
command.response_class = Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse
|
869
|
+
command.params['scope'] = scope unless scope.nil?
|
870
|
+
command.query['constraint'] = constraint unless constraint.nil?
|
871
|
+
command.query['filter'] = filter unless filter.nil?
|
872
|
+
command.query['pageSize'] = page_size unless page_size.nil?
|
873
|
+
command.query['pageToken'] = page_token unless page_token.nil?
|
874
|
+
command.query['fields'] = fields unless fields.nil?
|
875
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
876
|
+
execute_or_queue_command(command, &block)
|
877
|
+
end
|
878
|
+
|
879
|
+
# Analyzes organization policies governed assets (Google Cloud resources or
|
880
|
+
# policies) under a scope. This RPC supports custom constraints and the
|
881
|
+
# following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.
|
882
|
+
# disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.
|
883
|
+
# vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.
|
884
|
+
# resourceLocations * compute.trustedImageProjects * compute.
|
885
|
+
# skipDefaultNetworkCreation * compute.requireOsLogin * compute.
|
886
|
+
# disableNestedVirtualization This RPC only returns either resources of types
|
887
|
+
# supported by [searchable asset types](https://cloud.google.com/asset-inventory/
|
888
|
+
# docs/supported-asset-types#searchable_asset_types), or IAM policies.
|
889
|
+
# @param [String] scope
|
890
|
+
# Required. The organization to scope the request. Only organization policies
|
891
|
+
# within the scope will be analyzed. The output assets will also be limited to
|
892
|
+
# the ones governed by those in-scope organization policies. * organizations/`
|
893
|
+
# ORGANIZATION_NUMBER` (e.g., "organizations/123456")
|
894
|
+
# @param [String] constraint
|
895
|
+
# Required. The name of the constraint to analyze governed assets for. The
|
896
|
+
# analysis only contains analyzed organization policies for the provided
|
897
|
+
# constraint.
|
898
|
+
# @param [String] filter
|
899
|
+
# The expression to filter the governed assets in result. The only supported
|
900
|
+
# fields for governed resources are `governed_resource.project` and `
|
901
|
+
# governed_resource.folders`. The only supported fields for governed iam
|
902
|
+
# policies are `governed_iam_policy.project` and `governed_iam_policy.folders`.
|
903
|
+
# The only supported operator is `=`. Example 1: governed_resource.project="
|
904
|
+
# projects/12345678" filter will return all governed resources under projects/
|
905
|
+
# 12345678 including the project ifself, if applicable. Example 2:
|
906
|
+
# governed_iam_policy.folders="folders/12345678" filter will return all governed
|
907
|
+
# iam policies under folders/12345678, if applicable.
|
908
|
+
# @param [Fixnum] page_size
|
909
|
+
# The maximum number of items to return per page. If unspecified,
|
910
|
+
# AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will contain 100 items
|
911
|
+
# with a maximum of 200.
|
912
|
+
# @param [String] page_token
|
913
|
+
# The pagination token to retrieve the next page.
|
914
|
+
# @param [String] fields
|
915
|
+
# Selector specifying which fields to include in a partial response.
|
916
|
+
# @param [String] quota_user
|
917
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
918
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
919
|
+
# @param [Google::Apis::RequestOptions] options
|
920
|
+
# Request-specific options
|
921
|
+
#
|
922
|
+
# @yield [result, err] Result & error if block supplied
|
923
|
+
# @yieldparam result [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse] parsed result object
|
924
|
+
# @yieldparam err [StandardError] error object if request failed
|
925
|
+
#
|
926
|
+
# @return [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse]
|
927
|
+
#
|
928
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
929
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
930
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
931
|
+
def analyze_org_policy_governed_assets(scope, constraint: nil, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
932
|
+
command = make_simple_command(:get, 'v1/{+scope}:analyzeOrgPolicyGovernedAssets', options)
|
933
|
+
command.response_representation = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse::Representation
|
934
|
+
command.response_class = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse
|
935
|
+
command.params['scope'] = scope unless scope.nil?
|
936
|
+
command.query['constraint'] = constraint unless constraint.nil?
|
937
|
+
command.query['filter'] = filter unless filter.nil?
|
938
|
+
command.query['pageSize'] = page_size unless page_size.nil?
|
939
|
+
command.query['pageToken'] = page_token unless page_token.nil?
|
940
|
+
command.query['fields'] = fields unless fields.nil?
|
941
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
942
|
+
execute_or_queue_command(command, &block)
|
943
|
+
end
|
944
|
+
|
945
|
+
# Analyzes organization policies governed containers (projects, folders or
|
946
|
+
# organization) under a scope.
|
947
|
+
# @param [String] scope
|
948
|
+
# Required. The organization to scope the request. Only organization policies
|
949
|
+
# within the scope will be analyzed. The output containers will also be limited
|
950
|
+
# to the ones governed by those in-scope organization policies. * organizations/`
|
951
|
+
# ORGANIZATION_NUMBER` (e.g., "organizations/123456")
|
952
|
+
# @param [String] constraint
|
953
|
+
# Required. The name of the constraint to analyze governed containers for. The
|
954
|
+
# analysis only contains organization policies for the provided constraint.
|
955
|
+
# @param [String] filter
|
956
|
+
# The expression to filter the governed containers in result. The only supported
|
957
|
+
# field is `parent`, and the only supported operator is `=`. Example: parent="//
|
958
|
+
# cloudresourcemanager.googleapis.com/folders/001" will return all containers
|
959
|
+
# under "folders/001".
|
960
|
+
# @param [Fixnum] page_size
|
961
|
+
# The maximum number of items to return per page. If unspecified,
|
962
|
+
# AnalyzeOrgPolicyGovernedContainersResponse.governed_containers will contain
|
963
|
+
# 100 items with a maximum of 200.
|
964
|
+
# @param [String] page_token
|
965
|
+
# The pagination token to retrieve the next page.
|
966
|
+
# @param [String] fields
|
967
|
+
# Selector specifying which fields to include in a partial response.
|
968
|
+
# @param [String] quota_user
|
969
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
970
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
971
|
+
# @param [Google::Apis::RequestOptions] options
|
972
|
+
# Request-specific options
|
973
|
+
#
|
974
|
+
# @yield [result, err] Result & error if block supplied
|
975
|
+
# @yieldparam result [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse] parsed result object
|
976
|
+
# @yieldparam err [StandardError] error object if request failed
|
977
|
+
#
|
978
|
+
# @return [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse]
|
979
|
+
#
|
980
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
981
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
982
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
983
|
+
def analyze_org_policy_governed_containers(scope, constraint: nil, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
984
|
+
command = make_simple_command(:get, 'v1/{+scope}:analyzeOrgPolicyGovernedContainers', options)
|
985
|
+
command.response_representation = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse::Representation
|
986
|
+
command.response_class = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse
|
987
|
+
command.params['scope'] = scope unless scope.nil?
|
988
|
+
command.query['constraint'] = constraint unless constraint.nil?
|
989
|
+
command.query['filter'] = filter unless filter.nil?
|
990
|
+
command.query['pageSize'] = page_size unless page_size.nil?
|
991
|
+
command.query['pageToken'] = page_token unless page_token.nil?
|
992
|
+
command.query['fields'] = fields unless fields.nil?
|
993
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
994
|
+
execute_or_queue_command(command, &block)
|
995
|
+
end
|
996
|
+
|
824
997
|
# Batch gets the update history of assets that overlap a time window. For
|
825
998
|
# IAM_POLICY content, this API outputs history when the asset and its attached
|
826
999
|
# IAM POLICY both exist. This can create gaps in the output history. Otherwise,
|
@@ -931,6 +1104,51 @@ module Google
|
|
931
1104
|
execute_or_queue_command(command, &block)
|
932
1105
|
end
|
933
1106
|
|
1107
|
+
# Issue a job that queries assets using a SQL statement compatible with [
|
1108
|
+
# BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/
|
1109
|
+
# enabling-standard-sql). If the query execution finishes within timeout and
|
1110
|
+
# there's no pagination, the full query results will be returned in the `
|
1111
|
+
# QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing
|
1112
|
+
# extra requests with the `job_reference` from the a previous `QueryAssets` call.
|
1113
|
+
# Note, the query result has approximately 10 GB limitation enforced by
|
1114
|
+
# BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-
|
1115
|
+
# output, queries return larger results will result in errors.
|
1116
|
+
# @param [String] parent
|
1117
|
+
# Required. The relative name of the root asset. This can only be an
|
1118
|
+
# organization number (such as "organizations/123"), a project ID (such as "
|
1119
|
+
# projects/my-project-id"), or a project number (such as "projects/12345"), or a
|
1120
|
+
# folder number (such as "folders/123"). Only assets belonging to the `parent`
|
1121
|
+
# will be returned.
|
1122
|
+
# @param [Google::Apis::CloudassetV1::QueryAssetsRequest] query_assets_request_object
|
1123
|
+
# @param [String] fields
|
1124
|
+
# Selector specifying which fields to include in a partial response.
|
1125
|
+
# @param [String] quota_user
|
1126
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
1127
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
1128
|
+
# @param [Google::Apis::RequestOptions] options
|
1129
|
+
# Request-specific options
|
1130
|
+
#
|
1131
|
+
# @yield [result, err] Result & error if block supplied
|
1132
|
+
# @yieldparam result [Google::Apis::CloudassetV1::QueryAssetsResponse] parsed result object
|
1133
|
+
# @yieldparam err [StandardError] error object if request failed
|
1134
|
+
#
|
1135
|
+
# @return [Google::Apis::CloudassetV1::QueryAssetsResponse]
|
1136
|
+
#
|
1137
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
1138
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
1139
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
1140
|
+
def query_assets(parent, query_assets_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
1141
|
+
command = make_simple_command(:post, 'v1/{+parent}:queryAssets', options)
|
1142
|
+
command.request_representation = Google::Apis::CloudassetV1::QueryAssetsRequest::Representation
|
1143
|
+
command.request_object = query_assets_request_object
|
1144
|
+
command.response_representation = Google::Apis::CloudassetV1::QueryAssetsResponse::Representation
|
1145
|
+
command.response_class = Google::Apis::CloudassetV1::QueryAssetsResponse
|
1146
|
+
command.params['parent'] = parent unless parent.nil?
|
1147
|
+
command.query['fields'] = fields unless fields.nil?
|
1148
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
1149
|
+
execute_or_queue_command(command, &block)
|
1150
|
+
end
|
1151
|
+
|
934
1152
|
# Searches all IAM policies within the specified scope, such as a project,
|
935
1153
|
# folder, or organization. The caller must be granted the `cloudasset.assets.
|
936
1154
|
# searchAllIamPolicies` permission on the desired scope, otherwise the request
|
@@ -979,16 +1197,16 @@ module Google
|
|
979
1197
|
# google.com/asset-inventory/docs/searching-iam-policies#
|
980
1198
|
# how_to_construct_a_query) for more information. If not specified or empty, it
|
981
1199
|
# will search all the IAM policies within the specified `scope`. Note that the
|
982
|
-
# query string is compared against each
|
983
|
-
# principals, roles, and
|
984
|
-
#
|
985
|
-
#
|
986
|
-
#
|
987
|
-
#
|
988
|
-
#
|
989
|
-
#
|
990
|
-
#
|
991
|
-
#
|
1200
|
+
# query string is compared against each IAM policy binding, including its
|
1201
|
+
# principals, roles, and IAM conditions. The returned IAM policies will only
|
1202
|
+
# contain the bindings that match your query. To learn more about the IAM policy
|
1203
|
+
# structure, see the [IAM policy documentation](https://cloud.google.com/iam/
|
1204
|
+
# help/allow-policies/structure). Examples: * `policy:amy@gmail.com` to find IAM
|
1205
|
+
# policy bindings that specify user "amy@gmail.com". * `policy:roles/compute.
|
1206
|
+
# admin` to find IAM policy bindings that specify the Compute Admin role. * `
|
1207
|
+
# policy:comp*` to find IAM policy bindings that contain "comp" as a prefix of
|
1208
|
+
# any word in the binding. * `policy.role.permissions:storage.buckets.update` to
|
1209
|
+
# find IAM policy bindings that specify a role containing "storage.buckets.
|
992
1210
|
# update" permission. Note that if callers don't have `iam.roles.get` access to
|
993
1211
|
# a role's included permissions, policy bindings that specify this role will be
|
994
1212
|
# dropped from the search results. * `policy.role.permissions:upd*` to find IAM
|
@@ -1038,10 +1256,10 @@ module Google
|
|
1038
1256
|
execute_or_queue_command(command, &block)
|
1039
1257
|
end
|
1040
1258
|
|
1041
|
-
# Searches all Cloud resources within the specified scope, such as a
|
1042
|
-
# folder, or organization. The caller must be granted the `cloudasset.
|
1043
|
-
# searchAllResources` permission on the desired scope, otherwise the
|
1044
|
-
# will be rejected.
|
1259
|
+
# Searches all Google Cloud resources within the specified scope, such as a
|
1260
|
+
# project, folder, or organization. The caller must be granted the `cloudasset.
|
1261
|
+
# assets.searchAllResources` permission on the desired scope, otherwise the
|
1262
|
+
# request will be rejected.
|
1045
1263
|
# @param [String] scope
|
1046
1264
|
# Required. A scope can be a project, a folder, or an organization. The search
|
1047
1265
|
# is limited to the resources within the `scope`. The caller must be granted the
|
@@ -1087,38 +1305,40 @@ module Google
|
|
1087
1305
|
# google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
|
1088
1306
|
# for more information. If not specified or empty, it will search all the
|
1089
1307
|
# resources within the specified `scope`. Examples: * `name:Important` to find
|
1090
|
-
# Cloud resources whose name contains "Important" as a word. * `name=
|
1091
|
-
# to find the Cloud resource whose name is exactly "Important".
|
1092
|
-
# Impor*` to find Cloud resources whose display name
|
1093
|
-
# prefix of any word in the field. * `location:us-west*`
|
1094
|
-
# whose location contains both "us" and "west" as
|
1095
|
-
# find Cloud resources whose labels contain "
|
1096
|
-
#
|
1097
|
-
#
|
1098
|
-
# kmsKey:key` to find
|
1099
|
-
#
|
1100
|
-
#
|
1101
|
-
# to
|
1102
|
-
#
|
1103
|
-
#
|
1104
|
-
#
|
1105
|
-
#
|
1106
|
-
# relationships
|
1107
|
-
#
|
1108
|
-
#
|
1109
|
-
#
|
1110
|
-
#
|
1111
|
-
# "ACTIVE" as a word. * `
|
1112
|
-
#
|
1113
|
-
#
|
1114
|
-
#
|
1115
|
-
#
|
1116
|
-
#
|
1117
|
-
# of
|
1308
|
+
# Google Cloud resources whose name contains "Important" as a word. * `name=
|
1309
|
+
# Important` to find the Google Cloud resource whose name is exactly "Important".
|
1310
|
+
# * `displayName:Impor*` to find Google Cloud resources whose display name
|
1311
|
+
# contains "Impor" as a prefix of any word in the field. * `location:us-west*`
|
1312
|
+
# to find Google Cloud resources whose location contains both "us" and "west" as
|
1313
|
+
# prefixes. * `labels:prod` to find Google Cloud resources whose labels contain "
|
1314
|
+
# prod" as a key or value. * `labels.env:prod` to find Google Cloud resources
|
1315
|
+
# that have a label "env" and its value is "prod". * `labels.env:*` to find
|
1316
|
+
# Google Cloud resources that have a label "env". * `kmsKey:key` to find Google
|
1317
|
+
# Cloud resources encrypted with a customer-managed encryption key whose name
|
1318
|
+
# contains "key" as a word. This field is deprecated. Please use the `kmsKeys`
|
1319
|
+
# field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google
|
1320
|
+
# Cloud resources encrypted with customer-managed encryption keys whose name
|
1321
|
+
# contains the word "key". * `relationships:instance-group-1` to find Google
|
1322
|
+
# Cloud resources that have relationships with "instance-group-1" in the related
|
1323
|
+
# resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute
|
1324
|
+
# Engine instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". *
|
1325
|
+
# `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute
|
1326
|
+
# Engine instances that have relationships with "instance-group-1" in the
|
1327
|
+
# Compute Engine instance group resource name, for relationship type "
|
1328
|
+
# INSTANCE_TO_INSTANCEGROUP". * `state:ACTIVE` to find Google Cloud resources
|
1329
|
+
# whose state contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Google
|
1330
|
+
# Cloud resources whose state doesn't contain "ACTIVE" as a word. * `createTime<
|
1331
|
+
# 1609459200` to find Google Cloud resources that were created before "2021-01-
|
1332
|
+
# 01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00
|
1333
|
+
# UTC" in seconds. * `updateTime>1609459200` to find Google Cloud resources that
|
1334
|
+
# were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch
|
1335
|
+
# timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `Important` to find
|
1336
|
+
# Google Cloud resources that contain "Important" as a word in any of the
|
1337
|
+
# searchable fields. * `Impor*` to find Google Cloud resources that contain "
|
1118
1338
|
# Impor" as a prefix of any word in any of the searchable fields. * `Important
|
1119
|
-
# location:(us-west1 OR global)` to find Cloud resources that contain "
|
1120
|
-
# as a word in any of the searchable fields and are also located in
|
1121
|
-
# west1" region or the "global" location.
|
1339
|
+
# location:(us-west1 OR global)` to find Google Cloud resources that contain "
|
1340
|
+
# Important" as a word in any of the searchable fields and are also located in
|
1341
|
+
# the "us-west1" region or the "global" location.
|
1122
1342
|
# @param [String] read_mask
|
1123
1343
|
# Optional. A comma-separated list of fields specifying which fields to be
|
1124
1344
|
# returned in ResourceSearchResult. Only '*' or combination of top level fields
|
@@ -1128,11 +1348,11 @@ module Google
|
|
1128
1348
|
# camelCase are supported): * name * assetType * project * displayName *
|
1129
1349
|
# description * location * tagKeys * tagValues * tagValueIds * labels *
|
1130
1350
|
# networkTags * kmsKey (This field is deprecated. Please use the `kmsKeys` field
|
1131
|
-
# to retrieve KMS key information.) * kmsKeys * createTime * updateTime *
|
1132
|
-
# additionalAttributes * versionedResources If read_mask is not
|
1133
|
-
# fields except versionedResources will be returned. If only '*'
|
1134
|
-
# all fields including versionedResources will be returned. Any
|
1135
|
-
# path will trigger INVALID_ARGUMENT error.
|
1351
|
+
# to retrieve Cloud KMS key information.) * kmsKeys * createTime * updateTime *
|
1352
|
+
# state * additionalAttributes * versionedResources If read_mask is not
|
1353
|
+
# specified, all fields except versionedResources will be returned. If only '*'
|
1354
|
+
# is specified, all fields including versionedResources will be returned. Any
|
1355
|
+
# invalid field path will trigger INVALID_ARGUMENT error.
|
1136
1356
|
# @param [String] fields
|
1137
1357
|
# Selector specifying which fields to include in a partial response.
|
1138
1358
|
# @param [String] quota_user
|
@@ -21,7 +21,8 @@ module Google
|
|
21
21
|
module Apis
|
22
22
|
# Cloud Asset API
|
23
23
|
#
|
24
|
-
# The
|
24
|
+
# The Cloud Asset API manages the history and inventory of Google Cloud
|
25
|
+
# resources.
|
25
26
|
#
|
26
27
|
# @see https://cloud.google.com/asset-inventory/docs/quickstart
|
27
28
|
module CloudassetV1
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-apis-cloudasset_v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.52.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-apis-core
|
@@ -58,7 +58,7 @@ licenses:
|
|
58
58
|
metadata:
|
59
59
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
60
60
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1/CHANGELOG.md
|
61
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.
|
61
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.52.0
|
62
62
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1
|
63
63
|
post_install_message:
|
64
64
|
rdoc_options: []
|
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: '0'
|
77
77
|
requirements: []
|
78
|
-
rubygems_version: 3.
|
78
|
+
rubygems_version: 3.4.2
|
79
79
|
signing_key:
|
80
80
|
specification_version: 4
|
81
81
|
summary: Simple REST client for Cloud Asset API V1
|