google-apis-cloudasset_v1 0.50.0 → 0.52.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/cloudasset_v1/classes.rb +1055 -75
- data/lib/google/apis/cloudasset_v1/gem_version.rb +3 -3
- data/lib/google/apis/cloudasset_v1/representations.rb +391 -0
- data/lib/google/apis/cloudasset_v1/service.rb +301 -81
- data/lib/google/apis/cloudasset_v1.rb +2 -1
- metadata +4 -4
@@ -22,7 +22,8 @@ module Google
|
|
22
22
|
module CloudassetV1
|
23
23
|
# Cloud Asset API
|
24
24
|
#
|
25
|
-
# The
|
25
|
+
# The Cloud Asset API manages the history and inventory of Google Cloud
|
26
|
+
# resources.
|
26
27
|
#
|
27
28
|
# @example
|
28
29
|
# require 'google/apis/cloudasset_v1'
|
@@ -387,8 +388,8 @@ module Google
|
|
387
388
|
# @param [String] saved_query_id
|
388
389
|
# Required. The ID to use for the saved query, which must be unique in the
|
389
390
|
# specified parent. It will become the final component of the saved query's
|
390
|
-
# resource name. This value should be 4-63 characters, and valid characters are
|
391
|
-
# a-z
|
391
|
+
# resource name. This value should be 4-63 characters, and valid characters are `
|
392
|
+
# a-z-`. Notice that this field is required in the saved query creation, and the
|
392
393
|
# `name` field of the `saved_query` will be ignored.
|
393
394
|
# @param [String] fields
|
394
395
|
# Selector specifying which fields to include in a partial response.
|
@@ -607,19 +608,19 @@ module Google
|
|
607
608
|
# Optional. If true, the response will include access analysis from identities
|
608
609
|
# to resources via service account impersonation. This is a very expensive
|
609
610
|
# operation, because many derived queries will be executed. We highly recommend
|
610
|
-
# you use AssetService.AnalyzeIamPolicyLongrunning
|
611
|
+
# you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if
|
611
612
|
# the request analyzes for which resources user A has permission P, and there's
|
612
613
|
# an IAM policy states user A has iam.serviceAccounts.getAccessToken permission
|
613
614
|
# to a service account SA, and there's another IAM policy states service account
|
614
|
-
# SA has permission P to a
|
615
|
-
# the
|
616
|
-
# AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
617
|
-
# example, if the request analyzes for who has permission P to a
|
618
|
-
# and there's an IAM policy states user A has iam.
|
619
|
-
# permission to a service account SA, and there's another
|
620
|
-
# service account SA has permission P to the
|
621
|
-
# potentially has access to the
|
622
|
-
# results will be included in AnalyzeIamPolicyResponse.
|
615
|
+
# SA has permission P to a Google Cloud folder F, then user A potentially has
|
616
|
+
# access to the Google Cloud folder F. And those advanced analysis results will
|
617
|
+
# be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
|
618
|
+
# Another example, if the request analyzes for who has permission P to a Google
|
619
|
+
# Cloud folder F, and there's an IAM policy states user A has iam.
|
620
|
+
# serviceAccounts.actAs permission to a service account SA, and there's another
|
621
|
+
# IAM policy states service account SA has permission P to the Google Cloud
|
622
|
+
# folder F, then user A potentially has access to the Google Cloud folder F. And
|
623
|
+
# those advanced analysis results will be included in AnalyzeIamPolicyResponse.
|
623
624
|
# service_account_impersonation_analysis. Only the following permissions are
|
624
625
|
# considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.
|
625
626
|
# serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.
|
@@ -637,17 +638,18 @@ module Google
|
|
637
638
|
# specified, the resource section of the result will expand any resource
|
638
639
|
# attached to an IAM policy to include resources lower in the resource hierarchy.
|
639
640
|
# For example, if the request analyzes for which resources user A has
|
640
|
-
# permission P, and the results include an IAM policy with P on a
|
641
|
-
# the results will also include resources in that folder with permission
|
642
|
-
# true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
643
|
-
# section of the result will expand the specified resource to include
|
644
|
-
# lower in the resource hierarchy. Only project or lower resources are
|
645
|
-
# Folder and organization
|
646
|
-
# For example, if the request analyzes for which users have permission P
|
647
|
-
#
|
648
|
-
# have permission P on that project or any lower resource. If true,
|
649
|
-
# max expansion per resource is 1000 for AssetService.
|
650
|
-
# 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
641
|
+
# permission P, and the results include an IAM policy with P on a Google Cloud
|
642
|
+
# folder, the results will also include resources in that folder with permission
|
643
|
+
# P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the
|
644
|
+
# resource section of the result will expand the specified resource to include
|
645
|
+
# resources lower in the resource hierarchy. Only project or lower resources are
|
646
|
+
# supported. Folder and organization resources cannot be used together with this
|
647
|
+
# option. For example, if the request analyzes for which users have permission P
|
648
|
+
# on a Google Cloud project with this option enabled, the results will include
|
649
|
+
# all users who have permission P on that project or any lower resource. If true,
|
650
|
+
# the default max expansion per resource is 1000 for AssetService.
|
651
|
+
# AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][].
|
652
|
+
# Default is false.
|
651
653
|
# @param [Boolean] analysis_query_options_expand_roles
|
652
654
|
# Optional. If true, the access section of result will expand any roles
|
653
655
|
# appearing in IAM policy bindings to include their permissions. If
|
@@ -780,14 +782,15 @@ module Google
|
|
780
782
|
# and configuration are subject to change before the actual resource migration
|
781
783
|
# takes place.
|
782
784
|
# @param [String] resource
|
783
|
-
# Required. Name of the resource to perform the analysis against. Only
|
784
|
-
#
|
785
|
-
# "projects/my-project-id") or a
|
785
|
+
# Required. Name of the resource to perform the analysis against. Only Google
|
786
|
+
# Cloud projects are supported as of today. Hence, this can only be a project ID
|
787
|
+
# (such as "projects/my-project-id") or a project number (such as "projects/
|
788
|
+
# 12345").
|
786
789
|
# @param [String] destination_parent
|
787
|
-
# Required. Name of the
|
788
|
-
# resource. The analysis will be performed against hypothetically moving
|
789
|
-
# resource to this specified desitination parent. This can only be a
|
790
|
-
# number (such as "folders/123") or an
|
790
|
+
# Required. Name of the Google Cloud folder or organization to reparent the
|
791
|
+
# target resource. The analysis will be performed against hypothetically moving
|
792
|
+
# the resource to this specified desitination parent. This can only be a folder
|
793
|
+
# number (such as "folders/123") or an organization number (such as "
|
791
794
|
# organizations/123").
|
792
795
|
# @param [String] view
|
793
796
|
# Analysis view indicating what information should be included in the analysis
|
@@ -821,6 +824,176 @@ module Google
|
|
821
824
|
execute_or_queue_command(command, &block)
|
822
825
|
end
|
823
826
|
|
827
|
+
# Analyzes organization policies under a scope.
|
828
|
+
# @param [String] scope
|
829
|
+
# Required. The organization to scope the request. Only organization policies
|
830
|
+
# within the scope will be analyzed. * organizations/`ORGANIZATION_NUMBER` (e.g.,
|
831
|
+
# "organizations/123456")
|
832
|
+
# @param [String] constraint
|
833
|
+
# Required. The name of the constraint to analyze organization policies for. The
|
834
|
+
# response only contains analyzed organization policies for the provided
|
835
|
+
# constraint.
|
836
|
+
# @param [String] filter
|
837
|
+
# The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The
|
838
|
+
# only supported field is `consolidated_policy.attached_resource`, and the only
|
839
|
+
# supported operator is `=`. Example: consolidated_policy.attached_resource="//
|
840
|
+
# cloudresourcemanager.googleapis.com/folders/001" will return the org policy
|
841
|
+
# results of"folders/001".
|
842
|
+
# @param [Fixnum] page_size
|
843
|
+
# The maximum number of items to return per page. If unspecified,
|
844
|
+
# AnalyzeOrgPoliciesResponse.org_policy_results will contain 20 items with a
|
845
|
+
# maximum of 200.
|
846
|
+
# @param [String] page_token
|
847
|
+
# The pagination token to retrieve the next page.
|
848
|
+
# @param [String] fields
|
849
|
+
# Selector specifying which fields to include in a partial response.
|
850
|
+
# @param [String] quota_user
|
851
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
852
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
853
|
+
# @param [Google::Apis::RequestOptions] options
|
854
|
+
# Request-specific options
|
855
|
+
#
|
856
|
+
# @yield [result, err] Result & error if block supplied
|
857
|
+
# @yieldparam result [Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse] parsed result object
|
858
|
+
# @yieldparam err [StandardError] error object if request failed
|
859
|
+
#
|
860
|
+
# @return [Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse]
|
861
|
+
#
|
862
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
863
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
864
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
865
|
+
def analyze_org_policies(scope, constraint: nil, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
866
|
+
command = make_simple_command(:get, 'v1/{+scope}:analyzeOrgPolicies', options)
|
867
|
+
command.response_representation = Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse::Representation
|
868
|
+
command.response_class = Google::Apis::CloudassetV1::AnalyzeOrgPoliciesResponse
|
869
|
+
command.params['scope'] = scope unless scope.nil?
|
870
|
+
command.query['constraint'] = constraint unless constraint.nil?
|
871
|
+
command.query['filter'] = filter unless filter.nil?
|
872
|
+
command.query['pageSize'] = page_size unless page_size.nil?
|
873
|
+
command.query['pageToken'] = page_token unless page_token.nil?
|
874
|
+
command.query['fields'] = fields unless fields.nil?
|
875
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
876
|
+
execute_or_queue_command(command, &block)
|
877
|
+
end
|
878
|
+
|
879
|
+
# Analyzes organization policies governed assets (Google Cloud resources or
|
880
|
+
# policies) under a scope. This RPC supports custom constraints and the
|
881
|
+
# following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.
|
882
|
+
# disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.
|
883
|
+
# vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.
|
884
|
+
# resourceLocations * compute.trustedImageProjects * compute.
|
885
|
+
# skipDefaultNetworkCreation * compute.requireOsLogin * compute.
|
886
|
+
# disableNestedVirtualization This RPC only returns either resources of types
|
887
|
+
# supported by [searchable asset types](https://cloud.google.com/asset-inventory/
|
888
|
+
# docs/supported-asset-types#searchable_asset_types), or IAM policies.
|
889
|
+
# @param [String] scope
|
890
|
+
# Required. The organization to scope the request. Only organization policies
|
891
|
+
# within the scope will be analyzed. The output assets will also be limited to
|
892
|
+
# the ones governed by those in-scope organization policies. * organizations/`
|
893
|
+
# ORGANIZATION_NUMBER` (e.g., "organizations/123456")
|
894
|
+
# @param [String] constraint
|
895
|
+
# Required. The name of the constraint to analyze governed assets for. The
|
896
|
+
# analysis only contains analyzed organization policies for the provided
|
897
|
+
# constraint.
|
898
|
+
# @param [String] filter
|
899
|
+
# The expression to filter the governed assets in result. The only supported
|
900
|
+
# fields for governed resources are `governed_resource.project` and `
|
901
|
+
# governed_resource.folders`. The only supported fields for governed iam
|
902
|
+
# policies are `governed_iam_policy.project` and `governed_iam_policy.folders`.
|
903
|
+
# The only supported operator is `=`. Example 1: governed_resource.project="
|
904
|
+
# projects/12345678" filter will return all governed resources under projects/
|
905
|
+
# 12345678 including the project ifself, if applicable. Example 2:
|
906
|
+
# governed_iam_policy.folders="folders/12345678" filter will return all governed
|
907
|
+
# iam policies under folders/12345678, if applicable.
|
908
|
+
# @param [Fixnum] page_size
|
909
|
+
# The maximum number of items to return per page. If unspecified,
|
910
|
+
# AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will contain 100 items
|
911
|
+
# with a maximum of 200.
|
912
|
+
# @param [String] page_token
|
913
|
+
# The pagination token to retrieve the next page.
|
914
|
+
# @param [String] fields
|
915
|
+
# Selector specifying which fields to include in a partial response.
|
916
|
+
# @param [String] quota_user
|
917
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
918
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
919
|
+
# @param [Google::Apis::RequestOptions] options
|
920
|
+
# Request-specific options
|
921
|
+
#
|
922
|
+
# @yield [result, err] Result & error if block supplied
|
923
|
+
# @yieldparam result [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse] parsed result object
|
924
|
+
# @yieldparam err [StandardError] error object if request failed
|
925
|
+
#
|
926
|
+
# @return [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse]
|
927
|
+
#
|
928
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
929
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
930
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
931
|
+
def analyze_org_policy_governed_assets(scope, constraint: nil, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
932
|
+
command = make_simple_command(:get, 'v1/{+scope}:analyzeOrgPolicyGovernedAssets', options)
|
933
|
+
command.response_representation = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse::Representation
|
934
|
+
command.response_class = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedAssetsResponse
|
935
|
+
command.params['scope'] = scope unless scope.nil?
|
936
|
+
command.query['constraint'] = constraint unless constraint.nil?
|
937
|
+
command.query['filter'] = filter unless filter.nil?
|
938
|
+
command.query['pageSize'] = page_size unless page_size.nil?
|
939
|
+
command.query['pageToken'] = page_token unless page_token.nil?
|
940
|
+
command.query['fields'] = fields unless fields.nil?
|
941
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
942
|
+
execute_or_queue_command(command, &block)
|
943
|
+
end
|
944
|
+
|
945
|
+
# Analyzes organization policies governed containers (projects, folders or
|
946
|
+
# organization) under a scope.
|
947
|
+
# @param [String] scope
|
948
|
+
# Required. The organization to scope the request. Only organization policies
|
949
|
+
# within the scope will be analyzed. The output containers will also be limited
|
950
|
+
# to the ones governed by those in-scope organization policies. * organizations/`
|
951
|
+
# ORGANIZATION_NUMBER` (e.g., "organizations/123456")
|
952
|
+
# @param [String] constraint
|
953
|
+
# Required. The name of the constraint to analyze governed containers for. The
|
954
|
+
# analysis only contains organization policies for the provided constraint.
|
955
|
+
# @param [String] filter
|
956
|
+
# The expression to filter the governed containers in result. The only supported
|
957
|
+
# field is `parent`, and the only supported operator is `=`. Example: parent="//
|
958
|
+
# cloudresourcemanager.googleapis.com/folders/001" will return all containers
|
959
|
+
# under "folders/001".
|
960
|
+
# @param [Fixnum] page_size
|
961
|
+
# The maximum number of items to return per page. If unspecified,
|
962
|
+
# AnalyzeOrgPolicyGovernedContainersResponse.governed_containers will contain
|
963
|
+
# 100 items with a maximum of 200.
|
964
|
+
# @param [String] page_token
|
965
|
+
# The pagination token to retrieve the next page.
|
966
|
+
# @param [String] fields
|
967
|
+
# Selector specifying which fields to include in a partial response.
|
968
|
+
# @param [String] quota_user
|
969
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
970
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
971
|
+
# @param [Google::Apis::RequestOptions] options
|
972
|
+
# Request-specific options
|
973
|
+
#
|
974
|
+
# @yield [result, err] Result & error if block supplied
|
975
|
+
# @yieldparam result [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse] parsed result object
|
976
|
+
# @yieldparam err [StandardError] error object if request failed
|
977
|
+
#
|
978
|
+
# @return [Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse]
|
979
|
+
#
|
980
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
981
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
982
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
983
|
+
def analyze_org_policy_governed_containers(scope, constraint: nil, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
984
|
+
command = make_simple_command(:get, 'v1/{+scope}:analyzeOrgPolicyGovernedContainers', options)
|
985
|
+
command.response_representation = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse::Representation
|
986
|
+
command.response_class = Google::Apis::CloudassetV1::AnalyzeOrgPolicyGovernedContainersResponse
|
987
|
+
command.params['scope'] = scope unless scope.nil?
|
988
|
+
command.query['constraint'] = constraint unless constraint.nil?
|
989
|
+
command.query['filter'] = filter unless filter.nil?
|
990
|
+
command.query['pageSize'] = page_size unless page_size.nil?
|
991
|
+
command.query['pageToken'] = page_token unless page_token.nil?
|
992
|
+
command.query['fields'] = fields unless fields.nil?
|
993
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
994
|
+
execute_or_queue_command(command, &block)
|
995
|
+
end
|
996
|
+
|
824
997
|
# Batch gets the update history of assets that overlap a time window. For
|
825
998
|
# IAM_POLICY content, this API outputs history when the asset and its attached
|
826
999
|
# IAM POLICY both exist. This can create gaps in the output history. Otherwise,
|
@@ -931,6 +1104,51 @@ module Google
|
|
931
1104
|
execute_or_queue_command(command, &block)
|
932
1105
|
end
|
933
1106
|
|
1107
|
+
# Issue a job that queries assets using a SQL statement compatible with [
|
1108
|
+
# BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/
|
1109
|
+
# enabling-standard-sql). If the query execution finishes within timeout and
|
1110
|
+
# there's no pagination, the full query results will be returned in the `
|
1111
|
+
# QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing
|
1112
|
+
# extra requests with the `job_reference` from the a previous `QueryAssets` call.
|
1113
|
+
# Note, the query result has approximately 10 GB limitation enforced by
|
1114
|
+
# BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-
|
1115
|
+
# output, queries return larger results will result in errors.
|
1116
|
+
# @param [String] parent
|
1117
|
+
# Required. The relative name of the root asset. This can only be an
|
1118
|
+
# organization number (such as "organizations/123"), a project ID (such as "
|
1119
|
+
# projects/my-project-id"), or a project number (such as "projects/12345"), or a
|
1120
|
+
# folder number (such as "folders/123"). Only assets belonging to the `parent`
|
1121
|
+
# will be returned.
|
1122
|
+
# @param [Google::Apis::CloudassetV1::QueryAssetsRequest] query_assets_request_object
|
1123
|
+
# @param [String] fields
|
1124
|
+
# Selector specifying which fields to include in a partial response.
|
1125
|
+
# @param [String] quota_user
|
1126
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
1127
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
1128
|
+
# @param [Google::Apis::RequestOptions] options
|
1129
|
+
# Request-specific options
|
1130
|
+
#
|
1131
|
+
# @yield [result, err] Result & error if block supplied
|
1132
|
+
# @yieldparam result [Google::Apis::CloudassetV1::QueryAssetsResponse] parsed result object
|
1133
|
+
# @yieldparam err [StandardError] error object if request failed
|
1134
|
+
#
|
1135
|
+
# @return [Google::Apis::CloudassetV1::QueryAssetsResponse]
|
1136
|
+
#
|
1137
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
1138
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
1139
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
1140
|
+
def query_assets(parent, query_assets_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
1141
|
+
command = make_simple_command(:post, 'v1/{+parent}:queryAssets', options)
|
1142
|
+
command.request_representation = Google::Apis::CloudassetV1::QueryAssetsRequest::Representation
|
1143
|
+
command.request_object = query_assets_request_object
|
1144
|
+
command.response_representation = Google::Apis::CloudassetV1::QueryAssetsResponse::Representation
|
1145
|
+
command.response_class = Google::Apis::CloudassetV1::QueryAssetsResponse
|
1146
|
+
command.params['parent'] = parent unless parent.nil?
|
1147
|
+
command.query['fields'] = fields unless fields.nil?
|
1148
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
1149
|
+
execute_or_queue_command(command, &block)
|
1150
|
+
end
|
1151
|
+
|
934
1152
|
# Searches all IAM policies within the specified scope, such as a project,
|
935
1153
|
# folder, or organization. The caller must be granted the `cloudasset.assets.
|
936
1154
|
# searchAllIamPolicies` permission on the desired scope, otherwise the request
|
@@ -979,16 +1197,16 @@ module Google
|
|
979
1197
|
# google.com/asset-inventory/docs/searching-iam-policies#
|
980
1198
|
# how_to_construct_a_query) for more information. If not specified or empty, it
|
981
1199
|
# will search all the IAM policies within the specified `scope`. Note that the
|
982
|
-
# query string is compared against each
|
983
|
-
# principals, roles, and
|
984
|
-
#
|
985
|
-
#
|
986
|
-
#
|
987
|
-
#
|
988
|
-
#
|
989
|
-
#
|
990
|
-
#
|
991
|
-
#
|
1200
|
+
# query string is compared against each IAM policy binding, including its
|
1201
|
+
# principals, roles, and IAM conditions. The returned IAM policies will only
|
1202
|
+
# contain the bindings that match your query. To learn more about the IAM policy
|
1203
|
+
# structure, see the [IAM policy documentation](https://cloud.google.com/iam/
|
1204
|
+
# help/allow-policies/structure). Examples: * `policy:amy@gmail.com` to find IAM
|
1205
|
+
# policy bindings that specify user "amy@gmail.com". * `policy:roles/compute.
|
1206
|
+
# admin` to find IAM policy bindings that specify the Compute Admin role. * `
|
1207
|
+
# policy:comp*` to find IAM policy bindings that contain "comp" as a prefix of
|
1208
|
+
# any word in the binding. * `policy.role.permissions:storage.buckets.update` to
|
1209
|
+
# find IAM policy bindings that specify a role containing "storage.buckets.
|
992
1210
|
# update" permission. Note that if callers don't have `iam.roles.get` access to
|
993
1211
|
# a role's included permissions, policy bindings that specify this role will be
|
994
1212
|
# dropped from the search results. * `policy.role.permissions:upd*` to find IAM
|
@@ -1038,10 +1256,10 @@ module Google
|
|
1038
1256
|
execute_or_queue_command(command, &block)
|
1039
1257
|
end
|
1040
1258
|
|
1041
|
-
# Searches all Cloud resources within the specified scope, such as a
|
1042
|
-
# folder, or organization. The caller must be granted the `cloudasset.
|
1043
|
-
# searchAllResources` permission on the desired scope, otherwise the
|
1044
|
-
# will be rejected.
|
1259
|
+
# Searches all Google Cloud resources within the specified scope, such as a
|
1260
|
+
# project, folder, or organization. The caller must be granted the `cloudasset.
|
1261
|
+
# assets.searchAllResources` permission on the desired scope, otherwise the
|
1262
|
+
# request will be rejected.
|
1045
1263
|
# @param [String] scope
|
1046
1264
|
# Required. A scope can be a project, a folder, or an organization. The search
|
1047
1265
|
# is limited to the resources within the `scope`. The caller must be granted the
|
@@ -1087,38 +1305,40 @@ module Google
|
|
1087
1305
|
# google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
|
1088
1306
|
# for more information. If not specified or empty, it will search all the
|
1089
1307
|
# resources within the specified `scope`. Examples: * `name:Important` to find
|
1090
|
-
# Cloud resources whose name contains "Important" as a word. * `name=
|
1091
|
-
# to find the Cloud resource whose name is exactly "Important".
|
1092
|
-
# Impor*` to find Cloud resources whose display name
|
1093
|
-
# prefix of any word in the field. * `location:us-west*`
|
1094
|
-
# whose location contains both "us" and "west" as
|
1095
|
-
# find Cloud resources whose labels contain "
|
1096
|
-
#
|
1097
|
-
#
|
1098
|
-
# kmsKey:key` to find
|
1099
|
-
#
|
1100
|
-
#
|
1101
|
-
# to
|
1102
|
-
#
|
1103
|
-
#
|
1104
|
-
#
|
1105
|
-
#
|
1106
|
-
# relationships
|
1107
|
-
#
|
1108
|
-
#
|
1109
|
-
#
|
1110
|
-
#
|
1111
|
-
# "ACTIVE" as a word. * `
|
1112
|
-
#
|
1113
|
-
#
|
1114
|
-
#
|
1115
|
-
#
|
1116
|
-
#
|
1117
|
-
# of
|
1308
|
+
# Google Cloud resources whose name contains "Important" as a word. * `name=
|
1309
|
+
# Important` to find the Google Cloud resource whose name is exactly "Important".
|
1310
|
+
# * `displayName:Impor*` to find Google Cloud resources whose display name
|
1311
|
+
# contains "Impor" as a prefix of any word in the field. * `location:us-west*`
|
1312
|
+
# to find Google Cloud resources whose location contains both "us" and "west" as
|
1313
|
+
# prefixes. * `labels:prod` to find Google Cloud resources whose labels contain "
|
1314
|
+
# prod" as a key or value. * `labels.env:prod` to find Google Cloud resources
|
1315
|
+
# that have a label "env" and its value is "prod". * `labels.env:*` to find
|
1316
|
+
# Google Cloud resources that have a label "env". * `kmsKey:key` to find Google
|
1317
|
+
# Cloud resources encrypted with a customer-managed encryption key whose name
|
1318
|
+
# contains "key" as a word. This field is deprecated. Please use the `kmsKeys`
|
1319
|
+
# field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google
|
1320
|
+
# Cloud resources encrypted with customer-managed encryption keys whose name
|
1321
|
+
# contains the word "key". * `relationships:instance-group-1` to find Google
|
1322
|
+
# Cloud resources that have relationships with "instance-group-1" in the related
|
1323
|
+
# resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute
|
1324
|
+
# Engine instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". *
|
1325
|
+
# `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute
|
1326
|
+
# Engine instances that have relationships with "instance-group-1" in the
|
1327
|
+
# Compute Engine instance group resource name, for relationship type "
|
1328
|
+
# INSTANCE_TO_INSTANCEGROUP". * `state:ACTIVE` to find Google Cloud resources
|
1329
|
+
# whose state contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Google
|
1330
|
+
# Cloud resources whose state doesn't contain "ACTIVE" as a word. * `createTime<
|
1331
|
+
# 1609459200` to find Google Cloud resources that were created before "2021-01-
|
1332
|
+
# 01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00
|
1333
|
+
# UTC" in seconds. * `updateTime>1609459200` to find Google Cloud resources that
|
1334
|
+
# were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch
|
1335
|
+
# timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `Important` to find
|
1336
|
+
# Google Cloud resources that contain "Important" as a word in any of the
|
1337
|
+
# searchable fields. * `Impor*` to find Google Cloud resources that contain "
|
1118
1338
|
# Impor" as a prefix of any word in any of the searchable fields. * `Important
|
1119
|
-
# location:(us-west1 OR global)` to find Cloud resources that contain "
|
1120
|
-
# as a word in any of the searchable fields and are also located in
|
1121
|
-
# west1" region or the "global" location.
|
1339
|
+
# location:(us-west1 OR global)` to find Google Cloud resources that contain "
|
1340
|
+
# Important" as a word in any of the searchable fields and are also located in
|
1341
|
+
# the "us-west1" region or the "global" location.
|
1122
1342
|
# @param [String] read_mask
|
1123
1343
|
# Optional. A comma-separated list of fields specifying which fields to be
|
1124
1344
|
# returned in ResourceSearchResult. Only '*' or combination of top level fields
|
@@ -1128,11 +1348,11 @@ module Google
|
|
1128
1348
|
# camelCase are supported): * name * assetType * project * displayName *
|
1129
1349
|
# description * location * tagKeys * tagValues * tagValueIds * labels *
|
1130
1350
|
# networkTags * kmsKey (This field is deprecated. Please use the `kmsKeys` field
|
1131
|
-
# to retrieve KMS key information.) * kmsKeys * createTime * updateTime *
|
1132
|
-
# additionalAttributes * versionedResources If read_mask is not
|
1133
|
-
# fields except versionedResources will be returned. If only '*'
|
1134
|
-
# all fields including versionedResources will be returned. Any
|
1135
|
-
# path will trigger INVALID_ARGUMENT error.
|
1351
|
+
# to retrieve Cloud KMS key information.) * kmsKeys * createTime * updateTime *
|
1352
|
+
# state * additionalAttributes * versionedResources If read_mask is not
|
1353
|
+
# specified, all fields except versionedResources will be returned. If only '*'
|
1354
|
+
# is specified, all fields including versionedResources will be returned. Any
|
1355
|
+
# invalid field path will trigger INVALID_ARGUMENT error.
|
1136
1356
|
# @param [String] fields
|
1137
1357
|
# Selector specifying which fields to include in a partial response.
|
1138
1358
|
# @param [String] quota_user
|
@@ -21,7 +21,8 @@ module Google
|
|
21
21
|
module Apis
|
22
22
|
# Cloud Asset API
|
23
23
|
#
|
24
|
-
# The
|
24
|
+
# The Cloud Asset API manages the history and inventory of Google Cloud
|
25
|
+
# resources.
|
25
26
|
#
|
26
27
|
# @see https://cloud.google.com/asset-inventory/docs/quickstart
|
27
28
|
module CloudassetV1
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-apis-cloudasset_v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.52.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-apis-core
|
@@ -58,7 +58,7 @@ licenses:
|
|
58
58
|
metadata:
|
59
59
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
60
60
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1/CHANGELOG.md
|
61
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.
|
61
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.52.0
|
62
62
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1
|
63
63
|
post_install_message:
|
64
64
|
rdoc_options: []
|
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: '0'
|
77
77
|
requirements: []
|
78
|
-
rubygems_version: 3.
|
78
|
+
rubygems_version: 3.4.2
|
79
79
|
signing_key:
|
80
80
|
specification_version: 4
|
81
81
|
summary: Simple REST client for Cloud Asset API V1
|