google-apis-cloudasset_v1 0.58.0 → 0.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3547a26a28726490468cccddb7219aba4c5ee869f3efc08f93ea2d1573cbca83
|
|
4
|
+
data.tar.gz: 2d5bf2060ab06f0b7f8f3a2a740310b5b3193cc3428a78eaf14f577606e90caf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '097bec98de51b52a3151299b858a794657ee40e70b1957cc5f42aab42a4a1a2633f9c5c2c7ff9089a19aee457731634425e211c0fd791f90248cc8d706d327bc'
|
|
7
|
+
data.tar.gz: 983468c68c93cae531d6db2c617846e08843fdcde49d31d175534ddad1cceb4e91cdbaee7c2f90fff69e00232a39de64a80708a3b4011cba36aa37beb120247b
|
data/CHANGELOG.md
CHANGED
|
@@ -928,32 +928,6 @@ module Google
|
|
|
928
928
|
end
|
|
929
929
|
end
|
|
930
930
|
|
|
931
|
-
# A denied access contains details about an access tuple that is blocked by IAM
|
|
932
|
-
# deny policies.
|
|
933
|
-
class DeniedAccess
|
|
934
|
-
include Google::Apis::Core::Hashable
|
|
935
|
-
|
|
936
|
-
# An access tuple contains a tuple of a resource, an identity and an access.
|
|
937
|
-
# Corresponds to the JSON property `deniedAccessTuple`
|
|
938
|
-
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccessTuple]
|
|
939
|
-
attr_accessor :denied_access_tuple
|
|
940
|
-
|
|
941
|
-
# The details about how denied_access_tuple is denied.
|
|
942
|
-
# Corresponds to the JSON property `denyDetails`
|
|
943
|
-
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessDenyDetail>]
|
|
944
|
-
attr_accessor :deny_details
|
|
945
|
-
|
|
946
|
-
def initialize(**args)
|
|
947
|
-
update!(**args)
|
|
948
|
-
end
|
|
949
|
-
|
|
950
|
-
# Update properties of this object
|
|
951
|
-
def update!(**args)
|
|
952
|
-
@denied_access_tuple = args[:denied_access_tuple] if args.key?(:denied_access_tuple)
|
|
953
|
-
@deny_details = args[:deny_details] if args.key?(:deny_details)
|
|
954
|
-
end
|
|
955
|
-
end
|
|
956
|
-
|
|
957
931
|
# The effective IAM policies on one resource.
|
|
958
932
|
class EffectiveIamPolicy
|
|
959
933
|
include Google::Apis::Core::Hashable
|
|
@@ -1750,160 +1724,6 @@ module Google
|
|
|
1750
1724
|
end
|
|
1751
1725
|
end
|
|
1752
1726
|
|
|
1753
|
-
# An IAM role or permission under analysis.
|
|
1754
|
-
class GoogleCloudAssetV1DeniedAccessAccess
|
|
1755
|
-
include Google::Apis::Core::Hashable
|
|
1756
|
-
|
|
1757
|
-
# The IAM permission in [v1 format](https://cloud.google.com/iam/docs/
|
|
1758
|
-
# permissions-reference)
|
|
1759
|
-
# Corresponds to the JSON property `permission`
|
|
1760
|
-
# @return [String]
|
|
1761
|
-
attr_accessor :permission
|
|
1762
|
-
|
|
1763
|
-
# The IAM role.
|
|
1764
|
-
# Corresponds to the JSON property `role`
|
|
1765
|
-
# @return [String]
|
|
1766
|
-
attr_accessor :role
|
|
1767
|
-
|
|
1768
|
-
def initialize(**args)
|
|
1769
|
-
update!(**args)
|
|
1770
|
-
end
|
|
1771
|
-
|
|
1772
|
-
# Update properties of this object
|
|
1773
|
-
def update!(**args)
|
|
1774
|
-
@permission = args[:permission] if args.key?(:permission)
|
|
1775
|
-
@role = args[:role] if args.key?(:role)
|
|
1776
|
-
end
|
|
1777
|
-
end
|
|
1778
|
-
|
|
1779
|
-
# An access tuple contains a tuple of a resource, an identity and an access.
|
|
1780
|
-
class GoogleCloudAssetV1DeniedAccessAccessTuple
|
|
1781
|
-
include Google::Apis::Core::Hashable
|
|
1782
|
-
|
|
1783
|
-
# An IAM role or permission under analysis.
|
|
1784
|
-
# Corresponds to the JSON property `access`
|
|
1785
|
-
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess]
|
|
1786
|
-
attr_accessor :access
|
|
1787
|
-
|
|
1788
|
-
# An identity under analysis.
|
|
1789
|
-
# Corresponds to the JSON property `identity`
|
|
1790
|
-
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity]
|
|
1791
|
-
attr_accessor :identity
|
|
1792
|
-
|
|
1793
|
-
# A Google Cloud resource under analysis.
|
|
1794
|
-
# Corresponds to the JSON property `resource`
|
|
1795
|
-
# @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource]
|
|
1796
|
-
attr_accessor :resource
|
|
1797
|
-
|
|
1798
|
-
def initialize(**args)
|
|
1799
|
-
update!(**args)
|
|
1800
|
-
end
|
|
1801
|
-
|
|
1802
|
-
# Update properties of this object
|
|
1803
|
-
def update!(**args)
|
|
1804
|
-
@access = args[:access] if args.key?(:access)
|
|
1805
|
-
@identity = args[:identity] if args.key?(:identity)
|
|
1806
|
-
@resource = args[:resource] if args.key?(:resource)
|
|
1807
|
-
end
|
|
1808
|
-
end
|
|
1809
|
-
|
|
1810
|
-
# A deny detail that explains which IAM deny rule denies the denied_access_tuple.
|
|
1811
|
-
class GoogleCloudAssetV1DeniedAccessDenyDetail
|
|
1812
|
-
include Google::Apis::Core::Hashable
|
|
1813
|
-
|
|
1814
|
-
# The denied accesses. If this deny_rule fully denies the denied_access_tuple,
|
|
1815
|
-
# this field will be same as AccessTuple.access. Otherwise, this field can
|
|
1816
|
-
# contain AccessTuple.access and its descendant accesses, such as a subset of
|
|
1817
|
-
# IAM permissions contained in an IAM role.
|
|
1818
|
-
# Corresponds to the JSON property `accesses`
|
|
1819
|
-
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess>]
|
|
1820
|
-
attr_accessor :accesses
|
|
1821
|
-
|
|
1822
|
-
# A deny rule in an IAM deny policy.
|
|
1823
|
-
# Corresponds to the JSON property `denyRule`
|
|
1824
|
-
# @return [Google::Apis::CloudassetV1::GoogleIamV2DenyRule]
|
|
1825
|
-
attr_accessor :deny_rule
|
|
1826
|
-
|
|
1827
|
-
# Whether the deny_rule fully denies all access granted by the
|
|
1828
|
-
# denied_access_tuple. `True` means the deny rule fully blocks the access tuple.
|
|
1829
|
-
# `False` means the deny rule partially blocks the access tuple."
|
|
1830
|
-
# Corresponds to the JSON property `fullyDenied`
|
|
1831
|
-
# @return [Boolean]
|
|
1832
|
-
attr_accessor :fully_denied
|
|
1833
|
-
alias_method :fully_denied?, :fully_denied
|
|
1834
|
-
|
|
1835
|
-
# If this deny_rule fully denies the denied_access_tuple, this field will be
|
|
1836
|
-
# same as AccessTuple.identity. Otherwise, this field can contain AccessTuple.
|
|
1837
|
-
# identity and its descendant identities, such as a subset of users in a group.
|
|
1838
|
-
# Corresponds to the JSON property `identities`
|
|
1839
|
-
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity>]
|
|
1840
|
-
attr_accessor :identities
|
|
1841
|
-
|
|
1842
|
-
# The resources that the identities are denied access to. If this deny_rule
|
|
1843
|
-
# fully denies the denied_access_tuple, this field will be same as AccessTuple.
|
|
1844
|
-
# resource. Otherwise, this field can contain AccessTuple.resource and its
|
|
1845
|
-
# descendant resources.
|
|
1846
|
-
# Corresponds to the JSON property `resources`
|
|
1847
|
-
# @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource>]
|
|
1848
|
-
attr_accessor :resources
|
|
1849
|
-
|
|
1850
|
-
def initialize(**args)
|
|
1851
|
-
update!(**args)
|
|
1852
|
-
end
|
|
1853
|
-
|
|
1854
|
-
# Update properties of this object
|
|
1855
|
-
def update!(**args)
|
|
1856
|
-
@accesses = args[:accesses] if args.key?(:accesses)
|
|
1857
|
-
@deny_rule = args[:deny_rule] if args.key?(:deny_rule)
|
|
1858
|
-
@fully_denied = args[:fully_denied] if args.key?(:fully_denied)
|
|
1859
|
-
@identities = args[:identities] if args.key?(:identities)
|
|
1860
|
-
@resources = args[:resources] if args.key?(:resources)
|
|
1861
|
-
end
|
|
1862
|
-
end
|
|
1863
|
-
|
|
1864
|
-
# An identity under analysis.
|
|
1865
|
-
class GoogleCloudAssetV1DeniedAccessIdentity
|
|
1866
|
-
include Google::Apis::Core::Hashable
|
|
1867
|
-
|
|
1868
|
-
# The identity of members, formatted as appear in an [IAM policy binding](https:/
|
|
1869
|
-
# /cloud.google.com/iam/reference/rest/v1/Binding). For example, they might be
|
|
1870
|
-
# formatted like the following: - user:foo@google.com - group:group1@google.com -
|
|
1871
|
-
# serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id
|
|
1872
|
-
# - domain:google.com - allUsers
|
|
1873
|
-
# Corresponds to the JSON property `name`
|
|
1874
|
-
# @return [String]
|
|
1875
|
-
attr_accessor :name
|
|
1876
|
-
|
|
1877
|
-
def initialize(**args)
|
|
1878
|
-
update!(**args)
|
|
1879
|
-
end
|
|
1880
|
-
|
|
1881
|
-
# Update properties of this object
|
|
1882
|
-
def update!(**args)
|
|
1883
|
-
@name = args[:name] if args.key?(:name)
|
|
1884
|
-
end
|
|
1885
|
-
end
|
|
1886
|
-
|
|
1887
|
-
# A Google Cloud resource under analysis.
|
|
1888
|
-
class GoogleCloudAssetV1DeniedAccessResource
|
|
1889
|
-
include Google::Apis::Core::Hashable
|
|
1890
|
-
|
|
1891
|
-
# The [full resource name](https://cloud.google.com/asset-inventory/docs/
|
|
1892
|
-
# resource-name-format)
|
|
1893
|
-
# Corresponds to the JSON property `fullResourceName`
|
|
1894
|
-
# @return [String]
|
|
1895
|
-
attr_accessor :full_resource_name
|
|
1896
|
-
|
|
1897
|
-
def initialize(**args)
|
|
1898
|
-
update!(**args)
|
|
1899
|
-
end
|
|
1900
|
-
|
|
1901
|
-
# Update properties of this object
|
|
1902
|
-
def update!(**args)
|
|
1903
|
-
@full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
|
|
1904
|
-
end
|
|
1905
|
-
end
|
|
1906
|
-
|
|
1907
1727
|
# A directional edge.
|
|
1908
1728
|
class GoogleCloudAssetV1Edge
|
|
1909
1729
|
include Google::Apis::Core::Hashable
|
|
@@ -2161,7 +1981,10 @@ module Google
|
|
|
2161
1981
|
end
|
|
2162
1982
|
end
|
|
2163
1983
|
|
|
2164
|
-
#
|
|
1984
|
+
# This rule message is a customized version of the one defined in the
|
|
1985
|
+
# Organization Policy system. In addition to the fields defined in the original
|
|
1986
|
+
# organization policy, it contains additional field(s) under specific
|
|
1987
|
+
# circumstances to support analysis results.
|
|
2165
1988
|
class GoogleCloudAssetV1Rule
|
|
2166
1989
|
include Google::Apis::Core::Hashable
|
|
2167
1990
|
|
|
@@ -2848,101 +2671,6 @@ module Google
|
|
|
2848
2671
|
end
|
|
2849
2672
|
end
|
|
2850
2673
|
|
|
2851
|
-
# A deny rule in an IAM deny policy.
|
|
2852
|
-
class GoogleIamV2DenyRule
|
|
2853
|
-
include Google::Apis::Core::Hashable
|
|
2854
|
-
|
|
2855
|
-
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
|
2856
|
-
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
|
2857
|
-
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
|
2858
|
-
# "Summary size limit" description: "Determines if a summary is less than 100
|
|
2859
|
-
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
|
2860
|
-
# Requestor is owner" description: "Determines if requestor is the document
|
|
2861
|
-
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
|
2862
|
-
# Logic): title: "Public documents" description: "Determine whether the document
|
|
2863
|
-
# should be publicly visible" expression: "document.type != 'private' &&
|
|
2864
|
-
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
|
2865
|
-
# string" description: "Create a notification string with a timestamp."
|
|
2866
|
-
# expression: "'New message received at ' + string(document.create_time)" The
|
|
2867
|
-
# exact variables and functions that may be referenced within an expression are
|
|
2868
|
-
# determined by the service that evaluates it. See the service documentation for
|
|
2869
|
-
# additional information.
|
|
2870
|
-
# Corresponds to the JSON property `denialCondition`
|
|
2871
|
-
# @return [Google::Apis::CloudassetV1::Expr]
|
|
2872
|
-
attr_accessor :denial_condition
|
|
2873
|
-
|
|
2874
|
-
# The permissions that are explicitly denied by this rule. Each permission uses
|
|
2875
|
-
# the format ``service_fqdn`/`resource`.`verb``, where ``service_fqdn`` is the
|
|
2876
|
-
# fully qualified domain name for the service. For example, `iam.googleapis.com/
|
|
2877
|
-
# roles.list`.
|
|
2878
|
-
# Corresponds to the JSON property `deniedPermissions`
|
|
2879
|
-
# @return [Array<String>]
|
|
2880
|
-
attr_accessor :denied_permissions
|
|
2881
|
-
|
|
2882
|
-
# The identities that are prevented from using one or more permissions on Google
|
|
2883
|
-
# Cloud resources. This field can contain the following values: * `principalSet:/
|
|
2884
|
-
# /goog/public:all`: A special identifier that represents any principal that is
|
|
2885
|
-
# on the internet, even if they do not have a Google Account or are not logged
|
|
2886
|
-
# in. * `principal://goog/subject/`email_id``: A specific Google Account.
|
|
2887
|
-
# Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
|
|
2888
|
-
# example, `principal://goog/subject/alice@example.com`. * `deleted:principal://
|
|
2889
|
-
# goog/subject/`email_id`?uid=`uid``: A specific Google Account that was deleted
|
|
2890
|
-
# recently. For example, `deleted:principal://goog/subject/alice@example.com?uid=
|
|
2891
|
-
# 1234567890`. If the Google Account is recovered, this identifier reverts to
|
|
2892
|
-
# the standard identifier for a Google Account. * `principalSet://goog/group/`
|
|
2893
|
-
# group_id``: A Google group. For example, `principalSet://goog/group/admins@
|
|
2894
|
-
# example.com`. * `deleted:principalSet://goog/group/`group_id`?uid=`uid``: A
|
|
2895
|
-
# Google group that was deleted recently. For example, `deleted:principalSet://
|
|
2896
|
-
# goog/group/admins@example.com?uid=1234567890`. If the Google group is restored,
|
|
2897
|
-
# this identifier reverts to the standard identifier for a Google group. * `
|
|
2898
|
-
# principal://iam.googleapis.com/projects/-/serviceAccounts/`service_account_id``
|
|
2899
|
-
# : A Google Cloud service account. For example, `principal://iam.googleapis.com/
|
|
2900
|
-
# projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`. * `
|
|
2901
|
-
# deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/`
|
|
2902
|
-
# service_account_id`?uid=`uid``: A Google Cloud service account that was
|
|
2903
|
-
# deleted recently. For example, `deleted:principal://iam.googleapis.com/
|
|
2904
|
-
# projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=
|
|
2905
|
-
# 1234567890`. If the service account is undeleted, this identifier reverts to
|
|
2906
|
-
# the standard identifier for a service account. * `principalSet://goog/
|
|
2907
|
-
# cloudIdentityCustomerId/`customer_id``: All of the principals associated with
|
|
2908
|
-
# the specified Google Workspace or Cloud Identity customer ID. For example, `
|
|
2909
|
-
# principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
|
|
2910
|
-
# Corresponds to the JSON property `deniedPrincipals`
|
|
2911
|
-
# @return [Array<String>]
|
|
2912
|
-
attr_accessor :denied_principals
|
|
2913
|
-
|
|
2914
|
-
# Specifies the permissions that this rule excludes from the set of denied
|
|
2915
|
-
# permissions given by `denied_permissions`. If a permission appears in `
|
|
2916
|
-
# denied_permissions` _and_ in `exception_permissions` then it will _not_ be
|
|
2917
|
-
# denied. The excluded permissions can be specified using the same syntax as `
|
|
2918
|
-
# denied_permissions`.
|
|
2919
|
-
# Corresponds to the JSON property `exceptionPermissions`
|
|
2920
|
-
# @return [Array<String>]
|
|
2921
|
-
attr_accessor :exception_permissions
|
|
2922
|
-
|
|
2923
|
-
# The identities that are excluded from the deny rule, even if they are listed
|
|
2924
|
-
# in the `denied_principals`. For example, you could add a Google group to the `
|
|
2925
|
-
# denied_principals`, then exclude specific users who belong to that group. This
|
|
2926
|
-
# field can contain the same values as the `denied_principals` field, excluding `
|
|
2927
|
-
# principalSet://goog/public:all`, which represents all users on the internet.
|
|
2928
|
-
# Corresponds to the JSON property `exceptionPrincipals`
|
|
2929
|
-
# @return [Array<String>]
|
|
2930
|
-
attr_accessor :exception_principals
|
|
2931
|
-
|
|
2932
|
-
def initialize(**args)
|
|
2933
|
-
update!(**args)
|
|
2934
|
-
end
|
|
2935
|
-
|
|
2936
|
-
# Update properties of this object
|
|
2937
|
-
def update!(**args)
|
|
2938
|
-
@denial_condition = args[:denial_condition] if args.key?(:denial_condition)
|
|
2939
|
-
@denied_permissions = args[:denied_permissions] if args.key?(:denied_permissions)
|
|
2940
|
-
@denied_principals = args[:denied_principals] if args.key?(:denied_principals)
|
|
2941
|
-
@exception_permissions = args[:exception_permissions] if args.key?(:exception_permissions)
|
|
2942
|
-
@exception_principals = args[:exception_principals] if args.key?(:exception_principals)
|
|
2943
|
-
end
|
|
2944
|
-
end
|
|
2945
|
-
|
|
2946
2674
|
# An `AccessLevel` is a label that can be applied to requests to Google Cloud
|
|
2947
2675
|
# services, along with a list of requirements necessary for the label to be
|
|
2948
2676
|
# applied.
|
|
@@ -3816,14 +3544,6 @@ module Google
|
|
|
3816
3544
|
# @return [Array<Google::Apis::CloudassetV1::IamPolicyAnalysisResult>]
|
|
3817
3545
|
attr_accessor :analysis_results
|
|
3818
3546
|
|
|
3819
|
-
# A list of DeniedAccess, which contains all access tuples in the
|
|
3820
|
-
# analysis_results that are denied by IAM deny policies. If no access tuples are
|
|
3821
|
-
# denied, the list is empty. This is only populated when IamPolicyAnalysisQuery.
|
|
3822
|
-
# Options.include_deny_policy_analysis is true.
|
|
3823
|
-
# Corresponds to the JSON property `deniedAccesses`
|
|
3824
|
-
# @return [Array<Google::Apis::CloudassetV1::DeniedAccess>]
|
|
3825
|
-
attr_accessor :denied_accesses
|
|
3826
|
-
|
|
3827
3547
|
# Represents whether all entries in the analysis_results have been fully
|
|
3828
3548
|
# explored to answer the query.
|
|
3829
3549
|
# Corresponds to the JSON property `fullyExplored`
|
|
@@ -3844,7 +3564,6 @@ module Google
|
|
|
3844
3564
|
def update!(**args)
|
|
3845
3565
|
@analysis_query = args[:analysis_query] if args.key?(:analysis_query)
|
|
3846
3566
|
@analysis_results = args[:analysis_results] if args.key?(:analysis_results)
|
|
3847
|
-
@denied_accesses = args[:denied_accesses] if args.key?(:denied_accesses)
|
|
3848
3567
|
@fully_explored = args[:fully_explored] if args.key?(:fully_explored)
|
|
3849
3568
|
@non_critical_errors = args[:non_critical_errors] if args.key?(:non_critical_errors)
|
|
3850
3569
|
end
|
|
@@ -4538,13 +4257,6 @@ module Google
|
|
|
4538
4257
|
attr_accessor :expand_roles
|
|
4539
4258
|
alias_method :expand_roles?, :expand_roles
|
|
4540
4259
|
|
|
4541
|
-
# Optional. If true, the response includes deny policy analysis results, and you
|
|
4542
|
-
# can see which access tuples are denied. Default is false.
|
|
4543
|
-
# Corresponds to the JSON property `includeDenyPolicyAnalysis`
|
|
4544
|
-
# @return [Boolean]
|
|
4545
|
-
attr_accessor :include_deny_policy_analysis
|
|
4546
|
-
alias_method :include_deny_policy_analysis?, :include_deny_policy_analysis
|
|
4547
|
-
|
|
4548
4260
|
# Optional. If true, the result will output the relevant membership
|
|
4549
4261
|
# relationships between groups and other groups, and between groups and
|
|
4550
4262
|
# principals. Default is false.
|
|
@@ -4570,7 +4282,6 @@ module Google
|
|
|
4570
4282
|
@expand_groups = args[:expand_groups] if args.key?(:expand_groups)
|
|
4571
4283
|
@expand_resources = args[:expand_resources] if args.key?(:expand_resources)
|
|
4572
4284
|
@expand_roles = args[:expand_roles] if args.key?(:expand_roles)
|
|
4573
|
-
@include_deny_policy_analysis = args[:include_deny_policy_analysis] if args.key?(:include_deny_policy_analysis)
|
|
4574
4285
|
@output_group_edges = args[:output_group_edges] if args.key?(:output_group_edges)
|
|
4575
4286
|
@output_resource_edges = args[:output_resource_edges] if args.key?(:output_resource_edges)
|
|
4576
4287
|
end
|
|
@@ -16,13 +16,13 @@ module Google
|
|
|
16
16
|
module Apis
|
|
17
17
|
module CloudassetV1
|
|
18
18
|
# Version of the google-apis-cloudasset_v1 gem
|
|
19
|
-
GEM_VERSION = "0.
|
|
19
|
+
GEM_VERSION = "0.59.0"
|
|
20
20
|
|
|
21
21
|
# Version of the code generator used to generate this client
|
|
22
22
|
GENERATOR_VERSION = "0.12.0"
|
|
23
23
|
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
|
25
|
-
REVISION = "
|
|
25
|
+
REVISION = "20230609"
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
end
|
|
@@ -160,12 +160,6 @@ module Google
|
|
|
160
160
|
include Google::Apis::Core::JsonObjectSupport
|
|
161
161
|
end
|
|
162
162
|
|
|
163
|
-
class DeniedAccess
|
|
164
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
165
|
-
|
|
166
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
167
|
-
end
|
|
168
|
-
|
|
169
163
|
class EffectiveIamPolicy
|
|
170
164
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
171
165
|
|
|
@@ -268,36 +262,6 @@ module Google
|
|
|
268
262
|
include Google::Apis::Core::JsonObjectSupport
|
|
269
263
|
end
|
|
270
264
|
|
|
271
|
-
class GoogleCloudAssetV1DeniedAccessAccess
|
|
272
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
273
|
-
|
|
274
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
275
|
-
end
|
|
276
|
-
|
|
277
|
-
class GoogleCloudAssetV1DeniedAccessAccessTuple
|
|
278
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
279
|
-
|
|
280
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
281
|
-
end
|
|
282
|
-
|
|
283
|
-
class GoogleCloudAssetV1DeniedAccessDenyDetail
|
|
284
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
285
|
-
|
|
286
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
287
|
-
end
|
|
288
|
-
|
|
289
|
-
class GoogleCloudAssetV1DeniedAccessIdentity
|
|
290
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
291
|
-
|
|
292
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
293
|
-
end
|
|
294
|
-
|
|
295
|
-
class GoogleCloudAssetV1DeniedAccessResource
|
|
296
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
297
|
-
|
|
298
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
299
|
-
end
|
|
300
|
-
|
|
301
265
|
class GoogleCloudAssetV1Edge
|
|
302
266
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
303
267
|
|
|
@@ -412,12 +376,6 @@ module Google
|
|
|
412
376
|
include Google::Apis::Core::JsonObjectSupport
|
|
413
377
|
end
|
|
414
378
|
|
|
415
|
-
class GoogleIamV2DenyRule
|
|
416
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
417
|
-
|
|
418
|
-
include Google::Apis::Core::JsonObjectSupport
|
|
419
|
-
end
|
|
420
|
-
|
|
421
379
|
class GoogleIdentityAccesscontextmanagerV1AccessLevel
|
|
422
380
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
|
423
381
|
|
|
@@ -1092,16 +1050,6 @@ module Google
|
|
|
1092
1050
|
end
|
|
1093
1051
|
end
|
|
1094
1052
|
|
|
1095
|
-
class DeniedAccess
|
|
1096
|
-
# @private
|
|
1097
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1098
|
-
property :denied_access_tuple, as: 'deniedAccessTuple', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccessTuple, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccessTuple::Representation
|
|
1099
|
-
|
|
1100
|
-
collection :deny_details, as: 'denyDetails', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessDenyDetail, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessDenyDetail::Representation
|
|
1101
|
-
|
|
1102
|
-
end
|
|
1103
|
-
end
|
|
1104
|
-
|
|
1105
1053
|
class EffectiveIamPolicy
|
|
1106
1054
|
# @private
|
|
1107
1055
|
class Representation < Google::Apis::Core::JsonRepresentation
|
|
@@ -1282,55 +1230,6 @@ module Google
|
|
|
1282
1230
|
end
|
|
1283
1231
|
end
|
|
1284
1232
|
|
|
1285
|
-
class GoogleCloudAssetV1DeniedAccessAccess
|
|
1286
|
-
# @private
|
|
1287
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1288
|
-
property :permission, as: 'permission'
|
|
1289
|
-
property :role, as: 'role'
|
|
1290
|
-
end
|
|
1291
|
-
end
|
|
1292
|
-
|
|
1293
|
-
class GoogleCloudAssetV1DeniedAccessAccessTuple
|
|
1294
|
-
# @private
|
|
1295
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1296
|
-
property :access, as: 'access', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess::Representation
|
|
1297
|
-
|
|
1298
|
-
property :identity, as: 'identity', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity::Representation
|
|
1299
|
-
|
|
1300
|
-
property :resource, as: 'resource', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource::Representation
|
|
1301
|
-
|
|
1302
|
-
end
|
|
1303
|
-
end
|
|
1304
|
-
|
|
1305
|
-
class GoogleCloudAssetV1DeniedAccessDenyDetail
|
|
1306
|
-
# @private
|
|
1307
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1308
|
-
collection :accesses, as: 'accesses', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess::Representation
|
|
1309
|
-
|
|
1310
|
-
property :deny_rule, as: 'denyRule', class: Google::Apis::CloudassetV1::GoogleIamV2DenyRule, decorator: Google::Apis::CloudassetV1::GoogleIamV2DenyRule::Representation
|
|
1311
|
-
|
|
1312
|
-
property :fully_denied, as: 'fullyDenied'
|
|
1313
|
-
collection :identities, as: 'identities', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity::Representation
|
|
1314
|
-
|
|
1315
|
-
collection :resources, as: 'resources', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource::Representation
|
|
1316
|
-
|
|
1317
|
-
end
|
|
1318
|
-
end
|
|
1319
|
-
|
|
1320
|
-
class GoogleCloudAssetV1DeniedAccessIdentity
|
|
1321
|
-
# @private
|
|
1322
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1323
|
-
property :name, as: 'name'
|
|
1324
|
-
end
|
|
1325
|
-
end
|
|
1326
|
-
|
|
1327
|
-
class GoogleCloudAssetV1DeniedAccessResource
|
|
1328
|
-
# @private
|
|
1329
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1330
|
-
property :full_resource_name, as: 'fullResourceName'
|
|
1331
|
-
end
|
|
1332
|
-
end
|
|
1333
|
-
|
|
1334
1233
|
class GoogleCloudAssetV1Edge
|
|
1335
1234
|
# @private
|
|
1336
1235
|
class Representation < Google::Apis::Core::JsonRepresentation
|
|
@@ -1530,18 +1429,6 @@ module Google
|
|
|
1530
1429
|
end
|
|
1531
1430
|
end
|
|
1532
1431
|
|
|
1533
|
-
class GoogleIamV2DenyRule
|
|
1534
|
-
# @private
|
|
1535
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
|
1536
|
-
property :denial_condition, as: 'denialCondition', class: Google::Apis::CloudassetV1::Expr, decorator: Google::Apis::CloudassetV1::Expr::Representation
|
|
1537
|
-
|
|
1538
|
-
collection :denied_permissions, as: 'deniedPermissions'
|
|
1539
|
-
collection :denied_principals, as: 'deniedPrincipals'
|
|
1540
|
-
collection :exception_permissions, as: 'exceptionPermissions'
|
|
1541
|
-
collection :exception_principals, as: 'exceptionPrincipals'
|
|
1542
|
-
end
|
|
1543
|
-
end
|
|
1544
|
-
|
|
1545
1432
|
class GoogleIdentityAccesscontextmanagerV1AccessLevel
|
|
1546
1433
|
# @private
|
|
1547
1434
|
class Representation < Google::Apis::Core::JsonRepresentation
|
|
@@ -1745,8 +1632,6 @@ module Google
|
|
|
1745
1632
|
|
|
1746
1633
|
collection :analysis_results, as: 'analysisResults', class: Google::Apis::CloudassetV1::IamPolicyAnalysisResult, decorator: Google::Apis::CloudassetV1::IamPolicyAnalysisResult::Representation
|
|
1747
1634
|
|
|
1748
|
-
collection :denied_accesses, as: 'deniedAccesses', class: Google::Apis::CloudassetV1::DeniedAccess, decorator: Google::Apis::CloudassetV1::DeniedAccess::Representation
|
|
1749
|
-
|
|
1750
1635
|
property :fully_explored, as: 'fullyExplored'
|
|
1751
1636
|
collection :non_critical_errors, as: 'nonCriticalErrors', class: Google::Apis::CloudassetV1::IamPolicyAnalysisState, decorator: Google::Apis::CloudassetV1::IamPolicyAnalysisState::Representation
|
|
1752
1637
|
|
|
@@ -1925,7 +1810,6 @@ module Google
|
|
|
1925
1810
|
property :expand_groups, as: 'expandGroups'
|
|
1926
1811
|
property :expand_resources, as: 'expandResources'
|
|
1927
1812
|
property :expand_roles, as: 'expandRoles'
|
|
1928
|
-
property :include_deny_policy_analysis, as: 'includeDenyPolicyAnalysis'
|
|
1929
1813
|
property :output_group_edges, as: 'outputGroupEdges'
|
|
1930
1814
|
property :output_resource_edges, as: 'outputResourceEdges'
|
|
1931
1815
|
end
|
|
@@ -656,9 +656,6 @@ module Google
|
|
|
656
656
|
# IamPolicyAnalysisQuery.access_selector is specified, the access section of the
|
|
657
657
|
# result will be determined by the selector, and this flag is not allowed to set.
|
|
658
658
|
# Default is false.
|
|
659
|
-
# @param [Boolean] analysis_query_options_include_deny_policy_analysis
|
|
660
|
-
# Optional. If true, the response includes deny policy analysis results, and you
|
|
661
|
-
# can see which access tuples are denied. Default is false.
|
|
662
659
|
# @param [Boolean] analysis_query_options_output_group_edges
|
|
663
660
|
# Optional. If true, the result will output the relevant membership
|
|
664
661
|
# relationships between groups and other groups, and between groups and
|
|
@@ -708,7 +705,7 @@ module Google
|
|
|
708
705
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
709
706
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
710
707
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
711
|
-
def analyze_iam_policy(scope, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_condition_context_access_time: nil, analysis_query_identity_selector_identity: nil, analysis_query_options_analyze_service_account_impersonation: nil, analysis_query_options_expand_groups: nil, analysis_query_options_expand_resources: nil, analysis_query_options_expand_roles: nil,
|
|
708
|
+
def analyze_iam_policy(scope, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_condition_context_access_time: nil, analysis_query_identity_selector_identity: nil, analysis_query_options_analyze_service_account_impersonation: nil, analysis_query_options_expand_groups: nil, analysis_query_options_expand_resources: nil, analysis_query_options_expand_roles: nil, analysis_query_options_output_group_edges: nil, analysis_query_options_output_resource_edges: nil, analysis_query_resource_selector_full_resource_name: nil, execution_timeout: nil, saved_analysis_query: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
712
709
|
command = make_simple_command(:get, 'v1/{+scope}:analyzeIamPolicy', options)
|
|
713
710
|
command.response_representation = Google::Apis::CloudassetV1::AnalyzeIamPolicyResponse::Representation
|
|
714
711
|
command.response_class = Google::Apis::CloudassetV1::AnalyzeIamPolicyResponse
|
|
@@ -721,7 +718,6 @@ module Google
|
|
|
721
718
|
command.query['analysisQuery.options.expandGroups'] = analysis_query_options_expand_groups unless analysis_query_options_expand_groups.nil?
|
|
722
719
|
command.query['analysisQuery.options.expandResources'] = analysis_query_options_expand_resources unless analysis_query_options_expand_resources.nil?
|
|
723
720
|
command.query['analysisQuery.options.expandRoles'] = analysis_query_options_expand_roles unless analysis_query_options_expand_roles.nil?
|
|
724
|
-
command.query['analysisQuery.options.includeDenyPolicyAnalysis'] = analysis_query_options_include_deny_policy_analysis unless analysis_query_options_include_deny_policy_analysis.nil?
|
|
725
721
|
command.query['analysisQuery.options.outputGroupEdges'] = analysis_query_options_output_group_edges unless analysis_query_options_output_group_edges.nil?
|
|
726
722
|
command.query['analysisQuery.options.outputResourceEdges'] = analysis_query_options_output_resource_edges unless analysis_query_options_output_resource_edges.nil?
|
|
727
723
|
command.query['analysisQuery.resourceSelector.fullResourceName'] = analysis_query_resource_selector_full_resource_name unless analysis_query_resource_selector_full_resource_name.nil?
|
|
@@ -1346,19 +1342,19 @@ module Google
|
|
|
1346
1342
|
# Important" as a word in any of the searchable fields and are also located in
|
|
1347
1343
|
# the "us-west1" region or the "global" location.
|
|
1348
1344
|
# @param [String] read_mask
|
|
1349
|
-
# Optional. A comma-separated list of fields
|
|
1350
|
-
#
|
|
1351
|
-
#
|
|
1352
|
-
#
|
|
1353
|
-
#
|
|
1354
|
-
#
|
|
1355
|
-
#
|
|
1356
|
-
#
|
|
1357
|
-
#
|
|
1358
|
-
#
|
|
1359
|
-
#
|
|
1360
|
-
#
|
|
1361
|
-
#
|
|
1345
|
+
# Optional. A comma-separated list of fields that you want returned in the
|
|
1346
|
+
# results. The following fields are returned by default if not specified: * `
|
|
1347
|
+
# name` * `assetType` * `project` * `folders` * `organization` * `displayName` *
|
|
1348
|
+
# `description` * `location` * `labels` * `networkTags` * `kmsKeys` * `
|
|
1349
|
+
# createTime` * `updateTime` * `state` * `additionalAttributes` * `
|
|
1350
|
+
# parentFullResourceName` * `parentAssetType` Some fields of large size, such as
|
|
1351
|
+
# `versionedResources` and `attachedResources`, are not returned by default, but
|
|
1352
|
+
# you can specify them in the `read_mask` parameter if you want to include them.
|
|
1353
|
+
# If `"*"` is specified, all [available fields](https://cloud.google.com/asset-
|
|
1354
|
+
# inventory/docs/reference/rest/v1/TopLevel/searchAllResources#
|
|
1355
|
+
# resourcesearchresult) are returned. Examples: `"name,location"`, `"name,
|
|
1356
|
+
# versionedResources"`, `"*"`. Any invalid field path will trigger
|
|
1357
|
+
# INVALID_ARGUMENT error.
|
|
1362
1358
|
# @param [String] fields
|
|
1363
1359
|
# Selector specifying which fields to include in a partial response.
|
|
1364
1360
|
# @param [String] quota_user
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-apis-cloudasset_v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.59.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-06-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: google-apis-core
|
|
@@ -58,7 +58,7 @@ licenses:
|
|
|
58
58
|
metadata:
|
|
59
59
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
|
60
60
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1/CHANGELOG.md
|
|
61
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.
|
|
61
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.59.0
|
|
62
62
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1
|
|
63
63
|
post_install_message:
|
|
64
64
|
rdoc_options: []
|