google-cloud-asset-v1 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bdcc2e83db40233f1befd4a49eaefcc8413c2e63776e28b57fb8dc04e2aea242
4
- data.tar.gz: f7cb4b908edd07903704e70253b5d463eef7bebcb9bc6be41c831f28c3f492a3
3
+ metadata.gz: e4cf188086cd7f80f9cf6ac3cfd9087be5e9f1e3c99d561755f5c6be11964a4a
4
+ data.tar.gz: ebf6196b50e1bfe2742f4f25cb56fc5f9f94a5ea0e7a7255b88c2da7ec64eb5d
5
5
  SHA512:
6
- metadata.gz: 910dbd1ac96ef4ba986fe54a720b8fe09874cf979c26760a36c4bd2b545683deae28cf5de524ad6058a678bf3729a10085cc06b6fbeef459e44ac3663c4018ca
7
- data.tar.gz: '018c465294f4b2422c00f3535f5e0fb338617fb6e1c4b4213b4748067e71920f3d419355ff3b7356f5d215b60a0cb1dbf36b626dc5fa12db845861c3ce10d8d5'
6
+ metadata.gz: 30c335c506ddcc5be42c1058459df6173be542f1b55b1484992ddc694b1d4417b945a8b210f45e2fe2601858090682588feec9c1d470ea666fa6945689d6c073
7
+ data.tar.gz: d0b11a7c2f908675d474bb85099597e70f51b6a3f3d0cc2793dd3e936c57ad5ccff4ff9a6ce478c8be79b1116bd39a9ea2eab6666955db93886ad93f5c65cd3c
@@ -188,10 +188,10 @@ module Google
188
188
  # or a folder number (such as "folders/123").
189
189
  # @param read_time [Google::Protobuf::Timestamp | Hash]
190
190
  # Timestamp to take an asset snapshot. This can only be set to a timestamp
191
- # between 2018-10-02 UTC (inclusive) and the current time. If not specified,
192
- # the current time will be used. Due to delays in resource data collection
193
- # and indexing, there is a volatile window during which running the same
194
- # query may get different results.
191
+ # between the current time and the current time minus 35 days (inclusive).
192
+ # If not specified, the current time will be used. Due to delays in resource
193
+ # data collection and indexing, there is a volatile window during which
194
+ # running the same query may get different results.
195
195
  # @param asset_types [Array<String>]
196
196
  # A list of asset types of which to take a snapshot for. For example:
197
197
  # "compute.googleapis.com/Disk". If specified, only matching assets will be
@@ -293,11 +293,11 @@ module Google
293
293
  # Optional. The content type.
294
294
  # @param read_time_window [Google::Cloud::Asset::V1::TimeWindow | Hash]
295
295
  # Optional. The time window for the asset history. Both start_time and
296
- # end_time are optional and if set, it must be after 2018-10-02 UTC. If
297
- # end_time is not set, it is default to current timestamp. If start_time is
298
- # not set, the snapshot of the assets at end_time will be returned. The
299
- # returned results contain all temporal assets whose time window overlap with
300
- # read_time_window.
296
+ # end_time are optional and if set, it must be after the current time minus
297
+ # 35 days. If end_time is not set, it is default to current timestamp.
298
+ # If start_time is not set, the snapshot of the assets at end_time will be
299
+ # returned. The returned results contain all temporal assets whose time
300
+ # window overlap with read_time_window.
301
301
  #
302
302
  #
303
303
  # @yield [response, operation] Access the result along with the RPC operation
@@ -12,6 +12,7 @@ require 'google/longrunning/operations_pb'
12
12
  require 'google/protobuf/empty_pb'
13
13
  require 'google/protobuf/field_mask_pb'
14
14
  require 'google/protobuf/timestamp_pb'
15
+ require 'google/type/expr_pb'
15
16
  Google::Protobuf::DescriptorPool.generated_pool.build do
16
17
  add_file("google/cloud/asset/v1/asset_service.proto", :syntax => :proto3) do
17
18
  add_message "google.cloud.asset.v1.ExportAssetsRequest" do
@@ -1,7 +1,7 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # Source: google/cloud/asset/v1/asset_service.proto for package 'google.cloud.asset.v1'
3
3
  # Original file comments:
4
- # Copyright 2019 Google LLC.
4
+ # Copyright 2020 Google LLC
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
7
7
  # you may not use this file except in compliance with the License.
@@ -15,7 +15,6 @@
15
15
  # See the License for the specific language governing permissions and
16
16
  # limitations under the License.
17
17
  #
18
- #
19
18
 
20
19
  require 'grpc'
21
20
  require 'google/cloud/asset/v1/asset_service_pb'
@@ -4,7 +4,11 @@
4
4
  require 'google/protobuf'
5
5
 
6
6
  require 'google/api/resource_pb'
7
+ require 'google/cloud/orgpolicy/v1/orgpolicy_pb'
7
8
  require 'google/iam/v1/policy_pb'
9
+ require 'google/identity/accesscontextmanager/v1/access_level_pb'
10
+ require 'google/identity/accesscontextmanager/v1/access_policy_pb'
11
+ require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
8
12
  require 'google/protobuf/any_pb'
9
13
  require 'google/protobuf/struct_pb'
10
14
  require 'google/protobuf/timestamp_pb'
@@ -25,7 +29,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
25
29
  optional :asset_type, :string, 2
26
30
  optional :resource, :message, 3, "google.cloud.asset.v1.Resource"
27
31
  optional :iam_policy, :message, 4, "google.iam.v1.Policy"
32
+ repeated :org_policy, :message, 6, "google.cloud.orgpolicy.v1.Policy"
28
33
  repeated :ancestors, :string, 10
34
+ oneof :access_context_policy do
35
+ optional :access_policy, :message, 7, "google.identity.accesscontextmanager.v1.AccessPolicy"
36
+ optional :access_level, :message, 8, "google.identity.accesscontextmanager.v1.AccessLevel"
37
+ optional :service_perimeter, :message, 9, "google.identity.accesscontextmanager.v1.ServicePerimeter"
38
+ end
29
39
  end
30
40
  add_message "google.cloud.asset.v1.Resource" do
31
41
  optional :version, :string, 1
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Asset
23
23
  module V1
24
- VERSION = "0.1.0"
24
+ VERSION = "0.2.0"
25
25
  end
26
26
  end
27
27
  end
@@ -0,0 +1,43 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/identity/accesscontextmanager/type/device_resources.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/api/annotations_pb'
7
+ Google::Protobuf::DescriptorPool.generated_pool.build do
8
+ add_file("google/identity/accesscontextmanager/type/device_resources.proto", :syntax => :proto3) do
9
+ add_enum "google.identity.accesscontextmanager.type.DeviceEncryptionStatus" do
10
+ value :ENCRYPTION_UNSPECIFIED, 0
11
+ value :ENCRYPTION_UNSUPPORTED, 1
12
+ value :UNENCRYPTED, 2
13
+ value :ENCRYPTED, 3
14
+ end
15
+ add_enum "google.identity.accesscontextmanager.type.OsType" do
16
+ value :OS_UNSPECIFIED, 0
17
+ value :DESKTOP_MAC, 1
18
+ value :DESKTOP_WINDOWS, 2
19
+ value :DESKTOP_LINUX, 3
20
+ value :DESKTOP_CHROME_OS, 6
21
+ value :ANDROID, 4
22
+ value :IOS, 5
23
+ end
24
+ add_enum "google.identity.accesscontextmanager.type.DeviceManagementLevel" do
25
+ value :MANAGEMENT_UNSPECIFIED, 0
26
+ value :NONE, 1
27
+ value :BASIC, 2
28
+ value :COMPLETE, 3
29
+ end
30
+ end
31
+ end
32
+
33
+ module Google
34
+ module Identity
35
+ module AccessContextManager
36
+ module Type
37
+ DeviceEncryptionStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.type.DeviceEncryptionStatus").enummodule
38
+ OsType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.type.OsType").enummodule
39
+ DeviceManagementLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.type.DeviceManagementLevel").enummodule
40
+ end
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,72 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/identity/accesscontextmanager/v1/access_level.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/identity/accesscontextmanager/type/device_resources_pb'
7
+ require 'google/protobuf/timestamp_pb'
8
+ require 'google/type/expr_pb'
9
+ require 'google/api/annotations_pb'
10
+ Google::Protobuf::DescriptorPool.generated_pool.build do
11
+ add_file("google/identity/accesscontextmanager/v1/access_level.proto", :syntax => :proto3) do
12
+ add_message "google.identity.accesscontextmanager.v1.AccessLevel" do
13
+ optional :name, :string, 1
14
+ optional :title, :string, 2
15
+ optional :description, :string, 3
16
+ optional :create_time, :message, 6, "google.protobuf.Timestamp"
17
+ optional :update_time, :message, 7, "google.protobuf.Timestamp"
18
+ oneof :level do
19
+ optional :basic, :message, 4, "google.identity.accesscontextmanager.v1.BasicLevel"
20
+ optional :custom, :message, 5, "google.identity.accesscontextmanager.v1.CustomLevel"
21
+ end
22
+ end
23
+ add_message "google.identity.accesscontextmanager.v1.BasicLevel" do
24
+ repeated :conditions, :message, 1, "google.identity.accesscontextmanager.v1.Condition"
25
+ optional :combining_function, :enum, 2, "google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction"
26
+ end
27
+ add_enum "google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction" do
28
+ value :AND, 0
29
+ value :OR, 1
30
+ end
31
+ add_message "google.identity.accesscontextmanager.v1.Condition" do
32
+ repeated :ip_subnetworks, :string, 1
33
+ optional :device_policy, :message, 2, "google.identity.accesscontextmanager.v1.DevicePolicy"
34
+ repeated :required_access_levels, :string, 3
35
+ optional :negate, :bool, 5
36
+ repeated :members, :string, 6
37
+ repeated :regions, :string, 7
38
+ end
39
+ add_message "google.identity.accesscontextmanager.v1.CustomLevel" do
40
+ optional :expr, :message, 1, "google.type.Expr"
41
+ end
42
+ add_message "google.identity.accesscontextmanager.v1.DevicePolicy" do
43
+ optional :require_screenlock, :bool, 1
44
+ repeated :allowed_encryption_statuses, :enum, 2, "google.identity.accesscontextmanager.type.DeviceEncryptionStatus"
45
+ repeated :os_constraints, :message, 3, "google.identity.accesscontextmanager.v1.OsConstraint"
46
+ repeated :allowed_device_management_levels, :enum, 6, "google.identity.accesscontextmanager.type.DeviceManagementLevel"
47
+ optional :require_admin_approval, :bool, 7
48
+ optional :require_corp_owned, :bool, 8
49
+ end
50
+ add_message "google.identity.accesscontextmanager.v1.OsConstraint" do
51
+ optional :os_type, :enum, 1, "google.identity.accesscontextmanager.type.OsType"
52
+ optional :minimum_version, :string, 2
53
+ optional :require_verified_chrome_os, :bool, 3
54
+ end
55
+ end
56
+ end
57
+
58
+ module Google
59
+ module Identity
60
+ module AccessContextManager
61
+ module V1
62
+ AccessLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.AccessLevel").msgclass
63
+ BasicLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.BasicLevel").msgclass
64
+ BasicLevel::ConditionCombiningFunction = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction").enummodule
65
+ Condition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.Condition").msgclass
66
+ CustomLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.CustomLevel").msgclass
67
+ DevicePolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.DevicePolicy").msgclass
68
+ OsConstraint = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.OsConstraint").msgclass
69
+ end
70
+ end
71
+ end
72
+ end
@@ -0,0 +1,29 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/identity/accesscontextmanager/v1/access_policy.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/protobuf/timestamp_pb'
7
+ require 'google/api/annotations_pb'
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("google/identity/accesscontextmanager/v1/access_policy.proto", :syntax => :proto3) do
10
+ add_message "google.identity.accesscontextmanager.v1.AccessPolicy" do
11
+ optional :name, :string, 1
12
+ optional :parent, :string, 2
13
+ optional :title, :string, 3
14
+ optional :create_time, :message, 4, "google.protobuf.Timestamp"
15
+ optional :update_time, :message, 5, "google.protobuf.Timestamp"
16
+ optional :etag, :string, 6
17
+ end
18
+ end
19
+ end
20
+
21
+ module Google
22
+ module Identity
23
+ module AccessContextManager
24
+ module V1
25
+ AccessPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.AccessPolicy").msgclass
26
+ end
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,49 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/identity/accesscontextmanager/v1/service_perimeter.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/protobuf/timestamp_pb'
7
+ require 'google/api/annotations_pb'
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("google/identity/accesscontextmanager/v1/service_perimeter.proto", :syntax => :proto3) do
10
+ add_message "google.identity.accesscontextmanager.v1.ServicePerimeter" do
11
+ optional :name, :string, 1
12
+ optional :title, :string, 2
13
+ optional :description, :string, 3
14
+ optional :create_time, :message, 4, "google.protobuf.Timestamp"
15
+ optional :update_time, :message, 5, "google.protobuf.Timestamp"
16
+ optional :perimeter_type, :enum, 6, "google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType"
17
+ optional :status, :message, 7, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig"
18
+ optional :spec, :message, 8, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig"
19
+ optional :use_explicit_dry_run_spec, :bool, 9
20
+ end
21
+ add_enum "google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType" do
22
+ value :PERIMETER_TYPE_REGULAR, 0
23
+ value :PERIMETER_TYPE_BRIDGE, 1
24
+ end
25
+ add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig" do
26
+ repeated :resources, :string, 1
27
+ repeated :access_levels, :string, 2
28
+ repeated :restricted_services, :string, 4
29
+ optional :vpc_accessible_services, :message, 10, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices"
30
+ end
31
+ add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices" do
32
+ optional :enable_restriction, :bool, 1
33
+ repeated :allowed_services, :string, 2
34
+ end
35
+ end
36
+ end
37
+
38
+ module Google
39
+ module Identity
40
+ module AccessContextManager
41
+ module V1
42
+ ServicePerimeter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeter").msgclass
43
+ ServicePerimeter::PerimeterType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType").enummodule
44
+ ServicePerimeterConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig").msgclass
45
+ ServicePerimeterConfig::VpcAccessibleServices = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices").msgclass
46
+ end
47
+ end
48
+ end
49
+ end
@@ -31,10 +31,10 @@ module Google
31
31
  # @!attribute [rw] read_time
32
32
  # @return [Google::Protobuf::Timestamp]
33
33
  # Timestamp to take an asset snapshot. This can only be set to a timestamp
34
- # between 2018-10-02 UTC (inclusive) and the current time. If not specified,
35
- # the current time will be used. Due to delays in resource data collection
36
- # and indexing, there is a volatile window during which running the same
37
- # query may get different results.
34
+ # between the current time and the current time minus 35 days (inclusive).
35
+ # If not specified, the current time will be used. Due to delays in resource
36
+ # data collection and indexing, there is a volatile window during which
37
+ # running the same query may get different results.
38
38
  # @!attribute [rw] asset_types
39
39
  # @return [Array<String>]
40
40
  # A list of asset types of which to take a snapshot for. For example:
@@ -94,11 +94,11 @@ module Google
94
94
  # @!attribute [rw] read_time_window
95
95
  # @return [Google::Cloud::Asset::V1::TimeWindow]
96
96
  # Optional. The time window for the asset history. Both start_time and
97
- # end_time are optional and if set, it must be after 2018-10-02 UTC. If
98
- # end_time is not set, it is default to current timestamp. If start_time is
99
- # not set, the snapshot of the assets at end_time will be returned. The
100
- # returned results contain all temporal assets whose time window overlap with
101
- # read_time_window.
97
+ # end_time are optional and if set, it must be after the current time minus
98
+ # 35 days. If end_time is not set, it is default to current timestamp.
99
+ # If start_time is not set, the snapshot of the assets at end_time will be
100
+ # returned. The returned results contain all temporal assets whose time
101
+ # window overlap with read_time_window.
102
102
  class BatchGetAssetsHistoryRequest
103
103
  include Google::Protobuf::MessageExts
104
104
  extend Google::Protobuf::MessageExts::ClassMethods
@@ -242,7 +242,7 @@ module Google
242
242
  # Required. The BigQuery dataset in format
243
243
  # "projects/projectId/datasets/datasetId", to which the snapshot result
244
244
  # should be exported. If this dataset does not exist, the export call returns
245
- # an error.
245
+ # an INVALID_ARGUMENT error.
246
246
  # @!attribute [rw] table
247
247
  # @return [String]
248
248
  # Required. The BigQuery table to which the snapshot result should be
@@ -252,17 +252,17 @@ module Google
252
252
  # @return [Boolean]
253
253
  # If the destination table already exists and this flag is `TRUE`, the
254
254
  # table will be overwritten by the contents of assets snapshot. If the flag
255
- # is not set and the destination table already exists, the export call
256
- # returns an error.
255
+ # is `FALSE` or unset and the destination table already exists, the export
256
+ # call returns an INVALID_ARGUMEMT error.
257
257
  class BigQueryDestination
258
258
  include Google::Protobuf::MessageExts
259
259
  extend Google::Protobuf::MessageExts::ClassMethods
260
260
  end
261
261
 
262
- # A Cloud Pubsub destination.
262
+ # A Pub/Sub destination.
263
263
  # @!attribute [rw] topic
264
264
  # @return [String]
265
- # The name of the Cloud Pub/Sub topic to publish to.
265
+ # The name of the Pub/Sub topic to publish to.
266
266
  # For example: `projects/PROJECT_ID/topics/TOPIC_ID`.
267
267
  class PubsubDestination
268
268
  include Google::Protobuf::MessageExts
@@ -272,7 +272,7 @@ module Google
272
272
  # Output configuration for asset feed destination.
273
273
  # @!attribute [rw] pubsub_destination
274
274
  # @return [Google::Cloud::Asset::V1::PubsubDestination]
275
- # Destination on Cloud Pubsub.
275
+ # Destination on Pub/Sub.
276
276
  class FeedOutputConfig
277
277
  include Google::Protobuf::MessageExts
278
278
  extend Google::Protobuf::MessageExts::ClassMethods
@@ -282,7 +282,7 @@ module Google
282
282
  # An asset feed filter controls what updates are exported.
283
283
  # The asset feed must be created within a project, organization, or
284
284
  # folder. Supported destinations are:
285
- # Cloud Pub/Sub topics.
285
+ # Pub/Sub topics.
286
286
  # @!attribute [rw] name
287
287
  # @return [String]
288
288
  # Required. The format will be
@@ -307,10 +307,11 @@ module Google
307
307
  # A list of types of the assets to receive updates. You must specify either
308
308
  # or both of asset_names and asset_types. Only asset updates matching
309
309
  # specified asset_names and asset_types are exported to the feed.
310
- # For example:
311
- # "compute.googleapis.com/Disk" See [Introduction to Cloud Asset
312
- # Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview)
313
- # for all supported asset types.
310
+ # For example: `"compute.googleapis.com/Disk"`
311
+ #
312
+ # See [this
313
+ # topic](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
314
+ # for a list of all supported asset types.
314
315
  # @!attribute [rw] content_type
315
316
  # @return [Google::Cloud::Asset::V1::ContentType]
316
317
  # Asset content type. If not specified, no content but the asset name and
@@ -21,90 +21,122 @@ module Google
21
21
  module Cloud
22
22
  module Asset
23
23
  module V1
24
- # Temporal asset. In addition to the asset, the temporal asset includes the
25
- # status of the asset and valid from and to time of it.
24
+ # An asset in Google Cloud and its temporal metadata, including the time window
25
+ # when it was observed and its status during that window.
26
26
  # @!attribute [rw] window
27
27
  # @return [Google::Cloud::Asset::V1::TimeWindow]
28
28
  # The time window when the asset data and state was observed.
29
29
  # @!attribute [rw] deleted
30
30
  # @return [Boolean]
31
- # If the asset is deleted or not.
31
+ # Whether the asset has been deleted or not.
32
32
  # @!attribute [rw] asset
33
33
  # @return [Google::Cloud::Asset::V1::Asset]
34
- # Asset.
34
+ # An asset in Google Cloud.
35
35
  class TemporalAsset
36
36
  include Google::Protobuf::MessageExts
37
37
  extend Google::Protobuf::MessageExts::ClassMethods
38
38
  end
39
39
 
40
- # A time window of (start_time, end_time].
40
+ # A time window specified by its "start_time" and "end_time".
41
41
  # @!attribute [rw] start_time
42
42
  # @return [Google::Protobuf::Timestamp]
43
43
  # Start time of the time window (exclusive).
44
44
  # @!attribute [rw] end_time
45
45
  # @return [Google::Protobuf::Timestamp]
46
- # End time of the time window (inclusive).
47
- # Current timestamp if not specified.
46
+ # End time of the time window (inclusive). If not specified, the current
47
+ # timestamp is used instead.
48
48
  class TimeWindow
49
49
  include Google::Protobuf::MessageExts
50
50
  extend Google::Protobuf::MessageExts::ClassMethods
51
51
  end
52
52
 
53
- # Cloud asset. This includes all Google Cloud Platform resources,
54
- # Cloud IAM policies, and other non-GCP assets.
53
+ # An asset in Google Cloud. An asset can be any resource in the Google Cloud
54
+ # [resource
55
+ # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
56
+ # a resource outside the Google Cloud resource hierarchy (such as Google
57
+ # Kubernetes Engine clusters and objects), or a Cloud IAM policy.
55
58
  # @!attribute [rw] name
56
59
  # @return [String]
57
60
  # The full name of the asset. For example:
58
- # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
61
+ # "//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1"
62
+ #
59
63
  # See [Resource
60
- # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
64
+ # names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
61
65
  # for more information.
62
66
  # @!attribute [rw] asset_type
63
67
  # @return [String]
64
- # Type of the asset. Example: "compute.googleapis.com/Disk".
68
+ # The type of the asset. For example: "compute.googleapis.com/Disk"
69
+ #
70
+ # See [Supported asset
71
+ # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
72
+ # for more information.
65
73
  # @!attribute [rw] resource
66
74
  # @return [Google::Cloud::Asset::V1::Resource]
67
- # Representation of the resource.
75
+ # A representation of the resource.
68
76
  # @!attribute [rw] iam_policy
69
77
  # @return [Google::Iam::V1::Policy]
70
- # Representation of the actual Cloud IAM policy set on a cloud resource. For
71
- # each resource, there must be at most one Cloud IAM policy set on it.
78
+ # A representation of the Cloud IAM policy set on a Google Cloud resource.
79
+ # There can be a maximum of one Cloud IAM policy set on any given resource.
80
+ # In addition, Cloud IAM policies inherit their granted access scope from any
81
+ # policies set on parent resources in the resource hierarchy. Therefore, the
82
+ # effectively policy is the union of both the policy set on this resource
83
+ # and each policy set on all of the resource's ancestry resource levels in
84
+ # the hierarchy. See
85
+ # [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for
86
+ # more information.
87
+ # @!attribute [rw] org_policy
88
+ # @return [Array<Google::Cloud::OrgPolicy::V1::Policy>]
89
+ # A representation of an [organization
90
+ # policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).
91
+ # There can be more than one organization policy with different constraints
92
+ # set on a given resource.
93
+ # @!attribute [rw] access_policy
94
+ # @return [Google::Identity::AccessContextManager::V1::AccessPolicy]
95
+ # @!attribute [rw] access_level
96
+ # @return [Google::Identity::AccessContextManager::V1::AccessLevel]
97
+ # @!attribute [rw] service_perimeter
98
+ # @return [Google::Identity::AccessContextManager::V1::ServicePerimeter]
72
99
  # @!attribute [rw] ancestors
73
100
  # @return [Array<String>]
74
- # Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy,
75
- # represented as a list of relative resource names. Ancestry path starts with
76
- # the closest CRM ancestor and ends at root. If the asset is a CRM
77
- # project/folder/organization, this starts from the asset itself.
101
+ # The ancestry path of an asset in Google Cloud [resource
102
+ # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
103
+ # represented as a list of relative resource names. An ancestry path starts
104
+ # with the closest ancestor in the hierarchy and ends at root. If the asset
105
+ # is a project, folder, or organization, the ancestry path starts from the
106
+ # asset itself.
78
107
  #
79
- # Example: ["projects/123456789", "folders/5432", "organizations/1234"]
108
+ # For example: `["projects/123456789", "folders/5432", "organizations/1234"]`
80
109
  class Asset
81
110
  include Google::Protobuf::MessageExts
82
111
  extend Google::Protobuf::MessageExts::ClassMethods
83
112
  end
84
113
 
85
- # Representation of a cloud resource.
114
+ # A representation of a Google Cloud resource.
86
115
  # @!attribute [rw] version
87
116
  # @return [String]
88
- # The API version. Example: "v1".
117
+ # The API version. For example: "v1"
89
118
  # @!attribute [rw] discovery_document_uri
90
119
  # @return [String]
91
120
  # The URL of the discovery document containing the resource's JSON schema.
92
121
  # For example:
93
- # `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
94
- # It will be left unspecified for resources without a discovery-based API,
95
- # such as Cloud Bigtable.
122
+ # "https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"
123
+ #
124
+ # This value is unspecified for resources that do not have an API based on a
125
+ # discovery document, such as Cloud Bigtable.
96
126
  # @!attribute [rw] discovery_name
97
127
  # @return [String]
98
- # The JSON schema name listed in the discovery document.
99
- # Example: "Project". It will be left unspecified for resources (such as
100
- # Cloud Bigtable) without a discovery-based API.
128
+ # The JSON schema name listed in the discovery document. For example:
129
+ # "Project"
130
+ #
131
+ # This value is unspecified for resources that do not have an API based on a
132
+ # discovery document, such as Cloud Bigtable.
101
133
  # @!attribute [rw] resource_url
102
134
  # @return [String]
103
- # The REST URL for accessing the resource. An HTTP GET operation using this
104
- # URL returns the resource itself.
105
- # Example:
106
- # `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
107
- # It will be left unspecified for resources without a REST API.
135
+ # The REST URL for accessing the resource. An HTTP `GET` request using this
136
+ # URL returns the resource itself. For example:
137
+ # "https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123"
138
+ #
139
+ # This value is unspecified for resources without a REST API.
108
140
  # @!attribute [rw] parent
109
141
  # @return [String]
110
142
  # The full name of the immediate parent of this resource. See
@@ -112,16 +144,17 @@ module Google
112
144
  # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
113
145
  # for more information.
114
146
  #
115
- # For GCP assets, it is the parent resource defined in the [Cloud IAM policy
147
+ # For Google Cloud assets, this value is the parent resource defined in the
148
+ # [Cloud IAM policy
116
149
  # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
117
150
  # For example:
118
- # `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
151
+ # "//cloudresourcemanager.googleapis.com/projects/my_project_123"
119
152
  #
120
- # For third-party assets, it is up to the users to define.
153
+ # For third-party assets, this field may be set differently.
121
154
  # @!attribute [rw] data
122
155
  # @return [Google::Protobuf::Struct]
123
- # The content of the resource, in which some sensitive fields are scrubbed
124
- # away and may not be present.
156
+ # The content of the resource, in which some sensitive fields are removed
157
+ # and may not be present.
125
158
  class Resource
126
159
  include Google::Protobuf::MessageExts
127
160
  extend Google::Protobuf::MessageExts::ClassMethods