google-cloud-asset-v1 0.13.1 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/google/cloud/asset/v1/asset_service/client.rb +124 -4
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +39 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +7 -1
- data/lib/google/cloud/asset/v1/assets_pb.rb +12 -2
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/lib/google/identity/accesscontextmanager/v1/access_level_pb.rb +1 -0
- data/lib/google/identity/accesscontextmanager/v1/access_policy_pb.rb +1 -0
- data/lib/google/identity/accesscontextmanager/v1/service_perimeter_pb.rb +60 -0
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +133 -3
- data/proto_docs/google/cloud/asset/v1/assets.rb +68 -0
- data/proto_docs/google/identity/accesscontextmanager/v1/access_level.rb +2 -2
- data/proto_docs/google/identity/accesscontextmanager/v1/access_policy.rb +1 -1
- data/proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb +328 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ffce1027ed7b1bca718ecdc5909b466a68077773da8e05d3681787a9e86871b3
|
4
|
+
data.tar.gz: 41ddd69285d6e161c159066e9bc36f6a67c1d05fd551a1d27a6deb729608ced7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 16974de7eefcdd9bd1b8f569cb742b10c93a163ce458a10fecdc725b8f5785a5d20f71370b48015aa252c5326ad48e19436967840e6c1367b4f61e36bc6b1750
|
7
|
+
data.tar.gz: 8a0fdf4604057cc58331ab2e1285d6050f0e1b093b51133fa38dc130312cedacd854f7e2db50dfaab89d0d84fd87e0708871318242b7bb17fb2e0fdc8ab14dd1
|
@@ -893,7 +893,7 @@ module Google
|
|
893
893
|
# @param options [::Gapic::CallOptions, ::Hash]
|
894
894
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
895
895
|
#
|
896
|
-
# @overload search_all_resources(scope: nil, query: nil, asset_types: nil, page_size: nil, page_token: nil, order_by: nil)
|
896
|
+
# @overload search_all_resources(scope: nil, query: nil, asset_types: nil, page_size: nil, page_token: nil, order_by: nil, read_mask: nil)
|
897
897
|
# Pass arguments to `search_all_resources` via keyword arguments. Note that at
|
898
898
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
899
899
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -935,8 +935,8 @@ module Google
|
|
935
935
|
# encryption key whose name contains the word "key".
|
936
936
|
# * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
|
937
937
|
# word.
|
938
|
-
# * `NOT state:ACTIVE` to find
|
939
|
-
#
|
938
|
+
# * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain
|
939
|
+
# "ACTIVE" as a word.
|
940
940
|
# * `createTime<1609459200` to find Cloud resources that were created before
|
941
941
|
# "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
942
942
|
# "2021-01-01 00:00:00 UTC" in seconds.
|
@@ -982,6 +982,7 @@ module Google
|
|
982
982
|
# to indicate descending order. Redundant space characters are ignored.
|
983
983
|
# Example: "location DESC, name".
|
984
984
|
# Only singular primitive fields in the response are sortable:
|
985
|
+
#
|
985
986
|
# * name
|
986
987
|
# * assetType
|
987
988
|
# * project
|
@@ -994,9 +995,39 @@ module Google
|
|
994
995
|
# * state
|
995
996
|
# * parentFullResourceName
|
996
997
|
# * parentAssetType
|
998
|
+
#
|
997
999
|
# All the other fields such as repeated fields (e.g., `networkTags`), map
|
998
1000
|
# fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
|
999
1001
|
# are not supported.
|
1002
|
+
# @param read_mask [::Google::Protobuf::FieldMask, ::Hash]
|
1003
|
+
# Optional. A comma-separated list of fields specifying which fields to be returned in
|
1004
|
+
# ResourceSearchResult. Only '*' or combination of top level fields can be
|
1005
|
+
# specified. Field names of both snake_case and camelCase are supported.
|
1006
|
+
# Examples: `"*"`, `"name,location"`, `"name,versionedResources"`.
|
1007
|
+
#
|
1008
|
+
# The read_mask paths must be valid field paths listed but not limited to
|
1009
|
+
# (both snake_case and camelCase are supported):
|
1010
|
+
#
|
1011
|
+
# * name
|
1012
|
+
# * assetType
|
1013
|
+
# * project
|
1014
|
+
# * displayName
|
1015
|
+
# * description
|
1016
|
+
# * location
|
1017
|
+
# * labels
|
1018
|
+
# * networkTags
|
1019
|
+
# * kmsKey
|
1020
|
+
# * createTime
|
1021
|
+
# * updateTime
|
1022
|
+
# * state
|
1023
|
+
# * additionalAttributes
|
1024
|
+
# * versionedResources
|
1025
|
+
#
|
1026
|
+
# If read_mask is not specified, all fields except versionedResources will
|
1027
|
+
# be returned.
|
1028
|
+
# If only '*' is specified, all fields including versionedResources will be
|
1029
|
+
# returned.
|
1030
|
+
# Any invalid field path will trigger INVALID_ARGUMENT error.
|
1000
1031
|
#
|
1001
1032
|
# @yield [response, operation] Access the result along with the RPC operation
|
1002
1033
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
|
@@ -1293,7 +1324,7 @@ module Google
|
|
1293
1324
|
# {::Google::Longrunning::Operation google.longrunning.Operation}, which allows you to track the operation
|
1294
1325
|
# status. We recommend intervals of at least 2 seconds with exponential
|
1295
1326
|
# backoff retry to poll the operation result. The metadata contains the
|
1296
|
-
#
|
1327
|
+
# metadata for the long-running operation.
|
1297
1328
|
#
|
1298
1329
|
# @overload analyze_iam_policy_longrunning(request, options = nil)
|
1299
1330
|
# Pass arguments to `analyze_iam_policy_longrunning` via a request object, either of type
|
@@ -1361,6 +1392,88 @@ module Google
|
|
1361
1392
|
raise ::Google::Cloud::Error.from_error(e)
|
1362
1393
|
end
|
1363
1394
|
|
1395
|
+
##
|
1396
|
+
# Analyze moving a resource to a specified destination without kicking off
|
1397
|
+
# the actual move. The analysis is best effort depending on the user's
|
1398
|
+
# permissions of viewing different hierarchical policies and configurations.
|
1399
|
+
# The policies and configuration are subject to change before the actual
|
1400
|
+
# resource migration takes place.
|
1401
|
+
#
|
1402
|
+
# @overload analyze_move(request, options = nil)
|
1403
|
+
# Pass arguments to `analyze_move` via a request object, either of type
|
1404
|
+
# {::Google::Cloud::Asset::V1::AnalyzeMoveRequest} or an equivalent Hash.
|
1405
|
+
#
|
1406
|
+
# @param request [::Google::Cloud::Asset::V1::AnalyzeMoveRequest, ::Hash]
|
1407
|
+
# A request object representing the call parameters. Required. To specify no
|
1408
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
1409
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
1410
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1411
|
+
#
|
1412
|
+
# @overload analyze_move(resource: nil, destination_parent: nil, view: nil)
|
1413
|
+
# Pass arguments to `analyze_move` via keyword arguments. Note that at
|
1414
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
1415
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
1416
|
+
#
|
1417
|
+
# @param resource [::String]
|
1418
|
+
# Required. Name of the resource to perform the analysis against.
|
1419
|
+
# Only GCP Project are supported as of today. Hence, this can only be Project
|
1420
|
+
# ID (such as "projects/my-project-id") or a Project Number (such as
|
1421
|
+
# "projects/12345").
|
1422
|
+
# @param destination_parent [::String]
|
1423
|
+
# Required. Name of the GCP Folder or Organization to reparent the target
|
1424
|
+
# resource. The analysis will be performed against hypothetically moving the
|
1425
|
+
# resource to this specified desitination parent. This can only be a Folder
|
1426
|
+
# number (such as "folders/123") or an Organization number (such as
|
1427
|
+
# "organizations/123").
|
1428
|
+
# @param view [::Google::Cloud::Asset::V1::AnalyzeMoveRequest::AnalysisView]
|
1429
|
+
# Analysis view indicating what information should be included in the
|
1430
|
+
# analysis response. If unspecified, the default view is FULL.
|
1431
|
+
#
|
1432
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
1433
|
+
# @yieldparam response [::Google::Cloud::Asset::V1::AnalyzeMoveResponse]
|
1434
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
1435
|
+
#
|
1436
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzeMoveResponse]
|
1437
|
+
#
|
1438
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
1439
|
+
#
|
1440
|
+
def analyze_move request, options = nil
|
1441
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
1442
|
+
|
1443
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeMoveRequest
|
1444
|
+
|
1445
|
+
# Converts hash and nil to an options object
|
1446
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
1447
|
+
|
1448
|
+
# Customize the options with defaults
|
1449
|
+
metadata = @config.rpcs.analyze_move.metadata.to_h
|
1450
|
+
|
1451
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
1452
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
1453
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
1454
|
+
gapic_version: ::Google::Cloud::Asset::V1::VERSION
|
1455
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
1456
|
+
|
1457
|
+
header_params = {
|
1458
|
+
"resource" => request.resource
|
1459
|
+
}
|
1460
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
1461
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
1462
|
+
|
1463
|
+
options.apply_defaults timeout: @config.rpcs.analyze_move.timeout,
|
1464
|
+
metadata: metadata,
|
1465
|
+
retry_policy: @config.rpcs.analyze_move.retry_policy
|
1466
|
+
options.apply_defaults metadata: @config.metadata,
|
1467
|
+
retry_policy: @config.retry_policy
|
1468
|
+
|
1469
|
+
@asset_service_stub.call_rpc :analyze_move, request, options: options do |response, operation|
|
1470
|
+
yield response, operation if block_given?
|
1471
|
+
return response
|
1472
|
+
end
|
1473
|
+
rescue ::GRPC::BadStatus => e
|
1474
|
+
raise ::Google::Cloud::Error.from_error(e)
|
1475
|
+
end
|
1476
|
+
|
1364
1477
|
##
|
1365
1478
|
# Configuration class for the AssetService API.
|
1366
1479
|
#
|
@@ -1557,6 +1670,11 @@ module Google
|
|
1557
1670
|
# @return [::Gapic::Config::Method]
|
1558
1671
|
#
|
1559
1672
|
attr_reader :analyze_iam_policy_longrunning
|
1673
|
+
##
|
1674
|
+
# RPC-specific configuration for `analyze_move`
|
1675
|
+
# @return [::Gapic::Config::Method]
|
1676
|
+
#
|
1677
|
+
attr_reader :analyze_move
|
1560
1678
|
|
1561
1679
|
# @private
|
1562
1680
|
def initialize parent_rpcs = nil
|
@@ -1584,6 +1702,8 @@ module Google
|
|
1584
1702
|
@analyze_iam_policy = ::Gapic::Config::Method.new analyze_iam_policy_config
|
1585
1703
|
analyze_iam_policy_longrunning_config = parent_rpcs.analyze_iam_policy_longrunning if parent_rpcs.respond_to? :analyze_iam_policy_longrunning
|
1586
1704
|
@analyze_iam_policy_longrunning = ::Gapic::Config::Method.new analyze_iam_policy_longrunning_config
|
1705
|
+
analyze_move_config = parent_rpcs.analyze_move if parent_rpcs.respond_to? :analyze_move
|
1706
|
+
@analyze_move = ::Gapic::Config::Method.new analyze_move_config
|
1587
1707
|
|
1588
1708
|
yield self if block_given?
|
1589
1709
|
end
|
@@ -14,9 +14,13 @@ require 'google/protobuf/empty_pb'
|
|
14
14
|
require 'google/protobuf/field_mask_pb'
|
15
15
|
require 'google/protobuf/struct_pb'
|
16
16
|
require 'google/protobuf/timestamp_pb'
|
17
|
+
require 'google/rpc/status_pb'
|
17
18
|
require 'google/type/expr_pb'
|
18
19
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
19
20
|
add_file("google/cloud/asset/v1/asset_service.proto", :syntax => :proto3) do
|
21
|
+
add_message "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningMetadata" do
|
22
|
+
optional :create_time, :message, 1, "google.protobuf.Timestamp"
|
23
|
+
end
|
20
24
|
add_message "google.cloud.asset.v1.ExportAssetsRequest" do
|
21
25
|
optional :parent, :string, 1
|
22
26
|
optional :read_time, :message, 2, "google.protobuf.Timestamp"
|
@@ -130,6 +134,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
130
134
|
optional :page_size, :int32, 4
|
131
135
|
optional :page_token, :string, 5
|
132
136
|
optional :order_by, :string, 6
|
137
|
+
optional :read_mask, :message, 8, "google.protobuf.FieldMask"
|
133
138
|
end
|
134
139
|
add_message "google.cloud.asset.v1.SearchAllResourcesResponse" do
|
135
140
|
repeated :results, :message, 1, "google.cloud.asset.v1.ResourceSearchResult"
|
@@ -218,6 +223,33 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
218
223
|
end
|
219
224
|
add_message "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse" do
|
220
225
|
end
|
226
|
+
add_message "google.cloud.asset.v1.AnalyzeMoveRequest" do
|
227
|
+
optional :resource, :string, 1
|
228
|
+
optional :destination_parent, :string, 2
|
229
|
+
optional :view, :enum, 3, "google.cloud.asset.v1.AnalyzeMoveRequest.AnalysisView"
|
230
|
+
end
|
231
|
+
add_enum "google.cloud.asset.v1.AnalyzeMoveRequest.AnalysisView" do
|
232
|
+
value :ANALYSIS_VIEW_UNSPECIFIED, 0
|
233
|
+
value :FULL, 1
|
234
|
+
value :BASIC, 2
|
235
|
+
end
|
236
|
+
add_message "google.cloud.asset.v1.AnalyzeMoveResponse" do
|
237
|
+
repeated :move_analysis, :message, 1, "google.cloud.asset.v1.MoveAnalysis"
|
238
|
+
end
|
239
|
+
add_message "google.cloud.asset.v1.MoveAnalysis" do
|
240
|
+
optional :display_name, :string, 1
|
241
|
+
oneof :result do
|
242
|
+
optional :analysis, :message, 2, "google.cloud.asset.v1.MoveAnalysisResult"
|
243
|
+
optional :error, :message, 3, "google.rpc.Status"
|
244
|
+
end
|
245
|
+
end
|
246
|
+
add_message "google.cloud.asset.v1.MoveAnalysisResult" do
|
247
|
+
repeated :blockers, :message, 1, "google.cloud.asset.v1.MoveImpact"
|
248
|
+
repeated :warnings, :message, 2, "google.cloud.asset.v1.MoveImpact"
|
249
|
+
end
|
250
|
+
add_message "google.cloud.asset.v1.MoveImpact" do
|
251
|
+
optional :detail, :string, 1
|
252
|
+
end
|
221
253
|
add_enum "google.cloud.asset.v1.ContentType" do
|
222
254
|
value :CONTENT_TYPE_UNSPECIFIED, 0
|
223
255
|
value :RESOURCE, 1
|
@@ -233,6 +265,7 @@ module Google
|
|
233
265
|
module Cloud
|
234
266
|
module Asset
|
235
267
|
module V1
|
268
|
+
AnalyzeIamPolicyLongrunningMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyLongrunningMetadata").msgclass
|
236
269
|
ExportAssetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportAssetsRequest").msgclass
|
237
270
|
ExportAssetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportAssetsResponse").msgclass
|
238
271
|
ListAssetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ListAssetsRequest").msgclass
|
@@ -274,6 +307,12 @@ module Google
|
|
274
307
|
IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey").enummodule
|
275
308
|
AnalyzeIamPolicyLongrunningRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyLongrunningRequest").msgclass
|
276
309
|
AnalyzeIamPolicyLongrunningResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse").msgclass
|
310
|
+
AnalyzeMoveRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeMoveRequest").msgclass
|
311
|
+
AnalyzeMoveRequest::AnalysisView = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeMoveRequest.AnalysisView").enummodule
|
312
|
+
AnalyzeMoveResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeMoveResponse").msgclass
|
313
|
+
MoveAnalysis = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.MoveAnalysis").msgclass
|
314
|
+
MoveAnalysisResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.MoveAnalysisResult").msgclass
|
315
|
+
MoveImpact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.MoveImpact").msgclass
|
277
316
|
ContentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ContentType").enummodule
|
278
317
|
end
|
279
318
|
end
|
@@ -87,8 +87,14 @@ module Google
|
|
87
87
|
# [google.longrunning.Operation][google.longrunning.Operation], which allows you to track the operation
|
88
88
|
# status. We recommend intervals of at least 2 seconds with exponential
|
89
89
|
# backoff retry to poll the operation result. The metadata contains the
|
90
|
-
#
|
90
|
+
# metadata for the long-running operation.
|
91
91
|
rpc :AnalyzeIamPolicyLongrunning, ::Google::Cloud::Asset::V1::AnalyzeIamPolicyLongrunningRequest, ::Google::Longrunning::Operation
|
92
|
+
# Analyze moving a resource to a specified destination without kicking off
|
93
|
+
# the actual move. The analysis is best effort depending on the user's
|
94
|
+
# permissions of viewing different hierarchical policies and configurations.
|
95
|
+
# The policies and configuration are subject to change before the actual
|
96
|
+
# resource migration takes place.
|
97
|
+
rpc :AnalyzeMove, ::Google::Cloud::Asset::V1::AnalyzeMoveRequest, ::Google::Cloud::Asset::V1::AnalyzeMoveResponse
|
92
98
|
end
|
93
99
|
|
94
100
|
Stub = Service.rpc_stub_class
|
@@ -10,11 +10,9 @@ require 'google/identity/accesscontextmanager/v1/access_level_pb'
|
|
10
10
|
require 'google/identity/accesscontextmanager/v1/access_policy_pb'
|
11
11
|
require 'google/cloud/osconfig/v1/inventory_pb'
|
12
12
|
require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
|
13
|
-
require 'google/protobuf/any_pb'
|
14
13
|
require 'google/protobuf/struct_pb'
|
15
14
|
require 'google/protobuf/timestamp_pb'
|
16
15
|
require 'google/rpc/code_pb'
|
17
|
-
require 'google/api/annotations_pb'
|
18
16
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
19
17
|
add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
|
20
18
|
add_message "google.cloud.asset.v1.TemporalAsset" do
|
@@ -76,8 +74,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
76
74
|
optional :state, :string, 13
|
77
75
|
optional :additional_attributes, :message, 9, "google.protobuf.Struct"
|
78
76
|
optional :parent_full_resource_name, :string, 19
|
77
|
+
repeated :versioned_resources, :message, 16, "google.cloud.asset.v1.VersionedResource"
|
78
|
+
repeated :attached_resources, :message, 20, "google.cloud.asset.v1.AttachedResource"
|
79
79
|
optional :parent_asset_type, :string, 103
|
80
80
|
end
|
81
|
+
add_message "google.cloud.asset.v1.VersionedResource" do
|
82
|
+
optional :version, :string, 1
|
83
|
+
optional :resource, :message, 2, "google.protobuf.Struct"
|
84
|
+
end
|
85
|
+
add_message "google.cloud.asset.v1.AttachedResource" do
|
86
|
+
optional :asset_type, :string, 1
|
87
|
+
repeated :versioned_resources, :message, 3, "google.cloud.asset.v1.VersionedResource"
|
88
|
+
end
|
81
89
|
add_message "google.cloud.asset.v1.IamPolicySearchResult" do
|
82
90
|
optional :resource, :string, 1
|
83
91
|
optional :asset_type, :string, 5
|
@@ -155,6 +163,8 @@ module Google
|
|
155
163
|
Asset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Asset").msgclass
|
156
164
|
Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Resource").msgclass
|
157
165
|
ResourceSearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ResourceSearchResult").msgclass
|
166
|
+
VersionedResource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.VersionedResource").msgclass
|
167
|
+
AttachedResource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AttachedResource").msgclass
|
158
168
|
IamPolicySearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult").msgclass
|
159
169
|
IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
|
160
170
|
IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'google/api/resource_pb'
|
6
7
|
require 'google/protobuf/timestamp_pb'
|
7
8
|
require 'google/api/annotations_pb'
|
8
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -27,11 +28,60 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
27
28
|
repeated :access_levels, :string, 2
|
28
29
|
repeated :restricted_services, :string, 4
|
29
30
|
optional :vpc_accessible_services, :message, 10, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices"
|
31
|
+
repeated :ingress_policies, :message, 8, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy"
|
32
|
+
repeated :egress_policies, :message, 9, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy"
|
30
33
|
end
|
31
34
|
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices" do
|
32
35
|
optional :enable_restriction, :bool, 1
|
33
36
|
repeated :allowed_services, :string, 2
|
34
37
|
end
|
38
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector" do
|
39
|
+
oneof :kind do
|
40
|
+
optional :method, :string, 1
|
41
|
+
optional :permission, :string, 2
|
42
|
+
end
|
43
|
+
end
|
44
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation" do
|
45
|
+
optional :service_name, :string, 1
|
46
|
+
repeated :method_selectors, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector"
|
47
|
+
end
|
48
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource" do
|
49
|
+
oneof :source do
|
50
|
+
optional :access_level, :string, 1
|
51
|
+
optional :resource, :string, 2
|
52
|
+
end
|
53
|
+
end
|
54
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo" do
|
55
|
+
repeated :resources, :string, 1
|
56
|
+
repeated :operations, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
|
57
|
+
end
|
58
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom" do
|
59
|
+
repeated :sources, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource"
|
60
|
+
repeated :identities, :string, 2
|
61
|
+
optional :identity_type, :enum, 3, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType"
|
62
|
+
end
|
63
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo" do
|
64
|
+
repeated :operations, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
|
65
|
+
repeated :resources, :string, 2
|
66
|
+
end
|
67
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy" do
|
68
|
+
optional :ingress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom"
|
69
|
+
optional :ingress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo"
|
70
|
+
end
|
71
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy" do
|
72
|
+
optional :egress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
|
73
|
+
optional :egress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
|
74
|
+
end
|
75
|
+
add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom" do
|
76
|
+
repeated :identities, :string, 1
|
77
|
+
optional :identity_type, :enum, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType"
|
78
|
+
end
|
79
|
+
add_enum "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType" do
|
80
|
+
value :IDENTITY_TYPE_UNSPECIFIED, 0
|
81
|
+
value :ANY_IDENTITY, 1
|
82
|
+
value :ANY_USER_ACCOUNT, 2
|
83
|
+
value :ANY_SERVICE_ACCOUNT, 3
|
84
|
+
end
|
35
85
|
end
|
36
86
|
end
|
37
87
|
|
@@ -43,6 +93,16 @@ module Google
|
|
43
93
|
ServicePerimeter::PerimeterType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType").enummodule
|
44
94
|
ServicePerimeterConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig").msgclass
|
45
95
|
ServicePerimeterConfig::VpcAccessibleServices = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices").msgclass
|
96
|
+
ServicePerimeterConfig::MethodSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector").msgclass
|
97
|
+
ServicePerimeterConfig::ApiOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation").msgclass
|
98
|
+
ServicePerimeterConfig::IngressSource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource").msgclass
|
99
|
+
ServicePerimeterConfig::EgressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo").msgclass
|
100
|
+
ServicePerimeterConfig::IngressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom").msgclass
|
101
|
+
ServicePerimeterConfig::IngressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo").msgclass
|
102
|
+
ServicePerimeterConfig::IngressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy").msgclass
|
103
|
+
ServicePerimeterConfig::EgressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy").msgclass
|
104
|
+
ServicePerimeterConfig::EgressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom").msgclass
|
105
|
+
ServicePerimeterConfig::IdentityType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType").enummodule
|
46
106
|
end
|
47
107
|
end
|
48
108
|
end
|
@@ -21,6 +21,16 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module Asset
|
23
23
|
module V1
|
24
|
+
# Represents the metadata of the longrunning operation for the
|
25
|
+
# AnalyzeIamPolicyLongrunning rpc.
|
26
|
+
# @!attribute [r] create_time
|
27
|
+
# @return [::Google::Protobuf::Timestamp]
|
28
|
+
# The time the operation was created.
|
29
|
+
class AnalyzeIamPolicyLongrunningMetadata
|
30
|
+
include ::Google::Protobuf::MessageExts
|
31
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
32
|
+
end
|
33
|
+
|
24
34
|
# Export asset request.
|
25
35
|
# @!attribute [rw] parent
|
26
36
|
# @return [::String]
|
@@ -518,7 +528,7 @@ module Google
|
|
518
528
|
# optional.
|
519
529
|
#
|
520
530
|
# See our [user
|
521
|
-
# guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes
|
531
|
+
# guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes-with-condition)
|
522
532
|
# for detailed instructions.
|
523
533
|
class Feed
|
524
534
|
include ::Google::Protobuf::MessageExts
|
@@ -565,8 +575,8 @@ module Google
|
|
565
575
|
# encryption key whose name contains the word "key".
|
566
576
|
# * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
|
567
577
|
# word.
|
568
|
-
# * `NOT state:ACTIVE` to find
|
569
|
-
#
|
578
|
+
# * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain
|
579
|
+
# "ACTIVE" as a word.
|
570
580
|
# * `createTime<1609459200` to find Cloud resources that were created before
|
571
581
|
# "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
572
582
|
# "2021-01-01 00:00:00 UTC" in seconds.
|
@@ -616,6 +626,7 @@ module Google
|
|
616
626
|
# to indicate descending order. Redundant space characters are ignored.
|
617
627
|
# Example: "location DESC, name".
|
618
628
|
# Only singular primitive fields in the response are sortable:
|
629
|
+
#
|
619
630
|
# * name
|
620
631
|
# * assetType
|
621
632
|
# * project
|
@@ -628,9 +639,40 @@ module Google
|
|
628
639
|
# * state
|
629
640
|
# * parentFullResourceName
|
630
641
|
# * parentAssetType
|
642
|
+
#
|
631
643
|
# All the other fields such as repeated fields (e.g., `networkTags`), map
|
632
644
|
# fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
|
633
645
|
# are not supported.
|
646
|
+
# @!attribute [rw] read_mask
|
647
|
+
# @return [::Google::Protobuf::FieldMask]
|
648
|
+
# Optional. A comma-separated list of fields specifying which fields to be returned in
|
649
|
+
# ResourceSearchResult. Only '*' or combination of top level fields can be
|
650
|
+
# specified. Field names of both snake_case and camelCase are supported.
|
651
|
+
# Examples: `"*"`, `"name,location"`, `"name,versionedResources"`.
|
652
|
+
#
|
653
|
+
# The read_mask paths must be valid field paths listed but not limited to
|
654
|
+
# (both snake_case and camelCase are supported):
|
655
|
+
#
|
656
|
+
# * name
|
657
|
+
# * assetType
|
658
|
+
# * project
|
659
|
+
# * displayName
|
660
|
+
# * description
|
661
|
+
# * location
|
662
|
+
# * labels
|
663
|
+
# * networkTags
|
664
|
+
# * kmsKey
|
665
|
+
# * createTime
|
666
|
+
# * updateTime
|
667
|
+
# * state
|
668
|
+
# * additionalAttributes
|
669
|
+
# * versionedResources
|
670
|
+
#
|
671
|
+
# If read_mask is not specified, all fields except versionedResources will
|
672
|
+
# be returned.
|
673
|
+
# If only '*' is specified, all fields including versionedResources will be
|
674
|
+
# returned.
|
675
|
+
# Any invalid field path will trigger INVALID_ARGUMENT error.
|
634
676
|
class SearchAllResourcesRequest
|
635
677
|
include ::Google::Protobuf::MessageExts
|
636
678
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1114,6 +1156,94 @@ module Google
|
|
1114
1156
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1115
1157
|
end
|
1116
1158
|
|
1159
|
+
# The request message for performing resource move analysis.
|
1160
|
+
# @!attribute [rw] resource
|
1161
|
+
# @return [::String]
|
1162
|
+
# Required. Name of the resource to perform the analysis against.
|
1163
|
+
# Only GCP Project are supported as of today. Hence, this can only be Project
|
1164
|
+
# ID (such as "projects/my-project-id") or a Project Number (such as
|
1165
|
+
# "projects/12345").
|
1166
|
+
# @!attribute [rw] destination_parent
|
1167
|
+
# @return [::String]
|
1168
|
+
# Required. Name of the GCP Folder or Organization to reparent the target
|
1169
|
+
# resource. The analysis will be performed against hypothetically moving the
|
1170
|
+
# resource to this specified desitination parent. This can only be a Folder
|
1171
|
+
# number (such as "folders/123") or an Organization number (such as
|
1172
|
+
# "organizations/123").
|
1173
|
+
# @!attribute [rw] view
|
1174
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzeMoveRequest::AnalysisView]
|
1175
|
+
# Analysis view indicating what information should be included in the
|
1176
|
+
# analysis response. If unspecified, the default view is FULL.
|
1177
|
+
class AnalyzeMoveRequest
|
1178
|
+
include ::Google::Protobuf::MessageExts
|
1179
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1180
|
+
|
1181
|
+
# View enum for supporting partial analysis responses.
|
1182
|
+
module AnalysisView
|
1183
|
+
# The default/unset value.
|
1184
|
+
# The API will default to the FULL view.
|
1185
|
+
ANALYSIS_VIEW_UNSPECIFIED = 0
|
1186
|
+
|
1187
|
+
# Full analysis including all level of impacts of the specified resource
|
1188
|
+
# move.
|
1189
|
+
FULL = 1
|
1190
|
+
|
1191
|
+
# Basic analysis only including blockers which will prevent the specified
|
1192
|
+
# resource move at runtime.
|
1193
|
+
BASIC = 2
|
1194
|
+
end
|
1195
|
+
end
|
1196
|
+
|
1197
|
+
# The response message for resource move analysis.
|
1198
|
+
# @!attribute [rw] move_analysis
|
1199
|
+
# @return [::Array<::Google::Cloud::Asset::V1::MoveAnalysis>]
|
1200
|
+
# The list of analyses returned from performing the intended resource move
|
1201
|
+
# analysis. The analysis is grouped by different Cloud services.
|
1202
|
+
class AnalyzeMoveResponse
|
1203
|
+
include ::Google::Protobuf::MessageExts
|
1204
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1205
|
+
end
|
1206
|
+
|
1207
|
+
# A message to group the analysis information.
|
1208
|
+
# @!attribute [rw] display_name
|
1209
|
+
# @return [::String]
|
1210
|
+
# The user friendly display name of the analysis. E.g. IAM, Organization
|
1211
|
+
# Policy etc.
|
1212
|
+
# @!attribute [rw] analysis
|
1213
|
+
# @return [::Google::Cloud::Asset::V1::MoveAnalysisResult]
|
1214
|
+
# Analysis result of moving the target resource.
|
1215
|
+
# @!attribute [rw] error
|
1216
|
+
# @return [::Google::Rpc::Status]
|
1217
|
+
# Description of error encountered when performing the analysis.
|
1218
|
+
class MoveAnalysis
|
1219
|
+
include ::Google::Protobuf::MessageExts
|
1220
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1221
|
+
end
|
1222
|
+
|
1223
|
+
# An analysis result including blockers and warnings.
|
1224
|
+
# @!attribute [rw] blockers
|
1225
|
+
# @return [::Array<::Google::Cloud::Asset::V1::MoveImpact>]
|
1226
|
+
# Blocking information that would prevent the target resource from moving
|
1227
|
+
# to the specified destination at runtime.
|
1228
|
+
# @!attribute [rw] warnings
|
1229
|
+
# @return [::Array<::Google::Cloud::Asset::V1::MoveImpact>]
|
1230
|
+
# Warning information indicating that moving the target resource to the
|
1231
|
+
# specified destination might be unsafe. This can include important policy
|
1232
|
+
# information and configuration changes, but will not block moves at runtime.
|
1233
|
+
class MoveAnalysisResult
|
1234
|
+
include ::Google::Protobuf::MessageExts
|
1235
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1236
|
+
end
|
1237
|
+
|
1238
|
+
# A message to group impacts of moving the target resource.
|
1239
|
+
# @!attribute [rw] detail
|
1240
|
+
# @return [::String]
|
1241
|
+
# User friendly impact detail in a free form message.
|
1242
|
+
class MoveImpact
|
1243
|
+
include ::Google::Protobuf::MessageExts
|
1244
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1245
|
+
end
|
1246
|
+
|
1117
1247
|
# Asset content type.
|
1118
1248
|
module ContentType
|
1119
1249
|
# Unspecified content type.
|
@@ -406,6 +406,24 @@ module Google
|
|
406
406
|
# `parentFullResourceName:"project-name"`
|
407
407
|
# * use a free text query. Example:
|
408
408
|
# `project-name`
|
409
|
+
# @!attribute [rw] versioned_resources
|
410
|
+
# @return [::Array<::Google::Cloud::Asset::V1::VersionedResource>]
|
411
|
+
# Versioned resource representations of this resource. This is repeated
|
412
|
+
# because there could be multiple versions of resource representations during
|
413
|
+
# version migration.
|
414
|
+
#
|
415
|
+
# This `versioned_resources` field is not searchable. Some attributes of the
|
416
|
+
# resource representations are exposed in `additional_attributes` field, so
|
417
|
+
# as to allow users to search on them.
|
418
|
+
# @!attribute [rw] attached_resources
|
419
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AttachedResource>]
|
420
|
+
# Attached resources of this resource. For example, an OSConfig
|
421
|
+
# Inventory is an attached resource of a Compute Instance. This field is
|
422
|
+
# repeated because a resource could have multiple attached resources.
|
423
|
+
#
|
424
|
+
# This `attached_resources` field is not searchable. Some attributes
|
425
|
+
# of the attached resources are exposed in `additional_attributes` field, so
|
426
|
+
# as to allow users to search on them.
|
409
427
|
# @!attribute [rw] parent_asset_type
|
410
428
|
# @return [::String]
|
411
429
|
# The type of this resource's immediate parent, if there is one.
|
@@ -430,6 +448,56 @@ module Google
|
|
430
448
|
end
|
431
449
|
end
|
432
450
|
|
451
|
+
# Resource representation as defined by the corresponding service providing the
|
452
|
+
# resource for a given API version.
|
453
|
+
# @!attribute [rw] version
|
454
|
+
# @return [::String]
|
455
|
+
# API version of the resource.
|
456
|
+
#
|
457
|
+
# Example:
|
458
|
+
# If the resource is an instance provided by Compute Engine v1 API as defined
|
459
|
+
# in `https://cloud.google.com/compute/docs/reference/rest/v1/instances`,
|
460
|
+
# version will be "v1".
|
461
|
+
# @!attribute [rw] resource
|
462
|
+
# @return [::Google::Protobuf::Struct]
|
463
|
+
# JSON representation of the resource as defined by the corresponding
|
464
|
+
# service providing this resource.
|
465
|
+
#
|
466
|
+
# Example:
|
467
|
+
# If the resource is an instance provided by Compute Engine, this field will
|
468
|
+
# contain the JSON representation of the instance as defined by Compute
|
469
|
+
# Engine:
|
470
|
+
# `https://cloud.google.com/compute/docs/reference/rest/v1/instances`.
|
471
|
+
#
|
472
|
+
# You can find the resource definition for each supported resource type in
|
473
|
+
# this table:
|
474
|
+
# `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`
|
475
|
+
class VersionedResource
|
476
|
+
include ::Google::Protobuf::MessageExts
|
477
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
478
|
+
end
|
479
|
+
|
480
|
+
# Attached resource representation, which is defined by the corresponding
|
481
|
+
# service provider. It represents an attached resource's payload.
|
482
|
+
# @!attribute [rw] asset_type
|
483
|
+
# @return [::String]
|
484
|
+
# The type of this attached resource.
|
485
|
+
#
|
486
|
+
# Example: `osconfig.googleapis.com/Inventory`
|
487
|
+
#
|
488
|
+
# You can find the supported attached asset types of each resource in this
|
489
|
+
# table:
|
490
|
+
# `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`
|
491
|
+
# @!attribute [rw] versioned_resources
|
492
|
+
# @return [::Array<::Google::Cloud::Asset::V1::VersionedResource>]
|
493
|
+
# Versioned resource representations of this attached resource. This is
|
494
|
+
# repeated because there could be multiple versions of the attached resource
|
495
|
+
# representations during version migration.
|
496
|
+
class AttachedResource
|
497
|
+
include ::Google::Protobuf::MessageExts
|
498
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
499
|
+
end
|
500
|
+
|
433
501
|
# A result of IAM Policy search, containing information of an IAM policy.
|
434
502
|
# @!attribute [rw] resource
|
435
503
|
# @return [::String]
|
@@ -28,8 +28,8 @@ module Google
|
|
28
28
|
# @return [::String]
|
29
29
|
# Required. Resource name for the Access Level. The `short_name` component
|
30
30
|
# must begin with a letter and only include alphanumeric and '_'. Format:
|
31
|
-
# `accessPolicies/{
|
32
|
-
# of the `
|
31
|
+
# `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum
|
32
|
+
# length of the `access_level` component is 50 characters.
|
33
33
|
# @!attribute [rw] title
|
34
34
|
# @return [::String]
|
35
35
|
# Human readable title. Must be unique within the Policy.
|
@@ -29,7 +29,7 @@ module Google
|
|
29
29
|
# @!attribute [rw] name
|
30
30
|
# @return [::String]
|
31
31
|
# Output only. Resource name of the `AccessPolicy`. Format:
|
32
|
-
# `accessPolicies/{
|
32
|
+
# `accessPolicies/{access_policy}`
|
33
33
|
# @!attribute [rw] parent
|
34
34
|
# @return [::String]
|
35
35
|
# Required. The parent of this `AccessPolicy` in the Cloud Resource
|
@@ -35,7 +35,8 @@ module Google
|
|
35
35
|
# @return [::String]
|
36
36
|
# Required. Resource name for the ServicePerimeter. The `short_name`
|
37
37
|
# component must begin with a letter and only include alphanumeric and '_'.
|
38
|
-
# Format:
|
38
|
+
# Format:
|
39
|
+
# `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`
|
39
40
|
# @!attribute [rw] title
|
40
41
|
# @return [::String]
|
41
42
|
# Human readable title. Must be unique within the Policy.
|
@@ -133,6 +134,26 @@ module Google
|
|
133
134
|
# @!attribute [rw] vpc_accessible_services
|
134
135
|
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::VpcAccessibleServices]
|
135
136
|
# Configuration for APIs allowed within Perimeter.
|
137
|
+
# @!attribute [rw] ingress_policies
|
138
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::IngressPolicy>]
|
139
|
+
# List of [IngressPolicies]
|
140
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
141
|
+
# to apply to the perimeter. A perimeter may have multiple [IngressPolicies]
|
142
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy],
|
143
|
+
# each of which is evaluated separately. Access is granted if any [Ingress
|
144
|
+
# Policy]
|
145
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
146
|
+
# grants it. Must be empty for a perimeter bridge.
|
147
|
+
# @!attribute [rw] egress_policies
|
148
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressPolicy>]
|
149
|
+
# List of [EgressPolicies]
|
150
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
151
|
+
# to apply to the perimeter. A perimeter may have multiple [EgressPolicies]
|
152
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy],
|
153
|
+
# each of which is evaluated separately. Access is granted if any
|
154
|
+
# [EgressPolicy]
|
155
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
156
|
+
# grants it. Must be empty for a perimeter bridge.
|
136
157
|
class ServicePerimeterConfig
|
137
158
|
include ::Google::Protobuf::MessageExts
|
138
159
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -146,11 +167,316 @@ module Google
|
|
146
167
|
# @!attribute [rw] allowed_services
|
147
168
|
# @return [::Array<::String>]
|
148
169
|
# The list of APIs usable within the Service Perimeter. Must be empty
|
149
|
-
# unless 'enable_restriction' is True.
|
170
|
+
# unless 'enable_restriction' is True. You can specify a list of individual
|
171
|
+
# services, as well as include the 'RESTRICTED-SERVICES' value, which
|
172
|
+
# automatically includes all of the services protected by the perimeter.
|
150
173
|
class VpcAccessibleServices
|
151
174
|
include ::Google::Protobuf::MessageExts
|
152
175
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
153
176
|
end
|
177
|
+
|
178
|
+
# An allowed method or permission of a service specified in [ApiOperation]
|
179
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
|
180
|
+
# @!attribute [rw] method
|
181
|
+
# @return [::String]
|
182
|
+
# Value for `method` should be a valid method name for the corresponding
|
183
|
+
# `service_name` in [ApiOperation]
|
184
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
|
185
|
+
# If `*` used as value for `method`, then ALL methods and permissions are
|
186
|
+
# allowed.
|
187
|
+
# @!attribute [rw] permission
|
188
|
+
# @return [::String]
|
189
|
+
# Value for `permission` should be a valid Cloud IAM permission for the
|
190
|
+
# corresponding `service_name` in [ApiOperation]
|
191
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
|
192
|
+
class MethodSelector
|
193
|
+
include ::Google::Protobuf::MessageExts
|
194
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
195
|
+
end
|
196
|
+
|
197
|
+
# Identification for an API Operation.
|
198
|
+
# @!attribute [rw] service_name
|
199
|
+
# @return [::String]
|
200
|
+
# The name of the API whose methods or permissions the [IngressPolicy]
|
201
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
202
|
+
# or [EgressPolicy]
|
203
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
204
|
+
# want to allow. A single [ApiOperation]
|
205
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
206
|
+
# with `service_name` field set to `*` will allow all methods AND
|
207
|
+
# permissions for all services.
|
208
|
+
# @!attribute [rw] method_selectors
|
209
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::MethodSelector>]
|
210
|
+
# API methods or permissions to allow. Method or permission must belong to
|
211
|
+
# the service specified by `service_name` field. A single [MethodSelector]
|
212
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector]
|
213
|
+
# entry with `*` specified for the `method` field will allow all methods
|
214
|
+
# AND permissions for the service specified in `service_name`.
|
215
|
+
class ApiOperation
|
216
|
+
include ::Google::Protobuf::MessageExts
|
217
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
218
|
+
end
|
219
|
+
|
220
|
+
# The source that [IngressPolicy]
|
221
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
222
|
+
# authorizes access from.
|
223
|
+
# @!attribute [rw] access_level
|
224
|
+
# @return [::String]
|
225
|
+
# An [AccessLevel]
|
226
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] resource
|
227
|
+
# name that allow resources within the [ServicePerimeters]
|
228
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] to be
|
229
|
+
# accessed from the internet. [AccessLevels]
|
230
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] listed must
|
231
|
+
# be in the same policy as this [ServicePerimeter]
|
232
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter].
|
233
|
+
# Referencing a nonexistent [AccessLevel]
|
234
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] will cause
|
235
|
+
# an error. If no [AccessLevel]
|
236
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] names are
|
237
|
+
# listed, resources within the perimeter can only be accessed via Google
|
238
|
+
# Cloud calls with request origins within the perimeter. Example:
|
239
|
+
# `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is
|
240
|
+
# specified for `access_level`, then all [IngressSources]
|
241
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource]
|
242
|
+
# will be allowed.
|
243
|
+
# @!attribute [rw] resource
|
244
|
+
# @return [::String]
|
245
|
+
# A Google Cloud resource that is allowed to ingress the perimeter.
|
246
|
+
# Requests from these resources will be allowed to access perimeter data.
|
247
|
+
# Currently only projects are allowed.
|
248
|
+
# Format: `projects/{project_number}`
|
249
|
+
# The project may be in any Google Cloud organization, not just the
|
250
|
+
# organization that the perimeter is defined in. `*` is not allowed, the
|
251
|
+
# case of allowing all Google Cloud resources only is not supported.
|
252
|
+
class IngressSource
|
253
|
+
include ::Google::Protobuf::MessageExts
|
254
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
255
|
+
end
|
256
|
+
|
257
|
+
# Defines the conditions under which an [EgressPolicy]
|
258
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
259
|
+
# matches a request. Conditions are based on information about the
|
260
|
+
# [ApiOperation]
|
261
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
262
|
+
# intended to be performed on the `resources` specified. Note that if the
|
263
|
+
# destination of the request is also protected by a [ServicePerimeter]
|
264
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
|
265
|
+
# [ServicePerimeter]
|
266
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
|
267
|
+
# an [IngressPolicy]
|
268
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
269
|
+
# which allows access in order for this request to succeed. The request must
|
270
|
+
# match `operations` AND `resources` fields in order to be allowed egress out
|
271
|
+
# of the perimeter.
|
272
|
+
# @!attribute [rw] resources
|
273
|
+
# @return [::Array<::String>]
|
274
|
+
# A list of resources, currently only projects in the form
|
275
|
+
# `projects/<projectnumber>`, that are allowed to be accessed by sources
|
276
|
+
# defined in the corresponding [EgressFrom]
|
277
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
|
278
|
+
# A request matches if it contains a resource in this list. If `*` is
|
279
|
+
# specified for `resources`, then this [EgressTo]
|
280
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
|
281
|
+
# rule will authorize access to all resources outside the perimeter.
|
282
|
+
# @!attribute [rw] operations
|
283
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>]
|
284
|
+
# A list of [ApiOperations]
|
285
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
286
|
+
# allowed to be performed by the sources specified in the corresponding
|
287
|
+
# [EgressFrom]
|
288
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
|
289
|
+
# A request matches if it uses an operation/service in this list.
|
290
|
+
class EgressTo
|
291
|
+
include ::Google::Protobuf::MessageExts
|
292
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
293
|
+
end
|
294
|
+
|
295
|
+
# Defines the conditions under which an [IngressPolicy]
|
296
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
297
|
+
# matches a request. Conditions are based on information about the source of
|
298
|
+
# the request. The request must satisfy what is defined in `sources` AND
|
299
|
+
# identity related fields in order to match.
|
300
|
+
# @!attribute [rw] sources
|
301
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::IngressSource>]
|
302
|
+
# Sources that this [IngressPolicy]
|
303
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
304
|
+
# authorizes access from.
|
305
|
+
# @!attribute [rw] identities
|
306
|
+
# @return [::Array<::String>]
|
307
|
+
# A list of identities that are allowed access through this ingress
|
308
|
+
# policy. Should be in the format of email address. The email address
|
309
|
+
# should represent individual user or service account only.
|
310
|
+
# @!attribute [rw] identity_type
|
311
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::IdentityType]
|
312
|
+
# Specifies the type of identities that are allowed access from outside the
|
313
|
+
# perimeter. If left unspecified, then members of `identities` field will
|
314
|
+
# be allowed access.
|
315
|
+
class IngressFrom
|
316
|
+
include ::Google::Protobuf::MessageExts
|
317
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
318
|
+
end
|
319
|
+
|
320
|
+
# Defines the conditions under which an [IngressPolicy]
|
321
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
322
|
+
# matches a request. Conditions are based on information about the
|
323
|
+
# [ApiOperation]
|
324
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
325
|
+
# intended to be performed on the target resource of the request. The request
|
326
|
+
# must satisfy what is defined in `operations` AND `resources` in order to
|
327
|
+
# match.
|
328
|
+
# @!attribute [rw] operations
|
329
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>]
|
330
|
+
# A list of [ApiOperations]
|
331
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
332
|
+
# allowed to be performed by the sources specified in corresponding
|
333
|
+
# [IngressFrom]
|
334
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
|
335
|
+
# in this [ServicePerimeter]
|
336
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter].
|
337
|
+
# @!attribute [rw] resources
|
338
|
+
# @return [::Array<::String>]
|
339
|
+
# A list of resources, currently only projects in the form
|
340
|
+
# `projects/<projectnumber>`, protected by this [ServicePerimeter]
|
341
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] that are
|
342
|
+
# allowed to be accessed by sources defined in the corresponding
|
343
|
+
# [IngressFrom]
|
344
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom].
|
345
|
+
# If a single `*` is specified, then access to all resources inside the
|
346
|
+
# perimeter are allowed.
|
347
|
+
class IngressTo
|
348
|
+
include ::Google::Protobuf::MessageExts
|
349
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
350
|
+
end
|
351
|
+
|
352
|
+
# Policy for ingress into [ServicePerimeter]
|
353
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter].
|
354
|
+
#
|
355
|
+
# [IngressPolicies]
|
356
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
357
|
+
# match requests based on `ingress_from` and `ingress_to` stanzas. For an
|
358
|
+
# ingress policy to match, both the `ingress_from` and `ingress_to` stanzas
|
359
|
+
# must be matched. If an [IngressPolicy]
|
360
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
361
|
+
# matches a request, the request is allowed through the perimeter boundary
|
362
|
+
# from outside the perimeter.
|
363
|
+
#
|
364
|
+
# For example, access from the internet can be allowed either
|
365
|
+
# based on an [AccessLevel]
|
366
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
|
367
|
+
# hosted on Google Cloud, the project of the source network. For access from
|
368
|
+
# private networks, using the project of the hosting network is required.
|
369
|
+
#
|
370
|
+
# Individual ingress policies can be limited by restricting which
|
371
|
+
# services and/or actions they match using the `ingress_to` field.
|
372
|
+
# @!attribute [rw] ingress_from
|
373
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::IngressFrom]
|
374
|
+
# Defines the conditions on the source of a request causing this
|
375
|
+
# [IngressPolicy]
|
376
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
377
|
+
# to apply.
|
378
|
+
# @!attribute [rw] ingress_to
|
379
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::IngressTo]
|
380
|
+
# Defines the conditions on the [ApiOperation]
|
381
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
382
|
+
# and request destination that cause this [IngressPolicy]
|
383
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
384
|
+
# to apply.
|
385
|
+
class IngressPolicy
|
386
|
+
include ::Google::Protobuf::MessageExts
|
387
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
388
|
+
end
|
389
|
+
|
390
|
+
# Policy for egress from perimeter.
|
391
|
+
#
|
392
|
+
# [EgressPolicies]
|
393
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
394
|
+
# match requests based on `egress_from` and `egress_to` stanzas. For an
|
395
|
+
# [EgressPolicy]
|
396
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
397
|
+
# to match, both `egress_from` and `egress_to` stanzas must be matched. If an
|
398
|
+
# [EgressPolicy]
|
399
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
400
|
+
# matches a request, the request is allowed to span the [ServicePerimeter]
|
401
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
|
402
|
+
# For example, an [EgressPolicy]
|
403
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
404
|
+
# can be used to allow VMs on networks within the [ServicePerimeter]
|
405
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
|
406
|
+
# defined set of projects outside the perimeter in certain contexts (e.g. to
|
407
|
+
# read data from a Cloud Storage bucket or query against a BigQuery dataset).
|
408
|
+
#
|
409
|
+
# [EgressPolicies]
|
410
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
411
|
+
# are concerned with the *resources* that a request relates as well as the
|
412
|
+
# API services and API actions being used. They do not related to the
|
413
|
+
# direction of data movement. More detailed documentation for this concept
|
414
|
+
# can be found in the descriptions of [EgressFrom]
|
415
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
|
416
|
+
# and [EgressTo]
|
417
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
|
418
|
+
# @!attribute [rw] egress_from
|
419
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressFrom]
|
420
|
+
# Defines conditions on the source of a request causing this [EgressPolicy]
|
421
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
422
|
+
# to apply.
|
423
|
+
# @!attribute [rw] egress_to
|
424
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo]
|
425
|
+
# Defines the conditions on the [ApiOperation]
|
426
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
|
427
|
+
# and destination resources that cause this [EgressPolicy]
|
428
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
429
|
+
# to apply.
|
430
|
+
class EgressPolicy
|
431
|
+
include ::Google::Protobuf::MessageExts
|
432
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
433
|
+
end
|
434
|
+
|
435
|
+
# Defines the conditions under which an [EgressPolicy]
|
436
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
|
437
|
+
# matches a request. Conditions based on information about the source of the
|
438
|
+
# request. Note that if the destination of the request is also protected by a
|
439
|
+
# [ServicePerimeter]
|
440
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
|
441
|
+
# [ServicePerimeter]
|
442
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
|
443
|
+
# an [IngressPolicy]
|
444
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
|
445
|
+
# which allows access in order for this request to succeed.
|
446
|
+
# @!attribute [rw] identities
|
447
|
+
# @return [::Array<::String>]
|
448
|
+
# A list of identities that are allowed access through this [EgressPolicy].
|
449
|
+
# Should be in the format of email address. The email address should
|
450
|
+
# represent individual user or service account only.
|
451
|
+
# @!attribute [rw] identity_type
|
452
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::IdentityType]
|
453
|
+
# Specifies the type of identities that are allowed access to outside the
|
454
|
+
# perimeter. If left unspecified, then members of `identities` field will
|
455
|
+
# be allowed access.
|
456
|
+
class EgressFrom
|
457
|
+
include ::Google::Protobuf::MessageExts
|
458
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
459
|
+
end
|
460
|
+
|
461
|
+
# Specifies the types of identities that are allowed access in either
|
462
|
+
# [IngressFrom]
|
463
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
|
464
|
+
# or [EgressFrom]
|
465
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
|
466
|
+
# rules.
|
467
|
+
module IdentityType
|
468
|
+
# No blanket identity group specified.
|
469
|
+
IDENTITY_TYPE_UNSPECIFIED = 0
|
470
|
+
|
471
|
+
# Authorize access from all identities outside the perimeter.
|
472
|
+
ANY_IDENTITY = 1
|
473
|
+
|
474
|
+
# Authorize access from all human users outside the perimeter.
|
475
|
+
ANY_USER_ACCOUNT = 2
|
476
|
+
|
477
|
+
# Authorize access from all service accounts outside the perimeter.
|
478
|
+
ANY_SERVICE_ACCOUNT = 3
|
479
|
+
end
|
154
480
|
end
|
155
481
|
end
|
156
482
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-asset-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.14.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-07-
|
11
|
+
date: 2021-07-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|