google-cloud-asset-v1 0.22.0 → 0.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/google/cloud/asset/v1/asset_service/client.rb +532 -131
- data/lib/google/cloud/asset/v1/asset_service.rb +1 -1
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +157 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +41 -14
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/lib/google/cloud/asset/v1.rb +2 -2
- data/proto_docs/google/api/client.rb +318 -0
- data/proto_docs/google/api/launch_stage.rb +71 -0
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +822 -219
- data/proto_docs/google/cloud/asset/v1/assets.rb +48 -35
- data/proto_docs/google/identity/accesscontextmanager/v1/access_policy.rb +16 -0
- data/proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb +72 -64
- data/proto_docs/google/rpc/code.rb +6 -6
- data/proto_docs/google/rpc/status.rb +4 -2
- metadata +7 -5
@@ -22,7 +22,7 @@ module Google
|
|
22
22
|
module Asset
|
23
23
|
module V1
|
24
24
|
# Represents the metadata of the longrunning operation for the
|
25
|
-
# AnalyzeIamPolicyLongrunning
|
25
|
+
# AnalyzeIamPolicyLongrunning RPC.
|
26
26
|
# @!attribute [r] create_time
|
27
27
|
# @return [::Google::Protobuf::Timestamp]
|
28
28
|
# Output only. The time the operation was created.
|
@@ -71,7 +71,8 @@ module Google
|
|
71
71
|
# returned.
|
72
72
|
# @!attribute [rw] output_config
|
73
73
|
# @return [::Google::Cloud::Asset::V1::OutputConfig]
|
74
|
-
# Required. Output configuration indicating where the results will be output
|
74
|
+
# Required. Output configuration indicating where the results will be output
|
75
|
+
# to.
|
75
76
|
# @!attribute [rw] relationship_types
|
76
77
|
# @return [::Array<::String>]
|
77
78
|
# A list of relationship types to export, for example:
|
@@ -95,8 +96,10 @@ module Google
|
|
95
96
|
end
|
96
97
|
|
97
98
|
# The export asset response. This message is returned by the
|
98
|
-
# google.longrunning.Operations.GetOperation
|
99
|
-
#
|
99
|
+
# google.longrunning.Operations.GetOperation
|
100
|
+
# method in the returned
|
101
|
+
# {::Google::Longrunning::Operation#response google.longrunning.Operation.response}
|
102
|
+
# field.
|
100
103
|
# @!attribute [rw] read_time
|
101
104
|
# @return [::Google::Protobuf::Timestamp]
|
102
105
|
# Time the snapshot was taken.
|
@@ -106,10 +109,10 @@ module Google
|
|
106
109
|
# @!attribute [rw] output_result
|
107
110
|
# @return [::Google::Cloud::Asset::V1::OutputResult]
|
108
111
|
# Output result indicating where the assets were exported to. For example, a
|
109
|
-
# set of actual
|
110
|
-
#
|
111
|
-
#
|
112
|
-
#
|
112
|
+
# set of actual Cloud Storage object URIs where the assets are exported to.
|
113
|
+
# The URIs can be different from what [output_config] has specified, as the
|
114
|
+
# service will split the output object into multiple ones once it exceeds a
|
115
|
+
# single Cloud Storage object limit.
|
113
116
|
class ExportAssetsResponse
|
114
117
|
include ::Google::Protobuf::MessageExts
|
115
118
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -118,11 +121,11 @@ module Google
|
|
118
121
|
# ListAssets request.
|
119
122
|
# @!attribute [rw] parent
|
120
123
|
# @return [::String]
|
121
|
-
# Required. Name of the organization, folder, or project the assets belong
|
122
|
-
# "organizations/[organization-number]" (such as
|
123
|
-
# "projects/[project-id]" (such as
|
124
|
-
# "projects/[project-number]" (such as
|
125
|
-
# "folders/[folder-number]" (such as "folders/12345").
|
124
|
+
# Required. Name of the organization, folder, or project the assets belong
|
125
|
+
# to. Format: "organizations/[organization-number]" (such as
|
126
|
+
# "organizations/123"), "projects/[project-id]" (such as
|
127
|
+
# "projects/my-project-id"), "projects/[project-number]" (such as
|
128
|
+
# "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
|
126
129
|
# @!attribute [rw] read_time
|
127
130
|
# @return [::Google::Protobuf::Timestamp]
|
128
131
|
# Timestamp to take an asset snapshot. This can only be set to a timestamp
|
@@ -275,9 +278,8 @@ module Google
|
|
275
278
|
# be unique under a specific parent project/folder/organization.
|
276
279
|
# @!attribute [rw] feed
|
277
280
|
# @return [::Google::Cloud::Asset::V1::Feed]
|
278
|
-
# Required. The feed details. The field `name` must be empty and it will be
|
279
|
-
# in the format of:
|
280
|
-
# projects/project_number/feeds/feed_id
|
281
|
+
# Required. The feed details. The field `name` must be empty and it will be
|
282
|
+
# generated in the format of: projects/project_number/feeds/feed_id
|
281
283
|
# folders/folder_number/feeds/feed_id
|
282
284
|
# organizations/organization_number/feeds/feed_id
|
283
285
|
class CreateFeedRequest
|
@@ -319,8 +321,8 @@ module Google
|
|
319
321
|
# Update asset feed request.
|
320
322
|
# @!attribute [rw] feed
|
321
323
|
# @return [::Google::Cloud::Asset::V1::Feed]
|
322
|
-
# Required. The new values of feed details. It must match an existing feed
|
323
|
-
# field `name` must be in the format of:
|
324
|
+
# Required. The new values of feed details. It must match an existing feed
|
325
|
+
# and the field `name` must be in the format of:
|
324
326
|
# projects/project_number/feeds/feed_id or
|
325
327
|
# folders/folder_number/feeds/feed_id or
|
326
328
|
# organizations/organization_number/feeds/feed_id.
|
@@ -370,7 +372,7 @@ module Google
|
|
370
372
|
# A Cloud Storage output result.
|
371
373
|
# @!attribute [rw] uris
|
372
374
|
# @return [::Array<::String>]
|
373
|
-
# List of
|
375
|
+
# List of URIs of the Cloud Storage objects. Example:
|
374
376
|
# "gs://bucket_name/object_name".
|
375
377
|
class GcsOutputResult
|
376
378
|
include ::Google::Protobuf::MessageExts
|
@@ -380,7 +382,7 @@ module Google
|
|
380
382
|
# A Cloud Storage location.
|
381
383
|
# @!attribute [rw] uri
|
382
384
|
# @return [::String]
|
383
|
-
# The
|
385
|
+
# The URI of the Cloud Storage object. It's the same URI that is used by
|
384
386
|
# gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
|
385
387
|
# Editing Object
|
386
388
|
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
|
@@ -391,8 +393,8 @@ module Google
|
|
391
393
|
# overwritten with the exported result.
|
392
394
|
# @!attribute [rw] uri_prefix
|
393
395
|
# @return [::String]
|
394
|
-
# The
|
395
|
-
# "gs://bucket_name/object_name_prefix". Each object
|
396
|
+
# The URI prefix of all generated Cloud Storage objects. Example:
|
397
|
+
# "gs://bucket_name/object_name_prefix". Each object URI is in format:
|
396
398
|
# "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only
|
397
399
|
# contains assets for that type. <shard number> starts from 0. Example:
|
398
400
|
# "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is
|
@@ -611,8 +613,9 @@ module Google
|
|
611
613
|
# Search all resources request.
|
612
614
|
# @!attribute [rw] scope
|
613
615
|
# @return [::String]
|
614
|
-
# Required. A scope can be a project, a folder, or an organization. The
|
615
|
-
# limited to the resources within the `scope`. The caller must be
|
616
|
+
# Required. A scope can be a project, a folder, or an organization. The
|
617
|
+
# search is limited to the resources within the `scope`. The caller must be
|
618
|
+
# granted the
|
616
619
|
# [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
|
617
620
|
# permission on the desired scope.
|
618
621
|
#
|
@@ -631,55 +634,55 @@ module Google
|
|
631
634
|
#
|
632
635
|
# Examples:
|
633
636
|
#
|
634
|
-
# * `name:Important` to find Cloud resources whose name contains
|
637
|
+
# * `name:Important` to find Google Cloud resources whose name contains
|
635
638
|
# "Important" as a word.
|
636
|
-
# * `name=Important` to find the Cloud resource whose name is exactly
|
639
|
+
# * `name=Important` to find the Google Cloud resource whose name is exactly
|
637
640
|
# "Important".
|
638
|
-
# * `displayName:Impor*` to find Cloud resources whose display name
|
641
|
+
# * `displayName:Impor*` to find Google Cloud resources whose display name
|
639
642
|
# contains "Impor" as a prefix of any word in the field.
|
640
|
-
# * `location:us-west*` to find Cloud resources whose location
|
641
|
-
# "us" and "west" as prefixes.
|
642
|
-
# * `labels:prod` to find Cloud resources whose labels contain "prod"
|
643
|
-
# a key or value.
|
644
|
-
# * `labels.env:prod` to find Cloud resources that have a label "env"
|
643
|
+
# * `location:us-west*` to find Google Cloud resources whose location
|
644
|
+
# contains both "us" and "west" as prefixes.
|
645
|
+
# * `labels:prod` to find Google Cloud resources whose labels contain "prod"
|
646
|
+
# as a key or value.
|
647
|
+
# * `labels.env:prod` to find Google Cloud resources that have a label "env"
|
645
648
|
# and its value is "prod".
|
646
|
-
# * `labels.env:*` to find Cloud resources that have a label "env".
|
647
|
-
# * `kmsKey:key` to find Cloud resources encrypted with a
|
648
|
-
# encryption key whose name contains "key" as a word. This
|
649
|
-
# deprecated. Please use the `kmsKeys` field to retrieve KMS
|
650
|
-
# information.
|
651
|
-
# * `kmsKeys:key` to find Cloud resources encrypted with
|
652
|
-
# encryption keys whose name contains the word "key".
|
653
|
-
# * `relationships:instance-group-1` to find Cloud resources that have
|
649
|
+
# * `labels.env:*` to find Google Cloud resources that have a label "env".
|
650
|
+
# * `kmsKey:key` to find Google Cloud resources encrypted with a
|
651
|
+
# customer-managed encryption key whose name contains "key" as a word. This
|
652
|
+
# field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS
|
653
|
+
# key information.
|
654
|
+
# * `kmsKeys:key` to find Google Cloud resources encrypted with
|
655
|
+
# customer-managed encryption keys whose name contains the word "key".
|
656
|
+
# * `relationships:instance-group-1` to find Google Cloud resources that have
|
654
657
|
# relationships with "instance-group-1" in the related resource name.
|
655
|
-
# * `relationships:INSTANCE_TO_INSTANCEGROUP` to find
|
656
|
-
# have relationships of type "INSTANCE_TO_INSTANCEGROUP".
|
658
|
+
# * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine
|
659
|
+
# instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP".
|
657
660
|
# * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find
|
658
|
-
#
|
659
|
-
#
|
661
|
+
# Compute Engine instances that have relationships with "instance-group-1"
|
662
|
+
# in the Compute Engine instance group resource name, for relationship type
|
660
663
|
# "INSTANCE_TO_INSTANCEGROUP".
|
661
|
-
# * `state:ACTIVE` to find Cloud resources whose state contains
|
662
|
-
# word.
|
663
|
-
# * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain
|
664
|
+
# * `state:ACTIVE` to find Google Cloud resources whose state contains
|
664
665
|
# "ACTIVE" as a word.
|
665
|
-
# * `
|
666
|
-
#
|
666
|
+
# * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't
|
667
|
+
# contain "ACTIVE" as a word.
|
668
|
+
# * `createTime<1609459200` to find Google Cloud resources that were created
|
669
|
+
# before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
667
670
|
# "2021-01-01 00:00:00 UTC" in seconds.
|
668
|
-
# * `updateTime>1609459200` to find Cloud resources that were updated
|
669
|
-
# "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
671
|
+
# * `updateTime>1609459200` to find Google Cloud resources that were updated
|
672
|
+
# after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
670
673
|
# "2021-01-01 00:00:00 UTC" in seconds.
|
671
|
-
# * `Important` to find Cloud resources that contain "Important" as a
|
672
|
-
# in any of the searchable fields.
|
673
|
-
# * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any
|
674
|
+
# * `Important` to find Google Cloud resources that contain "Important" as a
|
674
675
|
# word in any of the searchable fields.
|
675
|
-
# * `
|
676
|
+
# * `Impor*` to find Google Cloud resources that contain "Impor" as a prefix
|
677
|
+
# of any word in any of the searchable fields.
|
678
|
+
# * `Important location:(us-west1 OR global)` to find Google Cloud
|
676
679
|
# resources that contain "Important" as a word in any of the searchable
|
677
680
|
# fields and are also located in the "us-west1" region or the "global"
|
678
681
|
# location.
|
679
682
|
# @!attribute [rw] asset_types
|
680
683
|
# @return [::Array<::String>]
|
681
|
-
# Optional. A list of asset types that this request searches for. If empty,
|
682
|
-
# search all the [searchable asset
|
684
|
+
# Optional. A list of asset types that this request searches for. If empty,
|
685
|
+
# it will search all the [searchable asset
|
683
686
|
# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
|
684
687
|
#
|
685
688
|
# Regular expressions are also supported. For example:
|
@@ -694,21 +697,22 @@ module Google
|
|
694
697
|
# supported asset type, an INVALID_ARGUMENT error will be returned.
|
695
698
|
# @!attribute [rw] page_size
|
696
699
|
# @return [::Integer]
|
697
|
-
# Optional. The page size for search result pagination. Page size is capped
|
698
|
-
# if a larger value is given. If set to zero, server will pick an
|
699
|
-
# default. Returned results may be fewer than requested. When
|
700
|
-
# there could be more results as long as `next_page_token` is
|
700
|
+
# Optional. The page size for search result pagination. Page size is capped
|
701
|
+
# at 500 even if a larger value is given. If set to zero, server will pick an
|
702
|
+
# appropriate default. Returned results may be fewer than requested. When
|
703
|
+
# this happens, there could be more results as long as `next_page_token` is
|
704
|
+
# returned.
|
701
705
|
# @!attribute [rw] page_token
|
702
706
|
# @return [::String]
|
703
|
-
# Optional. If present, then retrieve the next batch of results from the
|
704
|
-
# to this method. `page_token` must be the value of
|
705
|
-
# the previous response. The values of all other
|
706
|
-
# identical to those in the previous call.
|
707
|
+
# Optional. If present, then retrieve the next batch of results from the
|
708
|
+
# preceding call to this method. `page_token` must be the value of
|
709
|
+
# `next_page_token` from the previous response. The values of all other
|
710
|
+
# method parameters, must be identical to those in the previous call.
|
707
711
|
# @!attribute [rw] order_by
|
708
712
|
# @return [::String]
|
709
|
-
# Optional. A comma-separated list of fields specifying the sorting order of
|
710
|
-
# results. The default order is ascending. Add " DESC" after the field
|
711
|
-
# to indicate descending order. Redundant space characters are ignored.
|
713
|
+
# Optional. A comma-separated list of fields specifying the sorting order of
|
714
|
+
# the results. The default order is ascending. Add " DESC" after the field
|
715
|
+
# name to indicate descending order. Redundant space characters are ignored.
|
712
716
|
# Example: "location DESC, name".
|
713
717
|
# Only singular primitive fields in the response are sortable:
|
714
718
|
#
|
@@ -729,10 +733,10 @@ module Google
|
|
729
733
|
# `additionalAttributes`) are not supported.
|
730
734
|
# @!attribute [rw] read_mask
|
731
735
|
# @return [::Google::Protobuf::FieldMask]
|
732
|
-
# Optional. A comma-separated list of fields specifying which fields to be
|
733
|
-
# ResourceSearchResult. Only '*' or combination of top level
|
734
|
-
# specified. Field names of both snake_case and camelCase are
|
735
|
-
# Examples: `"*"`, `"name,location"`, `"name,versionedResources"`.
|
736
|
+
# Optional. A comma-separated list of fields specifying which fields to be
|
737
|
+
# returned in ResourceSearchResult. Only '*' or combination of top level
|
738
|
+
# fields can be specified. Field names of both snake_case and camelCase are
|
739
|
+
# supported. Examples: `"*"`, `"name,location"`, `"name,versionedResources"`.
|
736
740
|
#
|
737
741
|
# The read_mask paths must be valid field paths listed but not limited to
|
738
742
|
# (both snake_case and camelCase are supported):
|
@@ -749,7 +753,7 @@ module Google
|
|
749
753
|
# * labels
|
750
754
|
# * networkTags
|
751
755
|
# * kmsKey (This field is deprecated. Please use the `kmsKeys` field to
|
752
|
-
# retrieve KMS key information.)
|
756
|
+
# retrieve Cloud KMS key information.)
|
753
757
|
# * kmsKeys
|
754
758
|
# * createTime
|
755
759
|
# * updateTime
|
@@ -785,9 +789,9 @@ module Google
|
|
785
789
|
# Search all IAM policies request.
|
786
790
|
# @!attribute [rw] scope
|
787
791
|
# @return [::String]
|
788
|
-
# Required. A scope can be a project, a folder, or an organization. The
|
789
|
-
# limited to the IAM policies within the `scope`. The caller must
|
790
|
-
# the
|
792
|
+
# Required. A scope can be a project, a folder, or an organization. The
|
793
|
+
# search is limited to the IAM policies within the `scope`. The caller must
|
794
|
+
# be granted the
|
791
795
|
# [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
|
792
796
|
# permission on the desired scope.
|
793
797
|
#
|
@@ -803,8 +807,8 @@ module Google
|
|
803
807
|
# query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
|
804
808
|
# for more information. If not specified or empty, it will search all the
|
805
809
|
# IAM policies within the specified `scope`. Note that the query string is
|
806
|
-
# compared against each
|
807
|
-
# roles, and
|
810
|
+
# compared against each IAM policy binding, including its principals,
|
811
|
+
# roles, and IAM conditions. The returned IAM policies will only
|
808
812
|
# contain the bindings that match your query. To learn more about the IAM
|
809
813
|
# policy structure, see the [IAM policy
|
810
814
|
# documentation](https://cloud.google.com/iam/help/allow-policies/structure).
|
@@ -843,20 +847,22 @@ module Google
|
|
843
847
|
# principal type "user".
|
844
848
|
# @!attribute [rw] page_size
|
845
849
|
# @return [::Integer]
|
846
|
-
# Optional. The page size for search result pagination. Page size is capped
|
847
|
-
# if a larger value is given. If set to zero, server will pick an
|
848
|
-
# default. Returned results may be fewer than requested. When
|
849
|
-
# there could be more results as long as `next_page_token` is
|
850
|
+
# Optional. The page size for search result pagination. Page size is capped
|
851
|
+
# at 500 even if a larger value is given. If set to zero, server will pick an
|
852
|
+
# appropriate default. Returned results may be fewer than requested. When
|
853
|
+
# this happens, there could be more results as long as `next_page_token` is
|
854
|
+
# returned.
|
850
855
|
# @!attribute [rw] page_token
|
851
856
|
# @return [::String]
|
852
|
-
# Optional. If present, retrieve the next batch of results from the preceding
|
853
|
-
# this method. `page_token` must be the value of `next_page_token`
|
854
|
-
# previous response. The values of all other method parameters must
|
855
|
-
# identical to those in the previous call.
|
857
|
+
# Optional. If present, retrieve the next batch of results from the preceding
|
858
|
+
# call to this method. `page_token` must be the value of `next_page_token`
|
859
|
+
# from the previous response. The values of all other method parameters must
|
860
|
+
# be identical to those in the previous call.
|
856
861
|
# @!attribute [rw] asset_types
|
857
862
|
# @return [::Array<::String>]
|
858
|
-
# Optional. A list of asset types that the IAM policies are attached to. If
|
859
|
-
# will search the IAM policies that are attached to all the
|
863
|
+
# Optional. A list of asset types that the IAM policies are attached to. If
|
864
|
+
# empty, it will search the IAM policies that are attached to all the
|
865
|
+
# [searchable asset
|
860
866
|
# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
|
861
867
|
#
|
862
868
|
# Regular expressions are also supported. For example:
|
@@ -873,9 +879,9 @@ module Google
|
|
873
879
|
# supported asset type, an INVALID_ARGUMENT error will be returned.
|
874
880
|
# @!attribute [rw] order_by
|
875
881
|
# @return [::String]
|
876
|
-
# Optional. A comma-separated list of fields specifying the sorting order of
|
877
|
-
# results. The default order is ascending. Add " DESC" after the field
|
878
|
-
# to indicate descending order. Redundant space characters are ignored.
|
882
|
+
# Optional. A comma-separated list of fields specifying the sorting order of
|
883
|
+
# the results. The default order is ascending. Add " DESC" after the field
|
884
|
+
# name to indicate descending order. Redundant space characters are ignored.
|
879
885
|
# Example: "assetType DESC, resource".
|
880
886
|
# Only singular primitive fields in the response are sortable:
|
881
887
|
# * resource
|
@@ -891,8 +897,8 @@ module Google
|
|
891
897
|
# Search all IAM policies response.
|
892
898
|
# @!attribute [rw] results
|
893
899
|
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
|
894
|
-
# A list of
|
895
|
-
# as the associated resource is returned along with the policy.
|
900
|
+
# A list of IAM policies that match the search query. Related information
|
901
|
+
# such as the associated resource is returned along with the policy.
|
896
902
|
# @!attribute [rw] next_page_token
|
897
903
|
# @return [::String]
|
898
904
|
# Set if there are more results than those appearing in this response; to get
|
@@ -906,8 +912,8 @@ module Google
|
|
906
912
|
# IAM policy analysis query message.
|
907
913
|
# @!attribute [rw] scope
|
908
914
|
# @return [::String]
|
909
|
-
# Required. The relative name of the root asset. Only resources and IAM
|
910
|
-
# the scope will be analyzed.
|
915
|
+
# Required. The relative name of the root asset. Only resources and IAM
|
916
|
+
# policies within the scope will be analyzed.
|
911
917
|
#
|
912
918
|
# This can only be an organization number (such as "organizations/123"), a
|
913
919
|
# folder number (such as "folders/123"), a project ID (such as
|
@@ -995,9 +1001,10 @@ module Google
|
|
995
1001
|
# Optional. If true, the identities section of the result will expand any
|
996
1002
|
# Google groups appearing in an IAM policy binding.
|
997
1003
|
#
|
998
|
-
# If
|
999
|
-
#
|
1000
|
-
# is
|
1004
|
+
# If
|
1005
|
+
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#identity_selector IamPolicyAnalysisQuery.identity_selector}
|
1006
|
+
# is specified, the identity in the result will be determined by the
|
1007
|
+
# selector, and this flag is not allowed to set.
|
1001
1008
|
#
|
1002
1009
|
# If true, the default max expansion per group is 1000 for
|
1003
1010
|
# AssetService.AnalyzeIamPolicy][].
|
@@ -1008,32 +1015,35 @@ module Google
|
|
1008
1015
|
# Optional. If true, the access section of result will expand any roles
|
1009
1016
|
# appearing in IAM policy bindings to include their permissions.
|
1010
1017
|
#
|
1011
|
-
# If
|
1012
|
-
#
|
1013
|
-
# is
|
1018
|
+
# If
|
1019
|
+
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#access_selector IamPolicyAnalysisQuery.access_selector}
|
1020
|
+
# is specified, the access section of the result will be determined by the
|
1021
|
+
# selector, and this flag is not allowed to set.
|
1014
1022
|
#
|
1015
1023
|
# Default is false.
|
1016
1024
|
# @!attribute [rw] expand_resources
|
1017
1025
|
# @return [::Boolean]
|
1018
|
-
# Optional. If true and
|
1019
|
-
#
|
1020
|
-
#
|
1021
|
-
#
|
1026
|
+
# Optional. If true and
|
1027
|
+
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector}
|
1028
|
+
# is not specified, the resource section of the result will expand any
|
1029
|
+
# resource attached to an IAM policy to include resources lower in the
|
1030
|
+
# resource hierarchy.
|
1022
1031
|
#
|
1023
1032
|
# For example, if the request analyzes for which resources user A has
|
1024
|
-
# permission P, and the results include an IAM policy with P on a
|
1025
|
-
# folder, the results will also include resources in that folder with
|
1033
|
+
# permission P, and the results include an IAM policy with P on a Google
|
1034
|
+
# Cloud folder, the results will also include resources in that folder with
|
1026
1035
|
# permission P.
|
1027
1036
|
#
|
1028
|
-
# If true and
|
1029
|
-
#
|
1030
|
-
#
|
1031
|
-
#
|
1032
|
-
#
|
1037
|
+
# If true and
|
1038
|
+
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector}
|
1039
|
+
# is specified, the resource section of the result will expand the
|
1040
|
+
# specified resource to include resources lower in the resource hierarchy.
|
1041
|
+
# Only project or lower resources are supported. Folder and organization
|
1042
|
+
# resources cannot be used together with this option.
|
1033
1043
|
#
|
1034
1044
|
# For example, if the request analyzes for which users have permission P on
|
1035
|
-
# a
|
1036
|
-
# users who have permission P on that project or any lower resource.
|
1045
|
+
# a Google Cloud project with this option enabled, the results will include
|
1046
|
+
# all users who have permission P on that project or any lower resource.
|
1037
1047
|
#
|
1038
1048
|
# If true, the default max expansion per resource is 1000 for
|
1039
1049
|
# AssetService.AnalyzeIamPolicy][] and 100000 for
|
@@ -1042,36 +1052,38 @@ module Google
|
|
1042
1052
|
# Default is false.
|
1043
1053
|
# @!attribute [rw] output_resource_edges
|
1044
1054
|
# @return [::Boolean]
|
1045
|
-
# Optional. If true, the result will output the relevant parent/child
|
1046
|
-
# between resources.
|
1047
|
-
# Default is false.
|
1055
|
+
# Optional. If true, the result will output the relevant parent/child
|
1056
|
+
# relationships between resources. Default is false.
|
1048
1057
|
# @!attribute [rw] output_group_edges
|
1049
1058
|
# @return [::Boolean]
|
1050
|
-
# Optional. If true, the result will output the relevant membership
|
1051
|
-
# between groups and other groups, and between groups and
|
1052
|
-
# Default is false.
|
1059
|
+
# Optional. If true, the result will output the relevant membership
|
1060
|
+
# relationships between groups and other groups, and between groups and
|
1061
|
+
# principals. Default is false.
|
1053
1062
|
# @!attribute [rw] analyze_service_account_impersonation
|
1054
1063
|
# @return [::Boolean]
|
1055
|
-
# Optional. If true, the response will include access analysis from
|
1056
|
-
# resources via service account impersonation. This is a very
|
1057
|
-
# operation, because many derived queries will be executed. We
|
1058
|
-
# recommend you use
|
1059
|
-
#
|
1064
|
+
# Optional. If true, the response will include access analysis from
|
1065
|
+
# identities to resources via service account impersonation. This is a very
|
1066
|
+
# expensive operation, because many derived queries will be executed. We
|
1067
|
+
# highly recommend you use
|
1068
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}
|
1069
|
+
# RPC instead.
|
1060
1070
|
#
|
1061
1071
|
# For example, if the request analyzes for which resources user A has
|
1062
1072
|
# permission P, and there's an IAM policy states user A has
|
1063
1073
|
# iam.serviceAccounts.getAccessToken permission to a service account SA,
|
1064
1074
|
# and there's another IAM policy states service account SA has permission P
|
1065
|
-
# to a
|
1066
|
-
# F. And those advanced analysis results will be
|
1075
|
+
# to a Google Cloud folder F, then user A potentially has access to the
|
1076
|
+
# Google Cloud folder F. And those advanced analysis results will be
|
1077
|
+
# included in
|
1067
1078
|
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
|
1068
1079
|
#
|
1069
1080
|
# Another example, if the request analyzes for who has
|
1070
|
-
# permission P to a
|
1071
|
-
# has iam.serviceAccounts.actAs permission to a service account SA,
|
1072
|
-
# there's another IAM policy states service account SA has permission P
|
1073
|
-
# the
|
1074
|
-
# F. And those advanced analysis results will be
|
1081
|
+
# permission P to a Google Cloud folder F, and there's an IAM policy states
|
1082
|
+
# user A has iam.serviceAccounts.actAs permission to a service account SA,
|
1083
|
+
# and there's another IAM policy states service account SA has permission P
|
1084
|
+
# to the Google Cloud folder F, then user A potentially has access to the
|
1085
|
+
# Google Cloud folder F. And those advanced analysis results will be
|
1086
|
+
# included in
|
1075
1087
|
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
|
1076
1088
|
#
|
1077
1089
|
# Only the following permissions are considered in this analysis:
|
@@ -1101,7 +1113,8 @@ module Google
|
|
1101
1113
|
end
|
1102
1114
|
end
|
1103
1115
|
|
1104
|
-
# A request message for
|
1116
|
+
# A request message for
|
1117
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
|
1105
1118
|
# @!attribute [rw] analysis_query
|
1106
1119
|
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
|
1107
1120
|
# Required. The request query.
|
@@ -1125,7 +1138,8 @@ module Google
|
|
1125
1138
|
# presence yet.
|
1126
1139
|
# @!attribute [rw] execution_timeout
|
1127
1140
|
# @return [::Google::Protobuf::Duration]
|
1128
|
-
# Optional. Amount of time executable has to complete. See JSON
|
1141
|
+
# Optional. Amount of time executable has to complete. See JSON
|
1142
|
+
# representation of
|
1129
1143
|
# [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
|
1130
1144
|
#
|
1131
1145
|
# If this field is set with a value less than the RPC deadline, and the
|
@@ -1140,7 +1154,8 @@ module Google
|
|
1140
1154
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1141
1155
|
end
|
1142
1156
|
|
1143
|
-
# A response message for
|
1157
|
+
# A response message for
|
1158
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
|
1144
1159
|
# @!attribute [rw] main_analysis
|
1145
1160
|
# @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis]
|
1146
1161
|
# The main analysis that matches the original request.
|
@@ -1151,9 +1166,11 @@ module Google
|
|
1151
1166
|
# enabled.
|
1152
1167
|
# @!attribute [rw] fully_explored
|
1153
1168
|
# @return [::Boolean]
|
1154
|
-
# Represents whether all entries in the
|
1155
|
-
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#
|
1156
|
-
#
|
1169
|
+
# Represents whether all entries in the
|
1170
|
+
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#main_analysis main_analysis}
|
1171
|
+
# and
|
1172
|
+
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis service_account_impersonation_analysis}
|
1173
|
+
# have been fully explored to answer the query in the request.
|
1157
1174
|
class AnalyzeIamPolicyResponse
|
1158
1175
|
include ::Google::Protobuf::MessageExts
|
1159
1176
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1164,12 +1181,14 @@ module Google
|
|
1164
1181
|
# The analysis query.
|
1165
1182
|
# @!attribute [rw] analysis_results
|
1166
1183
|
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult>]
|
1167
|
-
# A list of
|
1168
|
-
#
|
1184
|
+
# A list of
|
1185
|
+
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult}
|
1186
|
+
# that matches the analysis query, or empty if no result is found.
|
1169
1187
|
# @!attribute [rw] fully_explored
|
1170
1188
|
# @return [::Boolean]
|
1171
|
-
# Represents whether all entries in the
|
1172
|
-
#
|
1189
|
+
# Represents whether all entries in the
|
1190
|
+
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis#analysis_results analysis_results}
|
1191
|
+
# have been fully explored to answer the query.
|
1173
1192
|
# @!attribute [rw] non_critical_errors
|
1174
1193
|
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisState>]
|
1175
1194
|
# A list of non-critical errors happened during the query handling.
|
@@ -1193,8 +1212,8 @@ module Google
|
|
1193
1212
|
# A Cloud Storage location.
|
1194
1213
|
# @!attribute [rw] uri
|
1195
1214
|
# @return [::String]
|
1196
|
-
# Required. The
|
1197
|
-
# gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
|
1215
|
+
# Required. The URI of the Cloud Storage object. It's the same URI that is
|
1216
|
+
# used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
|
1198
1217
|
# Editing Object
|
1199
1218
|
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
|
1200
1219
|
# for more information.
|
@@ -1210,13 +1229,15 @@ module Google
|
|
1210
1229
|
# A BigQuery destination.
|
1211
1230
|
# @!attribute [rw] dataset
|
1212
1231
|
# @return [::String]
|
1213
|
-
# Required. The BigQuery dataset in format
|
1214
|
-
# to which the analysis results
|
1215
|
-
# not exist, the export call will
|
1232
|
+
# Required. The BigQuery dataset in format
|
1233
|
+
# "projects/projectId/datasets/datasetId", to which the analysis results
|
1234
|
+
# should be exported. If this dataset does not exist, the export call will
|
1235
|
+
# return an INVALID_ARGUMENT error.
|
1216
1236
|
# @!attribute [rw] table_prefix
|
1217
1237
|
# @return [::String]
|
1218
|
-
# Required. The prefix of the BigQuery tables to which the analysis results
|
1219
|
-
# written. Tables will be created based on this table_prefix if not
|
1238
|
+
# Required. The prefix of the BigQuery tables to which the analysis results
|
1239
|
+
# will be written. Tables will be created based on this table_prefix if not
|
1240
|
+
# exist:
|
1220
1241
|
# * <table_prefix>_analysis table will contain export operation's metadata.
|
1221
1242
|
# * <table_prefix>_analysis_result will contain all the
|
1222
1243
|
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult}.
|
@@ -1227,8 +1248,8 @@ module Google
|
|
1227
1248
|
# The partition key for BigQuery partitioned table.
|
1228
1249
|
# @!attribute [rw] write_disposition
|
1229
1250
|
# @return [::String]
|
1230
|
-
# Optional. Specifies the action that occurs if the destination table or
|
1231
|
-
# already exists. The following values are supported:
|
1251
|
+
# Optional. Specifies the action that occurs if the destination table or
|
1252
|
+
# partition already exists. The following values are supported:
|
1232
1253
|
#
|
1233
1254
|
# * WRITE_TRUNCATE: If the table or partition already exists, BigQuery
|
1234
1255
|
# overwrites the entire table or all the partitions data.
|
@@ -1261,7 +1282,8 @@ module Google
|
|
1261
1282
|
end
|
1262
1283
|
end
|
1263
1284
|
|
1264
|
-
# A request message for
|
1285
|
+
# A request message for
|
1286
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
|
1265
1287
|
# @!attribute [rw] analysis_query
|
1266
1288
|
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
|
1267
1289
|
# Required. The request query.
|
@@ -1285,13 +1307,15 @@ module Google
|
|
1285
1307
|
# presence yet.
|
1286
1308
|
# @!attribute [rw] output_config
|
1287
1309
|
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig]
|
1288
|
-
# Required. Output configuration indicating where the results will be output
|
1310
|
+
# Required. Output configuration indicating where the results will be output
|
1311
|
+
# to.
|
1289
1312
|
class AnalyzeIamPolicyLongrunningRequest
|
1290
1313
|
include ::Google::Protobuf::MessageExts
|
1291
1314
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1292
1315
|
end
|
1293
1316
|
|
1294
|
-
# A response message for
|
1317
|
+
# A response message for
|
1318
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
|
1295
1319
|
class AnalyzeIamPolicyLongrunningResponse
|
1296
1320
|
include ::Google::Protobuf::MessageExts
|
1297
1321
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1320,7 +1344,8 @@ module Google
|
|
1320
1344
|
# Output only. The last update time of this saved query.
|
1321
1345
|
# @!attribute [r] last_updater
|
1322
1346
|
# @return [::String]
|
1323
|
-
# Output only. The account's email address who has updated this saved query
|
1347
|
+
# Output only. The account's email address who has updated this saved query
|
1348
|
+
# most recently.
|
1324
1349
|
# @!attribute [rw] labels
|
1325
1350
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
1326
1351
|
# Labels applied on the resource.
|
@@ -1337,8 +1362,11 @@ module Google
|
|
1337
1362
|
# @!attribute [rw] iam_policy_analysis_query
|
1338
1363
|
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
|
1339
1364
|
# An IAM Policy Analysis query, which could be used in
|
1340
|
-
# the
|
1341
|
-
#
|
1365
|
+
# the
|
1366
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}
|
1367
|
+
# RPC or the
|
1368
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}
|
1369
|
+
# RPC.
|
1342
1370
|
class QueryContent
|
1343
1371
|
include ::Google::Protobuf::MessageExts
|
1344
1372
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1357,23 +1385,23 @@ module Google
|
|
1357
1385
|
# Request to create a saved query.
|
1358
1386
|
# @!attribute [rw] parent
|
1359
1387
|
# @return [::String]
|
1360
|
-
# Required. The name of the project/folder/organization where this
|
1361
|
-
# should be created in. It can only be an organization number
|
1362
|
-
# "organizations/123"), a folder number (such as "folders/123"), a
|
1363
|
-
# (such as "projects/my-project-id")", or a project number (such
|
1364
|
-
# "projects/12345").
|
1388
|
+
# Required. The name of the project/folder/organization where this
|
1389
|
+
# saved_query should be created in. It can only be an organization number
|
1390
|
+
# (such as "organizations/123"), a folder number (such as "folders/123"), a
|
1391
|
+
# project ID (such as "projects/my-project-id")", or a project number (such
|
1392
|
+
# as "projects/12345").
|
1365
1393
|
# @!attribute [rw] saved_query
|
1366
1394
|
# @return [::Google::Cloud::Asset::V1::SavedQuery]
|
1367
|
-
# Required. The saved_query details. The `name` field must be empty as it
|
1368
|
-
# generated based on the parent and saved_query_id.
|
1395
|
+
# Required. The saved_query details. The `name` field must be empty as it
|
1396
|
+
# will be generated based on the parent and saved_query_id.
|
1369
1397
|
# @!attribute [rw] saved_query_id
|
1370
1398
|
# @return [::String]
|
1371
|
-
# Required. The ID to use for the saved query, which must be unique in the
|
1372
|
-
# parent. It will become the final component of the saved query's
|
1373
|
-
# name.
|
1399
|
+
# Required. The ID to use for the saved query, which must be unique in the
|
1400
|
+
# specified parent. It will become the final component of the saved query's
|
1401
|
+
# resource name.
|
1374
1402
|
#
|
1375
1403
|
# This value should be 4-63 characters, and valid characters
|
1376
|
-
# are
|
1404
|
+
# are `[a-z][0-9]-`.
|
1377
1405
|
#
|
1378
1406
|
# Notice that this field is required in the saved query creation, and the
|
1379
1407
|
# `name` field of the `saved_query` will be ignored.
|
@@ -1398,8 +1426,8 @@ module Google
|
|
1398
1426
|
# Request to list saved queries.
|
1399
1427
|
# @!attribute [rw] parent
|
1400
1428
|
# @return [::String]
|
1401
|
-
# Required. The parent project/folder/organization whose savedQueries are to
|
1402
|
-
# listed. It can only be using project/folder/organization number (such as
|
1429
|
+
# Required. The parent project/folder/organization whose savedQueries are to
|
1430
|
+
# be listed. It can only be using project/folder/organization number (such as
|
1403
1431
|
# "folders/12345")", or a project ID (such as "projects/my-project-id").
|
1404
1432
|
# @!attribute [rw] filter
|
1405
1433
|
# @return [::String]
|
@@ -1412,8 +1440,9 @@ module Google
|
|
1412
1440
|
# See https://google.aip.dev/160 for more information on the grammar.
|
1413
1441
|
# @!attribute [rw] page_size
|
1414
1442
|
# @return [::Integer]
|
1415
|
-
# Optional. The maximum number of saved queries to return per page. The
|
1416
|
-
# return fewer than this value. If unspecified, at most 50 will
|
1443
|
+
# Optional. The maximum number of saved queries to return per page. The
|
1444
|
+
# service may return fewer than this value. If unspecified, at most 50 will
|
1445
|
+
# be returned.
|
1417
1446
|
# The maximum value is 1000; values above 1000 will be coerced to 1000.
|
1418
1447
|
# @!attribute [rw] page_token
|
1419
1448
|
# @return [::String]
|
@@ -1462,7 +1491,8 @@ module Google
|
|
1462
1491
|
# Request to delete a saved query.
|
1463
1492
|
# @!attribute [rw] name
|
1464
1493
|
# @return [::String]
|
1465
|
-
# Required. The name of the saved query to delete. It must be in the format
|
1494
|
+
# Required. The name of the saved query to delete. It must be in the format
|
1495
|
+
# of:
|
1466
1496
|
#
|
1467
1497
|
# * projects/project_number/savedQueries/saved_query_id
|
1468
1498
|
# * folders/folder_number/savedQueries/saved_query_id
|
@@ -1476,15 +1506,15 @@ module Google
|
|
1476
1506
|
# @!attribute [rw] resource
|
1477
1507
|
# @return [::String]
|
1478
1508
|
# Required. Name of the resource to perform the analysis against.
|
1479
|
-
# Only
|
1480
|
-
# ID (such as "projects/my-project-id") or a
|
1481
|
-
# "projects/12345").
|
1509
|
+
# Only Google Cloud projects are supported as of today. Hence, this can only
|
1510
|
+
# be a project ID (such as "projects/my-project-id") or a project number
|
1511
|
+
# (such as "projects/12345").
|
1482
1512
|
# @!attribute [rw] destination_parent
|
1483
1513
|
# @return [::String]
|
1484
|
-
# Required. Name of the
|
1485
|
-
# resource. The analysis will be performed against hypothetically
|
1486
|
-
# resource to this specified desitination parent. This can only be
|
1487
|
-
# number (such as "folders/123") or an
|
1514
|
+
# Required. Name of the Google Cloud folder or organization to reparent the
|
1515
|
+
# target resource. The analysis will be performed against hypothetically
|
1516
|
+
# moving the resource to this specified desitination parent. This can only be
|
1517
|
+
# a folder number (such as "folders/123") or an organization number (such as
|
1488
1518
|
# "organizations/123").
|
1489
1519
|
# @!attribute [rw] view
|
1490
1520
|
# @return [::Google::Cloud::Asset::V1::AnalyzeMoveRequest::AnalysisView]
|
@@ -1514,7 +1544,7 @@ module Google
|
|
1514
1544
|
# @!attribute [rw] move_analysis
|
1515
1545
|
# @return [::Array<::Google::Cloud::Asset::V1::MoveAnalysis>]
|
1516
1546
|
# The list of analyses returned from performing the intended resource move
|
1517
|
-
# analysis. The analysis is grouped by different Cloud services.
|
1547
|
+
# analysis. The analysis is grouped by different Google Cloud services.
|
1518
1548
|
class AnalyzeMoveResponse
|
1519
1549
|
include ::Google::Protobuf::MessageExts
|
1520
1550
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1523,8 +1553,8 @@ module Google
|
|
1523
1553
|
# A message to group the analysis information.
|
1524
1554
|
# @!attribute [rw] display_name
|
1525
1555
|
# @return [::String]
|
1526
|
-
# The user friendly display name of the analysis. E.g. IAM,
|
1527
|
-
#
|
1556
|
+
# The user friendly display name of the analysis. E.g. IAM, organization
|
1557
|
+
# policy etc.
|
1528
1558
|
# @!attribute [rw] analysis
|
1529
1559
|
# @return [::Google::Cloud::Asset::V1::MoveAnalysisResult]
|
1530
1560
|
# Analysis result of moving the target resource.
|
@@ -1571,12 +1601,13 @@ module Google
|
|
1571
1601
|
# BigQuery destination.
|
1572
1602
|
# @!attribute [rw] dataset
|
1573
1603
|
# @return [::String]
|
1574
|
-
# Required. The BigQuery dataset where the query results will be saved. It
|
1575
|
-
# format of "projects/\\{projectId}/datasets/\\{datasetId}".
|
1604
|
+
# Required. The BigQuery dataset where the query results will be saved. It
|
1605
|
+
# has the format of "projects/\\{projectId}/datasets/\\{datasetId}".
|
1576
1606
|
# @!attribute [rw] table
|
1577
1607
|
# @return [::String]
|
1578
|
-
# Required. The BigQuery table where the query results will be saved. If
|
1579
|
-
# does not exist, a new table with the given name will be
|
1608
|
+
# Required. The BigQuery table where the query results will be saved. If
|
1609
|
+
# this table does not exist, a new table with the given name will be
|
1610
|
+
# created.
|
1580
1611
|
# @!attribute [rw] write_disposition
|
1581
1612
|
# @return [::String]
|
1582
1613
|
# Specifies the action that occurs if the destination table or partition
|
@@ -1611,12 +1642,12 @@ module Google
|
|
1611
1642
|
# SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
|
1612
1643
|
# @!attribute [rw] job_reference
|
1613
1644
|
# @return [::String]
|
1614
|
-
# Optional. Reference to the query job, which is from the
|
1615
|
-
# previous `QueryAssets` call.
|
1645
|
+
# Optional. Reference to the query job, which is from the
|
1646
|
+
# `QueryAssetsResponse` of previous `QueryAssets` call.
|
1616
1647
|
# @!attribute [rw] page_size
|
1617
1648
|
# @return [::Integer]
|
1618
|
-
# Optional. The maximum number of rows to return in the results. Responses
|
1619
|
-
# to 10 MB and 1000 rows.
|
1649
|
+
# Optional. The maximum number of rows to return in the results. Responses
|
1650
|
+
# are limited to 10 MB and 1000 rows.
|
1620
1651
|
#
|
1621
1652
|
# By default, the maximum row count is 1000. When the byte or row count limit
|
1622
1653
|
# is reached, the rest of the query results will be paginated.
|
@@ -1629,10 +1660,11 @@ module Google
|
|
1629
1660
|
# The field will be ignored when [output_config] is specified.
|
1630
1661
|
# @!attribute [rw] timeout
|
1631
1662
|
# @return [::Google::Protobuf::Duration]
|
1632
|
-
# Optional. Specifies the maximum amount of time that the client is willing
|
1633
|
-
# for the query to complete. By default, this limit is 5 min for the
|
1634
|
-
# query, and 1 minute for the following queries. If the query is
|
1635
|
-
# the `done` field in the `QueryAssetsResponse` is true, otherwise
|
1663
|
+
# Optional. Specifies the maximum amount of time that the client is willing
|
1664
|
+
# to wait for the query to complete. By default, this limit is 5 min for the
|
1665
|
+
# first query, and 1 minute for the following queries. If the query is
|
1666
|
+
# complete, the `done` field in the `QueryAssetsResponse` is true, otherwise
|
1667
|
+
# false.
|
1636
1668
|
#
|
1637
1669
|
# Like BigQuery [jobs.query
|
1638
1670
|
# API](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs/query#queryrequest)
|
@@ -1643,12 +1675,13 @@ module Google
|
|
1643
1675
|
# The field will be ignored when [output_config] is specified.
|
1644
1676
|
# @!attribute [rw] read_time_window
|
1645
1677
|
# @return [::Google::Cloud::Asset::V1::TimeWindow]
|
1646
|
-
# Optional. [start_time] is required. [start_time] must be less than
|
1647
|
-
# Defaults [end_time] to now if [start_time] is set and
|
1648
|
-
# Maximum permitted time range is 7 days.
|
1678
|
+
# Optional. [start_time] is required. [start_time] must be less than
|
1679
|
+
# [end_time] Defaults [end_time] to now if [start_time] is set and
|
1680
|
+
# [end_time] isn't. Maximum permitted time range is 7 days.
|
1649
1681
|
# @!attribute [rw] read_time
|
1650
1682
|
# @return [::Google::Protobuf::Timestamp]
|
1651
|
-
# Optional. Queries cloud assets as they appeared at the specified point in
|
1683
|
+
# Optional. Queries cloud assets as they appeared at the specified point in
|
1684
|
+
# time.
|
1652
1685
|
# @!attribute [rw] output_config
|
1653
1686
|
# @return [::Google::Cloud::Asset::V1::QueryAssetsOutputConfig]
|
1654
1687
|
# Optional. Destination where the query results will be saved.
|
@@ -1759,7 +1792,8 @@ module Google
|
|
1759
1792
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1760
1793
|
end
|
1761
1794
|
|
1762
|
-
# A request message for
|
1795
|
+
# A request message for
|
1796
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#batch_get_effective_iam_policies AssetService.BatchGetEffectiveIamPolicies}.
|
1763
1797
|
# @!attribute [rw] scope
|
1764
1798
|
# @return [::String]
|
1765
1799
|
# Required. Only IAM policies on or below the scope will be returned.
|
@@ -1785,14 +1819,16 @@ module Google
|
|
1785
1819
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1786
1820
|
end
|
1787
1821
|
|
1788
|
-
# A response message for
|
1822
|
+
# A response message for
|
1823
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#batch_get_effective_iam_policies AssetService.BatchGetEffectiveIamPolicies}.
|
1789
1824
|
# @!attribute [rw] policy_results
|
1790
1825
|
# @return [::Array<::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy>]
|
1791
1826
|
# The effective policies for a batch of resources. Note that the results
|
1792
1827
|
# order is the same as the order of
|
1793
|
-
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names}.
|
1794
|
-
# have any effective IAM policies, its corresponding
|
1795
|
-
# contain empty
|
1828
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names}.
|
1829
|
+
# When a resource does not have any effective IAM policies, its corresponding
|
1830
|
+
# policy_result will contain empty
|
1831
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#policies EffectiveIamPolicy.policies}.
|
1796
1832
|
class BatchGetEffectiveIamPoliciesResponse
|
1797
1833
|
include ::Google::Protobuf::MessageExts
|
1798
1834
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1802,24 +1838,33 @@ module Google
|
|
1802
1838
|
# @return [::String]
|
1803
1839
|
# The [full_resource_name]
|
1804
1840
|
# (https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
1805
|
-
# for which the
|
1806
|
-
# {::Google::Cloud::Asset::V1::
|
1807
|
-
#
|
1841
|
+
# for which the
|
1842
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#policies policies}
|
1843
|
+
# are computed. This is one of the
|
1844
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names}
|
1845
|
+
# the caller provides in the request.
|
1808
1846
|
# @!attribute [rw] policies
|
1809
1847
|
# @return [::Array<::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo>]
|
1810
|
-
# The effective policies for the
|
1848
|
+
# The effective policies for the
|
1849
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}.
|
1811
1850
|
#
|
1812
|
-
# These policies include the policy set on the
|
1813
|
-
#
|
1814
|
-
#
|
1815
|
-
#
|
1851
|
+
# These policies include the policy set on the
|
1852
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}
|
1853
|
+
# and those set on its parents and ancestors up to the
|
1854
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#scope BatchGetEffectiveIamPoliciesRequest.scope}.
|
1855
|
+
# Note that these policies are not filtered according to the resource type
|
1856
|
+
# of the
|
1816
1857
|
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}.
|
1817
1858
|
#
|
1818
1859
|
# These policies are hierarchically ordered by
|
1819
|
-
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}
|
1860
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}
|
1861
|
+
# starting from
|
1862
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}
|
1820
1863
|
# itself to its parents and ancestors, such that policies[i]'s
|
1821
|
-
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}
|
1822
|
-
#
|
1864
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}
|
1865
|
+
# is the child of policies[i+1]'s
|
1866
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource},
|
1867
|
+
# if policies[i+1] exists.
|
1823
1868
|
class EffectiveIamPolicy
|
1824
1869
|
include ::Google::Protobuf::MessageExts
|
1825
1870
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1827,10 +1872,13 @@ module Google
|
|
1827
1872
|
# The IAM policy and its attached resource.
|
1828
1873
|
# @!attribute [rw] attached_resource
|
1829
1874
|
# @return [::String]
|
1830
|
-
# The full resource name the
|
1875
|
+
# The full resource name the
|
1876
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#policy policy}
|
1877
|
+
# is directly attached to.
|
1831
1878
|
# @!attribute [rw] policy
|
1832
1879
|
# @return [::Google::Iam::V1::Policy]
|
1833
|
-
# The IAM policy that's directly attached to the
|
1880
|
+
# The IAM policy that's directly attached to the
|
1881
|
+
# {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource attached_resource}.
|
1834
1882
|
class PolicyInfo
|
1835
1883
|
include ::Google::Protobuf::MessageExts
|
1836
1884
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1838,6 +1886,561 @@ module Google
|
|
1838
1886
|
end
|
1839
1887
|
end
|
1840
1888
|
|
1889
|
+
# This organization policy message is a modified version of the one defined in
|
1890
|
+
# the Organization Policy system. This message contains several fields defined
|
1891
|
+
# in the original organization policy with some new fields for analysis
|
1892
|
+
# purpose.
|
1893
|
+
# @!attribute [rw] attached_resource
|
1894
|
+
# @return [::String]
|
1895
|
+
# The [full resource name]
|
1896
|
+
# (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
|
1897
|
+
# an organization/folder/project resource where this organization policy is
|
1898
|
+
# set.
|
1899
|
+
#
|
1900
|
+
# Notice that some type of constraints are defined with default policy. This
|
1901
|
+
# field will be empty for them.
|
1902
|
+
# @!attribute [rw] applied_resource
|
1903
|
+
# @return [::String]
|
1904
|
+
# The [full resource name]
|
1905
|
+
# (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
|
1906
|
+
# an organization/folder/project resource where this organization policy
|
1907
|
+
# applies to.
|
1908
|
+
#
|
1909
|
+
# For any user defined org policies, this field has the same value as
|
1910
|
+
# the [attached_resource] field. Only for default policy, this field has
|
1911
|
+
# the different value.
|
1912
|
+
# @!attribute [rw] rules
|
1913
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule>]
|
1914
|
+
# List of rules for this organization policy.
|
1915
|
+
# @!attribute [rw] inherit_from_parent
|
1916
|
+
# @return [::Boolean]
|
1917
|
+
# If `inherit_from_parent` is true, Rules set higher up in the
|
1918
|
+
# hierarchy (up to the closest root) are inherited and present in the
|
1919
|
+
# effective policy. If it is false, then no rules are inherited, and this
|
1920
|
+
# policy becomes the effective root for evaluation.
|
1921
|
+
# @!attribute [rw] reset
|
1922
|
+
# @return [::Boolean]
|
1923
|
+
# Ignores policies set above this resource and restores the default behavior
|
1924
|
+
# of the constraint at this resource.
|
1925
|
+
# This field can be set in policies for either list or boolean
|
1926
|
+
# constraints. If set, `rules` must be empty and `inherit_from_parent`
|
1927
|
+
# must be set to false.
|
1928
|
+
class AnalyzerOrgPolicy
|
1929
|
+
include ::Google::Protobuf::MessageExts
|
1930
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1931
|
+
|
1932
|
+
# Represents a rule defined in an organization policy
|
1933
|
+
# @!attribute [rw] values
|
1934
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
|
1935
|
+
# List of values to be used for this PolicyRule. This field can be set
|
1936
|
+
# only in Policies for list constraints.
|
1937
|
+
# @!attribute [rw] allow_all
|
1938
|
+
# @return [::Boolean]
|
1939
|
+
# Setting this to true means that all values are allowed. This field can
|
1940
|
+
# be set only in Policies for list constraints.
|
1941
|
+
# @!attribute [rw] deny_all
|
1942
|
+
# @return [::Boolean]
|
1943
|
+
# Setting this to true means that all values are denied. This field can
|
1944
|
+
# be set only in Policies for list constraints.
|
1945
|
+
# @!attribute [rw] enforce
|
1946
|
+
# @return [::Boolean]
|
1947
|
+
# If `true`, then the `Policy` is enforced. If `false`, then any
|
1948
|
+
# configuration is acceptable.
|
1949
|
+
# This field can be set only in Policies for boolean constraints.
|
1950
|
+
# @!attribute [rw] condition
|
1951
|
+
# @return [::Google::Type::Expr]
|
1952
|
+
# The evaluating condition for this rule.
|
1953
|
+
class Rule
|
1954
|
+
include ::Google::Protobuf::MessageExts
|
1955
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1956
|
+
|
1957
|
+
# The string values for the list constraints.
|
1958
|
+
# @!attribute [rw] allowed_values
|
1959
|
+
# @return [::Array<::String>]
|
1960
|
+
# List of values allowed at this resource.
|
1961
|
+
# @!attribute [rw] denied_values
|
1962
|
+
# @return [::Array<::String>]
|
1963
|
+
# List of values denied at this resource.
|
1964
|
+
class StringValues
|
1965
|
+
include ::Google::Protobuf::MessageExts
|
1966
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1967
|
+
end
|
1968
|
+
end
|
1969
|
+
end
|
1970
|
+
|
1971
|
+
# The organization policy constraint definition.
|
1972
|
+
# @!attribute [rw] google_defined_constraint
|
1973
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint]
|
1974
|
+
# The definition of the canned constraint defined by Google.
|
1975
|
+
# @!attribute [rw] custom_constraint
|
1976
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::CustomConstraint]
|
1977
|
+
# The definition of the custom constraint.
|
1978
|
+
class AnalyzerOrgPolicyConstraint
|
1979
|
+
include ::Google::Protobuf::MessageExts
|
1980
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1981
|
+
|
1982
|
+
# The definition of a constraint.
|
1983
|
+
# @!attribute [rw] name
|
1984
|
+
# @return [::String]
|
1985
|
+
# The unique name of the constraint. Format of the name should be
|
1986
|
+
# * `constraints/{constraint_name}`
|
1987
|
+
#
|
1988
|
+
# For example, `constraints/compute.disableSerialPortAccess`.
|
1989
|
+
# @!attribute [rw] display_name
|
1990
|
+
# @return [::String]
|
1991
|
+
# The human readable name of the constraint.
|
1992
|
+
# @!attribute [rw] description
|
1993
|
+
# @return [::String]
|
1994
|
+
# Detailed description of what this `Constraint` controls as well as how
|
1995
|
+
# and where it is enforced.
|
1996
|
+
# @!attribute [rw] constraint_default
|
1997
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint::ConstraintDefault]
|
1998
|
+
# The evaluation behavior of this constraint in the absence of 'Policy'.
|
1999
|
+
# @!attribute [rw] list_constraint
|
2000
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint::ListConstraint]
|
2001
|
+
# Defines this constraint as being a ListConstraint.
|
2002
|
+
# @!attribute [rw] boolean_constraint
|
2003
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint::BooleanConstraint]
|
2004
|
+
# Defines this constraint as being a BooleanConstraint.
|
2005
|
+
class Constraint
|
2006
|
+
include ::Google::Protobuf::MessageExts
|
2007
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2008
|
+
|
2009
|
+
# A `Constraint` that allows or disallows a list of string values, which
|
2010
|
+
# are configured by an organization's policy administrator with a `Policy`.
|
2011
|
+
# @!attribute [rw] supports_in
|
2012
|
+
# @return [::Boolean]
|
2013
|
+
# Indicates whether values grouped into categories can be used in
|
2014
|
+
# `Policy.allowed_values` and `Policy.denied_values`. For example,
|
2015
|
+
# `"in:Python"` would match any value in the 'Python' group.
|
2016
|
+
# @!attribute [rw] supports_under
|
2017
|
+
# @return [::Boolean]
|
2018
|
+
# Indicates whether subtrees of Cloud Resource Manager resource hierarchy
|
2019
|
+
# can be used in `Policy.allowed_values` and `Policy.denied_values`. For
|
2020
|
+
# example, `"under:folders/123"` would match any resource under the
|
2021
|
+
# 'folders/123' folder.
|
2022
|
+
class ListConstraint
|
2023
|
+
include ::Google::Protobuf::MessageExts
|
2024
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2025
|
+
end
|
2026
|
+
|
2027
|
+
# A `Constraint` that is either enforced or not.
|
2028
|
+
#
|
2029
|
+
# For example a constraint `constraints/compute.disableSerialPortAccess`.
|
2030
|
+
# If it is enforced on a VM instance, serial port connections will not be
|
2031
|
+
# opened to that instance.
|
2032
|
+
class BooleanConstraint
|
2033
|
+
include ::Google::Protobuf::MessageExts
|
2034
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2035
|
+
end
|
2036
|
+
|
2037
|
+
# Specifies the default behavior in the absence of any `Policy` for the
|
2038
|
+
# `Constraint`. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.
|
2039
|
+
module ConstraintDefault
|
2040
|
+
# This is only used for distinguishing unset values and should never be
|
2041
|
+
# used.
|
2042
|
+
CONSTRAINT_DEFAULT_UNSPECIFIED = 0
|
2043
|
+
|
2044
|
+
# Indicate that all values are allowed for list constraints.
|
2045
|
+
# Indicate that enforcement is off for boolean constraints.
|
2046
|
+
ALLOW = 1
|
2047
|
+
|
2048
|
+
# Indicate that all values are denied for list constraints.
|
2049
|
+
# Indicate that enforcement is on for boolean constraints.
|
2050
|
+
DENY = 2
|
2051
|
+
end
|
2052
|
+
end
|
2053
|
+
|
2054
|
+
# The definition of a custom constraint.
|
2055
|
+
# @!attribute [rw] name
|
2056
|
+
# @return [::String]
|
2057
|
+
# Name of the constraint. This is unique within the organization. Format of
|
2058
|
+
# the name should be
|
2059
|
+
# * `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
|
2060
|
+
#
|
2061
|
+
# Example :
|
2062
|
+
# "organizations/123/customConstraints/custom.createOnlyE2TypeVms"
|
2063
|
+
# @!attribute [rw] resource_types
|
2064
|
+
# @return [::Array<::String>]
|
2065
|
+
# The Resource Instance type on which this policy applies to. Format will
|
2066
|
+
# be of the form : "<canonical service name>/<type>" Example:
|
2067
|
+
# * `compute.googleapis.com/Instance`.
|
2068
|
+
# @!attribute [rw] method_types
|
2069
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::CustomConstraint::MethodType>]
|
2070
|
+
# All the operations being applied for this constraint.
|
2071
|
+
# @!attribute [rw] condition
|
2072
|
+
# @return [::String]
|
2073
|
+
# Organization Policy condition/expression. For example:
|
2074
|
+
# `resource.instanceName.matches("[production|test]_.*_(\d)+")'` or,
|
2075
|
+
# `resource.management.auto_upgrade == true`
|
2076
|
+
# @!attribute [rw] action_type
|
2077
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::CustomConstraint::ActionType]
|
2078
|
+
# Allow or deny type.
|
2079
|
+
# @!attribute [rw] display_name
|
2080
|
+
# @return [::String]
|
2081
|
+
# One line display name for the UI.
|
2082
|
+
# @!attribute [rw] description
|
2083
|
+
# @return [::String]
|
2084
|
+
# Detailed information about this custom policy constraint.
|
2085
|
+
class CustomConstraint
|
2086
|
+
include ::Google::Protobuf::MessageExts
|
2087
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2088
|
+
|
2089
|
+
# The operation in which this constraint will be applied. For example:
|
2090
|
+
# If the constraint applies only when create VMs, the method_types will be
|
2091
|
+
# "CREATE" only. If the constraint applied when create or delete VMs, the
|
2092
|
+
# method_types will be "CREATE" and "DELETE".
|
2093
|
+
module MethodType
|
2094
|
+
# Unspecified. Will results in user error.
|
2095
|
+
METHOD_TYPE_UNSPECIFIED = 0
|
2096
|
+
|
2097
|
+
# Constraint applied when creating the resource.
|
2098
|
+
CREATE = 1
|
2099
|
+
|
2100
|
+
# Constraint applied when updating the resource.
|
2101
|
+
UPDATE = 2
|
2102
|
+
|
2103
|
+
# Constraint applied when deleting the resource.
|
2104
|
+
DELETE = 3
|
2105
|
+
end
|
2106
|
+
|
2107
|
+
# Allow or deny type.
|
2108
|
+
module ActionType
|
2109
|
+
# Unspecified. Will results in user error.
|
2110
|
+
ACTION_TYPE_UNSPECIFIED = 0
|
2111
|
+
|
2112
|
+
# Allowed action type.
|
2113
|
+
ALLOW = 1
|
2114
|
+
|
2115
|
+
# Deny action type.
|
2116
|
+
DENY = 2
|
2117
|
+
end
|
2118
|
+
end
|
2119
|
+
end
|
2120
|
+
|
2121
|
+
# A request message for
|
2122
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policies AssetService.AnalyzeOrgPolicies}.
|
2123
|
+
# @!attribute [rw] scope
|
2124
|
+
# @return [::String]
|
2125
|
+
# Required. The organization to scope the request. Only organization
|
2126
|
+
# policies within the scope will be analyzed.
|
2127
|
+
#
|
2128
|
+
# * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
|
2129
|
+
# @!attribute [rw] constraint
|
2130
|
+
# @return [::String]
|
2131
|
+
# Required. The name of the constraint to analyze organization policies for.
|
2132
|
+
# The response only contains analyzed organization policies for the provided
|
2133
|
+
# constraint.
|
2134
|
+
# @!attribute [rw] filter
|
2135
|
+
# @return [::String]
|
2136
|
+
# The expression to filter
|
2137
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}.
|
2138
|
+
# The only supported field is `consolidated_policy.attached_resource`, and
|
2139
|
+
# the only supported operator is `=`.
|
2140
|
+
#
|
2141
|
+
# Example:
|
2142
|
+
# consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001"
|
2143
|
+
# will return the org policy results of"folders/001".
|
2144
|
+
# @!attribute [rw] page_size
|
2145
|
+
# @return [::Integer]
|
2146
|
+
# The maximum number of items to return per page. If unspecified,
|
2147
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}
|
2148
|
+
# will contain 20 items with a maximum of 200.
|
2149
|
+
# @!attribute [rw] page_token
|
2150
|
+
# @return [::String]
|
2151
|
+
# The pagination token to retrieve the next page.
|
2152
|
+
class AnalyzeOrgPoliciesRequest
|
2153
|
+
include ::Google::Protobuf::MessageExts
|
2154
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2155
|
+
end
|
2156
|
+
|
2157
|
+
# The response message for
|
2158
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policies AssetService.AnalyzeOrgPolicies}.
|
2159
|
+
# @!attribute [rw] org_policy_results
|
2160
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse::OrgPolicyResult>]
|
2161
|
+
# The organization policies under the
|
2162
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest#scope AnalyzeOrgPoliciesRequest.scope}
|
2163
|
+
# with the
|
2164
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest#constraint AnalyzeOrgPoliciesRequest.constraint}.
|
2165
|
+
# @!attribute [rw] constraint
|
2166
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint]
|
2167
|
+
# The definition of the constraint in the request.
|
2168
|
+
# @!attribute [rw] next_page_token
|
2169
|
+
# @return [::String]
|
2170
|
+
# The page token to fetch the next page for
|
2171
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}.
|
2172
|
+
class AnalyzeOrgPoliciesResponse
|
2173
|
+
include ::Google::Protobuf::MessageExts
|
2174
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2175
|
+
|
2176
|
+
# The organization policy result to the query.
|
2177
|
+
# @!attribute [rw] consolidated_policy
|
2178
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy]
|
2179
|
+
# The consolidated organization policy for the analyzed resource. The
|
2180
|
+
# consolidated organization policy is computed by merging and evaluating
|
2181
|
+
# [AnalyzeOrgPoliciesResponse.policy_bundle][].
|
2182
|
+
# The evaluation will respect the organization policy [hierarchy
|
2183
|
+
# rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
|
2184
|
+
# @!attribute [rw] policy_bundle
|
2185
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy>]
|
2186
|
+
# The ordered list of all organization policies from the
|
2187
|
+
# [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][].
|
2188
|
+
# to the scope specified in the request.
|
2189
|
+
#
|
2190
|
+
# If the constraint is defined with default policy, it will also appear in
|
2191
|
+
# the list.
|
2192
|
+
class OrgPolicyResult
|
2193
|
+
include ::Google::Protobuf::MessageExts
|
2194
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2195
|
+
end
|
2196
|
+
end
|
2197
|
+
|
2198
|
+
# A request message for
|
2199
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_containers AssetService.AnalyzeOrgPolicyGovernedContainers}.
|
2200
|
+
# @!attribute [rw] scope
|
2201
|
+
# @return [::String]
|
2202
|
+
# Required. The organization to scope the request. Only organization
|
2203
|
+
# policies within the scope will be analyzed. The output containers will
|
2204
|
+
# also be limited to the ones governed by those in-scope organization
|
2205
|
+
# policies.
|
2206
|
+
#
|
2207
|
+
# * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
|
2208
|
+
# @!attribute [rw] constraint
|
2209
|
+
# @return [::String]
|
2210
|
+
# Required. The name of the constraint to analyze governed containers for.
|
2211
|
+
# The analysis only contains organization policies for the provided
|
2212
|
+
# constraint.
|
2213
|
+
# @!attribute [rw] filter
|
2214
|
+
# @return [::String]
|
2215
|
+
# The expression to filter the governed containers in result.
|
2216
|
+
# The only supported field is `parent`, and the only supported operator is
|
2217
|
+
# `=`.
|
2218
|
+
#
|
2219
|
+
# Example:
|
2220
|
+
# parent="//cloudresourcemanager.googleapis.com/folders/001" will return all
|
2221
|
+
# containers under "folders/001".
|
2222
|
+
# @!attribute [rw] page_size
|
2223
|
+
# @return [::Integer]
|
2224
|
+
# The maximum number of items to return per page. If unspecified,
|
2225
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse#governed_containers AnalyzeOrgPolicyGovernedContainersResponse.governed_containers}
|
2226
|
+
# will contain 100 items with a maximum of 200.
|
2227
|
+
# @!attribute [rw] page_token
|
2228
|
+
# @return [::String]
|
2229
|
+
# The pagination token to retrieve the next page.
|
2230
|
+
class AnalyzeOrgPolicyGovernedContainersRequest
|
2231
|
+
include ::Google::Protobuf::MessageExts
|
2232
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2233
|
+
end
|
2234
|
+
|
2235
|
+
# The response message for
|
2236
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_containers AssetService.AnalyzeOrgPolicyGovernedContainers}.
|
2237
|
+
# @!attribute [rw] governed_containers
|
2238
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer>]
|
2239
|
+
# The list of the analyzed governed containers.
|
2240
|
+
# @!attribute [rw] constraint
|
2241
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint]
|
2242
|
+
# The definition of the constraint in the request.
|
2243
|
+
# @!attribute [rw] next_page_token
|
2244
|
+
# @return [::String]
|
2245
|
+
# The page token to fetch the next page for
|
2246
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse#governed_containers AnalyzeOrgPolicyGovernedContainersResponse.governed_containers}.
|
2247
|
+
class AnalyzeOrgPolicyGovernedContainersResponse
|
2248
|
+
include ::Google::Protobuf::MessageExts
|
2249
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2250
|
+
|
2251
|
+
# The organization/folder/project resource governed by organization policies
|
2252
|
+
# of
|
2253
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersRequest#constraint AnalyzeOrgPolicyGovernedContainersRequest.constraint}.
|
2254
|
+
# @!attribute [rw] full_resource_name
|
2255
|
+
# @return [::String]
|
2256
|
+
# The [full resource name]
|
2257
|
+
# (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
|
2258
|
+
# an organization/folder/project resource.
|
2259
|
+
# @!attribute [rw] parent
|
2260
|
+
# @return [::String]
|
2261
|
+
# The [full resource name]
|
2262
|
+
# (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
|
2263
|
+
# the parent of
|
2264
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#full_resource_name AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.full_resource_name}.
|
2265
|
+
# @!attribute [rw] consolidated_policy
|
2266
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy]
|
2267
|
+
# The consolidated organization policy for the analyzed resource. The
|
2268
|
+
# consolidated organization policy is computed by merging and evaluating
|
2269
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#policy_bundle AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.policy_bundle}.
|
2270
|
+
# The evaluation will respect the organization policy [hierarchy
|
2271
|
+
# rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
|
2272
|
+
# @!attribute [rw] policy_bundle
|
2273
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy>]
|
2274
|
+
# The ordered list of all organization policies from the
|
2275
|
+
# [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][].
|
2276
|
+
# to the scope specified in the request.
|
2277
|
+
#
|
2278
|
+
# If the constraint is defined with default policy, it will also appear in
|
2279
|
+
# the list.
|
2280
|
+
class GovernedContainer
|
2281
|
+
include ::Google::Protobuf::MessageExts
|
2282
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2283
|
+
end
|
2284
|
+
end
|
2285
|
+
|
2286
|
+
# A request message for
|
2287
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_assets AssetService.AnalyzeOrgPolicyGovernedAssets}.
|
2288
|
+
# @!attribute [rw] scope
|
2289
|
+
# @return [::String]
|
2290
|
+
# Required. The organization to scope the request. Only organization
|
2291
|
+
# policies within the scope will be analyzed. The output assets will
|
2292
|
+
# also be limited to the ones governed by those in-scope organization
|
2293
|
+
# policies.
|
2294
|
+
#
|
2295
|
+
# * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
|
2296
|
+
# @!attribute [rw] constraint
|
2297
|
+
# @return [::String]
|
2298
|
+
# Required. The name of the constraint to analyze governed assets for. The
|
2299
|
+
# analysis only contains analyzed organization policies for the provided
|
2300
|
+
# constraint.
|
2301
|
+
# @!attribute [rw] filter
|
2302
|
+
# @return [::String]
|
2303
|
+
# The expression to filter the governed assets in result. The only supported
|
2304
|
+
# fields for governed resources are `governed_resource.project` and
|
2305
|
+
# `governed_resource.folders`. The only supported fields for governed iam
|
2306
|
+
# policies are `governed_iam_policy.project` and
|
2307
|
+
# `governed_iam_policy.folders`. The only supported operator is `=`.
|
2308
|
+
#
|
2309
|
+
# Example 1: governed_resource.project="projects/12345678" filter will return
|
2310
|
+
# all governed resources under projects/12345678 including the project
|
2311
|
+
# ifself, if applicable.
|
2312
|
+
#
|
2313
|
+
# Example 2: governed_iam_policy.folders="folders/12345678" filter will
|
2314
|
+
# return all governed iam policies under folders/12345678, if applicable.
|
2315
|
+
# @!attribute [rw] page_size
|
2316
|
+
# @return [::Integer]
|
2317
|
+
# The maximum number of items to return per page. If unspecified,
|
2318
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse#governed_assets AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets}
|
2319
|
+
# will contain 100 items with a maximum of 200.
|
2320
|
+
# @!attribute [rw] page_token
|
2321
|
+
# @return [::String]
|
2322
|
+
# The pagination token to retrieve the next page.
|
2323
|
+
class AnalyzeOrgPolicyGovernedAssetsRequest
|
2324
|
+
include ::Google::Protobuf::MessageExts
|
2325
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2326
|
+
end
|
2327
|
+
|
2328
|
+
# The response message for
|
2329
|
+
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_assets AssetService.AnalyzeOrgPolicyGovernedAssets}.
|
2330
|
+
# @!attribute [rw] governed_assets
|
2331
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset>]
|
2332
|
+
# The list of the analyzed governed assets.
|
2333
|
+
# @!attribute [rw] constraint
|
2334
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint]
|
2335
|
+
# The definition of the constraint in the request.
|
2336
|
+
# @!attribute [rw] next_page_token
|
2337
|
+
# @return [::String]
|
2338
|
+
# The page token to fetch the next page for
|
2339
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse#governed_assets AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets}.
|
2340
|
+
class AnalyzeOrgPolicyGovernedAssetsResponse
|
2341
|
+
include ::Google::Protobuf::MessageExts
|
2342
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2343
|
+
|
2344
|
+
# The Google Cloud resources governed by the organization policies of the
|
2345
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
|
2346
|
+
# @!attribute [rw] full_resource_name
|
2347
|
+
# @return [::String]
|
2348
|
+
# The [full resource name]
|
2349
|
+
# (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
|
2350
|
+
# the Google Cloud resource.
|
2351
|
+
# @!attribute [rw] parent
|
2352
|
+
# @return [::String]
|
2353
|
+
# The [full resource name]
|
2354
|
+
# (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
|
2355
|
+
# the parent of
|
2356
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedResource#full_resource_name AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name}.
|
2357
|
+
# @!attribute [rw] project
|
2358
|
+
# @return [::String]
|
2359
|
+
# The project that this resource belongs to, in the form of
|
2360
|
+
# projects/\\{PROJECT_NUMBER}. This field is available when the resource
|
2361
|
+
# belongs to a project.
|
2362
|
+
# @!attribute [rw] folders
|
2363
|
+
# @return [::Array<::String>]
|
2364
|
+
# The folder(s) that this resource belongs to, in the form of
|
2365
|
+
# folders/\\{FOLDER_NUMBER}. This field is available when the resource
|
2366
|
+
# belongs(directly or cascadingly) to one or more folders.
|
2367
|
+
# @!attribute [rw] organization
|
2368
|
+
# @return [::String]
|
2369
|
+
# The organization that this resource belongs to, in the form of
|
2370
|
+
# organizations/\\{ORGANIZATION_NUMBER}. This field is available when the
|
2371
|
+
# resource belongs(directly or cascadingly) to an organization.
|
2372
|
+
class GovernedResource
|
2373
|
+
include ::Google::Protobuf::MessageExts
|
2374
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2375
|
+
end
|
2376
|
+
|
2377
|
+
# The IAM policies governed by the organization policies of the
|
2378
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
|
2379
|
+
# @!attribute [rw] attached_resource
|
2380
|
+
# @return [::String]
|
2381
|
+
# The full resource name of the resource associated with this IAM policy.
|
2382
|
+
# Example:
|
2383
|
+
# `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
|
2384
|
+
# See [Cloud Asset Inventory Resource Name
|
2385
|
+
# Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
2386
|
+
# for more information.
|
2387
|
+
# @!attribute [rw] policy
|
2388
|
+
# @return [::Google::Iam::V1::Policy]
|
2389
|
+
# The IAM policy directly set on the given resource.
|
2390
|
+
# @!attribute [rw] project
|
2391
|
+
# @return [::String]
|
2392
|
+
# The project that this IAM policy belongs to, in the form of
|
2393
|
+
# projects/\\{PROJECT_NUMBER}. This field is available when the IAM policy
|
2394
|
+
# belongs to a project.
|
2395
|
+
# @!attribute [rw] folders
|
2396
|
+
# @return [::Array<::String>]
|
2397
|
+
# The folder(s) that this IAM policy belongs to, in the form of
|
2398
|
+
# folders/\\{FOLDER_NUMBER}. This field is available when the IAM policy
|
2399
|
+
# belongs(directly or cascadingly) to one or more folders.
|
2400
|
+
# @!attribute [rw] organization
|
2401
|
+
# @return [::String]
|
2402
|
+
# The organization that this IAM policy belongs to, in the form of
|
2403
|
+
# organizations/\\{ORGANIZATION_NUMBER}. This field is available when the
|
2404
|
+
# IAM policy belongs(directly or cascadingly) to an organization.
|
2405
|
+
class GovernedIamPolicy
|
2406
|
+
include ::Google::Protobuf::MessageExts
|
2407
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2408
|
+
end
|
2409
|
+
|
2410
|
+
# Represents a Google Cloud asset(resource or IAM policy) governed by the
|
2411
|
+
# organization policies of the
|
2412
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
|
2413
|
+
# @!attribute [rw] governed_resource
|
2414
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedResource]
|
2415
|
+
# A Google Cloud resource governed by the organization
|
2416
|
+
# policies of the
|
2417
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
|
2418
|
+
# @!attribute [rw] governed_iam_policy
|
2419
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedIamPolicy]
|
2420
|
+
# An IAM policy governed by the organization
|
2421
|
+
# policies of the
|
2422
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
|
2423
|
+
# @!attribute [rw] consolidated_policy
|
2424
|
+
# @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy]
|
2425
|
+
# The consolidated policy for the analyzed asset. The consolidated
|
2426
|
+
# policy is computed by merging and evaluating
|
2427
|
+
# {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#policy_bundle AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.policy_bundle}.
|
2428
|
+
# The evaluation will respect the organization policy [hierarchy
|
2429
|
+
# rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
|
2430
|
+
# @!attribute [rw] policy_bundle
|
2431
|
+
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy>]
|
2432
|
+
# The ordered list of all organization policies from the
|
2433
|
+
# [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][]
|
2434
|
+
# to the scope specified in the request.
|
2435
|
+
#
|
2436
|
+
# If the constraint is defined with default policy, it will also appear in
|
2437
|
+
# the list.
|
2438
|
+
class GovernedAsset
|
2439
|
+
include ::Google::Protobuf::MessageExts
|
2440
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
2441
|
+
end
|
2442
|
+
end
|
2443
|
+
|
1841
2444
|
# Asset content type.
|
1842
2445
|
module ContentType
|
1843
2446
|
# Unspecified content type.
|
@@ -1849,10 +2452,10 @@ module Google
|
|
1849
2452
|
# The actual IAM policy set on a resource.
|
1850
2453
|
IAM_POLICY = 2
|
1851
2454
|
|
1852
|
-
# The
|
2455
|
+
# The organization policy set on an asset.
|
1853
2456
|
ORG_POLICY = 4
|
1854
2457
|
|
1855
|
-
# The
|
2458
|
+
# The Access Context Manager policy set on an asset.
|
1856
2459
|
ACCESS_POLICY = 5
|
1857
2460
|
|
1858
2461
|
# The runtime OS Inventory information.
|