google-cloud-asset-v1 0.4.3 → 0.6.0

data/proto_docs/google/cloud/asset/v1/assets.rb

@@ -32,9 +32,34 @@ module Google
         # @!attribute [rw] asset
         #   @return [::Google::Cloud::Asset::V1::Asset]
         #     An asset in Google Cloud.
+        # @!attribute [rw] prior_asset_state
+        #   @return [::Google::Cloud::Asset::V1::TemporalAsset::PriorAssetState]
+        #     State of prior_asset.
+        # @!attribute [rw] prior_asset
+        #   @return [::Google::Cloud::Asset::V1::Asset]
+        #     Prior copy of the asset. Populated if prior_asset_state is PRESENT.
+        #     Currently this is only set for responses in Real-Time Feed.
         class TemporalAsset
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # State of prior asset.
+          module PriorAssetState
+            # prior_asset is not applicable for the current asset.
+            PRIOR_ASSET_STATE_UNSPECIFIED = 0
+
+            # prior_asset is populated correctly.
+            PRESENT = 1
+
+            # Failed to set prior_asset.
+            INVALID = 2
+
+            # Current asset is the first known state.
+            DOES_NOT_EXIST = 3
+
+            # prior_asset is a deletion.
+            DELETED = 4
+          end
         end
 
         # A time window specified by its `start_time` and `end_time`.
@@ -54,10 +79,17 @@ module Google
         # [resource
         # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
         # a resource outside the Google Cloud resource hierarchy (such as Google
-        # Kubernetes Engine clusters and objects), or a Cloud IAM policy.
+        # Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
+        # See [Supported asset
+        # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
+        # for more information.
+        # @!attribute [rw] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     The last update timestamp of an asset. update_time is updated when
+        #     create/update/delete operation is performed.
         # @!attribute [rw] name
         #   @return [::String]
-        #     The full name of the asset. For example:
+        #     The full name of the asset. Example:
         #     `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
         #
         #     See [Resource
@@ -65,7 +97,7 @@ module Google
         #     for more information.
         # @!attribute [rw] asset_type
         #   @return [::String]
-        #     The type of the asset. For example: `compute.googleapis.com/Disk`
+        #     The type of the asset. Example: `compute.googleapis.com/Disk`
         #
         #     See [Supported asset
         #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
@@ -92,10 +124,16 @@ module Google
         #     set on a given resource.
         # @!attribute [rw] access_policy
         #   @return [::Google::Identity::AccessContextManager::V1::AccessPolicy]
+        #     Please also refer to the [access policy user
+        #     guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
         # @!attribute [rw] access_level
         #   @return [::Google::Identity::AccessContextManager::V1::AccessLevel]
+        #     Please also refer to the [access level user
+        #     guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
         # @!attribute [rw] service_perimeter
         #   @return [::Google::Identity::AccessContextManager::V1::ServicePerimeter]
+        #     Please also refer to the [service perimeter user
+        #     guide](https://cloud.google.com/vpc-service-controls/docs/overview).
         # @!attribute [rw] ancestors
         #   @return [::Array<::String>]
         #     The ancestry path of an asset in Google Cloud [resource
@@ -105,7 +143,7 @@ module Google
         #     is a project, folder, or organization, the ancestry path starts from the
         #     asset itself.
         #
-        #     For example: `["projects/123456789", "folders/5432", "organizations/1234"]`
+        #     Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
         class Asset
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -114,18 +152,18 @@ module Google
         # A representation of a Google Cloud resource.
         # @!attribute [rw] version
         #   @return [::String]
-        #     The API version. For example: `v1`
+        #     The API version. Example: `v1`
         # @!attribute [rw] discovery_document_uri
         #   @return [::String]
         #     The URL of the discovery document containing the resource's JSON schema.
-        #     For example:
+        #     Example:
         #     `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
         #
         #     This value is unspecified for resources that do not have an API based on a
         #     discovery document, such as Cloud Bigtable.
         # @!attribute [rw] discovery_name
         #   @return [::String]
-        #     The JSON schema name listed in the discovery document. For example:
+        #     The JSON schema name listed in the discovery document. Example:
         #     `Project`
         #
         #     This value is unspecified for resources that do not have an API based on a
@@ -133,7 +171,7 @@ module Google
         # @!attribute [rw] resource_url
         #   @return [::String]
         #     The REST URL for accessing the resource. An HTTP `GET` request using this
-        #     URL returns the resource itself. For example:
+        #     URL returns the resource itself. Example:
         #     `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
         #
         #     This value is unspecified for resources without a REST API.
@@ -147,7 +185,7 @@ module Google
         #     For Google Cloud assets, this value is the parent resource defined in the
         #     [Cloud IAM policy
         #     hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
-        #     For example:
+        #     Example:
         #     `//cloudresourcemanager.googleapis.com/projects/my_project_123`
         #
         #     For third-party assets, this field may be set differently.
@@ -164,7 +202,7 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # A result of Resource Search, containing information of a cloud resoure.
+        # A result of Resource Search, containing information of a cloud resource.
         # @!attribute [rw] name
         #   @return [::String]
         #     The full resource name of this resource. Example:
@@ -175,8 +213,8 @@ module Google
         #
         #     To search against the `name`:
         #
-        #     * use a field query. Example: `name : "instance1"`
-        #     * use a free text query. Example: `"instance1"`
+        #     * use a field query. Example: `name:instance1`
+        #     * use a free text query. Example: `instance1`
         # @!attribute [rw] asset_type
         #   @return [::String]
         #     The type of this resource. Example: `compute.googleapis.com/Disk`.
@@ -198,7 +236,7 @@ module Google
         #
         #     To search against the `display_name`:
         #
-        #     * use a field query. Example: `displayName : "My Instance"`
+        #     * use a field query. Example: `displayName:"My Instance"`
         #     * use a free text query. Example: `"My Instance"`
         # @!attribute [rw] description
         #   @return [::String]
@@ -207,7 +245,7 @@ module Google
         #
         #     To search against the `description`:
         #
-        #     * use a field query. Example: `description : "*important instance*"`
+        #     * use a field query. Example: `description:"*important instance*"`
         #     * use a free text query. Example: `"*important instance*"`
         # @!attribute [rw] location
         #   @return [::String]
@@ -216,8 +254,8 @@ module Google
         #
         #     To search against the `location`:
         #
-        #     * use a field query. Example: `location : "us-west*"`
-        #     * use a free text query. Example: `"us-west*"`
+        #     * use a field query. Example: `location:us-west*`
+        #     * use a free text query. Example: `us-west*`
         # @!attribute [rw] labels
         #   @return [::Google::Protobuf::Map{::String => ::String}]
         #     Labels associated with this resource. See [Labelling and grouping GCP
@@ -226,11 +264,11 @@ module Google
         #
         #     To search against the `labels`:
         #
-        #     * use a field query, as following:
-        #         - query on any label's key or value. Example: `labels : "prod"`
-        #         - query by a given label. Example: `labels.env : "prod"`
-        #         - query by a given label'sexistence. Example: `labels.env : *`
-        #     * use a free text query. Example: `"prod"`
+        #     * use a field query:
+        #         - query on any label's key or value. Example: `labels:prod`
+        #         - query by a given label. Example: `labels.env:prod`
+        #         - query by a given label's existence. Example: `labels.env:*`
+        #     * use a free text query. Example: `prod`
         # @!attribute [rw] network_tags
         #   @return [::Array<::String>]
         #     Network tags associated with this resource. Like labels, network tags are a
@@ -240,19 +278,29 @@ module Google
         #
         #     To search against the `network_tags`:
         #
-        #     * use a field query. Example: `networkTags : "internal"`
-        #     * use a free text query. Example: `"internal"`
+        #     * use a field query. Example: `networkTags:internal`
+        #     * use a free text query. Example: `internal`
         # @!attribute [rw] additional_attributes
         #   @return [::Google::Protobuf::Struct]
-        #     The additional attributes of this resource. The attributes may vary from
-        #     one resource type to another. Examples: `projectId` for Project,
-        #     `dnsName` for DNS ManagedZone.
+        #     The additional searchable attributes of this resource. The attributes may
+        #     vary from one resource type to another. Examples: `projectId` for Project,
+        #     `dnsName` for DNS ManagedZone. This field contains a subset of the resource
+        #     metadata fields that are returned by the List or Get APIs provided by the
+        #     corresponding GCP service (e.g., Compute Engine). see [API references and
+        #     supported searchable
+        #     attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
+        #     for more information.
+        #
+        #     You can search values of these fields through free text search. However,
+        #     you should not consume the field programically as the field names and
+        #     values may change as the GCP service updates to a new incompatible API
+        #     version.
         #
         #     To search against the `additional_attributes`:
         #
         #     * use a free text query to match the attributes values. Example: to search
         #       `additional_attributes = { dnsName: "foobar" }`, you can issue a query
-        #       `"foobar"`.
+        #       `foobar`.
         class ResourceSearchResult
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -279,7 +327,7 @@ module Google
         #
         #     To search against the `resource`:
         #
-        #     * use a field query. Example: `resource : "organizations/123"`
+        #     * use a field query. Example: `resource:organizations/123`
         # @!attribute [rw] project
         #   @return [::String]
         #     The project that the associated GCP resource belongs to, in the form of
@@ -300,13 +348,13 @@ module Google
         #
         #     To search against the `policy` bindings:
         #
-        #     * use a field query, as following:
+        #     * use a field query:
         #         - query by the policy contained members. Example:
-        #           `policy : "amy@gmail.com"`
+        #           `policy:amy@gmail.com`
         #         - query by the policy contained roles. Example:
-        #           `policy : "roles/compute.admin"`
-        #         - query by the policy contained roles' implied permissions. Example:
-        #           `policy.role.permissions : "compute.instances.create"`
+        #           `policy:roles/compute.admin`
+        #         - query by the policy contained roles' included permissions. Example:
+        #           `policy.role.permissions:compute.instances.create`
         # @!attribute [rw] explanation
         #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
         #     Explanation about the IAM policy search result. It contains additional
@@ -320,7 +368,7 @@ module Google
           #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
           #     The map from roles to their included permissions that match the
           #     permission query (i.e., a query containing `policy.role.permissions:`).
-          #     Example: if query `policy.role.permissions : "compute.disk.get"`
+          #     Example: if query `policy.role.permissions:compute.disk.get`
           #     matches a policy binding that contains owner role, the
           #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
           #     roles can also be found in the returned `policy` bindings. Note that the
@@ -348,6 +396,182 @@ module Google
             end
           end
         end
+
+        # Represents the detailed state of an entity under analysis, such as a
+        # resource, an identity or an access.
+        # @!attribute [rw] code
+        #   @return [::Google::Rpc::Code]
+        #     The Google standard error code that best describes the state.
+        #     For example:
+        #     - OK means the analysis on this entity has been successfully finished;
+        #     - PERMISSION_DENIED means an access denied error is encountered;
+        #     - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
+        #     in time;
+        # @!attribute [rw] cause
+        #   @return [::String]
+        #     The human-readable description of the cause of failure.
+        class IamPolicyAnalysisState
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # IAM Policy analysis result, consisting of one IAM policy binding and derived
+        # access control lists.
+        # @!attribute [rw] attached_resource_full_name
+        #   @return [::String]
+        #     The [full resource
+        #     name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+        #     of the resource to which the [iam_binding][iam_binding] policy attaches.
+        #     (-- api-linter: core::0122::name-suffix=disabled
+        #         aip.dev/not-precedent: full_resource_name is a public notion in GCP.
+        #         --)
+        # @!attribute [rw] iam_binding
+        #   @return [::Google::Iam::V1::Binding]
+        #     The Cloud IAM policy binding under analysis.
+        # @!attribute [rw] access_control_lists
+        #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
+        #     The access control lists derived from the [iam_binding][iam_binding] that
+        #     match or potentially match resource and access selectors specified in the
+        #     request.
+        # @!attribute [rw] identity_list
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
+        #     The identity list derived from members of the [iam_binding][iam_binding]
+        #     that match or potentially match identity selector specified in the request.
+        # @!attribute [rw] fully_explored
+        #   @return [::Boolean]
+        #     Represents whether all analyses on the [iam_binding][iam_binding] have
+        #     successfully finished.
+        class IamPolicyAnalysisResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A Google Cloud resource under analysis.
+          # @!attribute [rw] full_resource_name
+          #   @return [::String]
+          #     The [full resource
+          #     name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+          #     (-- api-linter: core::0122::name-suffix=disabled
+          #         aip.dev/not-precedent: full_resource_name is a public notion in GCP.
+          #         --)
+          # @!attribute [rw] analysis_state
+          #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
+          #     The analysis state of this resource.
+          class Resource
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # An IAM role or permission under analysis.
+          # @!attribute [rw] role
+          #   @return [::String]
+          #     The role.
+          # @!attribute [rw] permission
+          #   @return [::String]
+          #     The permission.
+          # @!attribute [rw] analysis_state
+          #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
+          #     The analysis state of this access.
+          class Access
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # An identity under analysis.
+          # (-- api-linter: core::0123::resource-annotation=disabled
+          #     aip.dev/not-precedent: Identity name is not a resource. --)
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     The identity name in any form of members appear in
+          #     [IAM policy
+          #     binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
+          #     as:
+          #     - user:foo@google.com
+          #     - group:group1@google.com
+          #     - serviceAccount:s1@prj1.iam.gserviceaccount.com
+          #     - projectOwner:some_project_id
+          #     - domain:google.com
+          #     - allUsers
+          #     - etc.
+          # @!attribute [rw] analysis_state
+          #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
+          #     The analysis state of this identity.
+          class Identity
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # A directional edge.
+          # @!attribute [rw] source_node
+          #   @return [::String]
+          #     The source node of the edge. For example, it could be a full resource
+          #     name for a resource node or an email of an identity.
+          # @!attribute [rw] target_node
+          #   @return [::String]
+          #     The target node of the edge. For example, it could be a full resource
+          #     name for a resource node or an email of an identity.
+          class Edge
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # An access control list, derived from the above IAM policy binding, which
+          # contains a set of resources and accesses. May include one
+          # item from each set to compose an access control entry.
+          #
+          # NOTICE that there could be multiple access control lists for one IAM policy
+          # binding. The access control lists are created based on resource and access
+          # combinations.
+          #
+          # For example, assume we have the following cases in one IAM policy binding:
+          # - Permission P1 and P2 apply to resource R1 and R2;
+          # - Permission P3 applies to resource R2 and R3;
+          #
+          # This will result in the following access control lists:
+          # - AccessControlList 1: [R1, R2], [P1, P2]
+          # - AccessControlList 2: [R2, R3], [P3]
+          # @!attribute [rw] resources
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
+          #     The resources that match one of the following conditions:
+          #     - The resource_selector, if it is specified in request;
+          #     - Otherwise, resources reachable from the policy attached resource.
+          # @!attribute [rw] accesses
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
+          #     The accesses that match one of the following conditions:
+          #     - The access_selector, if it is specified in request;
+          #     - Otherwise, access specifiers reachable from the policy binding's role.
+          # @!attribute [rw] resource_edges
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
+          #     Resource edges of the graph starting from the policy attached
+          #     resource to any descendant resources. The [Edge.source_node][] contains
+          #     the full resource name of a parent resource and [Edge.target_node][]
+          #     contains the full resource name of a child resource. This field is
+          #     present only if the output_resource_edges option is enabled in request.
+          class AccessControlList
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The identities and group edges.
+          # @!attribute [rw] identities
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
+          #     Only the identities that match one of the following conditions will be
+          #     presented:
+          #     - The identity_selector, if it is specified in request;
+          #     - Otherwise, identities reachable from the policy binding's members.
+          # @!attribute [rw] group_edges
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
+          #     Group identity edges of the graph starting from the binding's
+          #     group members to any node of the [identities][]. The [Edge.source_node][]
+          #     contains a group, such as `group:parent@google.com`. The
+          #     [Edge.target_node][] contains a member of the group,
+          #     such as `group:child@google.com` or `user:foo@google.com`.
+          #     This field is present only if the output_group_edges option is enabled in
+          #     request.
+          class IdentityList
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
       end
     end
   end

data/proto_docs/google/protobuf/duration.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Protobuf
+    # A Duration represents a signed, fixed-length span of time represented
+    # as a count of seconds and fractions of seconds at nanosecond
+    # resolution. It is independent of any calendar and concepts like "day"
+    # or "month". It is related to Timestamp in that the difference between
+    # two Timestamp values is a Duration and it can be added or subtracted
+    # from a Timestamp. Range is approximately +-10,000 years.
+    #
+    # # Examples
+    #
+    # Example 1: Compute Duration from two Timestamps in pseudo code.
+    #
+    #     Timestamp start = ...;
+    #     Timestamp end = ...;
+    #     Duration duration = ...;
+    #
+    #     duration.seconds = end.seconds - start.seconds;
+    #     duration.nanos = end.nanos - start.nanos;
+    #
+    #     if (duration.seconds < 0 && duration.nanos > 0) {
+    #       duration.seconds += 1;
+    #       duration.nanos -= 1000000000;
+    #     } else if (duration.seconds > 0 && duration.nanos < 0) {
+    #       duration.seconds -= 1;
+    #       duration.nanos += 1000000000;
+    #     }
+    #
+    # Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
+    #
+    #     Timestamp start = ...;
+    #     Duration duration = ...;
+    #     Timestamp end = ...;
+    #
+    #     end.seconds = start.seconds + duration.seconds;
+    #     end.nanos = start.nanos + duration.nanos;
+    #
+    #     if (end.nanos < 0) {
+    #       end.seconds -= 1;
+    #       end.nanos += 1000000000;
+    #     } else if (end.nanos >= 1000000000) {
+    #       end.seconds += 1;
+    #       end.nanos -= 1000000000;
+    #     }
+    #
+    # Example 3: Compute Duration from datetime.timedelta in Python.
+    #
+    #     td = datetime.timedelta(days=3, minutes=10)
+    #     duration = Duration()
+    #     duration.FromTimedelta(td)
+    #
+    # # JSON Mapping
+    #
+    # In JSON format, the Duration type is encoded as a string rather than an
+    # object, where the string ends in the suffix "s" (indicating seconds) and
+    # is preceded by the number of seconds, with nanoseconds expressed as
+    # fractional seconds. For example, 3 seconds with 0 nanoseconds should be
+    # encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should
+    # be expressed in JSON format as "3.000000001s", and 3 seconds and 1
+    # microsecond should be expressed in JSON format as "3.000001s".
+    # @!attribute [rw] seconds
+    #   @return [::Integer]
+    #     Signed seconds of the span of time. Must be from -315,576,000,000
+    #     to +315,576,000,000 inclusive. Note: these bounds are computed from:
+    #     60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
+    # @!attribute [rw] nanos
+    #   @return [::Integer]
+    #     Signed fractions of a second at nanosecond resolution of the span
+    #     of time. Durations less than one second are represented with a 0
+    #     `seconds` field and a positive or negative `nanos` field. For durations
+    #     of one second or more, a non-zero value for the `nanos` field must be
+    #     of the same sign as the `seconds` field. Must be from -999,999,999
+    #     to +999,999,999 inclusive.
+    class Duration
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end