google-cloud-asset-v1 0.5.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/asset/v1/asset_service/client.rb +130 -105
- data/lib/google/cloud/asset/v1/asset_service/operations.rb +1 -1
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +23 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +22 -23
- data/lib/google/cloud/asset/v1/assets_pb.rb +1 -1
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +224 -90
- data/proto_docs/google/cloud/asset/v1/assets.rb +35 -25
- metadata +3 -3
@@ -3,7 +3,6 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
-
require 'google/api/annotations_pb'
|
7
6
|
require 'google/api/resource_pb'
|
8
7
|
require 'google/cloud/orgpolicy/v1/orgpolicy_pb'
|
9
8
|
require 'google/iam/v1/policy_pb'
|
@@ -14,6 +13,7 @@ require 'google/protobuf/any_pb'
|
|
14
13
|
require 'google/protobuf/struct_pb'
|
15
14
|
require 'google/protobuf/timestamp_pb'
|
16
15
|
require 'google/rpc/code_pb'
|
16
|
+
require 'google/api/annotations_pb'
|
17
17
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
18
18
|
add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
|
19
19
|
add_message "google.cloud.asset.v1.TemporalAsset" do
|
@@ -43,12 +43,12 @@ module Google
|
|
43
43
|
#
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
45
45
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
52
|
#
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
54
|
# live under multiple parents.
|
@@ -183,15 +183,24 @@ module Google
|
|
183
183
|
# }
|
184
184
|
# @!attribute [rw] plural
|
185
185
|
# @return [::String]
|
186
|
-
# The plural name used in the resource name, such as
|
187
|
-
# the name of 'projects/\\{project}'
|
188
|
-
#
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
190
194
|
# @!attribute [rw] singular
|
191
195
|
# @return [::String]
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
195
204
|
class ResourceDescriptor
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -211,6 +220,22 @@ module Google
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
213
222
|
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
214
239
|
end
|
215
240
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
@@ -226,6 +251,17 @@ module Google
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
227
252
|
# }];
|
228
253
|
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
229
265
|
# @!attribute [rw] child_type
|
230
266
|
# @return [::String]
|
231
267
|
# The resource type of a child collection that the annotated field
|
@@ -234,11 +270,11 @@ module Google
|
|
234
270
|
#
|
235
271
|
# Example:
|
236
272
|
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
242
278
|
class ResourceReference
|
243
279
|
include ::Google::Protobuf::MessageExts
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -37,9 +37,22 @@ module Google
|
|
37
37
|
# running the same query may get different results.
|
38
38
|
# @!attribute [rw] asset_types
|
39
39
|
# @return [::Array<::String>]
|
40
|
-
# A list of asset types
|
41
|
-
# "compute.googleapis.com/Disk".
|
42
|
-
#
|
40
|
+
# A list of asset types to take a snapshot for. For example:
|
41
|
+
# "compute.googleapis.com/Disk".
|
42
|
+
#
|
43
|
+
# Regular expressions are also supported. For example:
|
44
|
+
#
|
45
|
+
# * "compute.googleapis.com.*" snapshots resources whose asset type starts
|
46
|
+
# with "compute.googleapis.com".
|
47
|
+
# * ".*Instance" snapshots resources whose asset type ends with "Instance".
|
48
|
+
# * ".*Instance.*" snapshots resources whose asset type contains "Instance".
|
49
|
+
#
|
50
|
+
# See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
|
51
|
+
# regular expression syntax. If the regular expression does not match any
|
52
|
+
# supported asset type, an INVALID_ARGUMENT error will be returned.
|
53
|
+
#
|
54
|
+
# If specified, only matching assets will be returned, otherwise, it will
|
55
|
+
# snapshot all asset types. See [Introduction to Cloud Asset
|
43
56
|
# Inventory](https://cloud.google.com/asset-inventory/docs/overview)
|
44
57
|
# for all supported asset types.
|
45
58
|
# @!attribute [rw] content_type
|
@@ -48,24 +61,28 @@ module Google
|
|
48
61
|
# returned.
|
49
62
|
# @!attribute [rw] output_config
|
50
63
|
# @return [::Google::Cloud::Asset::V1::OutputConfig]
|
51
|
-
# Required. Output configuration indicating where the results will be output
|
52
|
-
# to.
|
64
|
+
# Required. Output configuration indicating where the results will be output to.
|
53
65
|
class ExportAssetsRequest
|
54
66
|
include ::Google::Protobuf::MessageExts
|
55
67
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
56
68
|
end
|
57
69
|
|
58
70
|
# The export asset response. This message is returned by the
|
59
|
-
# google.longrunning.Operations.GetOperation
|
60
|
-
#
|
61
|
-
# {::Google::Longrunning::Operation#response google.longrunning.Operation.response}
|
62
|
-
# field.
|
71
|
+
# google.longrunning.Operations.GetOperation method in the returned
|
72
|
+
# {::Google::Longrunning::Operation#response google.longrunning.Operation.response} field.
|
63
73
|
# @!attribute [rw] read_time
|
64
74
|
# @return [::Google::Protobuf::Timestamp]
|
65
75
|
# Time the snapshot was taken.
|
66
76
|
# @!attribute [rw] output_config
|
67
77
|
# @return [::Google::Cloud::Asset::V1::OutputConfig]
|
68
78
|
# Output configuration indicating where the results were output to.
|
79
|
+
# @!attribute [rw] output_result
|
80
|
+
# @return [::Google::Cloud::Asset::V1::OutputResult]
|
81
|
+
# Output result indicating where the assets were exported to. For example, a
|
82
|
+
# set of actual Google Cloud Storage object uris where the assets are
|
83
|
+
# exported to. The uris can be different from what [output_config] has
|
84
|
+
# specified, as the service will split the output object into multiple ones
|
85
|
+
# once it exceeds a single Google Cloud Storage object limit.
|
69
86
|
class ExportAssetsResponse
|
70
87
|
include ::Google::Protobuf::MessageExts
|
71
88
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -126,8 +143,9 @@ module Google
|
|
126
143
|
# be unique under a specific parent project/folder/organization.
|
127
144
|
# @!attribute [rw] feed
|
128
145
|
# @return [::Google::Cloud::Asset::V1::Feed]
|
129
|
-
# Required. The feed details. The field `name` must be empty and it will be
|
130
|
-
#
|
146
|
+
# Required. The feed details. The field `name` must be empty and it will be generated
|
147
|
+
# in the format of:
|
148
|
+
# projects/project_number/feeds/feed_id
|
131
149
|
# folders/folder_number/feeds/feed_id
|
132
150
|
# organizations/organization_number/feeds/feed_id
|
133
151
|
class CreateFeedRequest
|
@@ -169,8 +187,8 @@ module Google
|
|
169
187
|
# Update asset feed request.
|
170
188
|
# @!attribute [rw] feed
|
171
189
|
# @return [::Google::Cloud::Asset::V1::Feed]
|
172
|
-
# Required. The new values of feed details. It must match an existing feed
|
173
|
-
#
|
190
|
+
# Required. The new values of feed details. It must match an existing feed and the
|
191
|
+
# field `name` must be in the format of:
|
174
192
|
# projects/project_number/feeds/feed_id or
|
175
193
|
# folders/folder_number/feeds/feed_id or
|
176
194
|
# organizations/organization_number/feeds/feed_id.
|
@@ -208,6 +226,25 @@ module Google
|
|
208
226
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
209
227
|
end
|
210
228
|
|
229
|
+
# Output result of export assets.
|
230
|
+
# @!attribute [rw] gcs_result
|
231
|
+
# @return [::Google::Cloud::Asset::V1::GcsOutputResult]
|
232
|
+
# Export result on Cloud Storage.
|
233
|
+
class OutputResult
|
234
|
+
include ::Google::Protobuf::MessageExts
|
235
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
236
|
+
end
|
237
|
+
|
238
|
+
# A Cloud Storage output result.
|
239
|
+
# @!attribute [rw] uris
|
240
|
+
# @return [::Array<::String>]
|
241
|
+
# List of uris of the Cloud Storage objects. Example:
|
242
|
+
# "gs://bucket_name/object_name".
|
243
|
+
class GcsOutputResult
|
244
|
+
include ::Google::Protobuf::MessageExts
|
245
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
246
|
+
end
|
247
|
+
|
211
248
|
# A Cloud Storage location.
|
212
249
|
# @!attribute [rw] uri
|
213
250
|
# @return [::String]
|
@@ -250,11 +287,91 @@ module Google
|
|
250
287
|
# table will be overwritten by the contents of assets snapshot. If the flag
|
251
288
|
# is `FALSE` or unset and the destination table already exists, the export
|
252
289
|
# call returns an INVALID_ARGUMEMT error.
|
290
|
+
# @!attribute [rw] partition_spec
|
291
|
+
# @return [::Google::Cloud::Asset::V1::PartitionSpec]
|
292
|
+
# [partition_spec] determines whether to export to partitioned table(s) and
|
293
|
+
# how to partition the data.
|
294
|
+
#
|
295
|
+
# If [partition_spec] is unset or [partition_spec.partion_key] is unset or
|
296
|
+
# `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to
|
297
|
+
# non-partitioned table(s). [force] will decide whether to overwrite existing
|
298
|
+
# table(s).
|
299
|
+
#
|
300
|
+
# If [partition_spec] is specified. First, the snapshot results will be
|
301
|
+
# written to partitioned table(s) with two additional timestamp columns,
|
302
|
+
# readTime and requestTime, one of which will be the partition key. Secondly,
|
303
|
+
# in the case when any destination table already exists, it will first try to
|
304
|
+
# update existing table's schema as necessary by appending additional
|
305
|
+
# columns. Then, if [force] is `TRUE`, the corresponding partition will be
|
306
|
+
# overwritten by the snapshot results (data in different partitions will
|
307
|
+
# remain intact); if [force] is unset or `FALSE`, it will append the data. An
|
308
|
+
# error will be returned if the schema update or data appension fails.
|
309
|
+
# @!attribute [rw] separate_tables_per_asset_type
|
310
|
+
# @return [::Boolean]
|
311
|
+
# If this flag is `TRUE`, the snapshot results will be written to one or
|
312
|
+
# multiple tables, each of which contains results of one asset type. The
|
313
|
+
# [force] and [partition_spec] fields will apply to each of them.
|
314
|
+
#
|
315
|
+
# Field [table] will be concatenated with "_" and the asset type names (see
|
316
|
+
# https://cloud.google.com/asset-inventory/docs/supported-asset-types for
|
317
|
+
# supported asset types) to construct per-asset-type table names, in which
|
318
|
+
# all non-alphanumeric characters like "." and "/" will be substituted by
|
319
|
+
# "_". Example: if field [table] is "mytable" and snapshot results
|
320
|
+
# contain "storage.googleapis.com/Bucket" assets, the corresponding table
|
321
|
+
# name will be "mytable_storage_googleapis_com_Bucket". If any of these
|
322
|
+
# tables does not exist, a new table with the concatenated name will be
|
323
|
+
# created.
|
324
|
+
#
|
325
|
+
# When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of
|
326
|
+
# each table will include RECORD-type columns mapped to the nested fields in
|
327
|
+
# the Asset.resource.data field of that asset type (up to the 15 nested level
|
328
|
+
# BigQuery supports
|
329
|
+
# (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The
|
330
|
+
# fields in >15 nested levels will be stored in JSON format string as a child
|
331
|
+
# column of its parent RECORD column.
|
332
|
+
#
|
333
|
+
# If error occurs when exporting to any table, the whole export call will
|
334
|
+
# return an error but the export results that already succeed will persist.
|
335
|
+
# Example: if exporting to table_type_A succeeds when exporting to
|
336
|
+
# table_type_B fails during one export call, the results in table_type_A will
|
337
|
+
# persist and there will not be partial results persisting in a table.
|
253
338
|
class BigQueryDestination
|
254
339
|
include ::Google::Protobuf::MessageExts
|
255
340
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
256
341
|
end
|
257
342
|
|
343
|
+
# Specifications of BigQuery partitioned table as export destination.
|
344
|
+
# @!attribute [rw] partition_key
|
345
|
+
# @return [::Google::Cloud::Asset::V1::PartitionSpec::PartitionKey]
|
346
|
+
# The partition key for BigQuery partitioned table.
|
347
|
+
class PartitionSpec
|
348
|
+
include ::Google::Protobuf::MessageExts
|
349
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
350
|
+
|
351
|
+
# This enum is used to determine the partition key column when exporting
|
352
|
+
# assets to BigQuery partitioned table(s). Note that, if the partition key is
|
353
|
+
# a timestamp column, the actual partition is based on its date value
|
354
|
+
# (expressed in UTC. see details in
|
355
|
+
# https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables).
|
356
|
+
module PartitionKey
|
357
|
+
# Unspecified partition key. If used, it means using non-partitioned table.
|
358
|
+
PARTITION_KEY_UNSPECIFIED = 0
|
359
|
+
|
360
|
+
# The time when the snapshot is taken. If specified as partition key, the
|
361
|
+
# result table(s) is partitoned by the additional timestamp column,
|
362
|
+
# readTime. If [read_time] in ExportAssetsRequest is specified, the
|
363
|
+
# readTime column's value will be the same as it. Otherwise, its value will
|
364
|
+
# be the current time that is used to take the snapshot.
|
365
|
+
READ_TIME = 1
|
366
|
+
|
367
|
+
# The time when the request is received and started to be processed. If
|
368
|
+
# specified as partition key, the result table(s) is partitoned by the
|
369
|
+
# requestTime column, an additional timestamp column representing when the
|
370
|
+
# request was received.
|
371
|
+
REQUEST_TIME = 2
|
372
|
+
end
|
373
|
+
end
|
374
|
+
|
258
375
|
# A Pub/Sub destination.
|
259
376
|
# @!attribute [rw] topic
|
260
377
|
# @return [::String]
|
@@ -324,8 +441,12 @@ module Google
|
|
324
441
|
# When set, `expression` field in the `Expr` must be a valid [CEL expression]
|
325
442
|
# (https://github.com/google/cel-spec) on a TemporalAsset with name
|
326
443
|
# `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted
|
327
|
-
# == true") will only publish Asset deletions. Other fields
|
444
|
+
# == true") will only publish Asset deletions. Other fields of `Expr` are
|
328
445
|
# optional.
|
446
|
+
#
|
447
|
+
# See our [user
|
448
|
+
# guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes#feed_with_condition)
|
449
|
+
# for detailed instructions.
|
329
450
|
class Feed
|
330
451
|
include ::Google::Protobuf::MessageExts
|
331
452
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -334,75 +455,81 @@ module Google
|
|
334
455
|
# Search all resources request.
|
335
456
|
# @!attribute [rw] scope
|
336
457
|
# @return [::String]
|
337
|
-
# Required. A scope can be a project, a folder or an organization. The search
|
338
|
-
#
|
458
|
+
# Required. A scope can be a project, a folder, or an organization. The search is
|
459
|
+
# limited to the resources within the `scope`. The caller must be granted the
|
460
|
+
# [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
|
461
|
+
# permission on the desired scope.
|
339
462
|
#
|
340
463
|
# The allowed values are:
|
341
464
|
#
|
342
|
-
# * projects/\\{PROJECT_ID}
|
343
|
-
# * projects/\\{PROJECT_NUMBER}
|
344
|
-
# * folders/\\{FOLDER_NUMBER}
|
345
|
-
# * organizations/\\{ORGANIZATION_NUMBER}
|
465
|
+
# * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
|
466
|
+
# * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
|
467
|
+
# * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
|
468
|
+
# * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
|
346
469
|
# @!attribute [rw] query
|
347
470
|
# @return [::String]
|
348
|
-
# Optional. The query statement.
|
349
|
-
#
|
471
|
+
# Optional. The query statement. See [how to construct a
|
472
|
+
# query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
|
473
|
+
# for more information. If not specified or empty, it will search all the
|
474
|
+
# resources within the specified `scope`. Note that the query string is
|
475
|
+
# compared against each Cloud IAM policy binding, including its members,
|
476
|
+
# roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
|
477
|
+
# contain the bindings that match your query. To learn more about the IAM
|
478
|
+
# policy structure, see [IAM policy
|
479
|
+
# doc](https://cloud.google.com/iam/docs/policies#structure).
|
350
480
|
#
|
351
481
|
# Examples:
|
352
482
|
#
|
353
|
-
# * `name
|
483
|
+
# * `name:Important` to find Cloud resources whose name contains
|
354
484
|
# "Important" as a word.
|
355
|
-
# * `displayName
|
356
|
-
# contains "Impor" as a
|
357
|
-
# * `description
|
485
|
+
# * `displayName:Impor*` to find Cloud resources whose display name
|
486
|
+
# contains "Impor" as a prefix.
|
487
|
+
# * `description:*por*` to find Cloud resources whose description
|
358
488
|
# contains "por" as a substring.
|
359
|
-
# * `location
|
489
|
+
# * `location:us-west*` to find Cloud resources whose location is
|
360
490
|
# prefixed with "us-west".
|
361
|
-
# * `labels
|
491
|
+
# * `labels:prod` to find Cloud resources whose labels contain "prod" as
|
362
492
|
# a key or value.
|
363
|
-
# * `labels.env
|
493
|
+
# * `labels.env:prod` to find Cloud resources that have a label "env"
|
364
494
|
# and its value is "prod".
|
365
|
-
# * `labels.env
|
366
|
-
# * `
|
495
|
+
# * `labels.env:*` to find Cloud resources that have a label "env".
|
496
|
+
# * `Important` to find Cloud resources that contain "Important" as a word
|
367
497
|
# in any of the searchable fields.
|
368
|
-
# * `
|
498
|
+
# * `Impor*` to find Cloud resources that contain "Impor" as a prefix
|
369
499
|
# in any of the searchable fields.
|
370
|
-
# *
|
500
|
+
# * `*por*` to find Cloud resources that contain "por" as a substring in
|
371
501
|
# any of the searchable fields.
|
372
|
-
# * `
|
373
|
-
# resources
|
502
|
+
# * `Important location:(us-west1 OR global)` to find Cloud
|
503
|
+
# resources that contain "Important" as a word in any of the searchable
|
374
504
|
# fields and are also located in the "us-west1" region or the "global"
|
375
505
|
# location.
|
376
|
-
#
|
377
|
-
# See [how to construct a
|
378
|
-
# query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
|
379
|
-
# for more details.
|
380
506
|
# @!attribute [rw] asset_types
|
381
507
|
# @return [::Array<::String>]
|
382
|
-
# Optional. A list of asset types that this request searches for. If empty,
|
383
|
-
#
|
508
|
+
# Optional. A list of asset types that this request searches for. If empty, it will
|
509
|
+
# search all the [searchable asset
|
384
510
|
# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
|
385
511
|
# @!attribute [rw] page_size
|
386
512
|
# @return [::Integer]
|
387
|
-
# Optional. The page size for search result pagination. Page size is capped
|
388
|
-
#
|
389
|
-
#
|
390
|
-
#
|
391
|
-
# returned.
|
513
|
+
# Optional. The page size for search result pagination. Page size is capped at 500 even
|
514
|
+
# if a larger value is given. If set to zero, server will pick an appropriate
|
515
|
+
# default. Returned results may be fewer than requested. When this happens,
|
516
|
+
# there could be more results as long as `next_page_token` is returned.
|
392
517
|
# @!attribute [rw] page_token
|
393
518
|
# @return [::String]
|
394
|
-
# Optional. If present, then retrieve the next batch of results from the
|
395
|
-
#
|
396
|
-
#
|
397
|
-
#
|
519
|
+
# Optional. If present, then retrieve the next batch of results from the preceding call
|
520
|
+
# to this method. `page_token` must be the value of `next_page_token` from
|
521
|
+
# the previous response. The values of all other method parameters, must be
|
522
|
+
# identical to those in the previous call.
|
398
523
|
# @!attribute [rw] order_by
|
399
524
|
# @return [::String]
|
400
|
-
# Optional. A comma separated list of fields specifying the sorting order of
|
401
|
-
#
|
402
|
-
#
|
403
|
-
# Example: "location DESC, name".
|
404
|
-
#
|
405
|
-
#
|
525
|
+
# Optional. A comma separated list of fields specifying the sorting order of the
|
526
|
+
# results. The default order is ascending. Add " DESC" after the field name
|
527
|
+
# to indicate descending order. Redundant space characters are ignored.
|
528
|
+
# Example: "location DESC, name". Only string fields in the response are
|
529
|
+
# sortable, including `name`, `displayName`, `description`, `location`. All
|
530
|
+
# the other fields such as repeated fields (e.g., `networkTags`), map
|
531
|
+
# fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
|
532
|
+
# are not supported.
|
406
533
|
class SearchAllResourcesRequest
|
407
534
|
include ::Google::Protobuf::MessageExts
|
408
535
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -426,51 +553,58 @@ module Google
|
|
426
553
|
# Search all IAM policies request.
|
427
554
|
# @!attribute [rw] scope
|
428
555
|
# @return [::String]
|
429
|
-
# Required. A scope can be a project, a folder or an organization. The search
|
430
|
-
#
|
556
|
+
# Required. A scope can be a project, a folder, or an organization. The search is
|
557
|
+
# limited to the IAM policies within the `scope`. The caller must be granted
|
558
|
+
# the
|
559
|
+
# [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
|
560
|
+
# permission on the desired scope.
|
431
561
|
#
|
432
562
|
# The allowed values are:
|
433
563
|
#
|
434
|
-
# * projects/\\{PROJECT_ID}
|
435
|
-
# * projects/\\{PROJECT_NUMBER}
|
436
|
-
# * folders/\\{FOLDER_NUMBER}
|
437
|
-
# * organizations/\\{ORGANIZATION_NUMBER}
|
564
|
+
# * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
|
565
|
+
# * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
|
566
|
+
# * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
|
567
|
+
# * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
|
438
568
|
# @!attribute [rw] query
|
439
569
|
# @return [::String]
|
440
|
-
# Optional. The query statement.
|
441
|
-
#
|
570
|
+
# Optional. The query statement. See [how to construct a
|
571
|
+
# query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
|
572
|
+
# for more information. If not specified or empty, it will search all the
|
573
|
+
# IAM policies within the specified `scope`.
|
442
574
|
#
|
443
575
|
# Examples:
|
444
576
|
#
|
445
|
-
# * `policy
|
446
|
-
#
|
447
|
-
# * `policy
|
448
|
-
#
|
449
|
-
# * `policy.role.permissions
|
450
|
-
#
|
451
|
-
# permission.
|
452
|
-
#
|
453
|
-
#
|
454
|
-
# * `
|
455
|
-
#
|
456
|
-
#
|
457
|
-
#
|
458
|
-
#
|
459
|
-
#
|
460
|
-
#
|
577
|
+
# * `policy:amy@gmail.com` to find IAM policy bindings that specify user
|
578
|
+
# "amy@gmail.com".
|
579
|
+
# * `policy:roles/compute.admin` to find IAM policy bindings that specify
|
580
|
+
# the Compute Admin role.
|
581
|
+
# * `policy.role.permissions:storage.buckets.update` to find IAM policy
|
582
|
+
# bindings that specify a role containing "storage.buckets.update"
|
583
|
+
# permission. Note that if callers don't have `iam.roles.get` access to a
|
584
|
+
# role's included permissions, policy bindings that specify this role will
|
585
|
+
# be dropped from the search results.
|
586
|
+
# * `resource:organizations/123456` to find IAM policy bindings
|
587
|
+
# that are set on "organizations/123456".
|
588
|
+
# * `Important` to find IAM policy bindings that contain "Important" as a
|
589
|
+
# word in any of the searchable fields (except for the included
|
590
|
+
# permissions).
|
591
|
+
# * `*por*` to find IAM policy bindings that contain "por" as a substring
|
592
|
+
# in any of the searchable fields (except for the included permissions).
|
593
|
+
# * `resource:(instance1 OR instance2) policy:amy` to find
|
594
|
+
# IAM policy bindings that are set on resources "instance1" or
|
595
|
+
# "instance2" and also specify user "amy".
|
461
596
|
# @!attribute [rw] page_size
|
462
597
|
# @return [::Integer]
|
463
|
-
# Optional. The page size for search result pagination. Page size is capped
|
464
|
-
#
|
465
|
-
#
|
466
|
-
#
|
467
|
-
# returned.
|
598
|
+
# Optional. The page size for search result pagination. Page size is capped at 500 even
|
599
|
+
# if a larger value is given. If set to zero, server will pick an appropriate
|
600
|
+
# default. Returned results may be fewer than requested. When this happens,
|
601
|
+
# there could be more results as long as `next_page_token` is returned.
|
468
602
|
# @!attribute [rw] page_token
|
469
603
|
# @return [::String]
|
470
|
-
# Optional. If present, retrieve the next batch of results from the preceding
|
471
|
-
#
|
472
|
-
#
|
473
|
-
#
|
604
|
+
# Optional. If present, retrieve the next batch of results from the preceding call to
|
605
|
+
# this method. `page_token` must be the value of `next_page_token` from the
|
606
|
+
# previous response. The values of all other method parameters must be
|
607
|
+
# identical to those in the previous call.
|
474
608
|
class SearchAllIamPoliciesRequest
|
475
609
|
include ::Google::Protobuf::MessageExts
|
476
610
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -505,7 +639,7 @@ module Google
|
|
505
639
|
# The Cloud Organization Policy set on an asset.
|
506
640
|
ORG_POLICY = 4
|
507
641
|
|
508
|
-
# The Cloud Access context
|
642
|
+
# The Cloud Access context manager Policy set on an asset.
|
509
643
|
ACCESS_POLICY = 5
|
510
644
|
end
|
511
645
|
end
|