google-cloud-asset-v1 0.5.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -202,7 +202,7 @@ module Google
202
202
  extend ::Google::Protobuf::MessageExts::ClassMethods
203
203
  end
204
204
 
205
- # A result of Resource Search, containing information of a cloud resoure.
205
+ # A result of Resource Search, containing information of a cloud resource.
206
206
  # @!attribute [rw] name
207
207
  # @return [::String]
208
208
  # The full resource name of this resource. Example:
@@ -213,8 +213,8 @@ module Google
213
213
  #
214
214
  # To search against the `name`:
215
215
  #
216
- # * use a field query. Example: `name : "instance1"`
217
- # * use a free text query. Example: `"instance1"`
216
+ # * use a field query. Example: `name:instance1`
217
+ # * use a free text query. Example: `instance1`
218
218
  # @!attribute [rw] asset_type
219
219
  # @return [::String]
220
220
  # The type of this resource. Example: `compute.googleapis.com/Disk`.
@@ -236,7 +236,7 @@ module Google
236
236
  #
237
237
  # To search against the `display_name`:
238
238
  #
239
- # * use a field query. Example: `displayName : "My Instance"`
239
+ # * use a field query. Example: `displayName:"My Instance"`
240
240
  # * use a free text query. Example: `"My Instance"`
241
241
  # @!attribute [rw] description
242
242
  # @return [::String]
@@ -245,7 +245,7 @@ module Google
245
245
  #
246
246
  # To search against the `description`:
247
247
  #
248
- # * use a field query. Example: `description : "*important instance*"`
248
+ # * use a field query. Example: `description:"*important instance*"`
249
249
  # * use a free text query. Example: `"*important instance*"`
250
250
  # @!attribute [rw] location
251
251
  # @return [::String]
@@ -254,8 +254,8 @@ module Google
254
254
  #
255
255
  # To search against the `location`:
256
256
  #
257
- # * use a field query. Example: `location : "us-west*"`
258
- # * use a free text query. Example: `"us-west*"`
257
+ # * use a field query. Example: `location:us-west*`
258
+ # * use a free text query. Example: `us-west*`
259
259
  # @!attribute [rw] labels
260
260
  # @return [::Google::Protobuf::Map{::String => ::String}]
261
261
  # Labels associated with this resource. See [Labelling and grouping GCP
@@ -264,11 +264,11 @@ module Google
264
264
  #
265
265
  # To search against the `labels`:
266
266
  #
267
- # * use a field query, as following:
268
- # - query on any label's key or value. Example: `labels : "prod"`
269
- # - query by a given label. Example: `labels.env : "prod"`
270
- # - query by a given label'sexistence. Example: `labels.env : *`
271
- # * use a free text query. Example: `"prod"`
267
+ # * use a field query:
268
+ # - query on any label's key or value. Example: `labels:prod`
269
+ # - query by a given label. Example: `labels.env:prod`
270
+ # - query by a given label's existence. Example: `labels.env:*`
271
+ # * use a free text query. Example: `prod`
272
272
  # @!attribute [rw] network_tags
273
273
  # @return [::Array<::String>]
274
274
  # Network tags associated with this resource. Like labels, network tags are a
@@ -278,19 +278,29 @@ module Google
278
278
  #
279
279
  # To search against the `network_tags`:
280
280
  #
281
- # * use a field query. Example: `networkTags : "internal"`
282
- # * use a free text query. Example: `"internal"`
281
+ # * use a field query. Example: `networkTags:internal`
282
+ # * use a free text query. Example: `internal`
283
283
  # @!attribute [rw] additional_attributes
284
284
  # @return [::Google::Protobuf::Struct]
285
- # The additional attributes of this resource. The attributes may vary from
286
- # one resource type to another. Examples: `projectId` for Project,
287
- # `dnsName` for DNS ManagedZone.
285
+ # The additional searchable attributes of this resource. The attributes may
286
+ # vary from one resource type to another. Examples: `projectId` for Project,
287
+ # `dnsName` for DNS ManagedZone. This field contains a subset of the resource
288
+ # metadata fields that are returned by the List or Get APIs provided by the
289
+ # corresponding GCP service (e.g., Compute Engine). see [API references and
290
+ # supported searchable
291
+ # attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
292
+ # for more information.
293
+ #
294
+ # You can search values of these fields through free text search. However,
295
+ # you should not consume the field programically as the field names and
296
+ # values may change as the GCP service updates to a new incompatible API
297
+ # version.
288
298
  #
289
299
  # To search against the `additional_attributes`:
290
300
  #
291
301
  # * use a free text query to match the attributes values. Example: to search
292
302
  # `additional_attributes = { dnsName: "foobar" }`, you can issue a query
293
- # `"foobar"`.
303
+ # `foobar`.
294
304
  class ResourceSearchResult
295
305
  include ::Google::Protobuf::MessageExts
296
306
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -317,7 +327,7 @@ module Google
317
327
  #
318
328
  # To search against the `resource`:
319
329
  #
320
- # * use a field query. Example: `resource : "organizations/123"`
330
+ # * use a field query. Example: `resource:organizations/123`
321
331
  # @!attribute [rw] project
322
332
  # @return [::String]
323
333
  # The project that the associated GCP resource belongs to, in the form of
@@ -338,13 +348,13 @@ module Google
338
348
  #
339
349
  # To search against the `policy` bindings:
340
350
  #
341
- # * use a field query, as following:
351
+ # * use a field query:
342
352
  # - query by the policy contained members. Example:
343
- # `policy : "amy@gmail.com"`
353
+ # `policy:amy@gmail.com`
344
354
  # - query by the policy contained roles. Example:
345
- # `policy : "roles/compute.admin"`
346
- # - query by the policy contained roles' implied permissions. Example:
347
- # `policy.role.permissions : "compute.instances.create"`
355
+ # `policy:roles/compute.admin`
356
+ # - query by the policy contained roles' included permissions. Example:
357
+ # `policy.role.permissions:compute.instances.create`
348
358
  # @!attribute [rw] explanation
349
359
  # @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
350
360
  # Explanation about the IAM policy search result. It contains additional
@@ -358,7 +368,7 @@ module Google
358
368
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
359
369
  # The map from roles to their included permissions that match the
360
370
  # permission query (i.e., a query containing `policy.role.permissions:`).
361
- # Example: if query `policy.role.permissions : "compute.disk.get"`
371
+ # Example: if query `policy.role.permissions:compute.disk.get`
362
372
  # matches a policy binding that contains owner role, the
363
373
  # matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
364
374
  # roles can also be found in the returned `policy` bindings. Note that the
@@ -386,6 +396,173 @@ module Google
386
396
  end
387
397
  end
388
398
  end
399
+
400
+ # Represents the detailed state of an entity under analysis, such as a
401
+ # resource, an identity or an access.
402
+ # @!attribute [rw] code
403
+ # @return [::Google::Rpc::Code]
404
+ # The Google standard error code that best describes the state.
405
+ # For example:
406
+ # - OK means the analysis on this entity has been successfully finished;
407
+ # - PERMISSION_DENIED means an access denied error is encountered;
408
+ # - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
409
+ # in time;
410
+ # @!attribute [rw] cause
411
+ # @return [::String]
412
+ # The human-readable description of the cause of failure.
413
+ class IamPolicyAnalysisState
414
+ include ::Google::Protobuf::MessageExts
415
+ extend ::Google::Protobuf::MessageExts::ClassMethods
416
+ end
417
+
418
+ # IAM Policy analysis result, consisting of one IAM policy binding and derived
419
+ # access control lists.
420
+ # @!attribute [rw] attached_resource_full_name
421
+ # @return [::String]
422
+ # The [full resource
423
+ # name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
424
+ # of the resource to which the {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult#iam_binding iam_binding} policy attaches.
425
+ # @!attribute [rw] iam_binding
426
+ # @return [::Google::Iam::V1::Binding]
427
+ # The Cloud IAM policy binding under analysis.
428
+ # @!attribute [rw] access_control_lists
429
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
430
+ # The access control lists derived from the {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult#iam_binding iam_binding} that match or
431
+ # potentially match resource and access selectors specified in the request.
432
+ # @!attribute [rw] identity_list
433
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
434
+ # The identity list derived from members of the {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult#iam_binding iam_binding} that match or
435
+ # potentially match identity selector specified in the request.
436
+ # @!attribute [rw] fully_explored
437
+ # @return [::Boolean]
438
+ # Represents whether all analyses on the {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult#iam_binding iam_binding} have successfully
439
+ # finished.
440
+ class IamPolicyAnalysisResult
441
+ include ::Google::Protobuf::MessageExts
442
+ extend ::Google::Protobuf::MessageExts::ClassMethods
443
+
444
+ # A Google Cloud resource under analysis.
445
+ # @!attribute [rw] full_resource_name
446
+ # @return [::String]
447
+ # The [full resource
448
+ # name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
449
+ # @!attribute [rw] analysis_state
450
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
451
+ # The analysis state of this resource.
452
+ class Resource
453
+ include ::Google::Protobuf::MessageExts
454
+ extend ::Google::Protobuf::MessageExts::ClassMethods
455
+ end
456
+
457
+ # An IAM role or permission under analysis.
458
+ # @!attribute [rw] role
459
+ # @return [::String]
460
+ # The role.
461
+ # @!attribute [rw] permission
462
+ # @return [::String]
463
+ # The permission.
464
+ # @!attribute [rw] analysis_state
465
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
466
+ # The analysis state of this access.
467
+ class Access
468
+ include ::Google::Protobuf::MessageExts
469
+ extend ::Google::Protobuf::MessageExts::ClassMethods
470
+ end
471
+
472
+ # An identity under analysis.
473
+ # @!attribute [rw] name
474
+ # @return [::String]
475
+ # The identity name in any form of members appear in
476
+ # [IAM policy
477
+ # binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
478
+ # as:
479
+ # - user:foo@google.com
480
+ # - group:group1@google.com
481
+ # - serviceAccount:s1@prj1.iam.gserviceaccount.com
482
+ # - projectOwner:some_project_id
483
+ # - domain:google.com
484
+ # - allUsers
485
+ # - etc.
486
+ # @!attribute [rw] analysis_state
487
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
488
+ # The analysis state of this identity.
489
+ class Identity
490
+ include ::Google::Protobuf::MessageExts
491
+ extend ::Google::Protobuf::MessageExts::ClassMethods
492
+ end
493
+
494
+ # A directional edge.
495
+ # @!attribute [rw] source_node
496
+ # @return [::String]
497
+ # The source node of the edge. For example, it could be a full resource
498
+ # name for a resource node or an email of an identity.
499
+ # @!attribute [rw] target_node
500
+ # @return [::String]
501
+ # The target node of the edge. For example, it could be a full resource
502
+ # name for a resource node or an email of an identity.
503
+ class Edge
504
+ include ::Google::Protobuf::MessageExts
505
+ extend ::Google::Protobuf::MessageExts::ClassMethods
506
+ end
507
+
508
+ # An access control list, derived from the above IAM policy binding, which
509
+ # contains a set of resources and accesses. May include one
510
+ # item from each set to compose an access control entry.
511
+ #
512
+ # NOTICE that there could be multiple access control lists for one IAM policy
513
+ # binding. The access control lists are created based on resource and access
514
+ # combinations.
515
+ #
516
+ # For example, assume we have the following cases in one IAM policy binding:
517
+ # - Permission P1 and P2 apply to resource R1 and R2;
518
+ # - Permission P3 applies to resource R2 and R3;
519
+ #
520
+ # This will result in the following access control lists:
521
+ # - AccessControlList 1: [R1, R2], [P1, P2]
522
+ # - AccessControlList 2: [R2, R3], [P3]
523
+ # @!attribute [rw] resources
524
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
525
+ # The resources that match one of the following conditions:
526
+ # - The resource_selector, if it is specified in request;
527
+ # - Otherwise, resources reachable from the policy attached resource.
528
+ # @!attribute [rw] accesses
529
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
530
+ # The accesses that match one of the following conditions:
531
+ # - The access_selector, if it is specified in request;
532
+ # - Otherwise, access specifiers reachable from the policy binding's role.
533
+ # @!attribute [rw] resource_edges
534
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
535
+ # Resource edges of the graph starting from the policy attached
536
+ # resource to any descendant resources. The {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} contains
537
+ # the full resource name of a parent resource and {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node}
538
+ # contains the full resource name of a child resource. This field is
539
+ # present only if the output_resource_edges option is enabled in request.
540
+ class AccessControlList
541
+ include ::Google::Protobuf::MessageExts
542
+ extend ::Google::Protobuf::MessageExts::ClassMethods
543
+ end
544
+
545
+ # The identities and group edges.
546
+ # @!attribute [rw] identities
547
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
548
+ # Only the identities that match one of the following conditions will be
549
+ # presented:
550
+ # - The identity_selector, if it is specified in request;
551
+ # - Otherwise, identities reachable from the policy binding's members.
552
+ # @!attribute [rw] group_edges
553
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
554
+ # Group identity edges of the graph starting from the binding's
555
+ # group members to any node of the {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList#identities identities}. The {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node}
556
+ # contains a group, such as `group:parent@google.com`. The
557
+ # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} contains a member of the group,
558
+ # such as `group:child@google.com` or `user:foo@google.com`.
559
+ # This field is present only if the output_group_edges option is enabled in
560
+ # request.
561
+ class IdentityList
562
+ include ::Google::Protobuf::MessageExts
563
+ extend ::Google::Protobuf::MessageExts::ClassMethods
564
+ end
565
+ end
389
566
  end
390
567
  end
391
568
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-asset-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.2
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-06 00:00:00.000000000 Z
11
+ date: 2020-11-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -238,7 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
238
238
  - !ruby/object:Gem::Version
239
239
  version: '0'
240
240
  requirements: []
241
- rubygems_version: 3.1.3
241
+ rubygems_version: 3.1.4
242
242
  signing_key:
243
243
  specification_version: 4
244
244
  summary: API Client library for the Cloud Asset V1 API