google-cloud-asset-v1 0.5.3 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/asset/v1/asset_service/client.rb +317 -98
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +118 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +26 -14
- data/lib/google/cloud/asset/v1/assets_pb.rb +47 -2
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +570 -90
- data/proto_docs/google/cloud/asset/v1/assets.rb +211 -25
- metadata +2 -2
@@ -202,7 +202,7 @@ module Google
|
|
202
202
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
203
203
|
end
|
204
204
|
|
205
|
-
# A result of Resource Search, containing information of a cloud
|
205
|
+
# A result of Resource Search, containing information of a cloud resource.
|
206
206
|
# @!attribute [rw] name
|
207
207
|
# @return [::String]
|
208
208
|
# The full resource name of this resource. Example:
|
@@ -213,8 +213,8 @@ module Google
|
|
213
213
|
#
|
214
214
|
# To search against the `name`:
|
215
215
|
#
|
216
|
-
# * use a field query. Example: `name
|
217
|
-
# * use a free text query. Example: `
|
216
|
+
# * use a field query. Example: `name:instance1`
|
217
|
+
# * use a free text query. Example: `instance1`
|
218
218
|
# @!attribute [rw] asset_type
|
219
219
|
# @return [::String]
|
220
220
|
# The type of this resource. Example: `compute.googleapis.com/Disk`.
|
@@ -236,7 +236,7 @@ module Google
|
|
236
236
|
#
|
237
237
|
# To search against the `display_name`:
|
238
238
|
#
|
239
|
-
# * use a field query. Example: `displayName
|
239
|
+
# * use a field query. Example: `displayName:"My Instance"`
|
240
240
|
# * use a free text query. Example: `"My Instance"`
|
241
241
|
# @!attribute [rw] description
|
242
242
|
# @return [::String]
|
@@ -245,7 +245,7 @@ module Google
|
|
245
245
|
#
|
246
246
|
# To search against the `description`:
|
247
247
|
#
|
248
|
-
# * use a field query. Example: `description
|
248
|
+
# * use a field query. Example: `description:"*important instance*"`
|
249
249
|
# * use a free text query. Example: `"*important instance*"`
|
250
250
|
# @!attribute [rw] location
|
251
251
|
# @return [::String]
|
@@ -254,8 +254,8 @@ module Google
|
|
254
254
|
#
|
255
255
|
# To search against the `location`:
|
256
256
|
#
|
257
|
-
# * use a field query. Example: `location
|
258
|
-
# * use a free text query. Example: `
|
257
|
+
# * use a field query. Example: `location:us-west*`
|
258
|
+
# * use a free text query. Example: `us-west*`
|
259
259
|
# @!attribute [rw] labels
|
260
260
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
261
261
|
# Labels associated with this resource. See [Labelling and grouping GCP
|
@@ -264,11 +264,11 @@ module Google
|
|
264
264
|
#
|
265
265
|
# To search against the `labels`:
|
266
266
|
#
|
267
|
-
# * use a field query
|
268
|
-
# - query on any label's key or value. Example: `labels
|
269
|
-
# - query by a given label. Example: `labels.env
|
270
|
-
# - query by a given label'
|
271
|
-
# * use a free text query. Example: `
|
267
|
+
# * use a field query:
|
268
|
+
# - query on any label's key or value. Example: `labels:prod`
|
269
|
+
# - query by a given label. Example: `labels.env:prod`
|
270
|
+
# - query by a given label's existence. Example: `labels.env:*`
|
271
|
+
# * use a free text query. Example: `prod`
|
272
272
|
# @!attribute [rw] network_tags
|
273
273
|
# @return [::Array<::String>]
|
274
274
|
# Network tags associated with this resource. Like labels, network tags are a
|
@@ -278,19 +278,29 @@ module Google
|
|
278
278
|
#
|
279
279
|
# To search against the `network_tags`:
|
280
280
|
#
|
281
|
-
# * use a field query. Example: `networkTags
|
282
|
-
# * use a free text query. Example: `
|
281
|
+
# * use a field query. Example: `networkTags:internal`
|
282
|
+
# * use a free text query. Example: `internal`
|
283
283
|
# @!attribute [rw] additional_attributes
|
284
284
|
# @return [::Google::Protobuf::Struct]
|
285
|
-
# The additional attributes of this resource. The attributes may
|
286
|
-
# one resource type to another. Examples: `projectId` for Project,
|
287
|
-
# `dnsName` for DNS ManagedZone.
|
285
|
+
# The additional searchable attributes of this resource. The attributes may
|
286
|
+
# vary from one resource type to another. Examples: `projectId` for Project,
|
287
|
+
# `dnsName` for DNS ManagedZone. This field contains a subset of the resource
|
288
|
+
# metadata fields that are returned by the List or Get APIs provided by the
|
289
|
+
# corresponding GCP service (e.g., Compute Engine). see [API references and
|
290
|
+
# supported searchable
|
291
|
+
# attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
|
292
|
+
# for more information.
|
293
|
+
#
|
294
|
+
# You can search values of these fields through free text search. However,
|
295
|
+
# you should not consume the field programically as the field names and
|
296
|
+
# values may change as the GCP service updates to a new incompatible API
|
297
|
+
# version.
|
288
298
|
#
|
289
299
|
# To search against the `additional_attributes`:
|
290
300
|
#
|
291
301
|
# * use a free text query to match the attributes values. Example: to search
|
292
302
|
# `additional_attributes = { dnsName: "foobar" }`, you can issue a query
|
293
|
-
# `
|
303
|
+
# `foobar`.
|
294
304
|
class ResourceSearchResult
|
295
305
|
include ::Google::Protobuf::MessageExts
|
296
306
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -317,7 +327,7 @@ module Google
|
|
317
327
|
#
|
318
328
|
# To search against the `resource`:
|
319
329
|
#
|
320
|
-
# * use a field query. Example: `resource
|
330
|
+
# * use a field query. Example: `resource:organizations/123`
|
321
331
|
# @!attribute [rw] project
|
322
332
|
# @return [::String]
|
323
333
|
# The project that the associated GCP resource belongs to, in the form of
|
@@ -338,13 +348,13 @@ module Google
|
|
338
348
|
#
|
339
349
|
# To search against the `policy` bindings:
|
340
350
|
#
|
341
|
-
# * use a field query
|
351
|
+
# * use a field query:
|
342
352
|
# - query by the policy contained members. Example:
|
343
|
-
# `policy
|
353
|
+
# `policy:amy@gmail.com`
|
344
354
|
# - query by the policy contained roles. Example:
|
345
|
-
# `policy
|
346
|
-
# - query by the policy contained roles'
|
347
|
-
# `policy.role.permissions
|
355
|
+
# `policy:roles/compute.admin`
|
356
|
+
# - query by the policy contained roles' included permissions. Example:
|
357
|
+
# `policy.role.permissions:compute.instances.create`
|
348
358
|
# @!attribute [rw] explanation
|
349
359
|
# @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
|
350
360
|
# Explanation about the IAM policy search result. It contains additional
|
@@ -358,7 +368,7 @@ module Google
|
|
358
368
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
|
359
369
|
# The map from roles to their included permissions that match the
|
360
370
|
# permission query (i.e., a query containing `policy.role.permissions:`).
|
361
|
-
# Example: if query `policy.role.permissions
|
371
|
+
# Example: if query `policy.role.permissions:compute.disk.get`
|
362
372
|
# matches a policy binding that contains owner role, the
|
363
373
|
# matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
|
364
374
|
# roles can also be found in the returned `policy` bindings. Note that the
|
@@ -386,6 +396,182 @@ module Google
|
|
386
396
|
end
|
387
397
|
end
|
388
398
|
end
|
399
|
+
|
400
|
+
# Represents the detailed state of an entity under analysis, such as a
|
401
|
+
# resource, an identity or an access.
|
402
|
+
# @!attribute [rw] code
|
403
|
+
# @return [::Google::Rpc::Code]
|
404
|
+
# The Google standard error code that best describes the state.
|
405
|
+
# For example:
|
406
|
+
# - OK means the analysis on this entity has been successfully finished;
|
407
|
+
# - PERMISSION_DENIED means an access denied error is encountered;
|
408
|
+
# - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
|
409
|
+
# in time;
|
410
|
+
# @!attribute [rw] cause
|
411
|
+
# @return [::String]
|
412
|
+
# The human-readable description of the cause of failure.
|
413
|
+
class IamPolicyAnalysisState
|
414
|
+
include ::Google::Protobuf::MessageExts
|
415
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
416
|
+
end
|
417
|
+
|
418
|
+
# IAM Policy analysis result, consisting of one IAM policy binding and derived
|
419
|
+
# access control lists.
|
420
|
+
# @!attribute [rw] attached_resource_full_name
|
421
|
+
# @return [::String]
|
422
|
+
# The [full resource
|
423
|
+
# name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
424
|
+
# of the resource to which the [iam_binding][iam_binding] policy attaches.
|
425
|
+
# (-- api-linter: core::0122::name-suffix=disabled
|
426
|
+
# aip.dev/not-precedent: full_resource_name is a public notion in GCP.
|
427
|
+
# --)
|
428
|
+
# @!attribute [rw] iam_binding
|
429
|
+
# @return [::Google::Iam::V1::Binding]
|
430
|
+
# The Cloud IAM policy binding under analysis.
|
431
|
+
# @!attribute [rw] access_control_lists
|
432
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
|
433
|
+
# The access control lists derived from the [iam_binding][iam_binding] that
|
434
|
+
# match or potentially match resource and access selectors specified in the
|
435
|
+
# request.
|
436
|
+
# @!attribute [rw] identity_list
|
437
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
|
438
|
+
# The identity list derived from members of the [iam_binding][iam_binding]
|
439
|
+
# that match or potentially match identity selector specified in the request.
|
440
|
+
# @!attribute [rw] fully_explored
|
441
|
+
# @return [::Boolean]
|
442
|
+
# Represents whether all analyses on the [iam_binding][iam_binding] have
|
443
|
+
# successfully finished.
|
444
|
+
class IamPolicyAnalysisResult
|
445
|
+
include ::Google::Protobuf::MessageExts
|
446
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
447
|
+
|
448
|
+
# A Google Cloud resource under analysis.
|
449
|
+
# @!attribute [rw] full_resource_name
|
450
|
+
# @return [::String]
|
451
|
+
# The [full resource
|
452
|
+
# name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
453
|
+
# (-- api-linter: core::0122::name-suffix=disabled
|
454
|
+
# aip.dev/not-precedent: full_resource_name is a public notion in GCP.
|
455
|
+
# --)
|
456
|
+
# @!attribute [rw] analysis_state
|
457
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
458
|
+
# The analysis state of this resource.
|
459
|
+
class Resource
|
460
|
+
include ::Google::Protobuf::MessageExts
|
461
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
462
|
+
end
|
463
|
+
|
464
|
+
# An IAM role or permission under analysis.
|
465
|
+
# @!attribute [rw] role
|
466
|
+
# @return [::String]
|
467
|
+
# The role.
|
468
|
+
# @!attribute [rw] permission
|
469
|
+
# @return [::String]
|
470
|
+
# The permission.
|
471
|
+
# @!attribute [rw] analysis_state
|
472
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
473
|
+
# The analysis state of this access.
|
474
|
+
class Access
|
475
|
+
include ::Google::Protobuf::MessageExts
|
476
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
477
|
+
end
|
478
|
+
|
479
|
+
# An identity under analysis.
|
480
|
+
# (-- api-linter: core::0123::resource-annotation=disabled
|
481
|
+
# aip.dev/not-precedent: Identity name is not a resource. --)
|
482
|
+
# @!attribute [rw] name
|
483
|
+
# @return [::String]
|
484
|
+
# The identity name in any form of members appear in
|
485
|
+
# [IAM policy
|
486
|
+
# binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
|
487
|
+
# as:
|
488
|
+
# - user:foo@google.com
|
489
|
+
# - group:group1@google.com
|
490
|
+
# - serviceAccount:s1@prj1.iam.gserviceaccount.com
|
491
|
+
# - projectOwner:some_project_id
|
492
|
+
# - domain:google.com
|
493
|
+
# - allUsers
|
494
|
+
# - etc.
|
495
|
+
# @!attribute [rw] analysis_state
|
496
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
497
|
+
# The analysis state of this identity.
|
498
|
+
class Identity
|
499
|
+
include ::Google::Protobuf::MessageExts
|
500
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
501
|
+
end
|
502
|
+
|
503
|
+
# A directional edge.
|
504
|
+
# @!attribute [rw] source_node
|
505
|
+
# @return [::String]
|
506
|
+
# The source node of the edge. For example, it could be a full resource
|
507
|
+
# name for a resource node or an email of an identity.
|
508
|
+
# @!attribute [rw] target_node
|
509
|
+
# @return [::String]
|
510
|
+
# The target node of the edge. For example, it could be a full resource
|
511
|
+
# name for a resource node or an email of an identity.
|
512
|
+
class Edge
|
513
|
+
include ::Google::Protobuf::MessageExts
|
514
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
515
|
+
end
|
516
|
+
|
517
|
+
# An access control list, derived from the above IAM policy binding, which
|
518
|
+
# contains a set of resources and accesses. May include one
|
519
|
+
# item from each set to compose an access control entry.
|
520
|
+
#
|
521
|
+
# NOTICE that there could be multiple access control lists for one IAM policy
|
522
|
+
# binding. The access control lists are created based on resource and access
|
523
|
+
# combinations.
|
524
|
+
#
|
525
|
+
# For example, assume we have the following cases in one IAM policy binding:
|
526
|
+
# - Permission P1 and P2 apply to resource R1 and R2;
|
527
|
+
# - Permission P3 applies to resource R2 and R3;
|
528
|
+
#
|
529
|
+
# This will result in the following access control lists:
|
530
|
+
# - AccessControlList 1: [R1, R2], [P1, P2]
|
531
|
+
# - AccessControlList 2: [R2, R3], [P3]
|
532
|
+
# @!attribute [rw] resources
|
533
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
|
534
|
+
# The resources that match one of the following conditions:
|
535
|
+
# - The resource_selector, if it is specified in request;
|
536
|
+
# - Otherwise, resources reachable from the policy attached resource.
|
537
|
+
# @!attribute [rw] accesses
|
538
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
|
539
|
+
# The accesses that match one of the following conditions:
|
540
|
+
# - The access_selector, if it is specified in request;
|
541
|
+
# - Otherwise, access specifiers reachable from the policy binding's role.
|
542
|
+
# @!attribute [rw] resource_edges
|
543
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
|
544
|
+
# Resource edges of the graph starting from the policy attached
|
545
|
+
# resource to any descendant resources. The [Edge.source_node][] contains
|
546
|
+
# the full resource name of a parent resource and [Edge.target_node][]
|
547
|
+
# contains the full resource name of a child resource. This field is
|
548
|
+
# present only if the output_resource_edges option is enabled in request.
|
549
|
+
class AccessControlList
|
550
|
+
include ::Google::Protobuf::MessageExts
|
551
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
552
|
+
end
|
553
|
+
|
554
|
+
# The identities and group edges.
|
555
|
+
# @!attribute [rw] identities
|
556
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
|
557
|
+
# Only the identities that match one of the following conditions will be
|
558
|
+
# presented:
|
559
|
+
# - The identity_selector, if it is specified in request;
|
560
|
+
# - Otherwise, identities reachable from the policy binding's members.
|
561
|
+
# @!attribute [rw] group_edges
|
562
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
|
563
|
+
# Group identity edges of the graph starting from the binding's
|
564
|
+
# group members to any node of the [identities][]. The [Edge.source_node][]
|
565
|
+
# contains a group, such as `group:parent@google.com`. The
|
566
|
+
# [Edge.target_node][] contains a member of the group,
|
567
|
+
# such as `group:child@google.com` or `user:foo@google.com`.
|
568
|
+
# This field is present only if the output_group_edges option is enabled in
|
569
|
+
# request.
|
570
|
+
class IdentityList
|
571
|
+
include ::Google::Protobuf::MessageExts
|
572
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
573
|
+
end
|
574
|
+
end
|
389
575
|
end
|
390
576
|
end
|
391
577
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-asset-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|