google-cloud-asset-v1 0.5.3 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/google/cloud/asset/v1/asset_service/client.rb +317 -98
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +118 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +26 -14
- data/lib/google/cloud/asset/v1/assets_pb.rb +47 -2
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +570 -90
- data/proto_docs/google/cloud/asset/v1/assets.rb +211 -25
- metadata +2 -2
|
@@ -202,7 +202,7 @@ module Google
|
|
|
202
202
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
203
203
|
end
|
|
204
204
|
|
|
205
|
-
# A result of Resource Search, containing information of a cloud
|
|
205
|
+
# A result of Resource Search, containing information of a cloud resource.
|
|
206
206
|
# @!attribute [rw] name
|
|
207
207
|
# @return [::String]
|
|
208
208
|
# The full resource name of this resource. Example:
|
|
@@ -213,8 +213,8 @@ module Google
|
|
|
213
213
|
#
|
|
214
214
|
# To search against the `name`:
|
|
215
215
|
#
|
|
216
|
-
# * use a field query. Example: `name
|
|
217
|
-
# * use a free text query. Example: `
|
|
216
|
+
# * use a field query. Example: `name:instance1`
|
|
217
|
+
# * use a free text query. Example: `instance1`
|
|
218
218
|
# @!attribute [rw] asset_type
|
|
219
219
|
# @return [::String]
|
|
220
220
|
# The type of this resource. Example: `compute.googleapis.com/Disk`.
|
|
@@ -236,7 +236,7 @@ module Google
|
|
|
236
236
|
#
|
|
237
237
|
# To search against the `display_name`:
|
|
238
238
|
#
|
|
239
|
-
# * use a field query. Example: `displayName
|
|
239
|
+
# * use a field query. Example: `displayName:"My Instance"`
|
|
240
240
|
# * use a free text query. Example: `"My Instance"`
|
|
241
241
|
# @!attribute [rw] description
|
|
242
242
|
# @return [::String]
|
|
@@ -245,7 +245,7 @@ module Google
|
|
|
245
245
|
#
|
|
246
246
|
# To search against the `description`:
|
|
247
247
|
#
|
|
248
|
-
# * use a field query. Example: `description
|
|
248
|
+
# * use a field query. Example: `description:"*important instance*"`
|
|
249
249
|
# * use a free text query. Example: `"*important instance*"`
|
|
250
250
|
# @!attribute [rw] location
|
|
251
251
|
# @return [::String]
|
|
@@ -254,8 +254,8 @@ module Google
|
|
|
254
254
|
#
|
|
255
255
|
# To search against the `location`:
|
|
256
256
|
#
|
|
257
|
-
# * use a field query. Example: `location
|
|
258
|
-
# * use a free text query. Example: `
|
|
257
|
+
# * use a field query. Example: `location:us-west*`
|
|
258
|
+
# * use a free text query. Example: `us-west*`
|
|
259
259
|
# @!attribute [rw] labels
|
|
260
260
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
|
261
261
|
# Labels associated with this resource. See [Labelling and grouping GCP
|
|
@@ -264,11 +264,11 @@ module Google
|
|
|
264
264
|
#
|
|
265
265
|
# To search against the `labels`:
|
|
266
266
|
#
|
|
267
|
-
# * use a field query
|
|
268
|
-
# - query on any label's key or value. Example: `labels
|
|
269
|
-
# - query by a given label. Example: `labels.env
|
|
270
|
-
# - query by a given label'
|
|
271
|
-
# * use a free text query. Example: `
|
|
267
|
+
# * use a field query:
|
|
268
|
+
# - query on any label's key or value. Example: `labels:prod`
|
|
269
|
+
# - query by a given label. Example: `labels.env:prod`
|
|
270
|
+
# - query by a given label's existence. Example: `labels.env:*`
|
|
271
|
+
# * use a free text query. Example: `prod`
|
|
272
272
|
# @!attribute [rw] network_tags
|
|
273
273
|
# @return [::Array<::String>]
|
|
274
274
|
# Network tags associated with this resource. Like labels, network tags are a
|
|
@@ -278,19 +278,29 @@ module Google
|
|
|
278
278
|
#
|
|
279
279
|
# To search against the `network_tags`:
|
|
280
280
|
#
|
|
281
|
-
# * use a field query. Example: `networkTags
|
|
282
|
-
# * use a free text query. Example: `
|
|
281
|
+
# * use a field query. Example: `networkTags:internal`
|
|
282
|
+
# * use a free text query. Example: `internal`
|
|
283
283
|
# @!attribute [rw] additional_attributes
|
|
284
284
|
# @return [::Google::Protobuf::Struct]
|
|
285
|
-
# The additional attributes of this resource. The attributes may
|
|
286
|
-
# one resource type to another. Examples: `projectId` for Project,
|
|
287
|
-
# `dnsName` for DNS ManagedZone.
|
|
285
|
+
# The additional searchable attributes of this resource. The attributes may
|
|
286
|
+
# vary from one resource type to another. Examples: `projectId` for Project,
|
|
287
|
+
# `dnsName` for DNS ManagedZone. This field contains a subset of the resource
|
|
288
|
+
# metadata fields that are returned by the List or Get APIs provided by the
|
|
289
|
+
# corresponding GCP service (e.g., Compute Engine). see [API references and
|
|
290
|
+
# supported searchable
|
|
291
|
+
# attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
|
|
292
|
+
# for more information.
|
|
293
|
+
#
|
|
294
|
+
# You can search values of these fields through free text search. However,
|
|
295
|
+
# you should not consume the field programically as the field names and
|
|
296
|
+
# values may change as the GCP service updates to a new incompatible API
|
|
297
|
+
# version.
|
|
288
298
|
#
|
|
289
299
|
# To search against the `additional_attributes`:
|
|
290
300
|
#
|
|
291
301
|
# * use a free text query to match the attributes values. Example: to search
|
|
292
302
|
# `additional_attributes = { dnsName: "foobar" }`, you can issue a query
|
|
293
|
-
# `
|
|
303
|
+
# `foobar`.
|
|
294
304
|
class ResourceSearchResult
|
|
295
305
|
include ::Google::Protobuf::MessageExts
|
|
296
306
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -317,7 +327,7 @@ module Google
|
|
|
317
327
|
#
|
|
318
328
|
# To search against the `resource`:
|
|
319
329
|
#
|
|
320
|
-
# * use a field query. Example: `resource
|
|
330
|
+
# * use a field query. Example: `resource:organizations/123`
|
|
321
331
|
# @!attribute [rw] project
|
|
322
332
|
# @return [::String]
|
|
323
333
|
# The project that the associated GCP resource belongs to, in the form of
|
|
@@ -338,13 +348,13 @@ module Google
|
|
|
338
348
|
#
|
|
339
349
|
# To search against the `policy` bindings:
|
|
340
350
|
#
|
|
341
|
-
# * use a field query
|
|
351
|
+
# * use a field query:
|
|
342
352
|
# - query by the policy contained members. Example:
|
|
343
|
-
# `policy
|
|
353
|
+
# `policy:amy@gmail.com`
|
|
344
354
|
# - query by the policy contained roles. Example:
|
|
345
|
-
# `policy
|
|
346
|
-
# - query by the policy contained roles'
|
|
347
|
-
# `policy.role.permissions
|
|
355
|
+
# `policy:roles/compute.admin`
|
|
356
|
+
# - query by the policy contained roles' included permissions. Example:
|
|
357
|
+
# `policy.role.permissions:compute.instances.create`
|
|
348
358
|
# @!attribute [rw] explanation
|
|
349
359
|
# @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
|
|
350
360
|
# Explanation about the IAM policy search result. It contains additional
|
|
@@ -358,7 +368,7 @@ module Google
|
|
|
358
368
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
|
|
359
369
|
# The map from roles to their included permissions that match the
|
|
360
370
|
# permission query (i.e., a query containing `policy.role.permissions:`).
|
|
361
|
-
# Example: if query `policy.role.permissions
|
|
371
|
+
# Example: if query `policy.role.permissions:compute.disk.get`
|
|
362
372
|
# matches a policy binding that contains owner role, the
|
|
363
373
|
# matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
|
|
364
374
|
# roles can also be found in the returned `policy` bindings. Note that the
|
|
@@ -386,6 +396,182 @@ module Google
|
|
|
386
396
|
end
|
|
387
397
|
end
|
|
388
398
|
end
|
|
399
|
+
|
|
400
|
+
# Represents the detailed state of an entity under analysis, such as a
|
|
401
|
+
# resource, an identity or an access.
|
|
402
|
+
# @!attribute [rw] code
|
|
403
|
+
# @return [::Google::Rpc::Code]
|
|
404
|
+
# The Google standard error code that best describes the state.
|
|
405
|
+
# For example:
|
|
406
|
+
# - OK means the analysis on this entity has been successfully finished;
|
|
407
|
+
# - PERMISSION_DENIED means an access denied error is encountered;
|
|
408
|
+
# - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
|
|
409
|
+
# in time;
|
|
410
|
+
# @!attribute [rw] cause
|
|
411
|
+
# @return [::String]
|
|
412
|
+
# The human-readable description of the cause of failure.
|
|
413
|
+
class IamPolicyAnalysisState
|
|
414
|
+
include ::Google::Protobuf::MessageExts
|
|
415
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
416
|
+
end
|
|
417
|
+
|
|
418
|
+
# IAM Policy analysis result, consisting of one IAM policy binding and derived
|
|
419
|
+
# access control lists.
|
|
420
|
+
# @!attribute [rw] attached_resource_full_name
|
|
421
|
+
# @return [::String]
|
|
422
|
+
# The [full resource
|
|
423
|
+
# name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
|
424
|
+
# of the resource to which the [iam_binding][iam_binding] policy attaches.
|
|
425
|
+
# (-- api-linter: core::0122::name-suffix=disabled
|
|
426
|
+
# aip.dev/not-precedent: full_resource_name is a public notion in GCP.
|
|
427
|
+
# --)
|
|
428
|
+
# @!attribute [rw] iam_binding
|
|
429
|
+
# @return [::Google::Iam::V1::Binding]
|
|
430
|
+
# The Cloud IAM policy binding under analysis.
|
|
431
|
+
# @!attribute [rw] access_control_lists
|
|
432
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
|
|
433
|
+
# The access control lists derived from the [iam_binding][iam_binding] that
|
|
434
|
+
# match or potentially match resource and access selectors specified in the
|
|
435
|
+
# request.
|
|
436
|
+
# @!attribute [rw] identity_list
|
|
437
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
|
|
438
|
+
# The identity list derived from members of the [iam_binding][iam_binding]
|
|
439
|
+
# that match or potentially match identity selector specified in the request.
|
|
440
|
+
# @!attribute [rw] fully_explored
|
|
441
|
+
# @return [::Boolean]
|
|
442
|
+
# Represents whether all analyses on the [iam_binding][iam_binding] have
|
|
443
|
+
# successfully finished.
|
|
444
|
+
class IamPolicyAnalysisResult
|
|
445
|
+
include ::Google::Protobuf::MessageExts
|
|
446
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
447
|
+
|
|
448
|
+
# A Google Cloud resource under analysis.
|
|
449
|
+
# @!attribute [rw] full_resource_name
|
|
450
|
+
# @return [::String]
|
|
451
|
+
# The [full resource
|
|
452
|
+
# name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
|
453
|
+
# (-- api-linter: core::0122::name-suffix=disabled
|
|
454
|
+
# aip.dev/not-precedent: full_resource_name is a public notion in GCP.
|
|
455
|
+
# --)
|
|
456
|
+
# @!attribute [rw] analysis_state
|
|
457
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
|
458
|
+
# The analysis state of this resource.
|
|
459
|
+
class Resource
|
|
460
|
+
include ::Google::Protobuf::MessageExts
|
|
461
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
462
|
+
end
|
|
463
|
+
|
|
464
|
+
# An IAM role or permission under analysis.
|
|
465
|
+
# @!attribute [rw] role
|
|
466
|
+
# @return [::String]
|
|
467
|
+
# The role.
|
|
468
|
+
# @!attribute [rw] permission
|
|
469
|
+
# @return [::String]
|
|
470
|
+
# The permission.
|
|
471
|
+
# @!attribute [rw] analysis_state
|
|
472
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
|
473
|
+
# The analysis state of this access.
|
|
474
|
+
class Access
|
|
475
|
+
include ::Google::Protobuf::MessageExts
|
|
476
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
477
|
+
end
|
|
478
|
+
|
|
479
|
+
# An identity under analysis.
|
|
480
|
+
# (-- api-linter: core::0123::resource-annotation=disabled
|
|
481
|
+
# aip.dev/not-precedent: Identity name is not a resource. --)
|
|
482
|
+
# @!attribute [rw] name
|
|
483
|
+
# @return [::String]
|
|
484
|
+
# The identity name in any form of members appear in
|
|
485
|
+
# [IAM policy
|
|
486
|
+
# binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
|
|
487
|
+
# as:
|
|
488
|
+
# - user:foo@google.com
|
|
489
|
+
# - group:group1@google.com
|
|
490
|
+
# - serviceAccount:s1@prj1.iam.gserviceaccount.com
|
|
491
|
+
# - projectOwner:some_project_id
|
|
492
|
+
# - domain:google.com
|
|
493
|
+
# - allUsers
|
|
494
|
+
# - etc.
|
|
495
|
+
# @!attribute [rw] analysis_state
|
|
496
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
|
497
|
+
# The analysis state of this identity.
|
|
498
|
+
class Identity
|
|
499
|
+
include ::Google::Protobuf::MessageExts
|
|
500
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
501
|
+
end
|
|
502
|
+
|
|
503
|
+
# A directional edge.
|
|
504
|
+
# @!attribute [rw] source_node
|
|
505
|
+
# @return [::String]
|
|
506
|
+
# The source node of the edge. For example, it could be a full resource
|
|
507
|
+
# name for a resource node or an email of an identity.
|
|
508
|
+
# @!attribute [rw] target_node
|
|
509
|
+
# @return [::String]
|
|
510
|
+
# The target node of the edge. For example, it could be a full resource
|
|
511
|
+
# name for a resource node or an email of an identity.
|
|
512
|
+
class Edge
|
|
513
|
+
include ::Google::Protobuf::MessageExts
|
|
514
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
515
|
+
end
|
|
516
|
+
|
|
517
|
+
# An access control list, derived from the above IAM policy binding, which
|
|
518
|
+
# contains a set of resources and accesses. May include one
|
|
519
|
+
# item from each set to compose an access control entry.
|
|
520
|
+
#
|
|
521
|
+
# NOTICE that there could be multiple access control lists for one IAM policy
|
|
522
|
+
# binding. The access control lists are created based on resource and access
|
|
523
|
+
# combinations.
|
|
524
|
+
#
|
|
525
|
+
# For example, assume we have the following cases in one IAM policy binding:
|
|
526
|
+
# - Permission P1 and P2 apply to resource R1 and R2;
|
|
527
|
+
# - Permission P3 applies to resource R2 and R3;
|
|
528
|
+
#
|
|
529
|
+
# This will result in the following access control lists:
|
|
530
|
+
# - AccessControlList 1: [R1, R2], [P1, P2]
|
|
531
|
+
# - AccessControlList 2: [R2, R3], [P3]
|
|
532
|
+
# @!attribute [rw] resources
|
|
533
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
|
|
534
|
+
# The resources that match one of the following conditions:
|
|
535
|
+
# - The resource_selector, if it is specified in request;
|
|
536
|
+
# - Otherwise, resources reachable from the policy attached resource.
|
|
537
|
+
# @!attribute [rw] accesses
|
|
538
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
|
|
539
|
+
# The accesses that match one of the following conditions:
|
|
540
|
+
# - The access_selector, if it is specified in request;
|
|
541
|
+
# - Otherwise, access specifiers reachable from the policy binding's role.
|
|
542
|
+
# @!attribute [rw] resource_edges
|
|
543
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
|
|
544
|
+
# Resource edges of the graph starting from the policy attached
|
|
545
|
+
# resource to any descendant resources. The [Edge.source_node][] contains
|
|
546
|
+
# the full resource name of a parent resource and [Edge.target_node][]
|
|
547
|
+
# contains the full resource name of a child resource. This field is
|
|
548
|
+
# present only if the output_resource_edges option is enabled in request.
|
|
549
|
+
class AccessControlList
|
|
550
|
+
include ::Google::Protobuf::MessageExts
|
|
551
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
552
|
+
end
|
|
553
|
+
|
|
554
|
+
# The identities and group edges.
|
|
555
|
+
# @!attribute [rw] identities
|
|
556
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
|
|
557
|
+
# Only the identities that match one of the following conditions will be
|
|
558
|
+
# presented:
|
|
559
|
+
# - The identity_selector, if it is specified in request;
|
|
560
|
+
# - Otherwise, identities reachable from the policy binding's members.
|
|
561
|
+
# @!attribute [rw] group_edges
|
|
562
|
+
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
|
|
563
|
+
# Group identity edges of the graph starting from the binding's
|
|
564
|
+
# group members to any node of the [identities][]. The [Edge.source_node][]
|
|
565
|
+
# contains a group, such as `group:parent@google.com`. The
|
|
566
|
+
# [Edge.target_node][] contains a member of the group,
|
|
567
|
+
# such as `group:child@google.com` or `user:foo@google.com`.
|
|
568
|
+
# This field is present only if the output_group_edges option is enabled in
|
|
569
|
+
# request.
|
|
570
|
+
class IdentityList
|
|
571
|
+
include ::Google::Protobuf::MessageExts
|
|
572
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
573
|
+
end
|
|
574
|
+
end
|
|
389
575
|
end
|
|
390
576
|
end
|
|
391
577
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-asset-v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-09-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|