google-cloud-asset-v1 0.5.3 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -202,7 +202,7 @@ module Google
202
202
  extend ::Google::Protobuf::MessageExts::ClassMethods
203
203
  end
204
204
 
205
- # A result of Resource Search, containing information of a cloud resoure.
205
+ # A result of Resource Search, containing information of a cloud resource.
206
206
  # @!attribute [rw] name
207
207
  # @return [::String]
208
208
  # The full resource name of this resource. Example:
@@ -213,8 +213,8 @@ module Google
213
213
  #
214
214
  # To search against the `name`:
215
215
  #
216
- # * use a field query. Example: `name : "instance1"`
217
- # * use a free text query. Example: `"instance1"`
216
+ # * use a field query. Example: `name:instance1`
217
+ # * use a free text query. Example: `instance1`
218
218
  # @!attribute [rw] asset_type
219
219
  # @return [::String]
220
220
  # The type of this resource. Example: `compute.googleapis.com/Disk`.
@@ -236,7 +236,7 @@ module Google
236
236
  #
237
237
  # To search against the `display_name`:
238
238
  #
239
- # * use a field query. Example: `displayName : "My Instance"`
239
+ # * use a field query. Example: `displayName:"My Instance"`
240
240
  # * use a free text query. Example: `"My Instance"`
241
241
  # @!attribute [rw] description
242
242
  # @return [::String]
@@ -245,7 +245,7 @@ module Google
245
245
  #
246
246
  # To search against the `description`:
247
247
  #
248
- # * use a field query. Example: `description : "*important instance*"`
248
+ # * use a field query. Example: `description:"*important instance*"`
249
249
  # * use a free text query. Example: `"*important instance*"`
250
250
  # @!attribute [rw] location
251
251
  # @return [::String]
@@ -254,8 +254,8 @@ module Google
254
254
  #
255
255
  # To search against the `location`:
256
256
  #
257
- # * use a field query. Example: `location : "us-west*"`
258
- # * use a free text query. Example: `"us-west*"`
257
+ # * use a field query. Example: `location:us-west*`
258
+ # * use a free text query. Example: `us-west*`
259
259
  # @!attribute [rw] labels
260
260
  # @return [::Google::Protobuf::Map{::String => ::String}]
261
261
  # Labels associated with this resource. See [Labelling and grouping GCP
@@ -264,11 +264,11 @@ module Google
264
264
  #
265
265
  # To search against the `labels`:
266
266
  #
267
- # * use a field query, as following:
268
- # - query on any label's key or value. Example: `labels : "prod"`
269
- # - query by a given label. Example: `labels.env : "prod"`
270
- # - query by a given label'sexistence. Example: `labels.env : *`
271
- # * use a free text query. Example: `"prod"`
267
+ # * use a field query:
268
+ # - query on any label's key or value. Example: `labels:prod`
269
+ # - query by a given label. Example: `labels.env:prod`
270
+ # - query by a given label's existence. Example: `labels.env:*`
271
+ # * use a free text query. Example: `prod`
272
272
  # @!attribute [rw] network_tags
273
273
  # @return [::Array<::String>]
274
274
  # Network tags associated with this resource. Like labels, network tags are a
@@ -278,19 +278,29 @@ module Google
278
278
  #
279
279
  # To search against the `network_tags`:
280
280
  #
281
- # * use a field query. Example: `networkTags : "internal"`
282
- # * use a free text query. Example: `"internal"`
281
+ # * use a field query. Example: `networkTags:internal`
282
+ # * use a free text query. Example: `internal`
283
283
  # @!attribute [rw] additional_attributes
284
284
  # @return [::Google::Protobuf::Struct]
285
- # The additional attributes of this resource. The attributes may vary from
286
- # one resource type to another. Examples: `projectId` for Project,
287
- # `dnsName` for DNS ManagedZone.
285
+ # The additional searchable attributes of this resource. The attributes may
286
+ # vary from one resource type to another. Examples: `projectId` for Project,
287
+ # `dnsName` for DNS ManagedZone. This field contains a subset of the resource
288
+ # metadata fields that are returned by the List or Get APIs provided by the
289
+ # corresponding GCP service (e.g., Compute Engine). see [API references and
290
+ # supported searchable
291
+ # attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
292
+ # for more information.
293
+ #
294
+ # You can search values of these fields through free text search. However,
295
+ # you should not consume the field programically as the field names and
296
+ # values may change as the GCP service updates to a new incompatible API
297
+ # version.
288
298
  #
289
299
  # To search against the `additional_attributes`:
290
300
  #
291
301
  # * use a free text query to match the attributes values. Example: to search
292
302
  # `additional_attributes = { dnsName: "foobar" }`, you can issue a query
293
- # `"foobar"`.
303
+ # `foobar`.
294
304
  class ResourceSearchResult
295
305
  include ::Google::Protobuf::MessageExts
296
306
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -317,7 +327,7 @@ module Google
317
327
  #
318
328
  # To search against the `resource`:
319
329
  #
320
- # * use a field query. Example: `resource : "organizations/123"`
330
+ # * use a field query. Example: `resource:organizations/123`
321
331
  # @!attribute [rw] project
322
332
  # @return [::String]
323
333
  # The project that the associated GCP resource belongs to, in the form of
@@ -338,13 +348,13 @@ module Google
338
348
  #
339
349
  # To search against the `policy` bindings:
340
350
  #
341
- # * use a field query, as following:
351
+ # * use a field query:
342
352
  # - query by the policy contained members. Example:
343
- # `policy : "amy@gmail.com"`
353
+ # `policy:amy@gmail.com`
344
354
  # - query by the policy contained roles. Example:
345
- # `policy : "roles/compute.admin"`
346
- # - query by the policy contained roles' implied permissions. Example:
347
- # `policy.role.permissions : "compute.instances.create"`
355
+ # `policy:roles/compute.admin`
356
+ # - query by the policy contained roles' included permissions. Example:
357
+ # `policy.role.permissions:compute.instances.create`
348
358
  # @!attribute [rw] explanation
349
359
  # @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
350
360
  # Explanation about the IAM policy search result. It contains additional
@@ -358,7 +368,7 @@ module Google
358
368
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
359
369
  # The map from roles to their included permissions that match the
360
370
  # permission query (i.e., a query containing `policy.role.permissions:`).
361
- # Example: if query `policy.role.permissions : "compute.disk.get"`
371
+ # Example: if query `policy.role.permissions:compute.disk.get`
362
372
  # matches a policy binding that contains owner role, the
363
373
  # matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
364
374
  # roles can also be found in the returned `policy` bindings. Note that the
@@ -386,6 +396,182 @@ module Google
386
396
  end
387
397
  end
388
398
  end
399
+
400
+ # Represents the detailed state of an entity under analysis, such as a
401
+ # resource, an identity or an access.
402
+ # @!attribute [rw] code
403
+ # @return [::Google::Rpc::Code]
404
+ # The Google standard error code that best describes the state.
405
+ # For example:
406
+ # - OK means the analysis on this entity has been successfully finished;
407
+ # - PERMISSION_DENIED means an access denied error is encountered;
408
+ # - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
409
+ # in time;
410
+ # @!attribute [rw] cause
411
+ # @return [::String]
412
+ # The human-readable description of the cause of failure.
413
+ class IamPolicyAnalysisState
414
+ include ::Google::Protobuf::MessageExts
415
+ extend ::Google::Protobuf::MessageExts::ClassMethods
416
+ end
417
+
418
+ # IAM Policy analysis result, consisting of one IAM policy binding and derived
419
+ # access control lists.
420
+ # @!attribute [rw] attached_resource_full_name
421
+ # @return [::String]
422
+ # The [full resource
423
+ # name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
424
+ # of the resource to which the [iam_binding][iam_binding] policy attaches.
425
+ # (-- api-linter: core::0122::name-suffix=disabled
426
+ # aip.dev/not-precedent: full_resource_name is a public notion in GCP.
427
+ # --)
428
+ # @!attribute [rw] iam_binding
429
+ # @return [::Google::Iam::V1::Binding]
430
+ # The Cloud IAM policy binding under analysis.
431
+ # @!attribute [rw] access_control_lists
432
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
433
+ # The access control lists derived from the [iam_binding][iam_binding] that
434
+ # match or potentially match resource and access selectors specified in the
435
+ # request.
436
+ # @!attribute [rw] identity_list
437
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
438
+ # The identity list derived from members of the [iam_binding][iam_binding]
439
+ # that match or potentially match identity selector specified in the request.
440
+ # @!attribute [rw] fully_explored
441
+ # @return [::Boolean]
442
+ # Represents whether all analyses on the [iam_binding][iam_binding] have
443
+ # successfully finished.
444
+ class IamPolicyAnalysisResult
445
+ include ::Google::Protobuf::MessageExts
446
+ extend ::Google::Protobuf::MessageExts::ClassMethods
447
+
448
+ # A Google Cloud resource under analysis.
449
+ # @!attribute [rw] full_resource_name
450
+ # @return [::String]
451
+ # The [full resource
452
+ # name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
453
+ # (-- api-linter: core::0122::name-suffix=disabled
454
+ # aip.dev/not-precedent: full_resource_name is a public notion in GCP.
455
+ # --)
456
+ # @!attribute [rw] analysis_state
457
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
458
+ # The analysis state of this resource.
459
+ class Resource
460
+ include ::Google::Protobuf::MessageExts
461
+ extend ::Google::Protobuf::MessageExts::ClassMethods
462
+ end
463
+
464
+ # An IAM role or permission under analysis.
465
+ # @!attribute [rw] role
466
+ # @return [::String]
467
+ # The role.
468
+ # @!attribute [rw] permission
469
+ # @return [::String]
470
+ # The permission.
471
+ # @!attribute [rw] analysis_state
472
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
473
+ # The analysis state of this access.
474
+ class Access
475
+ include ::Google::Protobuf::MessageExts
476
+ extend ::Google::Protobuf::MessageExts::ClassMethods
477
+ end
478
+
479
+ # An identity under analysis.
480
+ # (-- api-linter: core::0123::resource-annotation=disabled
481
+ # aip.dev/not-precedent: Identity name is not a resource. --)
482
+ # @!attribute [rw] name
483
+ # @return [::String]
484
+ # The identity name in any form of members appear in
485
+ # [IAM policy
486
+ # binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
487
+ # as:
488
+ # - user:foo@google.com
489
+ # - group:group1@google.com
490
+ # - serviceAccount:s1@prj1.iam.gserviceaccount.com
491
+ # - projectOwner:some_project_id
492
+ # - domain:google.com
493
+ # - allUsers
494
+ # - etc.
495
+ # @!attribute [rw] analysis_state
496
+ # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
497
+ # The analysis state of this identity.
498
+ class Identity
499
+ include ::Google::Protobuf::MessageExts
500
+ extend ::Google::Protobuf::MessageExts::ClassMethods
501
+ end
502
+
503
+ # A directional edge.
504
+ # @!attribute [rw] source_node
505
+ # @return [::String]
506
+ # The source node of the edge. For example, it could be a full resource
507
+ # name for a resource node or an email of an identity.
508
+ # @!attribute [rw] target_node
509
+ # @return [::String]
510
+ # The target node of the edge. For example, it could be a full resource
511
+ # name for a resource node or an email of an identity.
512
+ class Edge
513
+ include ::Google::Protobuf::MessageExts
514
+ extend ::Google::Protobuf::MessageExts::ClassMethods
515
+ end
516
+
517
+ # An access control list, derived from the above IAM policy binding, which
518
+ # contains a set of resources and accesses. May include one
519
+ # item from each set to compose an access control entry.
520
+ #
521
+ # NOTICE that there could be multiple access control lists for one IAM policy
522
+ # binding. The access control lists are created based on resource and access
523
+ # combinations.
524
+ #
525
+ # For example, assume we have the following cases in one IAM policy binding:
526
+ # - Permission P1 and P2 apply to resource R1 and R2;
527
+ # - Permission P3 applies to resource R2 and R3;
528
+ #
529
+ # This will result in the following access control lists:
530
+ # - AccessControlList 1: [R1, R2], [P1, P2]
531
+ # - AccessControlList 2: [R2, R3], [P3]
532
+ # @!attribute [rw] resources
533
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
534
+ # The resources that match one of the following conditions:
535
+ # - The resource_selector, if it is specified in request;
536
+ # - Otherwise, resources reachable from the policy attached resource.
537
+ # @!attribute [rw] accesses
538
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
539
+ # The accesses that match one of the following conditions:
540
+ # - The access_selector, if it is specified in request;
541
+ # - Otherwise, access specifiers reachable from the policy binding's role.
542
+ # @!attribute [rw] resource_edges
543
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
544
+ # Resource edges of the graph starting from the policy attached
545
+ # resource to any descendant resources. The [Edge.source_node][] contains
546
+ # the full resource name of a parent resource and [Edge.target_node][]
547
+ # contains the full resource name of a child resource. This field is
548
+ # present only if the output_resource_edges option is enabled in request.
549
+ class AccessControlList
550
+ include ::Google::Protobuf::MessageExts
551
+ extend ::Google::Protobuf::MessageExts::ClassMethods
552
+ end
553
+
554
+ # The identities and group edges.
555
+ # @!attribute [rw] identities
556
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
557
+ # Only the identities that match one of the following conditions will be
558
+ # presented:
559
+ # - The identity_selector, if it is specified in request;
560
+ # - Otherwise, identities reachable from the policy binding's members.
561
+ # @!attribute [rw] group_edges
562
+ # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
563
+ # Group identity edges of the graph starting from the binding's
564
+ # group members to any node of the [identities][]. The [Edge.source_node][]
565
+ # contains a group, such as `group:parent@google.com`. The
566
+ # [Edge.target_node][] contains a member of the group,
567
+ # such as `group:child@google.com` or `user:foo@google.com`.
568
+ # This field is present only if the output_group_edges option is enabled in
569
+ # request.
570
+ class IdentityList
571
+ include ::Google::Protobuf::MessageExts
572
+ extend ::Google::Protobuf::MessageExts::ClassMethods
573
+ end
574
+ end
389
575
  end
390
576
  end
391
577
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-asset-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.3
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-10 00:00:00.000000000 Z
11
+ date: 2020-09-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common