google-cloud-asset-v1 0.9.0 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.md +188 -190
- data/README.md +66 -2
- data/lib/google/cloud/asset/v1.rb +3 -0
- data/lib/google/cloud/asset/v1/asset_service/client.rb +264 -65
- data/lib/google/cloud/asset/v1/asset_service/operations.rb +95 -10
- data/lib/google/cloud/asset/v1/asset_service/paths.rb +2 -2
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +25 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +4 -1
- data/lib/google/cloud/asset/v1/assets_pb.rb +23 -0
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +195 -29
- data/proto_docs/google/cloud/asset/v1/assets.rb +182 -12
- data/proto_docs/google/longrunning/operations.rb +17 -3
- data/proto_docs/google/protobuf/any.rb +5 -2
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +21 -13
@@ -103,8 +103,13 @@ module Google
|
|
103
103
|
# Lists operations that match the specified filter in the request. If the
|
104
104
|
# server doesn't support this method, it returns `UNIMPLEMENTED`.
|
105
105
|
#
|
106
|
-
# NOTE: the `name` binding
|
107
|
-
# to use different resource name schemes, such as `users/*/operations`.
|
106
|
+
# NOTE: the `name` binding allows API services to override the binding
|
107
|
+
# to use different resource name schemes, such as `users/*/operations`. To
|
108
|
+
# override the binding, API services can add a binding such as
|
109
|
+
# `"/v1/{name=users/*}/operations"` to their service configuration.
|
110
|
+
# For backwards compatibility, the default name includes the operations
|
111
|
+
# collection id, however overriding users must ensure the name binding
|
112
|
+
# is the parent resource, without the operations collection id.
|
108
113
|
#
|
109
114
|
# @overload list_operations(request, options = nil)
|
110
115
|
# Pass arguments to `list_operations` via a request object, either of type
|
@@ -122,7 +127,7 @@ module Google
|
|
122
127
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
123
128
|
#
|
124
129
|
# @param name [::String]
|
125
|
-
# The name of the operation
|
130
|
+
# The name of the operation's parent resource.
|
126
131
|
# @param filter [::String]
|
127
132
|
# The standard list filter.
|
128
133
|
# @param page_size [::Integer]
|
@@ -390,6 +395,79 @@ module Google
|
|
390
395
|
raise ::Google::Cloud::Error.from_error(e)
|
391
396
|
end
|
392
397
|
|
398
|
+
##
|
399
|
+
# Waits for the specified long-running operation until it is done or reaches
|
400
|
+
# at most a specified timeout, returning the latest state. If the operation
|
401
|
+
# is already done, the latest state is immediately returned. If the timeout
|
402
|
+
# specified is greater than the default HTTP/RPC timeout, the HTTP/RPC
|
403
|
+
# timeout is used. If the server does not support this method, it returns
|
404
|
+
# `google.rpc.Code.UNIMPLEMENTED`.
|
405
|
+
# Note that this method is on a best-effort basis. It may return the latest
|
406
|
+
# state before the specified timeout (including immediately), meaning even an
|
407
|
+
# immediate response is no guarantee that the operation is done.
|
408
|
+
#
|
409
|
+
# @overload wait_operation(request, options = nil)
|
410
|
+
# Pass arguments to `wait_operation` via a request object, either of type
|
411
|
+
# {::Google::Longrunning::WaitOperationRequest} or an equivalent Hash.
|
412
|
+
#
|
413
|
+
# @param request [::Google::Longrunning::WaitOperationRequest, ::Hash]
|
414
|
+
# A request object representing the call parameters. Required. To specify no
|
415
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
416
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
417
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
418
|
+
#
|
419
|
+
# @overload wait_operation(name: nil, timeout: nil)
|
420
|
+
# Pass arguments to `wait_operation` via keyword arguments. Note that at
|
421
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
422
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
423
|
+
#
|
424
|
+
# @param name [::String]
|
425
|
+
# The name of the operation resource to wait on.
|
426
|
+
# @param timeout [::Google::Protobuf::Duration, ::Hash]
|
427
|
+
# The maximum duration to wait before timing out. If left blank, the wait
|
428
|
+
# will be at most the time permitted by the underlying HTTP/RPC protocol.
|
429
|
+
# If RPC context deadline is also specified, the shorter one will be used.
|
430
|
+
#
|
431
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
432
|
+
# @yieldparam response [::Gapic::Operation]
|
433
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
434
|
+
#
|
435
|
+
# @return [::Gapic::Operation]
|
436
|
+
#
|
437
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
438
|
+
#
|
439
|
+
def wait_operation request, options = nil
|
440
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
441
|
+
|
442
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Longrunning::WaitOperationRequest
|
443
|
+
|
444
|
+
# Converts hash and nil to an options object
|
445
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
446
|
+
|
447
|
+
# Customize the options with defaults
|
448
|
+
metadata = @config.rpcs.wait_operation.metadata.to_h
|
449
|
+
|
450
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
451
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
452
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
453
|
+
gapic_version: ::Google::Cloud::Asset::V1::VERSION
|
454
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
455
|
+
|
456
|
+
options.apply_defaults timeout: @config.rpcs.wait_operation.timeout,
|
457
|
+
metadata: metadata,
|
458
|
+
retry_policy: @config.rpcs.wait_operation.retry_policy
|
459
|
+
options.apply_defaults metadata: @config.metadata,
|
460
|
+
retry_policy: @config.retry_policy
|
461
|
+
|
462
|
+
@operations_stub.call_rpc :wait_operation, request, options: options do |response, operation|
|
463
|
+
response = ::Gapic::Operation.new response, @operations_client, options: options
|
464
|
+
yield response, operation if block_given?
|
465
|
+
return response
|
466
|
+
end
|
467
|
+
rescue ::GRPC::BadStatus => e
|
468
|
+
raise ::Google::Cloud::Error.from_error(e)
|
469
|
+
end
|
470
|
+
|
393
471
|
##
|
394
472
|
# Configuration class for the Operations API.
|
395
473
|
#
|
@@ -482,7 +560,7 @@ module Google
|
|
482
560
|
config_attr :scope, nil, ::String, ::Array, nil
|
483
561
|
config_attr :lib_name, nil, ::String, nil
|
484
562
|
config_attr :lib_version, nil, ::String, nil
|
485
|
-
config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
|
563
|
+
config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
|
486
564
|
config_attr :interceptors, nil, ::Array, nil
|
487
565
|
config_attr :timeout, nil, ::Numeric, nil
|
488
566
|
config_attr :metadata, nil, ::Hash, nil
|
@@ -503,7 +581,7 @@ module Google
|
|
503
581
|
def rpcs
|
504
582
|
@rpcs ||= begin
|
505
583
|
parent_rpcs = nil
|
506
|
-
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config
|
584
|
+
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
|
507
585
|
Rpcs.new parent_rpcs
|
508
586
|
end
|
509
587
|
end
|
@@ -515,7 +593,7 @@ module Google
|
|
515
593
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
516
594
|
# the following configuration fields:
|
517
595
|
#
|
518
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
596
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
519
597
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
520
598
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
521
599
|
# include the following keys:
|
@@ -546,17 +624,24 @@ module Google
|
|
546
624
|
# @return [::Gapic::Config::Method]
|
547
625
|
#
|
548
626
|
attr_reader :cancel_operation
|
627
|
+
##
|
628
|
+
# RPC-specific configuration for `wait_operation`
|
629
|
+
# @return [::Gapic::Config::Method]
|
630
|
+
#
|
631
|
+
attr_reader :wait_operation
|
549
632
|
|
550
633
|
# @private
|
551
634
|
def initialize parent_rpcs = nil
|
552
|
-
list_operations_config = parent_rpcs
|
635
|
+
list_operations_config = parent_rpcs.list_operations if parent_rpcs.respond_to? :list_operations
|
553
636
|
@list_operations = ::Gapic::Config::Method.new list_operations_config
|
554
|
-
get_operation_config = parent_rpcs
|
637
|
+
get_operation_config = parent_rpcs.get_operation if parent_rpcs.respond_to? :get_operation
|
555
638
|
@get_operation = ::Gapic::Config::Method.new get_operation_config
|
556
|
-
delete_operation_config = parent_rpcs
|
639
|
+
delete_operation_config = parent_rpcs.delete_operation if parent_rpcs.respond_to? :delete_operation
|
557
640
|
@delete_operation = ::Gapic::Config::Method.new delete_operation_config
|
558
|
-
cancel_operation_config = parent_rpcs
|
641
|
+
cancel_operation_config = parent_rpcs.cancel_operation if parent_rpcs.respond_to? :cancel_operation
|
559
642
|
@cancel_operation = ::Gapic::Config::Method.new cancel_operation_config
|
643
|
+
wait_operation_config = parent_rpcs.wait_operation if parent_rpcs.respond_to? :wait_operation
|
644
|
+
@wait_operation = ::Gapic::Config::Method.new wait_operation_config
|
560
645
|
|
561
646
|
yield self if block_given?
|
562
647
|
end
|
@@ -54,12 +54,12 @@ module Google
|
|
54
54
|
# @return [::String]
|
55
55
|
def feed_path **args
|
56
56
|
resources = {
|
57
|
-
"feed:project"
|
57
|
+
"feed:project" => (proc do |project:, feed:|
|
58
58
|
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
59
59
|
|
60
60
|
"projects/#{project}/feeds/#{feed}"
|
61
61
|
end),
|
62
|
-
"feed:folder"
|
62
|
+
"feed:folder" => (proc do |folder:, feed:|
|
63
63
|
raise ::ArgumentError, "folder cannot contain /" if folder.to_s.include? "/"
|
64
64
|
|
65
65
|
"folders/#{folder}/feeds/#{feed}"
|
@@ -12,6 +12,7 @@ require 'google/longrunning/operations_pb'
|
|
12
12
|
require 'google/protobuf/duration_pb'
|
13
13
|
require 'google/protobuf/empty_pb'
|
14
14
|
require 'google/protobuf/field_mask_pb'
|
15
|
+
require 'google/protobuf/struct_pb'
|
15
16
|
require 'google/protobuf/timestamp_pb'
|
16
17
|
require 'google/type/expr_pb'
|
17
18
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -28,6 +29,19 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
28
29
|
optional :output_config, :message, 2, "google.cloud.asset.v1.OutputConfig"
|
29
30
|
optional :output_result, :message, 3, "google.cloud.asset.v1.OutputResult"
|
30
31
|
end
|
32
|
+
add_message "google.cloud.asset.v1.ListAssetsRequest" do
|
33
|
+
optional :parent, :string, 1
|
34
|
+
optional :read_time, :message, 2, "google.protobuf.Timestamp"
|
35
|
+
repeated :asset_types, :string, 3
|
36
|
+
optional :content_type, :enum, 4, "google.cloud.asset.v1.ContentType"
|
37
|
+
optional :page_size, :int32, 5
|
38
|
+
optional :page_token, :string, 6
|
39
|
+
end
|
40
|
+
add_message "google.cloud.asset.v1.ListAssetsResponse" do
|
41
|
+
optional :read_time, :message, 1, "google.protobuf.Timestamp"
|
42
|
+
repeated :assets, :message, 2, "google.cloud.asset.v1.Asset"
|
43
|
+
optional :next_page_token, :string, 3
|
44
|
+
end
|
31
45
|
add_message "google.cloud.asset.v1.BatchGetAssetsHistoryRequest" do
|
32
46
|
optional :parent, :string, 1
|
33
47
|
repeated :asset_names, :string, 2
|
@@ -126,6 +140,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
126
140
|
optional :query, :string, 2
|
127
141
|
optional :page_size, :int32, 3
|
128
142
|
optional :page_token, :string, 4
|
143
|
+
repeated :asset_types, :string, 5
|
144
|
+
optional :order_by, :string, 7
|
129
145
|
end
|
130
146
|
add_message "google.cloud.asset.v1.SearchAllIamPoliciesResponse" do
|
131
147
|
repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
|
@@ -137,6 +153,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
137
153
|
optional :identity_selector, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector"
|
138
154
|
optional :access_selector, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector"
|
139
155
|
optional :options, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options"
|
156
|
+
optional :condition_context, :message, 6, "google.cloud.asset.v1.IamPolicyAnalysisQuery.ConditionContext"
|
140
157
|
end
|
141
158
|
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector" do
|
142
159
|
optional :full_resource_name, :string, 1
|
@@ -156,6 +173,11 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
156
173
|
optional :output_group_edges, :bool, 5
|
157
174
|
optional :analyze_service_account_impersonation, :bool, 6
|
158
175
|
end
|
176
|
+
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ConditionContext" do
|
177
|
+
oneof :TimeContext do
|
178
|
+
optional :access_time, :message, 1, "google.protobuf.Timestamp"
|
179
|
+
end
|
180
|
+
end
|
159
181
|
add_message "google.cloud.asset.v1.AnalyzeIamPolicyRequest" do
|
160
182
|
optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
|
161
183
|
optional :execution_timeout, :message, 2, "google.protobuf.Duration"
|
@@ -213,6 +235,8 @@ module Google
|
|
213
235
|
module V1
|
214
236
|
ExportAssetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportAssetsRequest").msgclass
|
215
237
|
ExportAssetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportAssetsResponse").msgclass
|
238
|
+
ListAssetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ListAssetsRequest").msgclass
|
239
|
+
ListAssetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ListAssetsResponse").msgclass
|
216
240
|
BatchGetAssetsHistoryRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.BatchGetAssetsHistoryRequest").msgclass
|
217
241
|
BatchGetAssetsHistoryResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.BatchGetAssetsHistoryResponse").msgclass
|
218
242
|
CreateFeedRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.CreateFeedRequest").msgclass
|
@@ -240,6 +264,7 @@ module Google
|
|
240
264
|
IamPolicyAnalysisQuery::IdentitySelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector").msgclass
|
241
265
|
IamPolicyAnalysisQuery::AccessSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector").msgclass
|
242
266
|
IamPolicyAnalysisQuery::Options = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.Options").msgclass
|
267
|
+
IamPolicyAnalysisQuery::ConditionContext = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.ConditionContext").msgclass
|
243
268
|
AnalyzeIamPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyRequest").msgclass
|
244
269
|
AnalyzeIamPolicyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse").msgclass
|
245
270
|
AnalyzeIamPolicyResponse::IamPolicyAnalysis = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis").msgclass
|
@@ -27,7 +27,7 @@ module Google
|
|
27
27
|
# Asset service definition.
|
28
28
|
class Service
|
29
29
|
|
30
|
-
include GRPC::GenericService
|
30
|
+
include ::GRPC::GenericService
|
31
31
|
|
32
32
|
self.marshal_class_method = :encode
|
33
33
|
self.unmarshal_class_method = :decode
|
@@ -44,6 +44,9 @@ module Google
|
|
44
44
|
# result. For regular-size resource parent, the export operation usually
|
45
45
|
# finishes within 5 minutes.
|
46
46
|
rpc :ExportAssets, ::Google::Cloud::Asset::V1::ExportAssetsRequest, ::Google::Longrunning::Operation
|
47
|
+
# Lists assets with time and resource types and returns paged results in
|
48
|
+
# response.
|
49
|
+
rpc :ListAssets, ::Google::Cloud::Asset::V1::ListAssetsRequest, ::Google::Cloud::Asset::V1::ListAssetsResponse
|
47
50
|
# Batch gets the update history of assets that overlap a time window.
|
48
51
|
# For IAM_POLICY content, this API outputs history when the asset and its
|
49
52
|
# attached IAM POLICY both exist. This can create gaps in the output history.
|
@@ -63,16 +63,27 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
63
63
|
optional :name, :string, 1
|
64
64
|
optional :asset_type, :string, 2
|
65
65
|
optional :project, :string, 3
|
66
|
+
repeated :folders, :string, 17
|
67
|
+
optional :organization, :string, 18
|
66
68
|
optional :display_name, :string, 4
|
67
69
|
optional :description, :string, 5
|
68
70
|
optional :location, :string, 6
|
69
71
|
map :labels, :string, :string, 7
|
70
72
|
repeated :network_tags, :string, 8
|
73
|
+
optional :kms_key, :string, 10
|
74
|
+
optional :create_time, :message, 11, "google.protobuf.Timestamp"
|
75
|
+
optional :update_time, :message, 12, "google.protobuf.Timestamp"
|
76
|
+
optional :state, :string, 13
|
71
77
|
optional :additional_attributes, :message, 9, "google.protobuf.Struct"
|
78
|
+
optional :parent_full_resource_name, :string, 19
|
79
|
+
optional :parent_asset_type, :string, 103
|
72
80
|
end
|
73
81
|
add_message "google.cloud.asset.v1.IamPolicySearchResult" do
|
74
82
|
optional :resource, :string, 1
|
83
|
+
optional :asset_type, :string, 5
|
75
84
|
optional :project, :string, 2
|
85
|
+
repeated :folders, :string, 6
|
86
|
+
optional :organization, :string, 7
|
76
87
|
optional :policy, :message, 3, "google.iam.v1.Policy"
|
77
88
|
optional :explanation, :message, 4, "google.cloud.asset.v1.IamPolicySearchResult.Explanation"
|
78
89
|
end
|
@@ -86,6 +97,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
86
97
|
optional :code, :enum, 1, "google.rpc.Code"
|
87
98
|
optional :cause, :string, 2
|
88
99
|
end
|
100
|
+
add_message "google.cloud.asset.v1.ConditionEvaluation" do
|
101
|
+
optional :evaluation_value, :enum, 1, "google.cloud.asset.v1.ConditionEvaluation.EvaluationValue"
|
102
|
+
end
|
103
|
+
add_enum "google.cloud.asset.v1.ConditionEvaluation.EvaluationValue" do
|
104
|
+
value :EVALUATION_VALUE_UNSPECIFIED, 0
|
105
|
+
value :TRUE, 1
|
106
|
+
value :FALSE, 2
|
107
|
+
value :CONDITIONAL, 3
|
108
|
+
end
|
89
109
|
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult" do
|
90
110
|
optional :attached_resource_full_name, :string, 1
|
91
111
|
optional :iam_binding, :message, 2, "google.iam.v1.Binding"
|
@@ -116,6 +136,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
116
136
|
repeated :resources, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource"
|
117
137
|
repeated :accesses, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Access"
|
118
138
|
repeated :resource_edges, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
|
139
|
+
optional :condition_evaluation, :message, 4, "google.cloud.asset.v1.ConditionEvaluation"
|
119
140
|
end
|
120
141
|
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList" do
|
121
142
|
repeated :identities, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity"
|
@@ -138,6 +159,8 @@ module Google
|
|
138
159
|
IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
|
139
160
|
IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
|
140
161
|
IamPolicyAnalysisState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisState").msgclass
|
162
|
+
ConditionEvaluation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ConditionEvaluation").msgclass
|
163
|
+
ConditionEvaluation::EvaluationValue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ConditionEvaluation.EvaluationValue").enummodule
|
141
164
|
IamPolicyAnalysisResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult").msgclass
|
142
165
|
IamPolicyAnalysisResult::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Resource").msgclass
|
143
166
|
IamPolicyAnalysisResult::Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Access").msgclass
|
@@ -54,6 +54,12 @@ module Google
|
|
54
54
|
# This indicates that the field may be set once in a request to create a
|
55
55
|
# resource, but may not be changed thereafter.
|
56
56
|
IMMUTABLE = 5
|
57
|
+
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
59
|
+
# This indicates that the service may provide the elements of the list
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
62
|
+
UNORDERED_LIST = 6
|
57
63
|
end
|
58
64
|
end
|
59
65
|
end
|
@@ -88,6 +88,75 @@ module Google
|
|
88
88
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
89
89
|
end
|
90
90
|
|
91
|
+
# ListAssets request.
|
92
|
+
# @!attribute [rw] parent
|
93
|
+
# @return [::String]
|
94
|
+
# Required. Name of the organization or project the assets belong to. Format:
|
95
|
+
# "organizations/[organization-number]" (such as "organizations/123"),
|
96
|
+
# "projects/[project-id]" (such as "projects/my-project-id"), or
|
97
|
+
# "projects/[project-number]" (such as "projects/12345").
|
98
|
+
# @!attribute [rw] read_time
|
99
|
+
# @return [::Google::Protobuf::Timestamp]
|
100
|
+
# Timestamp to take an asset snapshot. This can only be set to a timestamp
|
101
|
+
# between the current time and the current time minus 35 days (inclusive).
|
102
|
+
# If not specified, the current time will be used. Due to delays in resource
|
103
|
+
# data collection and indexing, there is a volatile window during which
|
104
|
+
# running the same query may get different results.
|
105
|
+
# @!attribute [rw] asset_types
|
106
|
+
# @return [::Array<::String>]
|
107
|
+
# A list of asset types to take a snapshot for. For example:
|
108
|
+
# "compute.googleapis.com/Disk".
|
109
|
+
#
|
110
|
+
# Regular expression is also supported. For example:
|
111
|
+
#
|
112
|
+
# * "compute.googleapis.com.*" snapshots resources whose asset type starts
|
113
|
+
# with "compute.googleapis.com".
|
114
|
+
# * ".*Instance" snapshots resources whose asset type ends with "Instance".
|
115
|
+
# * ".*Instance.*" snapshots resources whose asset type contains "Instance".
|
116
|
+
#
|
117
|
+
# See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
|
118
|
+
# regular expression syntax. If the regular expression does not match any
|
119
|
+
# supported asset type, an INVALID_ARGUMENT error will be returned.
|
120
|
+
#
|
121
|
+
# If specified, only matching assets will be returned, otherwise, it will
|
122
|
+
# snapshot all asset types. See [Introduction to Cloud Asset
|
123
|
+
# Inventory](https://cloud.google.com/asset-inventory/docs/overview)
|
124
|
+
# for all supported asset types.
|
125
|
+
# @!attribute [rw] content_type
|
126
|
+
# @return [::Google::Cloud::Asset::V1::ContentType]
|
127
|
+
# Asset content type. If not specified, no content but the asset name will
|
128
|
+
# be returned.
|
129
|
+
# @!attribute [rw] page_size
|
130
|
+
# @return [::Integer]
|
131
|
+
# The maximum number of assets to be returned in a single response. Default
|
132
|
+
# is 100, minimum is 1, and maximum is 1000.
|
133
|
+
# @!attribute [rw] page_token
|
134
|
+
# @return [::String]
|
135
|
+
# The `next_page_token` returned from the previous `ListAssetsResponse`, or
|
136
|
+
# unspecified for the first `ListAssetsRequest`. It is a continuation of a
|
137
|
+
# prior `ListAssets` call, and the API should return the next page of assets.
|
138
|
+
class ListAssetsRequest
|
139
|
+
include ::Google::Protobuf::MessageExts
|
140
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
141
|
+
end
|
142
|
+
|
143
|
+
# ListAssets response.
|
144
|
+
# @!attribute [rw] read_time
|
145
|
+
# @return [::Google::Protobuf::Timestamp]
|
146
|
+
# Time the snapshot was taken.
|
147
|
+
# @!attribute [rw] assets
|
148
|
+
# @return [::Array<::Google::Cloud::Asset::V1::Asset>]
|
149
|
+
# Assets.
|
150
|
+
# @!attribute [rw] next_page_token
|
151
|
+
# @return [::String]
|
152
|
+
# Token to retrieve the next page of results. It expires 72 hours after the
|
153
|
+
# page token for the first page is generated. Set to empty if there are no
|
154
|
+
# remaining results.
|
155
|
+
class ListAssetsResponse
|
156
|
+
include ::Google::Protobuf::MessageExts
|
157
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
158
|
+
end
|
159
|
+
|
91
160
|
# Batch get assets history request.
|
92
161
|
# @!attribute [rw] parent
|
93
162
|
# @return [::String]
|
@@ -253,6 +322,10 @@ module Google
|
|
253
322
|
# Editing Object
|
254
323
|
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
|
255
324
|
# for more information.
|
325
|
+
#
|
326
|
+
# If the specified Cloud Storage object already exists and there is no
|
327
|
+
# [hold](https://cloud.google.com/storage/docs/object-holds), it will be
|
328
|
+
# overwritten with the exported result.
|
256
329
|
# @!attribute [rw] uri_prefix
|
257
330
|
# @return [::String]
|
258
331
|
# The uri prefix of all generated Cloud Storage objects. Example:
|
@@ -457,7 +530,7 @@ module Google
|
|
457
530
|
# @return [::String]
|
458
531
|
# Required. A scope can be a project, a folder, or an organization. The search is
|
459
532
|
# limited to the resources within the `scope`. The caller must be granted the
|
460
|
-
# [`cloudasset.assets.searchAllResources`](
|
533
|
+
# [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
|
461
534
|
# permission on the desired scope.
|
462
535
|
#
|
463
536
|
# The allowed values are:
|
@@ -469,36 +542,41 @@ module Google
|
|
469
542
|
# @!attribute [rw] query
|
470
543
|
# @return [::String]
|
471
544
|
# Optional. The query statement. See [how to construct a
|
472
|
-
# query](
|
545
|
+
# query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
|
473
546
|
# for more information. If not specified or empty, it will search all the
|
474
|
-
# resources within the specified `scope`.
|
475
|
-
# compared against each Cloud IAM policy binding, including its members,
|
476
|
-
# roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
|
477
|
-
# contain the bindings that match your query. To learn more about the IAM
|
478
|
-
# policy structure, see [IAM policy
|
479
|
-
# doc](https://cloud.google.com/iam/docs/policies#structure).
|
547
|
+
# resources within the specified `scope`.
|
480
548
|
#
|
481
549
|
# Examples:
|
482
550
|
#
|
483
551
|
# * `name:Important` to find Cloud resources whose name contains
|
484
552
|
# "Important" as a word.
|
553
|
+
# * `name=Important` to find the Cloud resource whose name is exactly
|
554
|
+
# "Important".
|
485
555
|
# * `displayName:Impor*` to find Cloud resources whose display name
|
486
|
-
# contains "Impor" as a prefix.
|
487
|
-
# * `
|
488
|
-
#
|
489
|
-
# * `location:us-west*` to find Cloud resources whose location is
|
490
|
-
# prefixed with "us-west".
|
556
|
+
# contains "Impor" as a prefix of any word in the field.
|
557
|
+
# * `location:us-west*` to find Cloud resources whose location contains both
|
558
|
+
# "us" and "west" as prefixes.
|
491
559
|
# * `labels:prod` to find Cloud resources whose labels contain "prod" as
|
492
560
|
# a key or value.
|
493
561
|
# * `labels.env:prod` to find Cloud resources that have a label "env"
|
494
562
|
# and its value is "prod".
|
495
563
|
# * `labels.env:*` to find Cloud resources that have a label "env".
|
564
|
+
# * `kmsKey:key` to find Cloud resources encrypted with a customer-managed
|
565
|
+
# encryption key whose name contains the word "key".
|
566
|
+
# * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
|
567
|
+
# word.
|
568
|
+
# * `NOT state:ACTIVE` to find \\{\\{gcp_name}} resources whose state
|
569
|
+
# doesn't contain "ACTIVE" as a word.
|
570
|
+
# * `createTime<1609459200` to find Cloud resources that were created before
|
571
|
+
# "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
572
|
+
# "2021-01-01 00:00:00 UTC" in seconds.
|
573
|
+
# * `updateTime>1609459200` to find Cloud resources that were updated after
|
574
|
+
# "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
|
575
|
+
# "2021-01-01 00:00:00 UTC" in seconds.
|
496
576
|
# * `Important` to find Cloud resources that contain "Important" as a word
|
497
577
|
# in any of the searchable fields.
|
498
|
-
# * `Impor*` to find Cloud resources that contain "Impor" as a prefix
|
499
|
-
# in any of the searchable fields.
|
500
|
-
# * `*por*` to find Cloud resources that contain "por" as a substring in
|
501
|
-
# any of the searchable fields.
|
578
|
+
# * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any
|
579
|
+
# word in any of the searchable fields.
|
502
580
|
# * `Important location:(us-west1 OR global)` to find Cloud
|
503
581
|
# resources that contain "Important" as a word in any of the searchable
|
504
582
|
# fields and are also located in the "us-west1" region or the "global"
|
@@ -508,6 +586,17 @@ module Google
|
|
508
586
|
# Optional. A list of asset types that this request searches for. If empty, it will
|
509
587
|
# search all the [searchable asset
|
510
588
|
# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
|
589
|
+
#
|
590
|
+
# Regular expressions are also supported. For example:
|
591
|
+
#
|
592
|
+
# * "compute.googleapis.com.*" snapshots resources whose asset type starts
|
593
|
+
# with "compute.googleapis.com".
|
594
|
+
# * ".*Instance" snapshots resources whose asset type ends with "Instance".
|
595
|
+
# * ".*Instance.*" snapshots resources whose asset type contains "Instance".
|
596
|
+
#
|
597
|
+
# See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
|
598
|
+
# regular expression syntax. If the regular expression does not match any
|
599
|
+
# supported asset type, an INVALID_ARGUMENT error will be returned.
|
511
600
|
# @!attribute [rw] page_size
|
512
601
|
# @return [::Integer]
|
513
602
|
# Optional. The page size for search result pagination. Page size is capped at 500 even
|
@@ -522,12 +611,24 @@ module Google
|
|
522
611
|
# identical to those in the previous call.
|
523
612
|
# @!attribute [rw] order_by
|
524
613
|
# @return [::String]
|
525
|
-
# Optional. A comma
|
614
|
+
# Optional. A comma-separated list of fields specifying the sorting order of the
|
526
615
|
# results. The default order is ascending. Add " DESC" after the field name
|
527
616
|
# to indicate descending order. Redundant space characters are ignored.
|
528
|
-
# Example: "location DESC, name".
|
529
|
-
#
|
530
|
-
#
|
617
|
+
# Example: "location DESC, name".
|
618
|
+
# Only singular primitive fields in the response are sortable:
|
619
|
+
# * name
|
620
|
+
# * assetType
|
621
|
+
# * project
|
622
|
+
# * displayName
|
623
|
+
# * description
|
624
|
+
# * location
|
625
|
+
# * kmsKey
|
626
|
+
# * createTime
|
627
|
+
# * updateTime
|
628
|
+
# * state
|
629
|
+
# * parentFullResourceName
|
630
|
+
# * parentAssetType
|
631
|
+
# All the other fields such as repeated fields (e.g., `networkTags`), map
|
531
632
|
# fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
|
532
633
|
# are not supported.
|
533
634
|
class SearchAllResourcesRequest
|
@@ -556,7 +657,7 @@ module Google
|
|
556
657
|
# Required. A scope can be a project, a folder, or an organization. The search is
|
557
658
|
# limited to the IAM policies within the `scope`. The caller must be granted
|
558
659
|
# the
|
559
|
-
# [`cloudasset.assets.searchAllIamPolicies`](
|
660
|
+
# [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
|
560
661
|
# permission on the desired scope.
|
561
662
|
#
|
562
663
|
# The allowed values are:
|
@@ -570,7 +671,12 @@ module Google
|
|
570
671
|
# Optional. The query statement. See [how to construct a
|
571
672
|
# query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
|
572
673
|
# for more information. If not specified or empty, it will search all the
|
573
|
-
# IAM policies within the specified `scope`.
|
674
|
+
# IAM policies within the specified `scope`. Note that the query string is
|
675
|
+
# compared against each Cloud IAM policy binding, including its members,
|
676
|
+
# roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
|
677
|
+
# contain the bindings that match your query. To learn more about the IAM
|
678
|
+
# policy structure, see [IAM policy
|
679
|
+
# doc](https://cloud.google.com/iam/docs/policies#structure).
|
574
680
|
#
|
575
681
|
# Examples:
|
576
682
|
#
|
@@ -578,21 +684,32 @@ module Google
|
|
578
684
|
# "amy@gmail.com".
|
579
685
|
# * `policy:roles/compute.admin` to find IAM policy bindings that specify
|
580
686
|
# the Compute Admin role.
|
687
|
+
# * `policy:comp*` to find IAM policy bindings that contain "comp" as a
|
688
|
+
# prefix of any word in the binding.
|
581
689
|
# * `policy.role.permissions:storage.buckets.update` to find IAM policy
|
582
690
|
# bindings that specify a role containing "storage.buckets.update"
|
583
691
|
# permission. Note that if callers don't have `iam.roles.get` access to a
|
584
692
|
# role's included permissions, policy bindings that specify this role will
|
585
693
|
# be dropped from the search results.
|
694
|
+
# * `policy.role.permissions:upd*` to find IAM policy bindings that specify a
|
695
|
+
# role containing "upd" as a prefix of any word in the role permission.
|
696
|
+
# Note that if callers don't have `iam.roles.get` access to a role's
|
697
|
+
# included permissions, policy bindings that specify this role will be
|
698
|
+
# dropped from the search results.
|
586
699
|
# * `resource:organizations/123456` to find IAM policy bindings
|
587
700
|
# that are set on "organizations/123456".
|
701
|
+
# * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to
|
702
|
+
# find IAM policy bindings that are set on the project named "myproject".
|
588
703
|
# * `Important` to find IAM policy bindings that contain "Important" as a
|
589
704
|
# word in any of the searchable fields (except for the included
|
590
705
|
# permissions).
|
591
|
-
# * `*por*` to find IAM policy bindings that contain "por" as a substring
|
592
|
-
# in any of the searchable fields (except for the included permissions).
|
593
706
|
# * `resource:(instance1 OR instance2) policy:amy` to find
|
594
707
|
# IAM policy bindings that are set on resources "instance1" or
|
595
708
|
# "instance2" and also specify user "amy".
|
709
|
+
# * `roles:roles/compute.admin` to find IAM policy bindings that specify the
|
710
|
+
# Compute Admin role.
|
711
|
+
# * `memberTypes:user` to find IAM policy bindings that contain the "user"
|
712
|
+
# member type.
|
596
713
|
# @!attribute [rw] page_size
|
597
714
|
# @return [::Integer]
|
598
715
|
# Optional. The page size for search result pagination. Page size is capped at 500 even
|
@@ -605,6 +722,36 @@ module Google
|
|
605
722
|
# this method. `page_token` must be the value of `next_page_token` from the
|
606
723
|
# previous response. The values of all other method parameters must be
|
607
724
|
# identical to those in the previous call.
|
725
|
+
# @!attribute [rw] asset_types
|
726
|
+
# @return [::Array<::String>]
|
727
|
+
# Optional. A list of asset types that the IAM policies are attached to. If empty, it
|
728
|
+
# will search the IAM policies that are attached to all the [searchable asset
|
729
|
+
# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
|
730
|
+
#
|
731
|
+
# Regular expressions are also supported. For example:
|
732
|
+
#
|
733
|
+
# * "compute.googleapis.com.*" snapshots IAM policies attached to asset type
|
734
|
+
# starts with "compute.googleapis.com".
|
735
|
+
# * ".*Instance" snapshots IAM policies attached to asset type ends with
|
736
|
+
# "Instance".
|
737
|
+
# * ".*Instance.*" snapshots IAM policies attached to asset type contains
|
738
|
+
# "Instance".
|
739
|
+
#
|
740
|
+
# See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
|
741
|
+
# regular expression syntax. If the regular expression does not match any
|
742
|
+
# supported asset type, an INVALID_ARGUMENT error will be returned.
|
743
|
+
# @!attribute [rw] order_by
|
744
|
+
# @return [::String]
|
745
|
+
# Optional. A comma-separated list of fields specifying the sorting order of the
|
746
|
+
# results. The default order is ascending. Add " DESC" after the field name
|
747
|
+
# to indicate descending order. Redundant space characters are ignored.
|
748
|
+
# Example: "assetType DESC, resource".
|
749
|
+
# Only singular primitive fields in the response are sortable:
|
750
|
+
# * resource
|
751
|
+
# * assetType
|
752
|
+
# * project
|
753
|
+
# All the other fields such as repeated fields (e.g., `folders`) and
|
754
|
+
# non-primitive fields (e.g., `policy`) are not supported.
|
608
755
|
class SearchAllIamPoliciesRequest
|
609
756
|
include ::Google::Protobuf::MessageExts
|
610
757
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -625,7 +772,7 @@ module Google
|
|
625
772
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
626
773
|
end
|
627
774
|
|
628
|
-
# IAM policy analysis query message.
|
775
|
+
# ## IAM policy analysis query message.
|
629
776
|
# @!attribute [rw] scope
|
630
777
|
# @return [::String]
|
631
778
|
# Required. The relative name of the root asset. Only resources and IAM policies within
|
@@ -652,6 +799,9 @@ module Google
|
|
652
799
|
# @!attribute [rw] options
|
653
800
|
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::Options]
|
654
801
|
# Optional. The query options.
|
802
|
+
# @!attribute [rw] condition_context
|
803
|
+
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::ConditionContext]
|
804
|
+
# Optional. The hypothetical context for IAM conditions evaluation.
|
655
805
|
class IamPolicyAnalysisQuery
|
656
806
|
include ::Google::Protobuf::MessageExts
|
657
807
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -791,6 +941,17 @@ module Google
|
|
791
941
|
include ::Google::Protobuf::MessageExts
|
792
942
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
793
943
|
end
|
944
|
+
|
945
|
+
# The IAM conditions context.
|
946
|
+
# @!attribute [rw] access_time
|
947
|
+
# @return [::Google::Protobuf::Timestamp]
|
948
|
+
# The hypothetical access timestamp to evaluate IAM conditions. Note that
|
949
|
+
# this value must not be earlier than the current time; otherwise, an
|
950
|
+
# INVALID_ARGUMENT error will be returned.
|
951
|
+
class ConditionContext
|
952
|
+
include ::Google::Protobuf::MessageExts
|
953
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
954
|
+
end
|
794
955
|
end
|
795
956
|
|
796
957
|
# A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
|
@@ -868,9 +1029,14 @@ module Google
|
|
868
1029
|
# @!attribute [rw] uri
|
869
1030
|
# @return [::String]
|
870
1031
|
# Required. The uri of the Cloud Storage object. It's the same uri that is used by
|
871
|
-
# gsutil.
|
872
|
-
#
|
873
|
-
# (https://cloud.google.com/storage/docs/
|
1032
|
+
# gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
|
1033
|
+
# Editing Object
|
1034
|
+
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
|
1035
|
+
# for more information.
|
1036
|
+
#
|
1037
|
+
# If the specified Cloud Storage object already exists and there is no
|
1038
|
+
# [hold](https://cloud.google.com/storage/docs/object-holds), it will be
|
1039
|
+
# overwritten with the analysis result.
|
874
1040
|
class GcsDestination
|
875
1041
|
include ::Google::Protobuf::MessageExts
|
876
1042
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|